program:
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f00000001c0)={0x44, r1, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_AIRTIME_WEIGHT={0x6, 0x112, 0x2}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x1f9}]}, 0x44}}, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x4000041}, 0x4080)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="9feb0100180000000000000038000000380000000400000002000000000000910400000000000000000000000000000200000000020000000000000602000000020000000000000e0300000000000000000061"], 0x0, 0x54, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
syz_mount_image$ocfs2(&(0x7f0000004740), &(0x7f0000004780)='./file0\x00', 0x100000a, &(0x7f0000000140)={[{@journal_async_commit}, {@heartbeat_global}, {@localflocks}, {@usrquota}, {@localalloc={'localalloc', 0x3d, 0xfffffffffffffffa}}, {@nointr}]}, 0x1, 0x4705, &(0x7f0000004800)="$eJzs222IHGcBB/BnNqe5pMn1XtImafqySQQPLceln6r1QzyrNpo2L9pWU+Xcu1wvp3u3592uFgxSgyAKghIEFV+oCqVfakEM9EstQsEXpFUoFUXrF5FCFfxg0AZ6sjszuZ25vc7mNmlp+/tBuzfPzPPMs/e/eWafeTalRP3U3HJ5brlcWSjXpu9fvqX8uVq1MT8TSq+S1/r8dOdK5CT7186R933gI/fcEsIfjn3tQysrKyuhaTB0dKDt5/P/Pj3d/poq5eo02+3cWuyPjUde+vlbXumIIidCCDvW9KtpUwjhY78IYXMIYSgpG05et4QQtoUQohDCo7/514/7e+lCm7P3vvDcsTOH952ZePyxZy7MHl33wCiE71Z33zw7/+L+Tbc9/47LdHoAAHhFHzx+5O6j4wfCk1EYONe39vP6zuQ1/Xx859s+ddfDfav7V+jOplcxVAAAAMhZnf8PRi93WK9LV9bSJcEnHjhx91PR6n4T29e3Q3cduf394weS9d9ozf5bk6J/vndTaw01v+6bX/8dytXvvP67ep6Hv/rsLxfeuvH+p/1LzzsYotJYZrtUGhsL4dhEvL0r2lqq1pbr77y/1lg4ufHzvlFk849X7zNr4cmF323+w7n2i9b/d3/i8z/b0tfLOxgJ+b/a5nZ57Z8yHWTzX38s/8mXoq7yH8nVK8r/jqe3n//V5l7eQf6MXIps/vGFuK/9gHI8JjTz/2Zfcf47cu0X5f/9iXOPntjA93+a48xg1Oxrf2YEeDkpX+crTORk84+DyAydyS9yvev/f7n8r8m1X5T/nbV//O5vPdz/1xv/Ryd6afPNI5t/HEQ5c8Tq9T9UKr7+r821X5T/b0/9+dlP9nSvXpt/s/+j7v9dyeaf3Iizg2frN9nt+L8z135R/rtG7ntobgP9/vCWpJ8DURhp+9bpueYtbGD1M2xrStPcvbiBk7wJZPOPf2uZS2cgfmld/4PF4/+uXPtF+T+05+vvOd3T9387j//jxv+uZPPf0iq7lPxfyuW/O9d+Uf4/PP33v9x3mcf/5vZB+Xclm//WNftXn/+Uupr/XZerX/T8Z9/wU4/8tYf5f9q/9Lzp85/0OcRoFD//obNs/lete1y39/89uXpF1/+3/vP80/t7Gf+jfk8AepDNf1tc2GEC2G3+1+faL8r/C/d8+eN/2sD8r/WJrz/Nv23+vzkuP2r870o2/+1xYeYB8IOt/7fu/9Ha3P+by/+GXPtF+V84NNb3lct8/2/2fzT/D9HoKJv/wLrHNfP/fRf3/xtz9Yry/+Len754c0+f/0MYN9ffsGz+V697XOv67y/O/6ZcvaL8v/ONXz/xYA/9f3sPdcnnH9/rM5dT8tm82/l/Odd+Uf4/Gj1/dv8VmP/d6v7flWz+8ar5peSfn//vzbVflP/3jvxgqe8KPP+5Q/4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbMpy8DoaoNJbZLpXGxkIYSbZ3ha3RVOXk5FS1Nv2Z5RB2JOXlMBzNVmtTlerk3ELt5MxkpVqtTYdwTbJ/R+iPlqu1+uR8ZfHai21tiU7NVJbqUzOVeghhZ1J+fdietjU1V5+vLLaOTetcFVU+26jVK2ON5ZmlsPti+ba0fHap1li87mJbV5dqS4unKguTJ+eW3j0+Pj4e9lzs81A080B9ZqEe9zbe26yT1h2M2t5Ma/cNbef7dK2xtFCptspvbKtTrU1Xqm11bmo7X32psTBdqc9MVmuz6fnKbXXb3ltr995k32gYyry/tG7eweT19kPHP3r88IE1+8tRNu+FxvzM+PbOfxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvHE9edu7vh1C6Iu3SiGEg+kPUfJfxtl7X3ju2JnD+85MPP7YMxdmj3Y6BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWHnfl6q6OI4AJ8Z3/taIKW0EXIZGCKiOwkL+kUkldfIlm1aB7VKyKAoMIxoWRAEQe2igqBVUPkXRC1ctqo2tWhhEEHF6Exe7gg3vNAx53lgODPMvWe+MHDvzPkcDgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOvH2R2LXVl7adfmpa27P4TO/Nz/IYTRZHn/896O0BNC+Ppl5nRYpS30NPX/ZnJuvHzV5Pfe/vGH10eTtddffLe4bndI0qGG451Jmg4Nrb3/jerO4LPpwSSENHYhRLEw9uRMLYTQEbsQovj5cf5i9vv+X+xCiKL/w92u7P7XYhdCFFt3f+qr5c94VM/5+oXBxv/+Vo/gbTyisw69PXnlXeqmVt7L/P0/yTfvg9Uwe+LI++exiyCa2bmpo7FrAAAA/q5zLfL/sGV5//7lJPR0l3P/b035f29T/6vn/yvubb8xNtNWCLGtNDaZHQ/va6fPje/UwNXbr2vGe6pK/l9t8v9qk/9Xm/y/2uT/1Sb/J/NK/l9Jj2/uWXwRuwiikf8DAED1HDo+MVUfHsle/jf96Czn9X15W8/z9Ae3pgceNYwbyQ//bYePTRw4ODyS3/fygODK+g/p0tnv+XyP5rYw2TTvotX6D71PF+avdZY/Uf/D+RtFfcV1rf8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL/YnXsaBsEoDKPfbUXURquiCQs/CT7QwIgApDCjAR1MGICBEFDAQM5Z7k2e5QUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4vn+V18X3l8ZIrzUiTWWXXfvneJr9zH07LO+zx41bAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2NiBAxkAAAAAYf7WebQfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAngoAAP//8w7LUQ==")

[   87.578994][ T4537] Bluetooth: hci0: command tx timeout
[   88.373683][ T4537] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585
[   88.377037][ T4537] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 4537, name: kworker/u5:1
[   88.382288][ T4537] preempt_count: 0, expected: 0
[   88.385279][ T4537] RCU nest depth: 1, expected: 0
[   88.387233][ T4537] 4 locks held by kworker/u5:1/4537:
[   88.390831][ T4537]  #0: ffff88801bba4948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[   88.394996][ T4537]  #1: ffffc9000d997d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[   88.400387][ T4537]  #2: ffff888011eac078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0
[   88.405895][ T4537]  #3: ffffffff8e937de0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0
[   88.410756][ T4537] CPU: 0 UID: 0 PID: 4537 Comm: kworker/u5:1 Not tainted 6.12.0-rc1-syzkaller-00306-g27cc6fdf7201 #0
[   88.414316][ T4537] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   88.418466][ T4537] Workqueue: hci0 hci_rx_work
[   88.420602][ T4537] Call Trace:
[   88.422133][ T4537]  <TASK>
[   88.423399][ T4537]  dump_stack_lvl+0x241/0x360
[   88.425246][ T4537]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.427315][ T4537]  ? __pfx__printk+0x10/0x10
[   88.429089][ T4537]  __might_resched+0x5d4/0x780
[   88.430929][ T4537]  ? __mutex_lock+0x112/0xd70
[   88.432926][ T4537]  ? __pfx___might_resched+0x10/0x10
[   88.435249][ T4537]  __mutex_lock+0xc1/0xd70
[   88.437226][ T4537]  ? __pfx_lock_acquire+0x10/0x10
[   88.439160][ T4537]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   88.441459][ T4537]  ? __pfx_lock_release+0x10/0x10
[   88.443330][ T4537]  ? __pfx___mutex_lock+0x10/0x10
[   88.445196][ T4537]  ? trace_contention_end+0x3c/0x120
[   88.447407][ T4537]  ? skb_pull_data+0x112/0x230
[   88.449955][ T4537]  ? hci_conn_set_handle+0x9a/0x270
[   88.452576][ T4537]  hci_le_create_big_complete_evt+0x3d9/0xae0
[   88.455235][ T4537]  ? __copy_skb_header+0x437/0x5b0
[   88.456939][ T4537]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   88.459168][ T4537]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   88.461472][ T4537]  ? hci_le_meta_evt+0x366/0x580
[   88.463211][ T4537]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   88.465569][ T4537]  hci_event_packet+0xa55/0x1540
[   88.467409][ T4537]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   88.470176][ T4537]  ? __pfx_hci_event_packet+0x10/0x10
[   88.473415][ T4537]  ? set_advertising_complete+0x600/0x6f0
[   88.475468][ T4537]  ? kcov_remote_start+0x97/0x7d0
[   88.477278][ T4537]  hci_rx_work+0x3fe/0xd80
[   88.478872][ T4537]  ? process_scheduled_works+0x976/0x1850
[   88.480847][ T4537]  process_scheduled_works+0xa63/0x1850
[   88.482879][ T4537]  ? __pfx_process_scheduled_works+0x10/0x10
[   88.485049][ T4537]  ? assign_work+0x364/0x3d0
[   88.486941][ T4537]  worker_thread+0x870/0xd30
[   88.488846][ T4537]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   88.491482][ T4537]  ? __kthread_parkme+0x169/0x1d0
[   88.493463][ T4537]  ? __pfx_worker_thread+0x10/0x10
[   88.495145][ T4537]  kthread+0x2f0/0x390
[   88.496540][ T4537]  ? __pfx_worker_thread+0x10/0x10
[   88.498416][ T4537]  ? __pfx_kthread+0x10/0x10
[   88.500151][ T4537]  ret_from_fork+0x4b/0x80
[   88.501731][ T4537]  ? __pfx_kthread+0x10/0x10
[   88.503519][ T4537]  ret_from_fork_asm+0x1a/0x30
[   88.505775][ T4537]  </TASK>
[   88.518235][ T4537] 
[   88.519313][ T4537] =============================
[   88.521692][ T4537] [ BUG: Invalid wait context ]
[   88.523863][ T4537] 6.12.0-rc1-syzkaller-00306-g27cc6fdf7201 #0 Tainted: G        W         
[   88.526929][ T4537] -----------------------------
[   88.528469][ T4537] kworker/u5:1/4537 is trying to lock:
[   88.530708][ T4537] ffffffff8fe3e2e8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0x3d9/0xae0
[   88.534804][ T4537] other info that might help us debug this:
[   88.537158][ T4537] context-{4:4}
[   88.538672][ T4537] 4 locks held by kworker/u5:1/4537:
[   88.540808][ T4537]  #0: ffff88801bba4948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[   88.545254][ T4537]  #1: ffffc9000d997d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[   88.550109][ T4537]  #2: ffff888011eac078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0
[   88.554462][ T4537]  #3: ffffffff8e937de0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0
[   88.559271][ T4537] stack backtrace:
[   88.560903][ T4537] CPU: 0 UID: 0 PID: 4537 Comm: kworker/u5:1 Tainted: G        W          6.12.0-rc1-syzkaller-00306-g27cc6fdf7201 #0
[   88.565594][ T4537] Tainted: [W]=WARN
[   88.567065][ T4537] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   88.571090][ T4537] Workqueue: hci0 hci_rx_work
[   88.573729][ T4537] Call Trace:
[   88.576014][ T4537]  <TASK>
[   88.577745][ T4537]  dump_stack_lvl+0x241/0x360
[   88.579947][ T4537]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.582009][ T4537]  ? __pfx__printk+0x10/0x10
[   88.583737][ T4537]  __lock_acquire+0x154a/0x2050
[   88.585576][ T4537]  lock_acquire+0x1ed/0x550
[   88.587315][ T4537]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   88.589420][ T4537]  ? __pfx_lock_acquire+0x10/0x10
[   88.591211][ T4537]  ? __mutex_lock+0x112/0xd70
[   88.592885][ T4537]  ? __pfx___might_resched+0x10/0x10
[   88.595057][ T4537]  __mutex_lock+0x136/0xd70
[   88.596719][ T4537]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   88.599084][ T4537]  ? __pfx_lock_acquire+0x10/0x10
[   88.601088][ T4537]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   88.603490][ T4537]  ? __pfx_lock_release+0x10/0x10
[   88.605284][ T4537]  ? __pfx___mutex_lock+0x10/0x10
[   88.607172][ T4537]  ? trace_contention_end+0x3c/0x120
[   88.609341][ T4537]  ? skb_pull_data+0x112/0x230
[   88.611056][ T4537]  ? hci_conn_set_handle+0x9a/0x270
[   88.612986][ T4537]  hci_le_create_big_complete_evt+0x3d9/0xae0
[   88.618137][ T4537]  ? __copy_skb_header+0x437/0x5b0
[   88.619798][ T4537]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   88.622184][ T4537]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   88.624795][ T4537]  ? hci_le_meta_evt+0x366/0x580
[   88.626750][ T4537]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   88.629337][ T4537]  hci_event_packet+0xa55/0x1540
[   88.631250][ T4537]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   88.633261][ T4537]  ? __pfx_hci_event_packet+0x10/0x10
[   88.635332][ T4537]  ? set_advertising_complete+0x600/0x6f0
[   88.637479][ T4537]  ? kcov_remote_start+0x97/0x7d0
[   88.639431][ T4537]  hci_rx_work+0x3fe/0xd80
[   88.641293][ T4537]  ? process_scheduled_works+0x976/0x1850
[   88.643542][ T4537]  process_scheduled_works+0xa63/0x1850
[   88.645775][ T4537]  ? __pfx_process_scheduled_works+0x10/0x10
[   88.648371][ T4537]  ? assign_work+0x364/0x3d0
[   88.650474][ T4537]  worker_thread+0x870/0xd30
[   88.652634][ T4537]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   88.655466][ T4537]  ? __kthread_parkme+0x169/0x1d0
[   88.657741][ T4537]  ? __pfx_worker_thread+0x10/0x10
[   88.660059][ T4537]  kthread+0x2f0/0x390
[   88.661806][ T4537]  ? __pfx_worker_thread+0x10/0x10
[   88.663716][ T4537]  ? __pfx_kthread+0x10/0x10
[   88.665139][ T4537]  ret_from_fork+0x4b/0x80
[   88.666518][ T4537]  ? __pfx_kthread+0x10/0x10
[   88.668162][ T4537]  ret_from_fork_asm+0x1a/0x30
[   88.670211][ T4537]  </TASK>
[   88.689212][ T4537] ==================================================================
[   88.692429][ T4537] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0x383/0xae0
[   88.695687][ T4537] Read of size 8 at addr ffff88803de10000 by task kworker/u5:1/4537
[   88.698887][ T4537] 
[   88.700015][ T4537] CPU: 0 UID: 0 PID: 4537 Comm: kworker/u5:1 Tainted: G        W          6.12.0-rc1-syzkaller-00306-g27cc6fdf7201 #0
[   88.705332][ T4537] Tainted: [W]=WARN
[   88.706867][ T4537] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   88.710954][ T4537] Workqueue: hci0 hci_rx_work
[   88.713107][ T4537] Call Trace:
[   88.714374][ T4537]  <TASK>
[   88.715553][ T4537]  dump_stack_lvl+0x241/0x360
[   88.717562][ T4537]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.719752][ T4537]  ? __pfx__printk+0x10/0x10
[   88.721544][ T4537]  ? _printk+0xd5/0x120
[   88.723221][ T4537]  ? __virt_addr_valid+0x183/0x530
[   88.725290][ T4537]  ? __virt_addr_valid+0x183/0x530
[   88.727596][ T4537]  print_report+0x169/0x550
[   88.729553][ T4537]  ? __virt_addr_valid+0x183/0x530
[   88.732156][ T4537]  ? __virt_addr_valid+0x183/0x530
[   88.734833][ T4537]  ? __virt_addr_valid+0x45f/0x530
[   88.737019][ T4537]  ? __phys_addr+0xba/0x170
[   88.738792][ T4537]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   88.741143][ T4537]  kasan_report+0x143/0x180
[   88.742965][ T4537]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   88.745297][ T4537]  hci_le_create_big_complete_evt+0x383/0xae0
[   88.747612][ T4537]  ? __copy_skb_header+0x437/0x5b0
[   88.749766][ T4537]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   88.752599][ T4537]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   88.755573][ T4537]  ? hci_le_meta_evt+0x366/0x580
[   88.757455][ T4537]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   88.759976][ T4537]  hci_event_packet+0xa55/0x1540
[   88.761817][ T4537]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   88.763885][ T4537]  ? __pfx_hci_event_packet+0x10/0x10
[   88.766254][ T4537]  ? set_advertising_complete+0x600/0x6f0
[   88.768758][ T4537]  ? kcov_remote_start+0x97/0x7d0
[   88.771388][ T4537]  hci_rx_work+0x3fe/0xd80
[   88.773291][ T4537]  ? process_scheduled_works+0x976/0x1850
[   88.775504][ T4537]  process_scheduled_works+0xa63/0x1850
[   88.777477][ T4537]  ? __pfx_process_scheduled_works+0x10/0x10
[   88.779559][ T4537]  ? assign_work+0x364/0x3d0
[   88.781301][ T4537]  worker_thread+0x870/0xd30
[   88.783104][ T4537]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   88.785447][ T4537]  ? __kthread_parkme+0x169/0x1d0
[   88.787463][ T4537]  ? __pfx_worker_thread+0x10/0x10
[   88.790479][ T4537]  kthread+0x2f0/0x390
[   88.793040][ T4537]  ? __pfx_worker_thread+0x10/0x10
[   88.795301][ T4537]  ? __pfx_kthread+0x10/0x10
[   88.797117][ T4537]  ret_from_fork+0x4b/0x80
[   88.798799][ T4537]  ? __pfx_kthread+0x10/0x10
[   88.800548][ T4537]  ret_from_fork_asm+0x1a/0x30
[   88.802366][ T4537]  </TASK>
[   88.803597][ T4537] 
[   88.804550][ T4537] Allocated by task 4537:
[   88.806157][ T4537]  kasan_save_track+0x3f/0x80
[   88.808437][ T4537]  __kasan_kmalloc+0x98/0xb0
[   88.810840][ T4537]  __kmalloc_cache_noprof+0x19c/0x2c0
[   88.813541][ T4537]  __hci_conn_add+0x2f9/0x1850
[   88.815612][ T4537]  hci_le_big_sync_established_evt+0x414/0xc20
[   88.818062][ T4537]  hci_event_packet+0xa55/0x1540
[   88.819903][ T4537]  hci_rx_work+0x3fe/0xd80
[   88.821406][ T4537]  process_scheduled_works+0xa63/0x1850
[   88.823404][ T4537]  worker_thread+0x870/0xd30
[   88.825105][ T4537]  kthread+0x2f0/0x390
[   88.826671][ T4537]  ret_from_fork+0x4b/0x80
[   88.828342][ T4537]  ret_from_fork_asm+0x1a/0x30
[   88.830642][ T4537] 
[   88.831923][ T4537] Freed by task 4537:
[   88.834065][ T4537]  kasan_save_track+0x3f/0x80
[   88.836461][ T4537]  kasan_save_free_info+0x40/0x50
[   88.838465][ T4537]  __kasan_slab_free+0x59/0x70
[   88.840494][ T4537]  kfree+0x1a0/0x440
[   88.842006][ T4537]  device_release+0x99/0x1c0
[   88.843823][ T4537]  kobject_put+0x22f/0x480
[   88.845599][ T4537]  hci_conn_del+0x8c4/0xc40
[   88.847561][ T4537]  hci_le_create_big_complete_evt+0x619/0xae0
[   88.850257][ T4537]  hci_event_packet+0xa55/0x1540
[   88.852690][ T4537]  hci_rx_work+0x3fe/0xd80
[   88.854868][ T4537]  process_scheduled_works+0xa63/0x1850
[   88.857400][ T4537]  worker_thread+0x870/0xd30
[   88.859095][ T4537]  kthread+0x2f0/0x390
[   88.860563][ T4537]  ret_from_fork+0x4b/0x80
[   88.862305][ T4537]  ret_from_fork_asm+0x1a/0x30
[   88.864180][ T4537] 
[   88.865135][ T4537] The buggy address belongs to the object at ffff88803de10000
[   88.865135][ T4537]  which belongs to the cache kmalloc-8k of size 8192
[   88.870797][ T4537] The buggy address is located 0 bytes inside of
[   88.870797][ T4537]  freed 8192-byte region [ffff88803de10000, ffff88803de12000)
[   88.877206][ T4537] 
[   88.878142][ T4537] The buggy address belongs to the physical page:
[   88.880504][ T4537] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3de10
[   88.883744][ T4537] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   88.887180][ T4537] ksm flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[   88.890972][ T4537] page_type: f5(slab)
[   88.892656][ T4537] raw: 04fff00000000040 ffff88801ac42280 ffffea0000f8ae00 0000000000000003
[   88.895856][ T4537] raw: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[   88.899214][ T4537] head: 04fff00000000040 ffff88801ac42280 ffffea0000f8ae00 0000000000000003
[   88.903092][ T4537] head: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[   88.906956][ T4537] head: 04fff00000000003 ffffea0000f78401 ffffffffffffffff 0000000000000000
[   88.910223][ T4537] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   88.913364][ T4537] page dumped because: kasan: bad access detected
[   88.915664][ T4537] page_owner tracks the page as allocated
[   88.917820][ T4537] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4814, tgid 4814 (dhcpcd), ts 80948497375, free_ts 80911072121
[   88.926592][ T4537]  post_alloc_hook+0x1f3/0x230
[   88.928975][ T4537]  get_page_from_freelist+0x3045/0x3190
[   88.931482][ T4537]  __alloc_pages_noprof+0x256/0x6c0
[   88.933326][ T4537]  alloc_pages_mpol_noprof+0x3e8/0x680
[   88.935473][ T4537]  alloc_slab_page+0x6a/0x120
[   88.937244][ T4537]  allocate_slab+0x5a/0x2f0
[   88.938900][ T4537]  ___slab_alloc+0xcd1/0x14b0
[   88.940662][ T4537]  __slab_alloc+0x58/0xa0
[   88.942614][ T4537]  __kmalloc_node_track_caller_noprof+0x281/0x440
[   88.945406][ T4537]  kmalloc_reserve+0x111/0x2a0
[   88.947195][ T4537]  __alloc_skb+0x1f3/0x440
[   88.949125][ T4537]  netlink_dump+0x1f7/0xd80
[   88.950761][ T4537]  netlink_recvmsg+0x6bb/0x11d0
[   88.952418][ T4537]  sock_recvmsg+0x22f/0x280
[   88.953950][ T4537]  ____sys_recvmsg+0x1c6/0x480
[   88.955648][ T4537]  __sys_recvmsg+0x2e6/0x3d0
[   88.957560][ T4537] page last free pid 5091 tgid 5091 stack trace:
[   88.960145][ T4537]  free_unref_page+0xcfb/0xf20
[   88.962582][ T4537]  vfree+0x186/0x2e0
[   88.964754][ T4537]  kcov_close+0x28/0x50
[   88.966802][ T4537]  __fput+0x23f/0x880
[   88.968401][ T4537]  __x64_sys_close+0x7f/0x110
[   88.970128][ T4537]  do_syscall_64+0xf3/0x230
[   88.971945][ T4537]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.974394][ T4537] 
[   88.975428][ T4537] Memory state around the buggy address:
[   88.977684][ T4537]  ffff88803de0ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   88.981192][ T4537]  ffff88803de0ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   88.984648][ T4537] >ffff88803de10000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   88.987822][ T4537]                    ^
[   88.989308][ T4537]  ffff88803de10080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   88.992520][ T4537]  ffff88803de10100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   88.996181][ T4537] ==================================================================
[   89.019208][ T4537] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   89.021954][ T4537] CPU: 0 UID: 0 PID: 4537 Comm: kworker/u5:1 Tainted: G        W          6.12.0-rc1-syzkaller-00306-g27cc6fdf7201 #0
[   89.026514][ T4537] Tainted: [W]=WARN
[   89.027982][ T4537] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   89.032692][ T4537] Workqueue: hci0 hci_rx_work
[   89.034770][ T4537] Call Trace:
[   89.036283][ T4537]  <TASK>
[   89.037537][ T4537]  dump_stack_lvl+0x241/0x360
[   89.039407][ T4537]  ? __pfx_dump_stack_lvl+0x10/0x10
[   89.041609][ T4537]  ? __pfx__printk+0x10/0x10
[   89.043557][ T4537]  ? rcu_is_watching+0x15/0xb0
[   89.045644][ T4537]  ? preempt_schedule+0xe1/0xf0
[   89.048987][ T4537]  ? vscnprintf+0x5d/0x90
[   89.051656][ T4537]  panic+0x349/0x880
[   89.053266][ T4537]  ? check_panic_on_warn+0x21/0xb0
[   89.055322][ T4537]  ? __pfx_panic+0x10/0x10
[   89.057083][ T4537]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   89.059479][ T4537]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   89.061994][ T4537]  ? print_report+0x502/0x550
[   89.063936][ T4537]  check_panic_on_warn+0x86/0xb0
[   89.066401][ T4537]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   89.069666][ T4537]  end_report+0x77/0x160
[   89.071474][ T4537]  kasan_report+0x154/0x180
[   89.073304][ T4537]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   89.075733][ T4537]  hci_le_create_big_complete_evt+0x383/0xae0
[   89.078182][ T4537]  ? __copy_skb_header+0x437/0x5b0
[   89.080516][ T4537]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   89.083823][ T4537]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   89.086694][ T4537]  ? hci_le_meta_evt+0x366/0x580
[   89.088625][ T4537]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   89.091232][ T4537]  hci_event_packet+0xa55/0x1540
[   89.093157][ T4537]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   89.095203][ T4537]  ? __pfx_hci_event_packet+0x10/0x10
[   89.097387][ T4537]  ? set_advertising_complete+0x600/0x6f0
[   89.100451][ T4537]  ? kcov_remote_start+0x97/0x7d0
[   89.103386][ T4537]  hci_rx_work+0x3fe/0xd80
[   89.105347][ T4537]  ? process_scheduled_works+0x976/0x1850
[   89.107712][ T4537]  process_scheduled_works+0xa63/0x1850
[   89.109873][ T4537]  ? __pfx_process_scheduled_works+0x10/0x10
[   89.112286][ T4537]  ? assign_work+0x364/0x3d0
[   89.114141][ T4537]  worker_thread+0x870/0xd30
[   89.116214][ T4537]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   89.119247][ T4537]  ? __kthread_parkme+0x169/0x1d0
[   89.121746][ T4537]  ? __pfx_worker_thread+0x10/0x10
[   89.123747][ T4537]  kthread+0x2f0/0x390
[   89.125357][ T4537]  ? __pfx_worker_thread+0x10/0x10
[   89.127411][ T4537]  ? __pfx_kthread+0x10/0x10
[   89.129297][ T4537]  ret_from_fork+0x4b/0x80
[   89.131322][ T4537]  ? __pfx_kthread+0x10/0x10
[   89.133692][ T4537]  ret_from_fork_asm+0x1a/0x30
[   89.136214][ T4537]  </TASK>
[   89.137959][ T4537] Kernel Offset: disabled
[   89.139689][ T4537] Rebooting in 86400 seconds..