program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_OPER(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x30, r7, 0xfd39e943ccf1163b, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x4}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000010}, 0x50) r9 = socket$inet6(0xa, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r9, 0x1, 0x50, &(0x7f0000000000)={0x0, 0x0}, 0x10) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0xffff}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0x4}}}, @IFLA_IFNAME={0x14, 0x3, 'xfrm0\x00'}]}, 0x48}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000040)={&(0x7f0000000940)={0x1ec, r7, 0x10, 0x70bd2c, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x101, 0x17}}}}, [@NL80211_ATTR_IE={0x18, 0x2a, [@ibss={0x6, 0x2, 0x8}, @gcr_ga={0xbd, 0x6, @device_b}, @cf={0x4, 0x6, {0x4, 0x6, 0x0, 0x5c}}]}, @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0x40, 0x2, 0x5, 0x0, {0x6, 0x3, 0x0, 0x3fe, 0x0, 0x1, 0x0, 0x1}, 0x400, 0x6, 0x80}}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@device_b}, @NL80211_ATTR_KEYS={0x174, 0x51, 0x0, 0x1, [{0x44, 0x0, 0x0, 0x1, [@NL80211_KEY_DEFAULT_MGMT={0x4}, @NL80211_KEY_IDX={0x5, 0x2, 0x4}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}, @NL80211_KEY_DEFAULT={0x4}, @NL80211_KEY_TYPE={0x8}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "c211410af5135312d64ae7f14b"}, @NL80211_KEY_DEFAULT_MGMT={0x4}]}, {0x8, 0x0, 0x0, 0x1, [@NL80211_KEY_DEFAULT_MGMT={0x4}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_KEY_MODE={0x5}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_KEY_CIPHER={0x8, 0x3, 0xfac01}, @NL80211_KEY_SEQ={0xb, 0x4, "bd8854ec34ec71"}, @NL80211_KEY_DEFAULT_MGMT={0x4}, @NL80211_KEY_IDX={0x5, 0x2, 0x1}]}, {0x40, 0x0, 0x0, 0x1, [@NL80211_KEY_DATA_WEP40={0x9, 0x1, "0c824673c6"}, @NL80211_KEY_DEFAULT_TYPES={0x20, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_KEY_DEFAULT={0x4}, @NL80211_KEY_SEQ={0xc, 0x4, "031aaa57dcfe9cbf"}]}, {0x30, 0x0, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "227d5194fd1d985c9879f50688"}, @NL80211_KEY_DEFAULT_TYPES={0x10, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_KEY_IDX={0x5}]}, {0x84, 0x0, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0x5}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "a45fdf0298"}, @NL80211_KEY_DEFAULT={0x4}, @NL80211_KEY_DEFAULT={0x4}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}, @NL80211_KEY_DEFAULT_TYPES={0x2c, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_KEY_TYPE={0x8, 0x7, 0x2}, @NL80211_KEY_DEFAULT_TYPES={0x20, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_KEY_MODE={0x5}]}]}, @NL80211_ATTR_MAC_HINT={0xa}, @NL80211_ATTR_AUTH_TYPE={0x8}]}, 0x1ec}, 0x1, 0x0, 0x0, 0x800}, 0x4) socketpair(0x11, 0x9, 0x80, &(0x7f0000005b40)) syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000080)='./bus\x00', 0x818041, &(0x7f0000000100)=ANY=[@ANYBLOB="7265636fb870c0352cfbd95bb6c1c13e16624047766572795f706173735f6c6173743d636865636b5f62747265655f6261636b706f696e746572732c6a6f75726eff6c5f666c7573685f64697361626c65642c6572726f72733d636f6e74696e75652c696e6c696e655f646174612c7374725f686173683d736970686173682c6e6f6368616e6765732c0f4de126d9da18ba52beb40f9e6e2e936e6f636f772c"], 0x1, 0x5962, &(0x7f00000001c0)="$eJzs3X+QXFW9IPBzu3synZn8mAR4RJDJEMh7PHiaCb8K5dUz7+17+gqQioWlhI3CQCYYTUIqCUICSnDBhQIstLQU9Q+0kFo0WlTBKpES+bEJqyjF6lJbSK3uolvlFrKkBLKU5TpbM31Pp+dO37k93T0hgc+nkrl9Tp/+nnPPPX37ntM90wEAAIC3hH03bztw4XH/8tPPjL52w7/+cNONob88kV+NBQbS7bVvVAs5lHorSya22XHxN9d9+3dDV/zTT+7v+9bre9eduP5X/3zUFQ9//Lw9d33tsVfnP/iXF4rixvF06sF08lISQvVH+7/02b1PHTuel4QQysnArhAWJYsfW5RkQgz/KYSwLk0sydz5wGtnrB/f3nhb76T8hZlyxvtbWzUdZzsPXHNa+PU/rrnp50u/992e3S/uOlgkqTaMpxAWXNb4+J4Qwtz0/7g42uJ4jIN2dQihr+Fx5xS066QW278iJ318up2TbvsL4sT7l2XSpUy5bDrqyWz7CurrVF472i1XZF4mnT0ZdSqvnTF/Ubr9Qbo9dYbxy/F/EkpJqNSbvzE5OEZCw3FLQjJxLKv1dKl+bEO6/5l0kkmXMulyT2a/JupNB1o5SSbnx3KZ/Hg6rqT5Jzaeq5u4KCf/bem2mj5RX4/pkL1R0z/lRn2/JsR27Z+mLYdCqeEc1Cy/Ps7Sg9Gf7kN/snjKY8aaiPftXXP78vLax/cN5LQjuT9J4ydtxd/5s0XzPvqdW6/Ovq7X419WSuOX2or/m/OffvmSW7/51dz4d8b45bbin/5I30vnP3Hzsrz+icOrP1Taij/ywpN3LD368t257b879n+1rfir9jzdO//AI4/mHt/h2D9z24r//Lnv/e19zz70Ym78EOP3tRV/7Z4tn+sdPHBKbvxHY//0tzd+Xtl99nODg78fyov/TIw/v6349+666933LLztvNzjuzr2z0Bb8S84+eGb5h146IS8c2dyd7deOQHemo5Kr7FuSdPTzTN7p5lndqphvvCVoUrtmm9e+n9+NyvKXHyO17Ogm/EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwzGn/+X3/80MDL1XSdG964/lSbRvz54SQzA0hbNs+snX7hs1XDn38qqu3bh7ZODSyfWh08/atO4bO/LuhraNbNo7sGL93+B1n1B63OCS1bXLClLp7x8bGSgOT82J9/+bk3b9efs7//kMIw8f8crCS2/4Vd2265+gmPzOSVWPv2XT1hb886xvpfg2k7Rpo0q6xsbGxkNOu/3Pxn+/5wv7fnRLC8F9N164nn/+HH09q0ETGwTipUm+oNag36Wvajnqr0/bE/qqs37BxdHj6/h1/fDlnP/7tdS/+af21n/9zrX+rufvRYv/OXTW2sfTlNRf8vy9fX8soald9PzLtmu3jXtTfcS9i+2L/VdP+XpDu14Kc/ark9PfNP3/02R8dd+uru8Jw5ZWlU+su2q+edAD0JG9rqd5YQ1+yaFJ+NS0fj3h83Irtm7as2LZj5zs2bBq5cvTK0c3vWnnmyrOHzzr7rBUTe76iy/sf6//rFve/1fGUrXdm42nhJ3f9IP5sbTwVtauoP8bbVdwfjS3Ke/71XfTZL77rricurGUUjfNYuv48TLd948d5ZWgYb1P7qtl+FfVDCGGoWT+8/Op54dj/tuGmovNQ45Fp/JmRrBp7atkfv3HO15f8fS3jkJznGxvU5nm+3uqD7Znor2p6PMYO0/7tDeV0v/qbtmvlU0/03L7vD5+qt2/OnHDtyPbtW1fWfs5LWzovOb5pu7K5cb+WTvwsh7RbQn2YNhmv43pCrX3Z82csnu3V/vS+/mRx0/3KivftXXP78vLax/fl9XRyf63GuWF+bZu8PafkxswDy/UGN6v/cH3+FY2Pwfd9/cEPPfj9M6eMj9NrP4v2K8nZr+89e+8Xv/X5f//97u3X+/7h6YE//vePLa9lHCnnlXqr0/YkjeeV00Moev4tDc33I/f5V2q+P0XPv2w9B8s3jzeUSfeHcvHztRqmPF9Pf6TvpfOfuHlZ7vN1f6vP1+snpcoFz9fDZfxkn19JZXI7Zu/5NWmgJKvGfnLLUbseu2H1cbWMonFdL91sXJ/RwvwjZ79+fMlzg1cN/bv/2r3zxrf/7oFLfzWy6tO1jPaPe2xLd457Ne3fak7/1lsd552N/fvOK67auK6Wf/he/6bbgvlPPJVs27HzEyMbN45u3dbafrX6ehrryfZyu6+n8ey2uGC/SlP2a/ZutNJfrT7fYvvXtd1fk59v/SFp6zpu588Wzfvod269emDKo9KKLiul8Uttxf/N+U+/fMmt3/xqbvw7Y/xKW/FHXnjyjqVHX747N/7dSRq/2lb8VXue7p1/4JFHc+MPx/bPbSv+8+e+97f3PfvQi7nxQ4zf317/v7L77OcGB3+fG/+ZJK1n/BophAdeO2N9LZ2EnvT5FtvRM6ldIZtOMulSJl1uTJdqa631CspJMjk/lkvzT2xoSzMfzsmPV2HVJbXt6zEdsjemzz/clBrO/c3yi65TAQDe7OL7//EaNL7/P5peKOWvNMBBnc7DluTEjfOwg+s5cybdvySNHx8f1wEH3xmGx7c3DtUu9Gf6PkJ8PmTXOWM9p5w0OUa765xF6+/LMunYrtp6eaVhHpqaOq+phBbW36fWM/36e2b3i9fHh26Z0qyhhnWr7PHrSVfMmn3eIdPeyniEvPGRXReLn+cYXBBWT9TX4vjIfo4mHofs52hiPcdlTpztfo6m0/ERmz3N+JhocvH7G1OPX5imfw8ev+bRssdvBse7Ol5+tt+f7cK6YdNT2qFbN2zh/bAm8Vt9P6y+Lrlqapnp4r9V1iUP93XDmB/3o9LieuKHcvJbWU9sXJfLW0+Mp4vYrv3TtOVQsJ4IvFnF+X98jRif/49fgP/fTLmi69DsVWOMl/s5oXLz9hTNO6Z+Tq+vrdfxtXu2fK538MApudc5j7b6uZ8tk1J9BZ/7KerH5Zl0YT/mLNAUzfey9RT1e/ZzGf1hflv9fu+uu959z8Lbzsvt99W1F9Lifv/ipNT8gn4/AuYLzeO/2eYLPscwOX6XPsdQtH72hs1H0g8+zdZ85IM5+TP9fEPflBv1/ZpwxM1Heg5tuwCAI0ec/9ffP0vn//8jFkivI4rmradm0jFe7rw15/okb976/nR7baZ8f/obFTO9br7g5IdvmnfgoRNy5y13tzoP/Q+TUgOF89DO5s2584jV3fm8eO48oj7P6myemNv++jyxs3l6bvz6PL2zeXRu/9Tn0Z2tA+TGr68DHOnz3IL1ukxlMdnqet2bdh6d/vrsbM2jL8rJn+k8un/Kjfp+TTCPBgB4Y8X5f7yMi/P/JzLlOn2fPXde0KXr9uzfA6nHf+ZQzStne9432/PW2Z7Xz/a6xJE+L57tdaHZXSd7y8+L00rNiwEAOJzF+f/cNJ0//+9sftJs/tYzaX5ift40vvn5YTI/P9LXv8z/vS9ezPwfAODNLc7/4689xr//95/SdPbv1pun58Q3TzdPn278tDxP7/46W/A5gDd2HWDuwfKdrQN84ZD9lSnrAAAAby49EzOlqb9n/5F0m/09+7zfy78kp3yrKunl8eXbt46OXnr1lnUj20cv3XzVutFtl16zdcP27aOba+U6nTfmzlvSeWNPqKT90bxcdt62MP17CAtz/h5CtnwMe/zEjal/DyFb7dyCvyNw8Pi11t6841eapnyz8ZF3vPPifzinfFQ//ld87PRL12+7dMPmDds3jGzcsHN0crnxWWvfDL43M3bLjL4vNfNjitLMv7+zO+0oTWlHT9ofed/PnmTasShtyaK87z/IafdP/8sXPnny2J/vC2H4mPLbO+q/ZNXYf7x49P3b9/1yy3j7507b/nrJtF1F31eaLR/3p7Lxqm3bT1t/1dWbs98o2Z64nlGqp2dpPSN9+pdbXJ9Ym5M/088plKfcODy1vD4BAMAk8f3/eD0b3z/8fHoBFfNbn6d39v5x7jx9uLV5evZ7yYrm6dnycX9bnadXO5ynZ+svmqc3K99snp43786L/8Gc8jPV+jjp7HMeuePkstbGSfb7DIrGSbb8TMdJ0uE4ydZfNE6alW82TvKOe178D+SUz9P6eOjsczm54+HO1sbD32bSReMhW36m46HU4XjI1l80HpqVbzYe8o5vXvwLc8q3avL4GB8YE+Ni9NJrrtr6iYZys/39F523b3a//6Ndrbd/dj/3Nfvtn93Plc1++zv7XFlu+5/pbCWs9fbP7ve7tOuQrdemHzYr+vxZ0Trumpz8ma7jzply4/BkHRfeOHH+H9/uifP/29Jtt98GOvK/J833mDWN36XvMSu6jvF6Pk1lhwGv5wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACt6a0smdjuu3nbgQuP+5effmb0tRv+9Yebbvyb6779u6Er/ukn9/d96/W9605c/6t/PuqKhz9+3p67vvbYq/Mf/MsLhYEHJn5WTk2T1RCSl5IQqj/a/6XP7n3q2PG8JIRQTgZ2hbAoWfzYoiQTYfhPIYR19XZOvvOB185YP7698bbeSfkLM0Gy+xX6y7E9je0M4drCPeIIVE3H2c4D15wWfv2Pa276+dLvfbdn94u7DhZJqg3jKYQFlzU+vieEMDf9Py6OtiXxwel2dQihr+Fx5xS066QW278iJ318up2TbvsL4sT7l2XSpUy5bDrqyWz7CurrVF472i1XZF4mnT0ZdSqvnTF/Ubr9Qbo9dYbxy/F/EkpJqNSbvzE5OEZCw3FLQjJxLKv1dKl+bEO6/5l0kkmXMulyT2a/JupNB1o5SSbnx3KZ/Hg6rqT5Jzaeq5u4KCf/bem2mj5RX4/pkL1R0z/lRn2/JsR27Z+mLYdCqeEc1Cy/fuDTg9Gf5vUni6c8ZqyJeN/eNbcvL699fN9ATjuS+5M0ftJW/J0/WzTvo9+59eolefEvK6XxS23F/835T798ya3f/Gpu/Dtj/HJb8U9/pO+l85+4eVlu/+yP/VNpK/7IC0/esfToy3fntv/uifj1UTzT+Kv2PN07/8Ajj+a2fzj2z9y22v/8ue/97X3PPvRibvwQ4/e1FX/tni2f6x08cEpu/Edj//e3N35e2X32c4ODvx/Ki/9MjD+/rfj37rrr3fcsvO283OO7OvbPQFvxLzj54ZvmHXjohLxzZ3J3t145Ad6ajkqvsW5J0+3OMzvVMF/4ylClds03L/0/v5sVZYzXs2AW4wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Ob0i+vP/MjF7/nAmkoSQpJTZqyJeF95zqpVQ23UO/LCk3csPfry3Y15S9qIAwAAABSL8/BSPacaloRrkrnh+Kbl4xrB8TGVTM7PriHEONk1gnbjlJrGqc44TrlL7al0KU5Pl+LM6VKc3i7FqRbEqYbW4sydJk5lfFS02J6+advTepz+LsWZ16U487sUZ0GX4izsUpyBaeO0Pg4XdSnO4i7FOapLcY7uUpxjuhTnr7oU59guxcmuKc90HM5PSx6XF2fiRrkwTiUp1+9otp5+bFrPCR3W019Qz/yi1+MW65nbYj0nZR5XmmE91Rbr+esO60larOdvO6ynVFBPHLfXZtsX64mpFsf/ji7F2dlZnP8Vr7eu61J7ru9SnE91Kc6nuxTnhg7jALQqzv8PzvcGQm/l70NfesbJrgLE+e7SiZ9TX+/yTkgx3tsz+XOK4mUn6pl4S2favuwCQibeskx+z6R4lfp8ZJp41cZ4yzN3Fu5vdkEh075TM/m9RfGyCwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMIt+cf2ZH7n4PR9YE5Iw/q+psSbifeU5q1YNtVHv3jW3Ly+vfXxfY15vpY1AAAAAQKE4D++p51RDb2Vl6E3mTCpXTdcBqmm6PFDbDi4Iq8e3yVBpIt2XLJr2cZX0cSu2b9qyYtuOne/YsGnkytErRze/a+WZK88ePuvss1as37BxdLj2M4TegnghhInlh207dn5iZOPG0a3bapnZ9i9JH7ckTSfp4wbfGYbHtzem7V9cUF9pSn07nju3dtfBnC7dKDh0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/2bW7EDmv+g/g55mZnZlum3/2T9+modkMeSlRiyZxK6mW7gOChTYJWQoyW11LsAkWN01okxLr2AZsa4IitARCJBdGYrG1eNMXW8S+EIjUaMCNQdqivdALpdVKWnIhKSPZnTM7M5nJbMfapPHzuXiemXN+5/zmzMXC99kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+NBNVUcmKqNj44NJCEmXmloHcS6bT9NyH32//PzW7xeGTy5vHivk+tgIAAAA6Cnm8IHGSDEUctmQDVdNv1t8+pKvT4TZ3A8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzvmaqOTFRGx8YvTkJIutTUOohz2Xyalvvo+8Y7T37m1eHhvzaPlfrYBwAAAOgt5vBMY6QYSmFJGEiuaqmLzwYWtK1vr4v7LJxjXfuzg251S+ZYd80c6z7Wo25d/b4jAAAAwEdfzP+5xshQKOTmdc3/vXJ9rFvUVpet3/v5rQAAAADwn4n5v9AYKYVCrtTI63PN+4vb6uL6Xv+3j+uXdVnf6//5a+t3/6cHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+OqerIRGV0bDybhJB0qal1EOey+TQt99F31QuDf7/l0EOLQ212rJDrYyMAAACgp5jDZ6N3MRRyg2EgXDyd+4dv2v/0F59+diSEMBPz8/mwY8O2bXevmrnGupVHDg187/Bb32psE+tWzlzPyeEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAP1FR1ZKIyOjZ+URJC0qWm1kGcy+bTtNxH39c/94U/P378uTebx0p97AMAAAD0FnP4bPYvhlLIh3y4Yvpdc9Y/LdO2vtszAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODCcc837vv6hsnJjXd74cV/50VyfnwML97fi3P9lwkAAPigLQpJqL1PV64/158aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4H0xVRyYqo2PjxSSEpEtNrYM4l82nabmPvunzRwvzTr7wUvNYqY99AAAAgN5iDp/N/sVQCgNhIFw+/a7TM4Hp/D/0IX5IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4LwyVR2ZqIyOjc9LQki61NQ6iHPZfJqW++j72M59nz04/7s3N48Vcn1sBAAAAPQUc3i+MVIMhdzHQyFcXX8/2bogydbvnZ8LzK7b2rJscM7rqi3rsnNet6vtZLn6aWbWFeN+QzP3xrrymevKTetKodG+3LIu7GlZNa/H5wwAAABwDsX8X2iMDIVCrtCUc3/SUj8k5wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXUxVRyYqo2PjSRJC0qWm1kGcy+bTtNxH3/t+8/+XfOWnu7c3j5X62AcAAADoLebw2exfDKWwMPxfWDid+8NQa32s+0fl1MFH//mX5SGsuOLYcK592x/GF796/cYX2y8hZFqrMyHMr/dLuvT79e8evXdp7dTjIay4PHv1Gf3C2fu1bpnWnqlsXLvt8LGtPb4cAAAAuEDE/D/QGBkKhdxdXfN/TN498n/DdACff+/On19Wv9YTeduKzFC9X6ZLv88vffJPy1b/7a3T+f9s/T61b/PBy1oazoy0SdLa6Obt645ddyATTz3TP9vWP34vX/rmm//atOORUzP9i6FYH1+Q69T/zGubi9LaZGbv+Jr39lZb++e6nP+h3750/JcLdr97uv87iwYb/a85y/nP3n/w1of3XL/v0LrW/iGEcqf+b797c7jyD3c+2H7+wbaNm7/55mubJK0dWXziwOr9pRta+ydt/eP3/7Pjj+358SPfeTb2j78VWb6kU//4fKm5f6at/yu7Lt358gPrF7T2z3Q5/4u3vTq8pfzt37ef/46WXXNdv4Uzz//EtU/d/tqG9P72KQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAvLVHVkojI6Np5JQki61NQ6iHPZfJqW++j7xi1H375t949+0DxW6mMfAAAAoLeYw2ezfzGUQj7kw+B07n+msnHttsPHtoahmdmkfs9Nbrln2yc2bdl+1x3n6JMDAAAAcxXzf64xMhQKuaVhoJ7/RzdvX3fsugOZmP8zMf9vunNy44rQqHtl16U7X35g/YLGc4IQpn8WUDxd9+nZuptuPDp04o9fW9axbtVs3ZHFJw6s3l+6IdaF5rqVofF84olrn7r9tQ3p/Y3P11z3ya9umaw/noj7Dt768J7r9x1a1zhH/T5Y3zfWTWb2jq95b2811mXr92L93AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAmaaqIxOV0bHxkA0h6VJT6yDOZfNpWu6j75qlv3jwkpPPLWweK+T62AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+Dc7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2K+f0DjKPg7gz7ObvNnuJm3SvmBUTNOqKPVgURDRi4qKtCIFT5Ui1dYeREEQUerBVFqxVMWLYPVSRAU1SkHBxmJplVT8V7x4UEGhehBKMaBdigeV7D6z3Uwzrk6qKH4+MDx5npn5zm/meXY2CwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP8qA32jrfbwjvubt5xzw0eP3nXikZveuXfbRQ+/+t34pus+3Ft/6eT05hVbvrx+2ab9d6+Z2v38oZ+G3vrlaM/gh9rNqtSthRCPxxBq784889j0x2fNjsUQQjUOT4QwEpceGom5hNU/hxA2d+qcu/PNE5dvmW237RqYM74kF5K/r9CoZvW0Dc+tt1Ct5x3zD1RL62xr88FLwtfXrt/+6fI3Xu+fPDZx6pBY61pPISze2H1+fwhhUdpmZattNDs5tetCCPWu867sUdf5f7D+Swv656b2f6lt9MjJ9q/M9Su54/L9TH+urfe43kIV1VH2uF4Gc/38y2ihiurMxkdS+3ZqV/3J/Gq2xVCJoa9T/j3x1BoJXfMWQ2zNZa3Tr3TmNqT7z/Vjrl/J9av9uftqXTcttGqMc8ez43Lj2eu4L42v6PHqvbVg/OzU1tIH9WTWD/k/2hqn/dG5r5asrpnfqeXvUOl6B8033pn4NBmNNNaIS08759d5ZPum1z9xYXXDe4eHC+qIe2PKj6Xyt34yMnj7azsfGC3K31hJ+ZVS+d+sPfLDbTtfeK4w/+ksv1oq/7ID9eNr39+xsvD5zGTPp69U/h1HP3hy+f/vnJxvrlv5e7L8Wqn8a6aODAw1DxwsrH919nwWlcr/6uobv33l833HCvNDll8vlb9h6r6nBsaaFxfmH2x/FBqtFVpi/fw4ecUXY2Pfjxflf5Y9/6F58mPP/Jcndl/14pJdawrX57rs+QyXqv/mC/ZvH2zuO6/o3Rn3nKlvToD/pmXpf6zHU7/s78yF6vq98Ox4X/sbaDBtQ2fyQjmz11n8F+YDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAbO3BAAgAAACDo/+t2BAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwVAAAAP//M1IizQ==") r11 = openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x111) fdatasync(r11) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f00000008c0)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @val={0x5, 0x3, {0x7c, 0x20, 0x8}}, @val={0x25, 0x3, {0x0, 0x2, 0x4}}, @val={0x2a, 0x1, {0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x3d, 0xab, 0x5}}, @val={0x2d, 0x1a, {0x8, 0x3, 0x1, 0x0, {0x5, 0x9, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x6, 0x4, 0x5}}, @void, @val={0x71, 0x7, {0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x21}}, @val={0x76, 0x6, {0x0, 0x9, 0x3d, 0x1}}, [{0xdd, 0x6, "50713bfccf7b"}]}, 0x6c) [ 74.383289][ T5303] Bluetooth: hci0: command tx timeout [ 74.506967][ T5323] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 74.538784][ T55] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 74.543638][ T55] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 74.570223][ T1039] wlan1: authenticated [ 74.573044][ T5324] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 74.581423][ T1039] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1) [ 74.589383][ T5323] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 74.596383][ T1039] wlan1: associated [ 74.924913][ T5323] loop0: detected capacity change from 0 to 32768 [ 74.932043][ T5323] ======================================================= [ 74.932043][ T5323] WARNING: The mand mount option has been deprecated and [ 74.932043][ T5323] and is ignored by this kernel. Remove the mand [ 74.932043][ T5323] option from the mount to silence this warning. [ 74.932043][ T5323] ======================================================= [ 75.103693][ T5323] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nochanges,nojournal_transaction_names,read_only [ 75.103693][ T5323] allowing incompatible features above 0.0: (unknown version) [ 75.103693][ T5323] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 75.121227][ T5323] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 75.126684][ T5323] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=clock in superblock: bad rw, fixing [ 75.134447][ T5323] bcachefs (loop0): invalid bkey in superblock btree=xattrs level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 0 crc: c_size 1 size 1 offset 0 nonce 0 csum none 12010b:10004000b compress none [ 75.134466][ T5323] has non ptr field, deleting [ 75.156129][ T5323] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 75.159687][ T5323] bcachefs (loop0): Version upgrade required: [ 75.159687][ T5323] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 75.159687][ T5323] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 75.159687][ T5323] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 75.292050][ T5323] bcachefs (loop0): invalid bkey in btree_node btree=inodes level=0: u64s 18 type inode_v3 0:536870913:U32_MAX len 0 ver 0: (unpack error) [ 75.292078][ T5323] invalid variable length fields, deleting [ 75.315643][ T5323] bcachefs (loop0): accounting_read... done [ 75.320798][ T5323] bcachefs (loop0): alloc_read... done [ 75.326053][ T5323] bcachefs (loop0): snapshots_read... done [ 75.329792][ T5323] bcachefs (loop0): check_allocations... [ 75.332404][ T5323] bcachefs (loop0): bucket 0:26 data type btree ptr gen 0 missing in alloc btree [ 75.332426][ T5323] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing [ 75.354060][ T5323] bcachefs (loop0): bucket 0:38 data type btree ptr gen 0 missing in alloc btree [ 75.354082][ T5323] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [ 75.368125][ T5323] bcachefs (loop0): bucket 0:41 data type btree ptr gen 0 missing in alloc btree [ 75.368142][ T5323] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 75.381616][ T5323] bcachefs (loop0): bucket 0:35 data type btree ptr gen 0 missing in alloc btree [ 75.381633][ T5323] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing [ 75.396003][ T5323] bcachefs (loop0): bucket 0:29 data type btree ptr gen 0 missing in alloc btree [ 75.396021][ T5323] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 75.417343][ T5323] bcachefs (loop0): bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing [ 75.422586][ T5323] bcachefs (loop0): bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 75.429552][ T5323] bcachefs (loop0): bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing [ 75.435845][ T5323] bcachefs (loop0): bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 75.441499][ T5323] bcachefs (loop0): bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing [ 75.447443][ T5323] bcachefs (loop0): bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 75.453975][ T5323] bcachefs (loop0): bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing [ 75.458829][ T5323] bcachefs (loop0): bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 75.466068][ T5323] bcachefs (loop0): bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing [ 75.471675][ T5323] bcachefs (loop0): bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 75.478343][ T5323] bcachefs (loop0): bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing [ 75.493827][ T5323] bcachefs (loop0): bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 75.499305][ T5323] bcachefs (loop0): bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing [ 75.517002][ T5323] bcachefs (loop0): bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 75.521928][ T5323] bcachefs (loop0): bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing [ 75.528131][ T5323] bcachefs (loop0): bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 8, fixing [ 75.544387][ T5323] bcachefs (loop0): bucket 0:9 gen 0 has wrong data_type: got free, should be journal, fixing [ 75.550283][ T5323] bcachefs (loop0): bucket 0:9 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 75.560830][ T5323] bcachefs (loop0): bucket 0:10 gen 0 has wrong data_type: got free, should be journal, fixing [ 75.569022][ T5323] bcachefs (loop0): bucket 0:10 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 75.576251][ T5323] bcachefs (loop0): bucket 0:11 gen 0 has wrong data_type: got free, should be journal, fixing [ 75.576268][ T5323] Ratelimiting new instances of previous error [ 75.584867][ T5323] bcachefs (loop0): bucket 0:11 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 75.584883][ T5323] Ratelimiting new instances of previous error [ 75.605974][ T5323] done [ 75.608432][ T5323] bcachefs (loop0): going read-write [ 75.789628][ T5323] bcachefs (loop0): journal_replay... done [ 75.820555][ T5323] bcachefs (loop0): check_alloc_info... [ 75.825074][ T5323] bcachefs (loop0): bucket incorrectly unset in need_discard btree [ 75.825105][ T5323] u64s 13 type alloc_v4 0:31:0 len 0 ver 0: [ 75.825115][ T5323] gen 0 oldest_gen 0 data_type need_discard [ 75.825124][ T5323] journal_seq_nonempty 4 [ 75.825132][ T5323] journal_seq_empty 0 [ 75.825141][ T5323] need_discard 1 [ 75.825148][ T5323] need_inc_gen 1 [ 75.825153][ T5323] dirty_sectors 0 [ 75.825160][ T5323] stripe_sectors 0 [ 75.825167][ T5323] cached_sectors 0 [ 75.825175][ T5323] stripe 0 [ 75.825182][ T5323] stripe_redundancy 0 [ 75.825190][ T5323] io_time[READ] 1 [ 75.825197][ T5323] io_time[WRITE] 512 [ 75.825205][ T5323] fragmentation 0 [ 75.825213][ T5323] bp_start 8 [ 75.825220][ T5323] , fixing [ 75.886874][ T5323] done [ 75.888819][ T5323] bcachefs (loop0): check_lrus... [ 75.890629][ T5323] bcachefs (loop0): incorrect lru entry: lru fragmentation time 134217728 [ 75.890644][ T5323] u64s 5 type set 18446462598867058688:6597069766690:0 len 0 ver 0 [ 75.890652][ T5323] for u64s 5 type deleted 0:6597069766690:0 len 0 ver 0, fixing [ 75.906224][ T5323] done [ 75.907729][ T5323] bcachefs (loop0): check_btree_backpointers... done [ 75.911579][ T5323] bcachefs (loop0): check_backpointers_to_extents... done [ 75.919638][ T5323] bcachefs (loop0): check_extents_to_backpointers... [ 75.920711][ T5323] bcachefs (loop0): scanning for missing backpointers in 4/128 buckets [ 75.930912][ T5323] done [ 75.932448][ T5323] bcachefs (loop0): check_alloc_to_lru_refs... [ 75.934052][ T5323] bcachefs (loop0): missing fragmentation lru entry [ 75.934068][ T5323] u64s 12 type alloc_v4 0:34:0 len 0 ver 0: [ 75.934073][ T5323] gen 0 oldest_gen 0 data_type user [ 75.934077][ T5323] journal_seq_nonempty 5 [ 75.934081][ T5323] journal_seq_empty 134217728 [ 75.934085][ T5323] need_discard 1 [ 75.934088][ T5323] need_inc_gen 1 [ 75.934092][ T5323] dirty_sectors 16 [ 75.934095][ T5323] stripe_sectors 1802251 [ 75.934099][ T5323] cached_sectors 0 [ 75.934103][ T5323] stripe 0 [ 75.934106][ T5323] stripe_redundancy 0 [ 75.934109][ T5323] io_time[READ] 1 [ 75.934113][ T5323] io_time[WRITE] 512 [ 75.934117][ T5323] fragmentation 0 [ 75.934120][ T5323] bp_start 7 [ 75.934124][ T5323] , fixing [ 75.966171][ T1092] ------------[ cut here ]------------ [ 75.966210][ T1092] WARNING: CPU: 0 PID: 1092 at net/mac80211/mlme.c:4306 ieee80211_mgd_probe_ap_send+0x52c/0x600 [ 75.966289][ T1092] Modules linked in: [ 75.966325][ T1092] CPU: 0 UID: 0 PID: 1092 Comm: kworker/u4:9 Not tainted 6.15.0-syzkaller-13743-g8630c59e9936 #0 PREEMPT(full) [ 75.966340][ T1092] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.966350][ T1092] Workqueue: events_unbound cfg80211_wiphy_work [ 75.966368][ T1092] RIP: 0010:ieee80211_mgd_probe_ap_send+0x52c/0x600 [ 75.966383][ T1092] Code: cc f6 90 0f 0b 90 eb b5 e8 81 38 cc f6 90 0f 0b 90 e9 bd fb ff ff e8 73 38 cc f6 90 0f 0b 90 e9 37 ff ff ff e8 65 38 cc f6 90 <0f> 0b 90 e9 93 fc ff ff 48 c7 c1 30 45 a1 8f 80 e1 07 80 c1 03 38 [ 75.966394][ T1092] RSP: 0018:ffffc900027279e0 EFLAGS: 00010293 [ 75.966406][ T1092] RAX: ffffffff8af4268b RBX: 0000000000000001 RCX: ffff888032e4a440 [ 75.966415][ T1092] RDX: 0000000000000000 RSI: ffffffff8db6e382 RDI: ffff888032e4a440 [ 75.966423][ T1092] RBP: dffffc0000000000 R08: ffff888032e4a440 R09: 000000000000000c [ 75.966432][ T1092] R10: 000000000000000c R11: 0000000000000000 R12: 1ffff1100a563b8e [ 75.966440][ T1092] R13: ffff888052b1cd80 R14: ffff888052b1ea22 R15: ffff888052b1dc70 [ 75.966448][ T1092] FS: 0000000000000000(0000) GS:ffff88808d252000(0000) knlGS:0000000000000000 [ 75.966457][ T1092] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.966466][ T1092] CR2: 0000555a733c7168 CR3: 0000000042b4c000 CR4: 0000000000352ef0 [ 75.966504][ T1092] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 75.966514][ T1092] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 75.966522][ T1092] Call Trace: [ 75.966530][ T1092] [ 75.966540][ T1092] cfg80211_wiphy_work+0x2dc/0x460 [ 75.966556][ T1092] ? process_scheduled_works+0x9ef/0x17b0 [ 75.966576][ T1092] process_scheduled_works+0xae1/0x17b0 [ 75.966611][ T1092] ? __pfx_process_scheduled_works+0x10/0x10 [ 75.966641][ T1092] worker_thread+0x8a0/0xda0 [ 75.966655][ T1092] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 75.966796][ T1092] ? __kthread_parkme+0x7b/0x200 [ 75.966816][ T1092] kthread+0x70e/0x8a0 [ 75.966833][ T1092] ? __pfx_worker_thread+0x10/0x10 [ 75.966844][ T1092] ? __pfx_kthread+0x10/0x10 [ 75.966858][ T1092] ? _raw_spin_unlock_irq+0x23/0x50 [ 75.966869][ T1092] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.966880][ T1092] ? __pfx_kthread+0x10/0x10 [ 75.966889][ T1092] ret_from_fork+0x3f9/0x770 [ 75.966902][ T1092] ? __pfx_ret_from_fork+0x10/0x10 [ 75.966919][ T1092] ? __pfx_kthread+0x10/0x10 [ 75.966932][ T1092] ret_from_fork_asm+0x1a/0x30 [ 75.966954][ T1092] [ 75.966962][ T1092] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 75.966970][ T1092] CPU: 0 UID: 0 PID: 1092 Comm: kworker/u4:9 Not tainted 6.15.0-syzkaller-13743-g8630c59e9936 #0 PREEMPT(full) [ 75.966983][ T1092] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.966991][ T1092] Workqueue: events_unbound cfg80211_wiphy_work [ 75.967005][ T1092] Call Trace: [ 75.967011][ T1092] [ 75.967016][ T1092] dump_stack_lvl+0x99/0x250 [ 75.967034][ T1092] ? __asan_memcpy+0x40/0x70 [ 75.967053][ T1092] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.967070][ T1092] ? __pfx__printk+0x10/0x10 [ 75.967091][ T1092] panic+0x2db/0x790 [ 75.967111][ T1092] ? __pfx_panic+0x10/0x10 [ 75.967125][ T1092] ? show_trace_log_lvl+0x4fb/0x550 [ 75.967148][ T1092] ? ret_from_fork_asm+0x1a/0x30 [ 75.967164][ T1092] __warn+0x31b/0x4b0 [ 75.967179][ T1092] ? ieee80211_mgd_probe_ap_send+0x52c/0x600 [ 75.967194][ T1092] ? ieee80211_mgd_probe_ap_send+0x52c/0x600 [ 75.967208][ T1092] report_bug+0x2be/0x4f0 [ 75.967225][ T1092] ? ieee80211_mgd_probe_ap_send+0x52c/0x600 [ 75.967239][ T1092] ? ieee80211_mgd_probe_ap_send+0x52c/0x600 [ 75.967252][ T1092] ? ieee80211_mgd_probe_ap_send+0x52e/0x600 [ 75.967265][ T1092] handle_bug+0x84/0x160 [ 75.967279][ T1092] exc_invalid_op+0x1a/0x50 [ 75.967292][ T1092] asm_exc_invalid_op+0x1a/0x20 [ 75.967305][ T1092] RIP: 0010:ieee80211_mgd_probe_ap_send+0x52c/0x600 [ 75.967320][ T1092] Code: cc f6 90 0f 0b 90 eb b5 e8 81 38 cc f6 90 0f 0b 90 e9 bd fb ff ff e8 73 38 cc f6 90 0f 0b 90 e9 37 ff ff ff e8 65 38 cc f6 90 <0f> 0b 90 e9 93 fc ff ff 48 c7 c1 30 45 a1 8f 80 e1 07 80 c1 03 38 [ 75.967329][ T1092] RSP: 0018:ffffc900027279e0 EFLAGS: 00010293 [ 75.967340][ T1092] RAX: ffffffff8af4268b RBX: 0000000000000001 RCX: ffff888032e4a440 [ 75.967348][ T1092] RDX: 0000000000000000 RSI: ffffffff8db6e382 RDI: ffff888032e4a440 [ 75.967356][ T1092] RBP: dffffc0000000000 R08: ffff888032e4a440 R09: 000000000000000c [ 75.967363][ T1092] R10: 000000000000000c R11: 0000000000000000 R12: 1ffff1100a563b8e [ 75.967371][ T1092] R13: ffff888052b1cd80 R14: ffff888052b1ea22 R15: ffff888052b1dc70 [ 75.967383][ T1092] ? ieee80211_mgd_probe_ap_send+0x52b/0x600 [ 75.967406][ T1092] cfg80211_wiphy_work+0x2dc/0x460 [ 75.967420][ T1092] ? process_scheduled_works+0x9ef/0x17b0 [ 75.967439][ T1092] process_scheduled_works+0xae1/0x17b0 [ 75.967469][ T1092] ? __pfx_process_scheduled_works+0x10/0x10 [ 75.967494][ T1092] worker_thread+0x8a0/0xda0 [ 75.967517][ T1092] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 75.967539][ T1092] ? __kthread_parkme+0x7b/0x200 [ 75.967556][ T1092] kthread+0x70e/0x8a0 [ 75.967571][ T1092] ? __pfx_worker_thread+0x10/0x10 [ 75.967582][ T1092] ? __pfx_kthread+0x10/0x10 [ 75.967595][ T1092] ? _raw_spin_unlock_irq+0x23/0x50 [ 75.967611][ T1092] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.967627][ T1092] ? __pfx_kthread+0x10/0x10 [ 75.967640][ T1092] ret_from_fork+0x3f9/0x770 [ 75.967659][ T1092] ? __pfx_ret_from_fork+0x10/0x10 [ 75.967679][ T1092] ? __pfx_kthread+0x10/0x10 [ 75.967693][ T1092] ret_from_fork_asm+0x1a/0x30 [ 75.967715][ T1092] [ 75.968121][ T1092] Kernel Offset: disabled