program:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000100)={0x0, 0x0, 0xb, 0x1, 0x200, &(0x7f0000000880)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a7309000000000000000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000000000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413fcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949e496f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff4175b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a2b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6d07002ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f63520cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_open_dev$tty1(0xc, 0x4, 0x1) (async)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = dup(r1)
ioctl$TIOCL_SETSEL(r2, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x13d}})
ioctl$TIOCL_SETSEL(r2, 0x541c, 0x0)
syz_open_dev$vim2m(0x0, 0x40000000000000fb, 0x2) (async)
syz_open_dev$vim2m(0x0, 0x40000000000000fb, 0x2)
syz_mount_image$btrfs(&(0x7f0000000080), &(0x7f0000000040)='./file1\x00', 0x1c005, &(0x7f00000000c0)={[{@skip_balance}, {@autodefrag}, {@noacl}, {@treelog}, {@nossd_spread}, {@rescue={'rescue', 0x3d, 'nologreplay'}}, {@nodiscard}, {@compress_force}, {@acl}, {@discard_async}, {@ssd_spread}]}, 0x9, 0x55cb, &(0x7f0000007900)="$eJzs3X1sVWcdB/BzeynlJaFlyjLUhfkPThCpmFiEoEXoBAajA02Gga04YEMYlCYIG5t2zOkcmTTMMdb5wkAqYOxqdMXEDNFFjFOZLA4bRuQlixMXWGFEJZnO9N77XO49l7Z3bFnn9vmQ9tzn/s7znOeenD/u99Ln3AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACiKDq4ctE/1v9o5bcfvObF6ZvuO33/idpnH988+a75u8cdvn/15R2nWlpKX33uzHVL7n2oauSJPQsPRVEi1S+R6X/TZ6bNWTL3plkDwoB116e3FRXdHTLd9Vi60T/vya5++T8LoygqjQ2QzGxrBue0E/EDRA2FA/Zoe9WE1UM3TZ25pWzasMXJ+ubCl06XAX09gb6Sua5euHAtVad+l8T2yLZzLr1E3iWa7h+/4N6SFwEAvC6VtalN9u1o5i1utt0Yr8fa1bF2U6wd3iE05TYuRXrc/t3N86p4vY/mWZ2OCmXdzjNWz5z/bLs23j/WjkWN1zHP/F0zkWZAd/Osj9X7ap4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbyd3Hb/56ZLNP/nA8g1jk8eHj/rl11se/UFNZ/n0b+zb2PHH9mff19JS+upzZ65bcu9DVSNP7Fl4KIoqUv0S6e6JBTvaN/581fQ1v5j/SOvZ99++K5kZN2z75ewcdYQHnyyPoi/mVF4Iw54cEkW1+YVUM3qksLA09WB6KAAAAPBOMjz1uyTbTsfB0rx2IpUmE6l/QTosbq+asHropqkzt5RNG7Y4Wd986ePVdjNe9UXHy7YrLvwkcoJxiL/x8S7Uw64NBeP0LD5iPM+PG3n+8JFvrty4rnnwi/sHDk3W/PqrdcMvmz/+lasnTrj17w/vKMj/FT3n/3Dm5H8AAADeCPk/Pk7Pesv/o47cd/rOkz9bX/e5bQuOT/5W3ZD3VK79S+tHv7Bh1Iyp/Y5d/mhB/r8q75AF+T/MOOT/kujS8j8AAAC8nb2x/N8/6i3/VxeM07Pe8v+KtWP+OfP83KlPTDr/49N3jPjVwSPR3sYxX2q77UP75w0a0vTTgvxfWVz+75c77fDkH8KEl5VHUWXxJxUAAADIE/7f/cJHCyGvpz85iOf1+ecO1txY+sCZj827euS2oyN2dZ7717KVm8+Pb509uuqzT1dsLMj/1cXl/9K35uUCAAAARXhq6adu2BnNqvlI9d2H9y/a/nDjinUNy5vLEjP+29Bx7X9a+xfk/9ri8n9Z37wcAAAA4CIOfWXb7tfmrGgf3Vp2buufXvvr41eOXnOgpfJow++Glq5qr1takP/risv/gzLbzMqHdKf94a8QHiyPogFdD+rThd9GTZ/OFgAAAIA3Scjp/z7WMXbnNWW/eeqHL2+Z+73vDtv7ndkHm78/ZfDNUx84MPvAk3UF+b++5/v/hzsdhPX/eff/K1j/n1NI3/VvohsDAAAA8G5UuJ4/3B4//c0F3X3/frHr/6//cvtLx29b+LXO9464YcXLt152yycmn/zzrDuSOyfdWTJjxkunCvJ/Y3H5P5m7fTO//w8AAAAuwf/b9//NKxinZ73d/3/OY3cf7fzb85PGzGleNyDT57HdVVeeXXTjwA8/s3xvQf5vKi7/h+3g3Je3L5yfe8qj6IquB5m7Ce4K010WK7SV5hTSJz7WY27okSm0leUUUupjPcaVR9EHux40xgpDQ6EpVugckilsjRWeCYXM9ZAttMYK+8KVtnlIZrrxwp5QyCywaAsrKAZnl0TEerzSXY+uwkV7PJ89OAAAwLtKCM+ZLFua34ziUbYt0dsOg3rboaS3HZK97dAvtkN8x+6ej+ryC+H5c2uf+H3lx0s+f+iW26eMHrt4/T1NEw8kF0y59skdA8+uOjV+TUH+31pc/g+non960936/yis/898r2F2/X9dKFTECm2hUBu/Y0BtOEY67G4Ix6iozfTovCJbAAAAgHe08LlAso/nAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD/2Lv3OKmqO0Hgp5t+0NA0LSZiIomtrq3o0DQoxk/wgZqJBljTKDszLj4aoVGkFUSYiGsU1OwmcTCKStSZUViFkVUcfAFZTUCNaCIajaOZUccQjDrujh/FEf3MGsN+um+doupWl128lHa+3z+6TtXvPG89us69t84FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiPYcNjNx35dxc/NWb0xvkDVrz6tf/+Uf3hyxe/+7/+8Nz1t+87/wcbVi9dWvmHFzadPOV7N36tceOqiS+G0NJZriwpXnbGkpU/Wn3ht77z0Ok33/PePnOWVWXqzcRD344/5Zk7V8VWf98vhFVlIVSkA0Nqk0Bl5n5trG9QbQh7hK2BbIm2PkmJdMPh8ZoQFoWtgWxVP6kJoTYnMP7Xj66Z35G4oSaEA0MI1ek2/rk6aaMmHWisSgJ90oHpFUngwy2JbGB1eRKAHRbfDNkX/YqW/Az1XZcr8vqr3Gkd+2ylh9crJuqL53v7uF3cqRxV6QdaduhpK6huR7pCUQVvj7XebT3g3Vawna/1tOV+kcp8Q9myNVQdyie3TZk4u31WfKQ8NDX1KlbTLnqeX9p06aRtSfeY12HsQP1OeR0+ccGguxY2jt3rlkc2Tnmj6rmFO9rNYpt3V6sOmddcj3keo1E+T3rA26/gm07DZ/ala3dyxwmb3/n9y+P+728eembI+98edvbQF18dVnfL96f3+/Nz/k/lrdM2Fcz/6z95/h9fzvG2PC93bPWjumRuHh+pjYl36pK5OQAAAPQYPWGv6ZsjD3mndn3DI/t/c+WU8xfPf/2M8/5Y9fO+Ew856dRhP7zzpmmnF8z/G4rN/3vlHf+Ph/xrc0e7NoRRnYkr+4ewd+fjSWBZ7M7Z/UPYrzPVkh84LhVYG8KXOhODs1WlSvSOJRpSgTfrMoFRqcC6GGhJBZbEwLWpwFUxsCIVmBQDa1OB42MgTM0fxyF1mXGUHKiJgdZkI66IZyH8W11sLbWtXs5WBQAAsJNkZoeV+XdzznXY0QxxermiprsM8QzsohmqUzWkZ7DZaVXRGiq6q6G8uxqy4577ycMvqLmsu5oLTsMoy8/w/sH3z1vz4D/99KaJRzx9yEetZ76yYfVjYzb3+qt3x/70svELhk8omP83f/Lx/+ouOlJWcPw/hHGdf2Pu8kykPRtvbcnLAAAAAOyAiteXnfKreR+XLf3FuZsO/NPTx1/Te+X++w9Yd+j9/6/hrQEnrD6wYP4/qrTz/+M+kV45mcP6uBtiWv8QmvMDSbUjCwPJUe++mQAAAAD0BNnj8dlj4VMzt8kp2un5dGH+lm3MHw/8j+oy/5Dx16xvXnPHqVNHHr527eYz93pl+canv3jguy8efMoZJz4wreHegvl/S2nr//XJv006sS724vr+IfTOCTwRe9kR6NQQAxuOzQ9kxr8uboCrY1WZExOyVV0dS7TGQHMqsKhYiWezJfbOD2SerGzjV2bHMTVTIicAAAAAn7q4OyAel4/n/z9zXr/H/nb5rZc+tHR96HvOil9dfsyIQQuG9H57+rOHPfqX750yrWD+37pt5/93zoMLTu9v7xvC0IoQeqV/GLC+T7IwYAzUlmUSP+2T1NUrXdUVfUIY2TGwdFUbM+v/V6TXGHy+JqkqBvbe/85NjR2JO2pCGJobeHHC4hEdidmpQLbxP6sJYd+O0aYbX9k7abwy3fhNvUP4ak4gW9Wk3iF0NFaVruqx6sx1DNJVragOYc+cQLaqr1WHMCcA0FPF/6WTcx+8aM4l0ya2t7fN3IWJuBO/JkyZ2t7WNGl6++TqIn2anOpz3jpG8wrHVOqlb17JrFF09+im/qWksz8UbM5tK7Mjv+DMwcz9+GWosnOcwyvz7h6WHvLBBxQ2EXK+ShUbcvkuHnKf3Eq2PokF9cf8VaFv6D37oraZTRdPnDVr5rDkb6nZhyd/43GmZFsNS2+rPl31rYSXR9HlslK2d1s15lYydNb5M4ZeNOeSIVPPn3hO2zltFxwx4ogjjxx++OEjhnYMqjn5281IG7uqOTXSLYtLHNZOHOmXK3Iq+TQ+NCQkJHpaYvW/fOmVY7647Acrb10y85ftR7f98pt77jl2adW3X9x82eUHPvM/PiyY/8/45Pl//NSJH/yZ9RmKHf+vj4f5k8e3HuZvjYFFpR7/ry92ND97YkBDKjA3BuY6zA8AAEDPU9PFY3F3ZNybGXdKP7pg4D/cNf7+sQs2HPrU+ufLNvQ59K8/+tfyysvH/5djH2y4/ft/UTD/n1va7/930vr/2aXrRxdb5n9wLNFcbP3/9DL/2fX/5xZb/z+9zH92/f9Fn8H6/7OzgdQm+Tfr/wMAAJ8Hn976/90u75++QEBBhm6X909fICA/Q1XBqLf/AgHbvP7/ow2HjPrZmu/9rnH5hdPf/W9D7x8zYJ+Gf3n0K1dNnjZqzJiRQ/6hYP5/bWnzfwv3AwAAwO7joEnHPb1p8r7HXfM/b9/jSz9r/e5eR3zxh8uPaluwecOkv7j9vXP/vGD+v6i0+f+nv/5fKHb+f0OxQEuxhQGt/wcAAEAPVWz9v2E3feeK15Yc/8C9V0wf3do6Yc6V1xyw5qDq08LLYxY0/MnM+z4umP+vKG3+H0+7KM/LHXvzUV2ypl1Ir2n3Tl32JwMAAADQM5SHpqbKEvPmLYx63La1Mzcn/VJmKdBPSud66qEDXnjw6yNPWrCk6prXywYO3/L0DbMOPeEbP35t01cuvfO88w8omP+vLW3+n/e7jN4XDLprYePYvT665ZGNU96oem7h1uP/AAAAwK5T6n4JAAAAAAAAAAAAAADgs3fiIz+75p1JS78xd9Gv9/p5r3HPrdg4e27TnNobXvvxdb858q5Hxhf8/j+M6yxX7Pf/8bp/8fcFX8jLHVvtfv2/zP3xY+6Z07lk4fq6EA7IDUy7YtoeIXNt/oNyA2vOGDywI3FFusTDrx7/ekfirHTgpCEDPuhIHJUKtMZFEr+UDsSrKn7QLxWIyys+nw7E7bEiHYhXf/xBv2QcZelt9VZtsq3K0tvqpdoQ+ucEsttqVW3SRll6gDekAtkBXpgOxAGenAmUp3t1T9+kVzFQG4ve1jfpFQAAu634LbAyTJna3tYcv8LH2y9X5N9GeUuWzSustqzE5l/JLE129+im/qWke6W/i2691nhlqO4YwrCCr6u5Wco6R7lzaulm032hyJC7W+2tvEi5tG3ddFXFR1STjKhp0vT2yZXdDvyw7rMMr+g2y7CCyU5ulvLOTVpCLSX0pYQRlbhtSuhyvF8empp6pXJ9PQbrQ57uXhGl/l4/d52/Yq+C3DxPvdX+9JN//8Kq/Z744zPnfPhnk7972fyzz3zvqHOr/+Y/lz3zXwftWTD/ry9t/l+dO64PMhcDmBuvrDeyfwitJY4IAAAAPv/OveDVBd9/7Lo3N7Q0vj596HVr/nHOTZdU1C276k9fevgvN0+45qwdjb/1yzv3e2TKxGe/cN5hy098Y79DL2886+37/2T++Ieu7nvrjxfc+aOC+X9DafP/uAcrcyg42duxNl7//8r+IXReWr8+CSyLwz27fwj7daZaYonkgvqjY4nmJLAs7jAZHEu0tuRX1TsGVqQCb9ZlAmtTgXUxkNlLcWfI7Mq5ri6EEZ2pcfklZsQS9anAt2OgIRVoioHmVKBfDIxKBf61XybQkgo8FQNhav62ur9fZlsBAABsi8w8qzL/bkjP81Z0m6Gsuwx9ustQ3l2G6u3tZLx/X8xQmTp5pSwnU2W61ppULQUZ4sXwt3/jZQ//P5ufM12woOl4/kH2fIOy/AwPnvL1e69eOGVw+W8+Xres9f0HJq28bc4xq859+K+enLz/4rtv2Ldg/t9c2vy/T/5t0vq6OP/fev2/JPBE7N718dTxhhjYcGx+ILNjYF2c7F6draolUyIzab86lhgVAw2pwIwYGJUKtI7LBBYN7HwqsoHMTDvb+JXZxqdmSuQEwjacAwUAAAClufGTw3EiGn/DE+f//778uaMfr1h89z++NuHu++a+fe99P7/33tvuG3PH5m8+f+Ul7138ccH8f1Rp8//YXt/cxq6Kvfl9vxBWlW3tTTYwpDYJxP0YtfHn8YNqQ9gjZwdHtkRbn6REVarh8HhN8gv1qnRVP6lJ1hiI98f/+tE18zsSN9SEcGDO3pdsG/9cnbRRkw40ViWBPunA9IokEPf8ZAOry5MA7LDsXsH4gsqc6pJV33W5Iq+/z8s1QdPDK9gH2kW+rn5ztatUpx/I7FPN2ranraA6domCt8da77ae+G6r927L/SKV+YayZWuoOpRPbpsycXb7rPhI7i9ZC+y053lL3rpBub9SLSW9na/D3Ltzt6W326o63YHm1MdHc9flun4dlsXqnrhg0F0LG8fudcsjG6e8UfXcwpK7UUT8ofCzVQPqczfvrlYdMq+5Hvd50uLzpCf+G2jwtIUQNl524vWjqmZcuWrMYUd95fXTT62e9f78v37g5Qff2/9vV04a/o0BBfP/ltLm/xWp207/HjfmRf1DODhn466Pm/+E/snnYE4g+ZTcszCQHHJ/ra7oJycAAADsbNndHdn9BVMzt8kJ4el5cmH+lm3MH/dXjOoyf6n9/sngU7/ywMB7xl932tE3//3vxvXbNOGlpceubD26cdkxv/hPZ9XML5j/t37y/L93qpuO/zv+zy7i+H+Xdvdd0b3TD8zdoV3RBdWxSzj+36Xd/d3m+H+XdsPj//k+peP/uRz/d/y/W47/d2l3f9oKviXN8KUrhDB87JlDau8e8uQHg9b89smnp/7TvNaJ937r6lv32fLd+iUL6/fqWzD/z2y2zJS+6Pzf+n9dL9qXXf+vtdj6fzOKrf831/p/AADALlVkobn0PK9g9b6CDOnV+woydLtAYEV3Gaz/t83r/z1+9FETVoxZ8tu1+4496PK+8+ad9sWnbn6pZdYHNbd/+MHAXx08umD+P7e0+X98OfTNbb2nrP/XMK5IVdfGwIyB+YFtXhgQAAAAdoViOwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4bO194/UTjm2uPvl3J1xWM+aHD68/qPraV0+7bPnE2yZ/9Y4LBs9euXRp5R9e2HTylO/d+LXGjasmvhjC1M5yZUnxsjOWrPzR6gu/9Z2HTr/5nvf2mbOsOlNvZeZ2n7zcsdWP6kJYlPNIbUy8U9dxZ2tg/Jh75lR0JNbXhXBAbmDaFdP26EgsqQvhoNzAmjMGD+xIXJEu8fCrx7/ekTgrHThpyIAPOhJHZQJl6e7+Tb+ku2Xp7s7vF0L/nEC2u+f1y68q28aJmUB5uo2/q03aiIHaWPSm2qSNGGiPJab2DmFoRQi90lX9ojqpqle6qv9dnVTVK13V5dUhjAwhVKSr+m1VUlVFeuTPViVVxcDe+9+5qbEjsbgqhKG5gRcnLB7RkZiZCmQbP7UqhH07XjLpxu+vTBqvTDd+Y2UIXw0hVKVLbK5ISlSlS2ysCGHPnMDWjVgRwpzA50P89Jmc++BFcy6ZNrG9vW3mLkxUZdqqCVOmtrc1TZrePrk61adiynLSW+Zt/9hf2XTppI7bu0c39S8lXZEpV9nR5Y+3JDJ32w7b3Xsf+9Unt5Ktz0dB/TF/Vegbes++qG1m08UTZ82aOSz5W2r24cnfXplosq2G9ZRt1ZhbydBZ588YetGcS4ZMPX/iOW3ntF1wxIgjjjxy+OGHjxjaMajm5O/OGOniT3+kX67IqeTTeP9LSEj0tER53qdb8+7+OV7wRX9rRytDdecHdMG0IjdLWecod8agj9vOEW/P15RuRzSsYOJQkGV491kOK5hMbM1Sk2Tp/FpXMDnMram8c5PG++WhqalXse1Qn383d/O+vQOb96XMpis1DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPx/duBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFHTgWAAAAABDmbx1GzwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMClAAAA//9WSSRs")
openat$fb1(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
r3 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_CON2FBMAP(r3, 0x4610, &(0x7f00000000c0)={0x1}) (async)
ioctl$FBIOPUT_CON2FBMAP(r3, 0x4610, &(0x7f00000000c0)={0x1})
[ 78.509259][ T5296] Bluetooth: hci0: command tx timeout
[ 78.513319][ T1312] ieee802154 phy0 wpan0: encryption failed: -22
[ 78.516064][ T1312] ieee802154 phy1 wpan1: encryption failed: -22
[ 78.917364][ T5317] loop0: detected capacity change from 0 to 32768
[ 78.932668][ T5317] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.0 (5317)
[ 78.947077][ T5317] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[ 78.951424][ T5317] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[ 79.124033][ T1046] BTRFS warning (device loop0): checksum verify failed on logical 5337088 mirror 1 wanted 0x324c5e2d0cac2dc8f61cbfdfc8cd69d9816061b1498b9e1bff7d10a59610160b found 0xf8bb6bdef03b64ff3b11a2a87ba7a2aeacfdb41cc49a87adad5cc1644d216b29 level 0
[ 79.146628][ T5317] BTRFS error (device loop0): failed to load root extent
[ 79.157924][ T5317] BTRFS error (device loop0): open_ctree failed: -5
[ 79.199356][ T5317] ==================================================================
[ 79.199369][ T5317] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0xfe2/0x1e50
[ 79.199488][ T5317] Write of size 8 at addr ffffc90001de1000 by task syz.0.0/5317
[ 79.199497][ T5317]
[ 79.199504][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 79.199515][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 79.199521][ T5317] Call Trace:
[ 79.199527][ T5317]
[ 79.199532][ T5317] dump_stack_lvl+0x189/0x250
[ 79.199545][ T5317] ? __pfx_dump_stack_lvl+0x10/0x10
[ 79.199555][ T5317] ? __pfx__printk+0x10/0x10
[ 79.199565][ T5317] ? _raw_spin_lock_irqsave+0xb3/0xf0
[ 79.199603][ T5317] ? __virt_addr_valid+0xdc/0x5c0
[ 79.199617][ T5317] ? __virt_addr_valid+0xdc/0x5c0
[ 79.199629][ T5317] print_report+0xca/0x240
[ 79.199640][ T5317] ? sys_imageblit+0xfe2/0x1e50
[ 79.199652][ T5317] kasan_report+0x118/0x150
[ 79.199666][ T5317] ? sys_imageblit+0xfe2/0x1e50
[ 79.199681][ T5317] sys_imageblit+0xfe2/0x1e50
[ 79.199693][ T5317] ? lockdep_hardirqs_on+0x9c/0x150
[ 79.199707][ T5317] ? __pfx_queue_work_on+0x10/0x10
[ 79.199718][ T5317] ? fb_pad_unaligned_buffer+0x4be/0x500
[ 79.199731][ T5317] drm_fbdev_shmem_defio_imageblit+0x2c/0x110
[ 79.199744][ T5317] bit_putcs+0x1760/0x1a50
[ 79.199762][ T5317] ? __pfx_get_page_from_freelist+0x10/0x10
[ 79.199776][ T5317] ? __pfx_bit_putcs+0x10/0x10
[ 79.199789][ T5317] ? __lock_acquire+0xab9/0xd20
[ 79.199798][ T5317] ? fb_get_color_depth+0x162/0x280
[ 79.199810][ T5317] fbcon_putcs+0x3a6/0x580
[ 79.199821][ T5317] ? __pfx_bit_putcs+0x10/0x10
[ 79.199832][ T5317] do_update_region+0x388/0x440
[ 79.199847][ T5317] invert_screen+0x860/0x9f0
[ 79.199858][ T5317] ? __pfx_complement_pos+0x10/0x10
[ 79.199870][ T5317] ? rcu_is_watching+0x15/0xb0
[ 79.199881][ T5317] ? __pfx_invert_screen+0x10/0x10
[ 79.199891][ T5317] ? rcu_is_watching+0x15/0xb0
[ 79.199901][ T5317] ? trace_kmalloc+0x1f/0xd0
[ 79.199911][ T5317] ? __kmalloc_noprof+0x432/0x7f0
[ 79.199921][ T5317] ? vc_do_resize+0x326/0x1770
[ 79.199933][ T5317] ? __pfx_fb_set_var+0x10/0x10
[ 79.199944][ T5317] clear_selection+0x59/0x80
[ 79.199957][ T5317] vc_do_resize+0x471/0x1770
[ 79.199975][ T5317] ? __pfx_vc_do_resize+0x10/0x10
[ 79.199987][ T5317] ? fb_match_mode+0x5f9/0x730
[ 79.200000][ T5317] ? fb_get_color_depth+0x162/0x280
[ 79.200011][ T5317] fbcon_set_disp+0x9ec/0xf90
[ 79.200022][ T5317] set_con2fb_map+0xb43/0x13c0
[ 79.200033][ T5317] fbcon_set_con2fb_map_ioctl+0x18a/0x1f0
[ 79.200043][ T5317] ? __pfx_fbcon_set_con2fb_map_ioctl+0x10/0x10
[ 79.200056][ T5317] do_fb_ioctl+0x3df/0x750
[ 79.200069][ T5317] ? __pfx_do_fb_ioctl+0x10/0x10
[ 79.200093][ T5317] ? __fget_files+0x2a/0x420
[ 79.200107][ T5317] ? __fget_files+0x3a0/0x420
[ 79.200119][ T5317] ? __fget_files+0x2a/0x420
[ 79.200131][ T5317] ? bpf_lsm_file_ioctl+0x9/0x20
[ 79.200140][ T5317] ? __pfx_fb_ioctl+0x10/0x10
[ 79.200153][ T5317] __se_sys_ioctl+0xfc/0x170
[ 79.200163][ T5317] do_syscall_64+0xfa/0xfa0
[ 79.200174][ T5317] ? lockdep_hardirqs_on+0x9c/0x150
[ 79.200184][ T5317] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 79.200198][ T5317] ? clear_bhb_loop+0x60/0xb0
[ 79.200209][ T5317] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 79.200219][ T5317] RIP: 0033:0x7f9a7e78eec9
[ 79.200230][ T5317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 79.200238][ T5317] RSP: 002b:00007f9a7f6ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 79.200250][ T5317] RAX: ffffffffffffffda RBX: 00007f9a7e9e5fa0 RCX: 00007f9a7e78eec9
[ 79.200257][ T5317] RDX: 00002000000000c0 RSI: 0000000000004610 RDI: 0000000000000008
[ 79.200264][ T5317] RBP: 00007f9a7e811f91 R08: 0000000000000000 R09: 0000000000000000
[ 79.200270][ T5317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 79.200275][ T5317] R13: 00007f9a7e9e6038 R14: 00007f9a7e9e5fa0 R15: 00007ffd30dc02f8
[ 79.200287][ T5317]
[ 79.200290][ T5317]
[ 79.200294][ T5317] The buggy address belongs to a 0-page vmalloc region starting at 0xffffc90001ae1000 allocated at drm_gem_shmem_vmap_locked+0x556/0x790
[ 79.200315][ T5317] Memory state around the buggy address:
[ 79.200322][ T5317] ffffc90001de0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 79.200328][ T5317] ffffc90001de0f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 79.200336][ T5317] >ffffc90001de1000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 79.200340][ T5317] ^
[ 79.200346][ T5317] ffffc90001de1080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 79.200353][ T5317] ffffc90001de1100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 79.200358][ T5317] ==================================================================
[ 79.200365][ T5317] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 79.200372][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 79.200383][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 79.200389][ T5317] Call Trace:
[ 79.200393][ T5317]
[ 79.200397][ T5317] dump_stack_lvl+0x99/0x250
[ 79.200407][ T5317] ? __asan_memcpy+0x40/0x70
[ 79.200418][ T5317] ? __pfx_dump_stack_lvl+0x10/0x10
[ 79.200428][ T5317] ? __pfx__printk+0x10/0x10
[ 79.200439][ T5317] vpanic+0x237/0x6d0
[ 79.200452][ T5317] ? __pfx_vpanic+0x10/0x10
[ 79.200466][ T5317] panic+0xb9/0xc0
[ 79.200479][ T5317] ? __pfx_panic+0x10/0x10
[ 79.200492][ T5317] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 79.200502][ T5317] ? lockdep_hardirqs_on+0x9c/0x150
[ 79.200514][ T5317] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 79.200524][ T5317] ? sys_imageblit+0xfe2/0x1e50
[ 79.200537][ T5317] check_panic_on_warn+0x89/0xb0
[ 79.200551][ T5317] ? sys_imageblit+0xfe2/0x1e50
[ 79.200564][ T5317] end_report+0x78/0x160
[ 79.200577][ T5317] kasan_report+0x129/0x150
[ 79.200590][ T5317] ? sys_imageblit+0xfe2/0x1e50
[ 79.200606][ T5317] sys_imageblit+0xfe2/0x1e50
[ 79.200619][ T5317] ? lockdep_hardirqs_on+0x9c/0x150
[ 79.200631][ T5317] ? __pfx_queue_work_on+0x10/0x10
[ 79.200642][ T5317] ? fb_pad_unaligned_buffer+0x4be/0x500
[ 79.200654][ T5317] drm_fbdev_shmem_defio_imageblit+0x2c/0x110
[ 79.200667][ T5317] bit_putcs+0x1760/0x1a50
[ 79.200686][ T5317] ? __pfx_get_page_from_freelist+0x10/0x10
[ 79.200700][ T5317] ? __pfx_bit_putcs+0x10/0x10
[ 79.200714][ T5317] ? __lock_acquire+0xab9/0xd20
[ 79.200723][ T5317] ? fb_get_color_depth+0x162/0x280
[ 79.200735][ T5317] fbcon_putcs+0x3a6/0x580
[ 79.200746][ T5317] ? __pfx_bit_putcs+0x10/0x10
[ 79.200758][ T5317] do_update_region+0x388/0x440
[ 79.200772][ T5317] invert_screen+0x860/0x9f0
[ 79.200784][ T5317] ? __pfx_complement_pos+0x10/0x10
[ 79.200795][ T5317] ? rcu_is_watching+0x15/0xb0
[ 79.200806][ T5317] ? __pfx_invert_screen+0x10/0x10
[ 79.200818][ T5317] ? rcu_is_watching+0x15/0xb0
[ 79.200828][ T5317] ? trace_kmalloc+0x1f/0xd0
[ 79.200838][ T5317] ? __kmalloc_noprof+0x432/0x7f0
[ 79.200848][ T5317] ? vc_do_resize+0x326/0x1770
[ 79.200859][ T5317] ? __pfx_fb_set_var+0x10/0x10
[ 79.200869][ T5317] clear_selection+0x59/0x80
[ 79.200882][ T5317] vc_do_resize+0x471/0x1770
[ 79.200901][ T5317] ? __pfx_vc_do_resize+0x10/0x10
[ 79.200914][ T5317] ? fb_match_mode+0x5f9/0x730
[ 79.200924][ T5317] ? fb_get_color_depth+0x162/0x280
[ 79.200932][ T5317] fbcon_set_disp+0x9ec/0xf90
[ 79.200939][ T5317] set_con2fb_map+0xb43/0x13c0
[ 79.200947][ T5317] fbcon_set_con2fb_map_ioctl+0x18a/0x1f0
[ 79.200954][ T5317] ? __pfx_fbcon_set_con2fb_map_ioctl+0x10/0x10
[ 79.200966][ T5317] do_fb_ioctl+0x3df/0x750
[ 79.200980][ T5317] ? __pfx_do_fb_ioctl+0x10/0x10
[ 79.201002][ T5317] ? __fget_files+0x2a/0x420
[ 79.201016][ T5317] ? __fget_files+0x3a0/0x420
[ 79.201028][ T5317] ? __fget_files+0x2a/0x420
[ 79.201041][ T5317] ? bpf_lsm_file_ioctl+0x9/0x20
[ 79.201050][ T5317] ? __pfx_fb_ioctl+0x10/0x10
[ 79.201063][ T5317] __se_sys_ioctl+0xfc/0x170
[ 79.201073][ T5317] do_syscall_64+0xfa/0xfa0
[ 79.201094][ T5317] ? lockdep_hardirqs_on+0x9c/0x150
[ 79.201104][ T5317] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 79.201114][ T5317] ? clear_bhb_loop+0x60/0xb0
[ 79.201124][ T5317] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 79.201134][ T5317] RIP: 0033:0x7f9a7e78eec9
[ 79.201142][ T5317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 79.201150][ T5317] RSP: 002b:00007f9a7f6ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 79.201160][ T5317] RAX: ffffffffffffffda RBX: 00007f9a7e9e5fa0 RCX: 00007f9a7e78eec9
[ 79.201167][ T5317] RDX: 00002000000000c0 RSI: 0000000000004610 RDI: 0000000000000008
[ 79.201174][ T5317] RBP: 00007f9a7e811f91 R08: 0000000000000000 R09: 0000000000000000
[ 79.201179][ T5317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 79.201185][ T5317] R13: 00007f9a7e9e6038 R14: 00007f9a7e9e5fa0 R15: 00007ffd30dc02f8
[ 79.201197][ T5317]
[ 79.201523][ T5317] Kernel Offset: disabled