program: syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x400, &(0x7f0000000140)=ANY=[], 0x1, 0x694, &(0x7f0000001100)="$eJzs3U1sHGf9B/DvbnbX3vz/Sp02SQOqRNRIBRGROLGSYi4NCKFIVKgqB8TRSpzGyiatHBc5EYLwfuDCoXeKRG5cQOIeVM7AqVcfKyFx6SmAxKKZnbXXr9l1Yq8tPp9odp5nnpd5nt/M7OzOKnKA/1nXzqXxOLVcO/fmcpFfeTTTWXk0c6efTjKRpJ40eqvU7ia1j5Kr6S35TLGx6q623X4+WJh9++NPVz7p5RrVUtav79Rukyv1LTY+rJacSXKkWj+Ddf1d39Bfa+TuaqszLAJ2th84GLdmku463z21VvJUw1+3wIFVK++bm6/5qeRoksnqc0Dvrti7Zx9qD8c9AAAAANgHL/yy/Ap/bNzjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMOk9/f/i1W51PvpM6n1//5/q9qWKn2oPR73AAAAAAAAAABgdN/8/w0bPvckT7KcY/18t1b+5v9qmTlRvv5f3s+9zGcx57OcuSxlKYu5mGSqLG+Wr63luaWlxYtDtLy02jIDLS8NOYP27icPAAAAAAAAAIdFY/QmP861td//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgIKglR3qrcjnRT0+l3kgymaRV1HuY/LWfPpB+/afBXPff3dKmao/3c0wAAAAwJi88yZMs51g/362V3/lPld/7J/N+7mYpC1lKJ/O5UT4L6H3rr688mumsPJq5Uyyb+/3qP0YaRtljes8ett7z6bJGOzezUG45n+t5N53cSL1sWTjdH8/W4/pRMabaG5UhR3ajWhcz/1WaI81qN2pD15wqI1KMqBeR6aptEY3jO0dixKPT31M/9hdTX33yc+J5xny5t3r9t711MZ+fjxSTvbYxEpcGzr5TK6ntEInk83/83Xdude7enrh579zBmdIIJgaeoG2MxMxAJF7e+ZxIM1Ukbh3WSAyaLiNxcjV/Ld/It3MuZ/JWFrOQ72UuS5nPmXw9czmSuep8Ll6ndo7U1XW5t542klZ5XJrVu+jwY1rKXF4t2x7LQr6Vd3Mj87lS/ruUi3m96jGrR/jkEFd9fbR32rNfGHiY/Isk7eHa7YNiYMdX706DZ/10eR0cX7dl7Tp48fnfjxqfrRLFPn4ycETGb2MkLg5E4qWdI/Gb8m3lXufu7cVbc+8Nub/XqnVxHf3sQN0livPlxeJglbn1Z0dR9tLGsslevFrVLy69svV33KLs5GrZ9lfq5VzObFn71JY9XSrLXt6ybKYsOz1Qtu7z1tXe5y0ADryjXzzaav+9/Zf2h+2ftm+135z82sSXJ15ppfnn5lca00deq79S+0M+zA/Wvv8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7d+/+g9tznc784oZEt9v94TZFe5hoJ+lvSZ7Wqpmn19mbRCtJmWj0E6P1MzFU5dba0Xnj988y5uaorZLnEqhGdZLdf3D7n91ud98P0xaJ5g7n/FqiW9lU1B2q+dgS/+o+vw7H/MYE7LkLS3feu3Dv/oMvLdyZe2f+nfm7s5cvz07PXr7ytws3Fzrz073XcY8S2AtrN/1xjwQAAAAAAAAAAAAY1n78t4Rtdv2ffZ4qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEhdOzdRpc5PF68rj2Y6xdJPr1Ysq9WT1L6f1D5Krqa3ZGqgu9p2+/lgYfbtjz9d+aSXa1RLWb++rl1zN7N4WC05k+RItR40+Qz9Xa/WuxpZqbY6wyJgZ/uBg3H7bwAAAP//2wMQAg==") r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000280)='/dev/bsg/2:0:0:0\x00', 0x0, 0x0) ioctl$SG_SET_COMMAND_Q(r2, 0x2271, &(0x7f00000002c0)) io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030000, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x70000}]) syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file0\x00', 0x810, &(0x7f0000001140)={[{@treelog}, {@noenospc_debug}, {@max_inline={'max_inline', 0x3d, [0x6d, 0x33, 0x33, 0x5d, 0x65, 0x36]}}, {@datacow}, {@discard_async}, {@nobarrier}, {@flushoncommit}, {@user_subvol_rm}, {@ref_verify}, {@noenospc_debug}, {@clear_cache}, {@commit={'commit', 0x3d, 0x6}}, {@ssd}, {@nobarrier}, {@max_inline={'max_inline', 0x3d, [0x32, 0x36, 0x38, 0x6b, 0x36, 0x25]}}]}, 0x1, 0x50fc, &(0x7f0000005140)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbrc6n38LH2+zTwjtYmM5suOs6jfPDWl9iHmG2zDPZhYVxvvOM6nn73+33Ur7J+0kaixhnr275pFmot8855L6Ss0TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4E7yyNujD1XVT12bPnNuprnzwJaZy/um150OodHZXsvKtdXvH27+9e3WYwd+3PzV8QvPP1bP+8XlaGHn8FtceWIyhDcKlQtx2ItrQ2j1FjrN8GW58FZn5blYAAAA4G5yf+f3SLedxcGxnnatkyZrnX9RFhavX9x9dNPe5sbjh9v1q5fOnlz+eK0+4zVvOF633Vj8qRWCcYy/6XiL9bjrntI41dIR0zz/+Pmpv6v6l/J/ozr/x3dO/gcAAOBmyP/pONUG5f/vXvvjk6r+pfy/oeeQpfwfZxzz/0hYXv4HAACAO9ntzv/N0jjVBuX/8ZfGvq7qX8r/U8Pl/9HitOPGX+OEd02GMDVo6gAAAEAf8f/dF79aiHk9++YgzetPPXrwXNV4pfzfHC7/j93SVwUAAADcjCNfbH+4ql7K/63h8v/4bZ01AAAAsBTvfDjxQVW9lP9nh8v/q/NlfuVD1umn+FcIhyZDmFhYmcsKP4f2090CAAAAcIvEnP7npzt/qNqvlP/nqu//H+90EK//77n/X+n6/0Ihu+vfk24MAAAAwL2ofD1/vD1+9uSCfs/fH/b6/wf+d/DVquOX8v/+4fJ/vbi8lc//AwAAgGX4rz3/b3tpnGqD7v9/30fv/lLVv5T/28Pl/7hcU3x5J2q17P15bzKE9Qsr+d0Ev4mH25UU5scKhY5W0mNb7JEX5scLhY65pMfmyRAeXFjZnxT+HwvtpHBlbV44khROx0J+PnQLx5LCiXimfb42n25a+D4W8gss5uMVFGu6l0QkPa7267FQuGGPs92DAwAA3FNieM6z7FhvM6RRdr42aIfVg3YYGbRDfdAOo8kO6Y79tofZ3kLc3j6zcWnP/z8yXP6Pb8WqbNHv+v8Qr//Pn2vYvf5/NhYaSWE+FlrpHQNa8RhZ2P04HqPRyntcWd8tAAAAwF0tfi9QX+F5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/7B3rzFyVfcBwM8+x/vweiGpQmiUbJIax028XttAopYqa0rViJRm3VBQFVFs7DVZvGDHNiVGITI2EY0QlDZIyYcijKKo5gPUCkQkBYSLFEeoPCKqogAChdYQBZFSkog0QQrV7L1n9s65Ow8/1njp7yd558z8z/POw3PuvXMuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P9w8CvX/G2z+KO/Pe/ZFy4ev2LP2otfve68U58MYWLm8Y4s3NF/4+3jP7/73Hv2PLD6jvsOn//R3rxcHg8D1T+d+Z0bYq2HF4dwf0cI3WlgxWAW6MnvD8b63jcYwilhNlArMdmflUgbDt/vC2FfmA3UqvpeXwiDhcCFTz3y8M3VxG19ISwNIVTSNp6vZG30pYEzerNAfxrY2p0FfvVWphb4bmcWgGMW3wy1F/2BifoMw3OXa/D66zluHXt7pcPrionhxvl+tnaeO1XQmz4wcUxPW6k65kXp7XHQu20BvNtK2/lWT1vxi1T+DeWt2VAldG6a3Lzh6umd8ZHOMDra1aimeXqen3n9SxuPJL1gXoexA8PH5XV4yxNL7+5afsHj961Y+vL+j+195Vi7+aPCJi2m51sl5K+5BfM8RuM+TxbA26/0LWnEl64QwubP/95nmsVL8//h5vP/+HKOt511uWOtbw5lc/P4yGBMvDaUzc0BAABgwVgIe023jj70iWb1leb/I+0d/4+H/PPJfDbagyGMzyT2LgnhtJnHs8BdsbnLloTwwZnURH1gbRI4GMJ7ZxLLa1UlJRbFEiNJ4CdDeWA8CRyKgYkk8K0YuDUJ3BADB5LAxhg4mATOjYEwVT+O3x/Kx9F2oC8G1mcb8UA8C+EXQ7G1ZFs9V6sKAADgOMlnhz31dwvnOhxrhji9PNDXKkM8A7thhkpSQzqDrU2rGtbQ3aqGzlY11Ma9u/nwSzV3tKq5dBpGR32G23/5N58NTZTm/2PN5/+VOTrSUTr+H8K6mb8xd2cema7F10/UZQAAAACOwcD/vvjNZvHS/H+8vfP/4z6RrkLm8FjcDbFlSQhj9YGs2j8sB7Kj3gN5AAAAABaC2vH42rHwqfw2O0U7nU+X808cYf544H98zvy9Bx9c36y/pfn/RHvn//fX32adOBR78bUlISwqBH4Qe1kNzBiJgR9/sj6Qj/9Q3AA3xaryExNqVd0US6yPgbEksK9RiR/WSpxWH8ifrFrje2vjmMpLFAIAAABwwsXdAfG4fDz//0O/WX1Ns3Kl+f/6Izv/f2YeXDq9f3oghJXdIXSlPwx4rD9bGDAGBjvyxEP9WV1daVXX94dwTnVgaVUv5uv/d6drDD7Vl1UVA6d9aP/rZ1QT3+wLYWUx8PTn7jyrmtiZBGqN/2VfCB+ojjZt/DuLssZ70sa/viiE9xcCtaouWxRCtbHetKpHKvl1DNKq/rkSwrsKgVpVZ1dC2BUAWKDif6Wbig/u2HXtlg3T05Pb5zER9+H3hc1T05OjG7dOb6o06NOmpM91yxhdXx5Tu1e+eS5fouiie9cNtpOu/U5wrNhWvh+/dOJgfj9+F+qZGefqnrq7a9Ihf+TD5SZC4ZtUoyF3zvOQ+4uVzD6Jpfpj/t4wEBZdvWNy++gXN+zcuX1V9rfd7Kuzv/EwU7atVqXbqn+uvrXx8mi4WlbiaLfVsmIlK3deuW3ljl3Xrpi6csPlk5dPXrXq7NVjZ46tGfv4mSuroxrL/rYY6rK5qk6G+tadbY7rOA719O5CJSfiU0NCQmKhJbYOLGv6f3Jp/r+t+fw/furET/58fYZGx/+H42H+7PHZw/zrY2Bfu8f/hxsdza+dGDCSBHbHwG6H+QEAAHhniJP8uDcz7pX+6fLvvNysXGn+v7u93/8fp/X/a0vXn99omf/lscRYo/X/02X+a+v/7260/n+6zH9t/f99b8P6/1fXAskm+YX1/wEAgHeCE7f+f8vl/dMLBJQytFzeP71AQClDy2X8271AwBGv///8f/7Vf4cmSvP/W9ub/1u4HwAAAE4eX/6za36nWbw0/9/X3vz/xK//Fxqd/z/SKDDRaGFA6/8BAACwQDVa/2/4xv5Lm5Urzf8PtDf/j6dddNbljrW+OZStaRfSNe1eG6r9ZAAAAAAWhs4wOtrTZt66lVHXHn2bz+RLgTZLF734J4eP7Pz/g+3N/+t+l3HLE0vv7lp+weNv3rdi6cv7P7b3ldnj/wAAAMD8aXe/BAAAAAAAAAAAAAAA8PZ78T/2rGkWL/3+P6ybebzR7//jdf/i7wveXZc71tp6/b/8/oWfvmfXzJKFjw2F8OFiYMueLaeE/Nr8y4qBhy9Z/p5qYk9a4sEXzn2pmrg0DXxqxalvVBPnJIH1cZHE96aBeFXFNxYngbi84r+ngbg9DqSB3jzw1cXZODrSbfXTwWxbdaTb6tnBEJYUArVtdf9g1kZHOsDbkkBtgF9IA3GAf54HOtNe3TOQ9SoGBmPROwayXgEAcNKK3wJ7wuap6cmx+BU+3p7eXX8b1S1Zdn252o42m38uX5rsonvXDbaT7kq/i85ea7wnVKpDWFX6ulrM0jEzyuNTS4tN9+4GQ2612ltng3KpI910vY1H1JeNaHTj1ulNPS0HvqZ1ltXdLbOsKk12ilk6ZzZpG7W00Zc2RtTmtmmjy/F+Zxgd7Upy/UEMDoc6rV4R7f5ev7jOX6NXQTHPVYf3/qpZfaX5/3B78/9KcVxv5BcD2B2vrPd3SyzzDwAAAPPrq2t//Y3477M3Pvp0s7yl+f9Ie/P/uAcrPxSc7e04GK//v3dJCDOX1h/OAnfF5i5bEsIHZ1ITsUR2Qf3zY4mxLHBX3GGyPJZYP1Ff1aIYOJAEfjKUBw4mgUMxkO+l2B/yXTl/PxTCWTOpdfUltsUSw0ngMzEwkgRGY2AsCSyOgfEk8OriPDCRBP4tBsJU/ba6d3G+rQAAAI5EPs/qqb8b0nnege5WGTpaZehvlaGzVYZKqwyNRhHvfztm6ElOXukoZOpJa+1LailliBfDP+J+lTKEH9bnTAuWmo7nH9TON+ioz/DAJ7oroYnS/H+svfl/f/1t1vqhOP+fvf5fFvhB7N7X4qnjIzHw40/WB/IdA4fiZPemWlUTeYl80n5TLDEeAyNJYFsMjCeB9evywL731AfymXat8b21xqfyEoUAAAAAnHBxB0HcTRPn/3fs+MpAs3Kl+f94e/P/2N5AsbEbYq2HF4dwf8dsb2qBFYNZIO7HGIw/j3/fYAinFHZw1EpM9mclepOGw/f7sl+o96ZVfa8v+/FBvH/hU488fHM1cVtfCEsLe19qbTxfydroSwNn9GaB/jSwtTsLxD0/tcB3O7MAHLPaXsH4gspPdakZnrtcg9ffO+WaoOnwSvtA58g312+u5ktph2u+T7XmyJ62pvtvOW5Kb4+D3m0L8d027N1W/CKVf0N5azZUCZ2bJjdvuHp6Z3yk+EvWknl6nou/Um0nfRxeh7uPvretVdIOjCUfH2Nzl5v7ddgRq7vliaV3dy2/4PH7Vix9ef/H9r7SdjcaiD8UfuS6fx38UWHzzrdKyF9zC+7zZMLnyUL8b2DE0xZCWPfq129qFi/N/yfam/93J7czfh035o4lIXyksHEfi5v/j5dkn4OFQPYp+a5yIDvk/l9DDT85AQAA4Hir7e6o7S+Yym+zE8LTeXI5/8QR5o/7K8bnzN9uv/v/+pKlzeKl+f/65vP/RUk3Hf93/J954vj/nE72XdGL0gd2H9Ou6FJ1zAvH/+d0sr/bHP+fk+P/jv/PxfH/Fhz/n9PJ/rSVviVt86UrhPDyHz30bLN4af6/rb35v/X/5l60r7b+3/pG6/9ta7T+327r/wEAAPOqwUJz6TyvtHpfKUO6el8pQ8sFAlsuMWj9vyNe/++l05//TWiiNP/f3d78P74cBoqtL5T1/0bWNajq1hjYZmFAAAAATkaNdhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw9nrgH/5nU7P4o78979kXLh6/Ys/ai1+97rxTnwxhaubxjizc0X/j7eM/v/vce/Y8sPqO+w6f/9FKXq4nv/3dutyx1jeHQthXeGQwJl4bqt6ZDVz46Xt2dVcTjw2F8OFiYMueLadUE98aCmFZMfDwJcvfU03sSUs8+MK5L1UTl6aBT6049Y1q4pw80JF29x8XZ93tSLt78+IQlhQCte5esbi+qlobf5oHOtM2/mkwayMGBmPRbwxmbcTAdCwxtSiEld0hdKVVPVrJqupKq/qXSlZVV1rVlyshnBNC6E6reqE3q6o7HfmTvVlVMXDah/a/fkY1sa83hJXFwNOfu/OsauILSaDW+F/0hvCB6ksmbfzbPVnjPWnjt/WE8P4QQm9a4pfdWYnetMSL3SG8qxCoNf757hB2Bd4R4odP3Sfajl3XbtkwPT25fR4TvXlbfWHz1PTk6Mat05sqSZ8a6Sik37r+6Mf+3Otf2li9vejedYPtpLvzcj0zXV7dU3d3zcne+9iv/mIls89Hqf6YvzcMhEVX75jcPvrFDTt3bl+V/W03++rsb1cezbbVqoWyrZYVK1m588ptK3fsunbF1JUbLp+8fPKqVWevHjtzbM3Yx89cWR3VWPb3eAz1zhM/1NO7C5WciA8ACQmJhZborPt0GzvZP8hLX/RnO9oTKjMf0KVpRTFLx8woj8eg1x7liI/me0rLEa0qTRxKWVbPkeX6+ixrSpOJ2Vr6siwz3+tKk8NiY50zmzTe7wyjo12NtsNw/d3i5v3ZMWzeZ/JN124aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/2MHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBYwEAAAAAYf7WYfRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKUAAAD///xRI5A=") setxattr$incfs_metadata(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100), 0x0, 0x0, 0x0) r3 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fdatasync(r3) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x841, 0x159) keyctl$dh_compute(0x17, &(0x7f0000000100), &(0x7f0000000140)=""/4096, 0x1000, &(0x7f0000001240)={0x0}) pwritev2(r4, &(0x7f00000003c0)=[{&(0x7f00000002c0)="ba", 0x1}], 0x1, 0xe7b, 0x0, 0x2) renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file5\x00', 0x4) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000fd7000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) r8 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_group_source_req(r8, 0x29, 0x2f, &(0x7f0000000040)={0x2, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x25}}, 0x5}}, {{0xa, 0x0, 0x2, @empty, 0x5}}}, 0x108) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000280)={0x1, 0x0, [{0x48f, 0x0, 0x36dfb}]}) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b00)=ANY=[@ANYBLOB="80010000100001000000000000000000fc0200000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000000000000033000000ac14140000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000200480001007368613235362d7373736533000000000019f4adb74100fa1d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000480002006563622d6167732d636500"/312], 0x180}}, 0x0) creat(&(0x7f00000000c0)='./file1\x00', 0x4f) getsockname(r4, &(0x7f0000001280)=@nl, &(0x7f0000001300)=0x80) [ 85.427185][ T4701] Bluetooth: hci0: command tx timeout [ 85.514433][ T5359] loop0: detected capacity change from 0 to 1024 [ 85.890882][ T5359] [ 85.891803][ T5359] ====================================================== [ 85.894634][ T5359] WARNING: possible circular locking dependency detected [ 85.897721][ T5359] 6.16.0-syzkaller-11852-g479058002c32 #0 Not tainted [ 85.900591][ T5359] ------------------------------------------------------ [ 85.903579][ T5359] syz.0.0/5359 is trying to acquire lock: [ 85.906412][ T5359] ffff8880334b60b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x15a/0x1d0 [ 85.910799][ T5359] [ 85.910799][ T5359] but task is already holding lock: [ 85.913947][ T5359] ffff888052b03048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1530 [ 85.918561][ T5359] [ 85.918561][ T5359] which lock already depends on the new lock. [ 85.918561][ T5359] [ 85.923032][ T5359] [ 85.923032][ T5359] the existing dependency chain (in reverse order) is: [ 85.927045][ T5359] [ 85.927045][ T5359] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}: [ 85.931549][ T5359] lock_acquire+0x120/0x360 [ 85.934054][ T5359] __mutex_lock+0x187/0x1360 [ 85.936307][ T5359] hfsplus_file_extend+0x1fc/0x1990 [ 85.938932][ T5359] hfsplus_bmap_reserve+0x122/0x500 [ 85.941492][ T5359] __hfsplus_ext_write_extent+0x28d/0x5b0 [ 85.943993][ T5359] __hfsplus_ext_cache_extent+0x89/0xe30 [ 85.946313][ T5359] hfsplus_file_extend+0x444/0x1990 [ 85.948765][ T5359] hfsplus_get_block+0x411/0x1530 [ 85.951267][ T5359] __block_write_begin_int+0x6b5/0x1900 [ 85.954571][ T5359] cont_write_begin+0x789/0xb50 [ 85.957878][ T5359] hfsplus_write_begin+0x66/0xb0 [ 85.961211][ T5359] generic_perform_write+0x2c2/0x900 [ 85.963975][ T5359] generic_file_write_iter+0x117/0x550 [ 85.966847][ T5359] aio_write+0x535/0x7a0 [ 85.968876][ T5359] io_submit_one+0x78b/0x1310 [ 85.971182][ T5359] __se_sys_io_submit+0x185/0x2f0 [ 85.973587][ T5359] do_syscall_64+0xfa/0x3b0 [ 85.975649][ T5359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.978214][ T5359] [ 85.978214][ T5359] -> #0 (&tree->tree_lock/1){+.+.}-{4:4}: [ 85.981581][ T5359] validate_chain+0xb9b/0x2140 [ 85.983933][ T5359] __lock_acquire+0xab9/0xd20 [ 85.986666][ T5359] lock_acquire+0x120/0x360 [ 85.989401][ T5359] __mutex_lock+0x187/0x1360 [ 85.992261][ T5359] hfsplus_find_init+0x15a/0x1d0 [ 85.994963][ T5359] hfsplus_get_block+0x8dd/0x1530 [ 85.997424][ T5359] __block_write_begin_int+0x6b5/0x1900 [ 86.000217][ T5359] cont_write_begin+0x789/0xb50 [ 86.002479][ T5359] hfsplus_write_begin+0x66/0xb0 [ 86.004931][ T5359] generic_perform_write+0x2c2/0x900 [ 86.007541][ T5359] generic_file_write_iter+0x117/0x550 [ 86.010181][ T5359] do_iter_readv_writev+0x56b/0x7f0 [ 86.012742][ T5359] vfs_writev+0x31a/0x960 [ 86.014968][ T5359] __se_sys_pwritev2+0x179/0x290 [ 86.017370][ T5359] do_syscall_64+0xfa/0x3b0 [ 86.019687][ T5359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.022553][ T5359] [ 86.022553][ T5359] other info that might help us debug this: [ 86.022553][ T5359] [ 86.026656][ T5359] Possible unsafe locking scenario: [ 86.026656][ T5359] [ 86.029577][ T5359] CPU0 CPU1 [ 86.031963][ T5359] ---- ---- [ 86.034303][ T5359] lock(&HFSPLUS_I(inode)->extents_lock); [ 86.036722][ T5359] lock(&tree->tree_lock/1); [ 86.040151][ T5359] lock(&HFSPLUS_I(inode)->extents_lock); [ 86.043927][ T5359] lock(&tree->tree_lock/1); [ 86.046106][ T5359] [ 86.046106][ T5359] *** DEADLOCK *** [ 86.046106][ T5359] [ 86.049496][ T5359] 3 locks held by syz.0.0/5359: [ 86.051735][ T5359] #0: ffff88801e91e428 (sb_writers#12){.+.+}-{0:0}, at: vfs_writev+0x288/0x960 [ 86.055710][ T5359] #1: ffff888052b03238 (&sb->s_type->i_mutex_key#20){+.+.}-{4:4}, at: generic_file_write_iter+0xeb/0x550 [ 86.060396][ T5359] #2: ffff888052b03048 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1530 [ 86.065196][ T5359] [ 86.065196][ T5359] stack backtrace: [ 86.067613][ T5359] CPU: 0 UID: 0 PID: 5359 Comm: syz.0.0 Not tainted 6.16.0-syzkaller-11852-g479058002c32 #0 PREEMPT(full) [ 86.067632][ T5359] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.067640][ T5359] Call Trace: [ 86.067649][ T5359] [ 86.067656][ T5359] dump_stack_lvl+0x189/0x250 [ 86.067677][ T5359] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.067689][ T5359] ? __pfx__printk+0x10/0x10 [ 86.067701][ T5359] ? print_lock_name+0xde/0x100 [ 86.067711][ T5359] print_circular_bug+0x2ee/0x310 [ 86.067721][ T5359] check_noncircular+0x134/0x160 [ 86.067730][ T5359] validate_chain+0xb9b/0x2140 [ 86.067738][ T5359] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 86.067747][ T5359] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 86.067756][ T5359] __lock_acquire+0xab9/0xd20 [ 86.067769][ T5359] ? hfsplus_find_init+0x15a/0x1d0 [ 86.067783][ T5359] lock_acquire+0x120/0x360 [ 86.067797][ T5359] ? hfsplus_find_init+0x15a/0x1d0 [ 86.067810][ T5359] ? do_syscall_64+0xfa/0x3b0 [ 86.067826][ T5359] __mutex_lock+0x187/0x1360 [ 86.067839][ T5359] ? hfsplus_find_init+0x15a/0x1d0 [ 86.067856][ T5359] ? hfsplus_find_init+0x15a/0x1d0 [ 86.067870][ T5359] ? __pfx___mutex_lock+0x10/0x10 [ 86.067880][ T5359] ? rcu_is_watching+0x15/0xb0 [ 86.067887][ T5359] ? __kmalloc_noprof+0x29b/0x4f0 [ 86.067894][ T5359] ? hfsplus_find_init+0x8c/0x1d0 [ 86.067903][ T5359] hfsplus_find_init+0x15a/0x1d0 [ 86.067913][ T5359] hfsplus_get_block+0x8dd/0x1530 [ 86.067921][ T5359] ? __pfx_hfsplus_get_block+0x10/0x10 [ 86.067929][ T5359] ? _raw_spin_unlock+0x28/0x50 [ 86.067936][ T5359] __block_write_begin_int+0x6b5/0x1900 [ 86.067949][ T5359] ? folio_add_lru+0x1b2/0x3d0 [ 86.067964][ T5359] ? __pfx_hfsplus_get_block+0x10/0x10 [ 86.067974][ T5359] ? __pfx___block_write_begin_int+0x10/0x10 [ 86.067991][ T5359] cont_write_begin+0x789/0xb50 [ 86.068004][ T5359] ? __pfx_cont_write_begin+0x10/0x10 [ 86.068017][ T5359] hfsplus_write_begin+0x66/0xb0 [ 86.068031][ T5359] ? __pfx_hfsplus_get_block+0x10/0x10 [ 86.068042][ T5359] generic_perform_write+0x2c2/0x900 [ 86.068055][ T5359] ? __pfx_generic_perform_write+0x10/0x10 [ 86.068065][ T5359] ? file_update_time+0x416/0x490 [ 86.068084][ T5359] ? __generic_file_write_iter+0xf9/0x230 [ 86.068094][ T5359] ? generic_file_write_iter+0x103/0x550 [ 86.068103][ T5359] generic_file_write_iter+0x117/0x550 [ 86.068114][ T5359] ? __pfx_generic_file_write_iter+0x10/0x10 [ 86.068122][ T5359] ? aa_file_perm+0x13a/0x1550 [ 86.068136][ T5359] ? aa_file_perm+0x13a/0x1550 [ 86.068150][ T5359] ? aa_file_perm+0x44d/0x1550 [ 86.068166][ T5359] ? futex_unqueue+0x22/0x240 [ 86.068180][ T5359] ? futex_unqueue+0x211/0x240 [ 86.068197][ T5359] ? __futex_wait+0x34f/0x3e0 [ 86.068222][ T5359] ? __pfx_aa_file_perm+0x10/0x10 [ 86.068243][ T5359] do_iter_readv_writev+0x56b/0x7f0 [ 86.068259][ T5359] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 86.068270][ T5359] ? rcu_read_lock_any_held+0xb3/0x120 [ 86.068285][ T5359] vfs_writev+0x31a/0x960 [ 86.068299][ T5359] ? __lock_acquire+0xab9/0xd20 [ 86.068316][ T5359] ? __pfx_vfs_writev+0x10/0x10 [ 86.068331][ T5359] ? __fget_files+0x2a/0x420 [ 86.068345][ T5359] ? __fget_files+0x3a0/0x420 [ 86.068356][ T5359] ? __fget_files+0x2a/0x420 [ 86.068370][ T5359] __se_sys_pwritev2+0x179/0x290 [ 86.068385][ T5359] ? __pfx___se_sys_pwritev2+0x10/0x10 [ 86.068397][ T5359] ? rcu_is_watching+0x15/0xb0 [ 86.068408][ T5359] ? do_syscall_64+0xbe/0x3b0 [ 86.068421][ T5359] ? __x64_sys_pwritev2+0x20/0xc0 [ 86.068434][ T5359] do_syscall_64+0xfa/0x3b0 [ 86.068446][ T5359] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.068459][ T5359] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.068471][ T5359] ? clear_bhb_loop+0x60/0xb0 [ 86.068484][ T5359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.068497][ T5359] RIP: 0033:0x7fa70118ebe9 [ 86.068510][ T5359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.068535][ T5359] RSP: 002b:00007fa701f30038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148 [ 86.068549][ T5359] RAX: ffffffffffffffda RBX: 00007fa7013b5fa0 RCX: 00007fa70118ebe9 [ 86.068558][ T5359] RDX: 0000000000000001 RSI: 00002000000003c0 RDI: 0000000000000006 [ 86.068567][ T5359] RBP: 00007fa701211e19 R08: 0000000000000000 R09: 0000000000000002 [ 86.068576][ T5359] R10: 0000000000000e7b R11: 0000000000000246 R12: 0000000000000000 [ 86.068583][ T5359] R13: 00007fa7013b6038 R14: 00007fa7013b5fa0 R15: 00007fffe03e9738 [ 86.068597][ T5359] [ 86.298742][ T5359] netlink: 72 bytes leftover after parsing attributes in process `syz.0.0'.