program:
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x5, 0x4, 0x1002, 0x7eb8, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffc, 0x0, @void, @value, @void, @value}, 0x50)
r0 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
vmsplice(r2, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
close(r2)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet(0x2, 0x2, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000001c0)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'bond_slave_1\x00', <r4=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010000100039a00"/20, @ANYRES32=r4, @ANYBLOB="000020000008000024001200140001006272696467655f736c617665800000000c000500080005"], 0x3}}, 0x0)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r5, 0x400448cb, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b708"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x40040, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0402030c"], 0x7)
splice(r1, 0x0, r2, 0x0, 0x10500, 0x0)
copy_file_range(r0, 0x0, r0, 0x0, 0x100, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSETLED(r7, 0x4b32, 0x94eb)
setsockopt$packet_add_memb(r6, 0x107, 0x18, 0x0, 0x0)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6}]})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000100)={[{@acl}, {@heartbeat_none}, {@dir_resv_level={'dir_resv_level', 0x3d, 0x3}}, {@coherency_full}, {@coherency_full}, {@localflocks}, {@coherency_full}, {@inode64}]}, 0x1, 0x4421, &(0x7f0000004500)="$eJzs3c9PHGUfAPBnBt63UNsKtYeamLiJTTRqCPSk0kRKaSm0WFNtY7xsF9i26MI2sBgPPeCtiScTD8ZDo4k3Tg0Hr/VP8OKxnpvowYuJSSNmd2eBGXbDSliwzeeTlNl5fu9+d5595jB94kTl9txSbm4pV1jIlWduLp3OfVYuLc8XQ7xPDrp/2tOJOIn9wbly7sIH10+H8NPsL4/X19fXQ1V3aGpoy+s//7g7s/XYEGfqVNtt3tpe+TiEcGLbuKq6Qggf/RhCFEI4m6SNJsfeEMKxUM+7fvfLG7k9Gs2DR8Uz+SdT99aGT02u3l9r/d6jEL4tvfjmrfnfXuka/vX1PeoeAAAAAAAAAAAAAAAAAICn3PjVK9feHxwKD6PQvRptf153PDm2ej52fc+83Pk3CwAAAAAAAAAAAAAAAAAAAP9Rm8//56LjTZ7/H0uOIy3qr7/b+THSORPvXRk7PziU7P8ebct/K0n6/WxX6G+y73t2//ezmfrN93/f3s9uNcbX6LcvRPFA6jyOBwZC+D7Z+P1kdDgulZcqb9wsLy/M7tkwnlrp+Nd3709FJ9nQv934j2ba7/z+/y9s+zZVz2/s3VfsmZaOf1fLcj98EbUV/3OZevsRf3YvHf/uWlrv1gIj9QmgGv+vuneO/1im/U7F/1gIIRdVx5pLzQDVNUw1vdV6hbR0/P9XS0tNnckH2er6/ysT//OZ9g9q/l/J/hDRVDr+/6+l9aRKbF7//fHO1/+FTPsHEf/q+Ff8/rclHf9D9cTuVJHaJ9nu/D+eab9T8b8WJ+M8FqW+AatRPb3V/1dHWjr+PdvyN+//4rbWfxcz9ffr/q/Rb+P+rzH9vxbV7/9oLh3/3pbl2r3+JzL1Oj3/j9TWf+xWOv6Ha2nptXNf7W+78Z/MtN+p+NdWJT2N+G/OJ38fqqd/Z/3XlnT8n6snxltLrNT+1tZ/0c7r/0uZ9g9i/Vcd/0rc2V6fFen4H2lZrhr/n9v4/b+cqdf5+IcwaK2/a+n4H21Zrnb99+wc/6lMvU7H/9VONg4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFBhNjn0higdS53E8MBDCueT8ZDgcTRdm89Ol8synSyGMJem5cDy6VSpPF0r5uYXybDFfKJXKMyGcT/JPhJ5oqVSu5OcLdy5stNUb3S4WFivTxUIlhDCepL8Ujjbamp6rzBfuhBAubuQ9H5cX79wuLORn5xbfGRwcHAwTG2Poj4qfV4oLlXrv9dwQJjfq9kVbBlfLvrQxliPRJ+XlxYVCqZZ+eUudUnmmUNpSZyrJ+zr0R5XF5YWZQqWYL5VvNfo7SCPJcWzi6odXLw9ty78R1Y+j+zssAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP6lh8NvfxNC6K6fxSGEXJS8iJJ/KQ8eFc/kn0zdWxs+Nbl6f+1xszIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/7ADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFXfpHaSCI4gD8Ziy09BhWy25nu6KIFq4InkCP4WH0KF7CO1ikSJsiBJJZCPsHtkmq72sezI+Z92AeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyz2+de+vdROR4mp7GfH7+fd/nD+X+n03ff/iDDNyOk8v3f1D3ZR/T6P8thyt2rxPN+uvj5iovZ/Bngz36WDcZ2hu3+bm6/teR8pVRLQlv0k5V9WytwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAHTtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgWMBAAAAAGH+1lH0bQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD//z8QH1I=")
r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$FS_IOC_RESVSP(r8, 0x80106f05, &(0x7f00000000c0)={0x0, 0x4, 0x32, 0x100000000})

[   72.745420][ T4678] Bluetooth: hci0: command tx timeout
[   72.913664][ T4678] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:562
[   72.917472][ T4678] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 4678, name: kworker/u5:1
[   72.921046][ T4678] preempt_count: 0, expected: 0
[   72.922896][ T4678] RCU nest depth: 1, expected: 0
[   72.925609][ T4678] 4 locks held by kworker/u5:1/4678:
[   72.927664][ T4678]  #0: ffff88801e09b148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[   72.932007][ T4678]  #1: ffffc9000daafd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[   72.937678][ T4678]  #2: ffff8880429a8078 (&hdev->lock){+.+.}-{4:4}, at: hci_le_create_big_complete_evt+0xcf/0xae0
[   72.941830][ T4678]  #3: ffffffff8e93c820 (rcu_read_lock){....}-{1:3}, at: hci_le_create_big_complete_evt+0xdb/0xae0
[   72.946654][ T4678] CPU: 0 UID: 0 PID: 4678 Comm: kworker/u5:1 Not tainted 6.12.0-syzkaller-01892-g8f7c8b88bda4 #0
[   72.951380][ T4678] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   72.955516][ T4678] Workqueue: hci0 hci_rx_work
[   72.957366][ T4678] Call Trace:
[   72.958678][ T4678]  <TASK>
[   72.959857][ T4678]  dump_stack_lvl+0x241/0x360
[   72.961607][ T4678]  ? __pfx_dump_stack_lvl+0x10/0x10
[   72.963649][ T4678]  ? __pfx__printk+0x10/0x10
[   72.965389][ T4678]  __might_resched+0x5d4/0x780
[   72.967084][ T4678]  ? __mutex_lock+0x187/0xee0
[   72.968807][ T4678]  ? __pfx___might_resched+0x10/0x10
[   72.970882][ T4678]  ? __lock_acquire+0x1397/0x2100
[   72.972869][ T4678]  __mutex_lock+0x131/0xee0
[   72.974518][ T4678]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   72.976913][ T4678]  ? __pfx___mutex_lock+0x10/0x10
[   72.978813][ T4678]  ? rcu_is_watching+0x15/0xb0
[   72.980801][ T4678]  ? trace_contention_end+0x3c/0x120
[   72.982848][ T4678]  ? skb_pull_data+0x112/0x230
[   72.984781][ T4678]  ? hci_conn_set_handle+0x9a/0x270
[   72.986753][ T4678]  hci_le_create_big_complete_evt+0x3d9/0xae0
[   72.989163][ T4678]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   72.991580][ T4678]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   72.994097][ T4678]  ? hci_le_meta_evt+0x366/0x580
[   72.996072][ T4678]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   72.998615][ T4678]  hci_event_packet+0xa55/0x1540
[   73.000668][ T4678]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   73.002714][ T4678]  ? __pfx_hci_event_packet+0x10/0x10
[   73.004804][ T4678]  ? do_raw_spin_unlock+0x58/0x8b0
[   73.006814][ T4678]  ? hci_send_to_monitor+0xd8/0x7f0
[   73.008882][ T4678]  ? kcov_remote_start+0x97/0x7d0
[   73.010913][ T4678]  hci_rx_work+0x3e8/0xca0
[   73.012608][ T4678]  ? process_scheduled_works+0x976/0x1850
[   73.014828][ T4678]  process_scheduled_works+0xa63/0x1850
[   73.017050][ T4678]  ? __pfx_process_scheduled_works+0x10/0x10
[   73.019386][ T4678]  ? assign_work+0x364/0x3d0
[   73.021034][ T4678]  worker_thread+0x870/0xd30
[   73.022807][ T4678]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   73.025150][ T4678]  ? __kthread_parkme+0x169/0x1d0
[   73.027320][ T4678]  ? __pfx_worker_thread+0x10/0x10
[   73.029244][ T4678]  kthread+0x2f0/0x390
[   73.030890][ T4678]  ? __pfx_worker_thread+0x10/0x10
[   73.032758][ T4678]  ? __pfx_kthread+0x10/0x10
[   73.034465][ T4678]  ret_from_fork+0x4b/0x80
[   73.036166][ T4678]  ? __pfx_kthread+0x10/0x10
[   73.037938][ T4678]  ret_from_fork_asm+0x1a/0x30
[   73.039625][ T4678]  </TASK>
[   73.050898][ T4678] 
[   73.051931][ T4678] =============================
[   73.053793][ T4678] [ BUG: Invalid wait context ]
[   73.055667][ T4678] 6.12.0-syzkaller-01892-g8f7c8b88bda4 #0 Tainted: G        W         
[   73.059210][ T4678] -----------------------------
[   73.061213][ T4678] kworker/u5:1/4678 is trying to lock:
[   73.063336][ T4678] ffffffff8fe4a1a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_le_create_big_complete_evt+0x3d9/0xae0
[   73.067138][ T4678] other info that might help us debug this:
[   73.069407][ T4678] context-{5:5}
[   73.070667][ T4678] 4 locks held by kworker/u5:1/4678:
[   73.072545][ T4678]  #0: ffff88801e09b148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[   73.076378][ T4678]  #1: ffffc9000daafd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[   73.080480][ T4678]  #2: ffff8880429a8078 (&hdev->lock){+.+.}-{4:4}, at: hci_le_create_big_complete_evt+0xcf/0xae0
[   73.084415][ T4678]  #3: ffffffff8e93c820 (rcu_read_lock){....}-{1:3}, at: hci_le_create_big_complete_evt+0xdb/0xae0
[   73.088652][ T4678] stack backtrace:
[   73.090168][ T4678] CPU: 0 UID: 0 PID: 4678 Comm: kworker/u5:1 Tainted: G        W          6.12.0-syzkaller-01892-g8f7c8b88bda4 #0
[   73.094852][ T4678] Tainted: [W]=WARN
[   73.096415][ T4678] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   73.100594][ T4678] Workqueue: hci0 hci_rx_work
[   73.102492][ T4678] Call Trace:
[   73.103872][ T4678]  <TASK>
[   73.105078][ T4678]  dump_stack_lvl+0x241/0x360
[   73.107001][ T4678]  ? __pfx_dump_stack_lvl+0x10/0x10
[   73.109089][ T4678]  ? __pfx__printk+0x10/0x10
[   73.110880][ T4678]  __lock_acquire+0x15a8/0x2100
[   73.112802][ T4678]  lock_acquire+0x1ed/0x550
[   73.114553][ T4678]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   73.116631][ T4678]  ? __pfx_lock_acquire+0x10/0x10
[   73.118410][ T4678]  ? __mutex_lock+0x187/0xee0
[   73.120252][ T4678]  ? __pfx___might_resched+0x10/0x10
[   73.122347][ T4678]  ? __lock_acquire+0x1397/0x2100
[   73.124319][ T4678]  __mutex_lock+0x1ac/0xee0
[   73.126132][ T4678]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   73.128764][ T4678]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   73.131275][ T4678]  ? __pfx___mutex_lock+0x10/0x10
[   73.133241][ T4678]  ? rcu_is_watching+0x15/0xb0
[   73.135002][ T4678]  ? trace_contention_end+0x3c/0x120
[   73.136993][ T4678]  ? skb_pull_data+0x112/0x230
[   73.138847][ T4678]  ? hci_conn_set_handle+0x9a/0x270
[   73.140833][ T4678]  hci_le_create_big_complete_evt+0x3d9/0xae0
[   73.143224][ T4678]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   73.145630][ T4678]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   73.148281][ T4678]  ? hci_le_meta_evt+0x366/0x580
[   73.150245][ T4678]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   73.152785][ T4678]  hci_event_packet+0xa55/0x1540
[   73.154497][ T4678]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   73.156562][ T4678]  ? __pfx_hci_event_packet+0x10/0x10
[   73.158582][ T4678]  ? do_raw_spin_unlock+0x58/0x8b0
[   73.160591][ T4678]  ? hci_send_to_monitor+0xd8/0x7f0
[   73.162599][ T4678]  ? kcov_remote_start+0x97/0x7d0
[   73.164652][ T4678]  hci_rx_work+0x3e8/0xca0
[   73.166404][ T4678]  ? process_scheduled_works+0x976/0x1850
[   73.168691][ T4678]  process_scheduled_works+0xa63/0x1850
[   73.170916][ T4678]  ? __pfx_process_scheduled_works+0x10/0x10
[   73.173343][ T4678]  ? assign_work+0x364/0x3d0
[   73.175241][ T4678]  worker_thread+0x870/0xd30
[   73.177025][ T4678]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   73.179170][ T4678]  ? __kthread_parkme+0x169/0x1d0
[   73.181058][ T4678]  ? __pfx_worker_thread+0x10/0x10
[   73.183052][ T4678]  kthread+0x2f0/0x390
[   73.184560][ T4678]  ? __pfx_worker_thread+0x10/0x10
[   73.186505][ T4678]  ? __pfx_kthread+0x10/0x10
[   73.188336][ T4678]  ret_from_fork+0x4b/0x80
[   73.190158][ T4678]  ? __pfx_kthread+0x10/0x10
[   73.191963][ T4678]  ret_from_fork_asm+0x1a/0x30
[   73.193844][ T4678]  </TASK>
[   73.200028][ T4678] ==================================================================
[   73.203003][ T4678] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0x383/0xae0
[   73.206554][ T4678] Read of size 8 at addr ffff888042a08000 by task kworker/u5:1/4678
[   73.209502][ T4678] 
[   73.210460][ T4678] CPU: 0 UID: 0 PID: 4678 Comm: kworker/u5:1 Tainted: G        W          6.12.0-syzkaller-01892-g8f7c8b88bda4 #0
[   73.215186][ T4678] Tainted: [W]=WARN
[   73.216657][ T4678] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   73.220727][ T4678] Workqueue: hci0 hci_rx_work
[   73.222600][ T4678] Call Trace:
[   73.223946][ T4678]  <TASK>
[   73.225128][ T4678]  dump_stack_lvl+0x241/0x360
[   73.227039][ T4678]  ? __pfx_dump_stack_lvl+0x10/0x10
[   73.229031][ T4678]  ? __pfx__printk+0x10/0x10
[   73.230774][ T4678]  ? _printk+0xd5/0x120
[   73.232256][ T4678]  ? __virt_addr_valid+0x183/0x530
[   73.234185][ T4678]  ? __virt_addr_valid+0x183/0x530
[   73.236166][ T4678]  print_report+0x169/0x550
[   73.237882][ T4678]  ? __virt_addr_valid+0x183/0x530
[   73.239877][ T4678]  ? __virt_addr_valid+0x183/0x530
[   73.241839][ T4678]  ? __virt_addr_valid+0x45f/0x530
[   73.243916][ T4678]  ? __phys_addr+0xba/0x170
[   73.245603][ T4678]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   73.248041][ T4678]  kasan_report+0x143/0x180
[   73.249806][ T4678]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   73.252219][ T4678]  hci_le_create_big_complete_evt+0x383/0xae0
[   73.254442][ T4678]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   73.256665][ T4678]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   73.259075][ T4678]  ? hci_le_meta_evt+0x366/0x580
[   73.260938][ T4678]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   73.263383][ T4678]  hci_event_packet+0xa55/0x1540
[   73.265222][ T4678]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   73.267212][ T4678]  ? __pfx_hci_event_packet+0x10/0x10
[   73.269304][ T4678]  ? do_raw_spin_unlock+0x58/0x8b0
[   73.271279][ T4678]  ? hci_send_to_monitor+0xd8/0x7f0
[   73.273257][ T4678]  ? kcov_remote_start+0x97/0x7d0
[   73.275178][ T4678]  hci_rx_work+0x3e8/0xca0
[   73.276912][ T4678]  ? process_scheduled_works+0x976/0x1850
[   73.279109][ T4678]  process_scheduled_works+0xa63/0x1850
[   73.281110][ T4678]  ? __pfx_process_scheduled_works+0x10/0x10
[   73.283372][ T4678]  ? assign_work+0x364/0x3d0
[   73.285188][ T4678]  worker_thread+0x870/0xd30
[   73.287038][ T4678]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   73.289363][ T4678]  ? __kthread_parkme+0x169/0x1d0
[   73.291375][ T4678]  ? __pfx_worker_thread+0x10/0x10
[   73.293411][ T4678]  kthread+0x2f0/0x390
[   73.295093][ T4678]  ? __pfx_worker_thread+0x10/0x10
[   73.297134][ T4678]  ? __pfx_kthread+0x10/0x10
[   73.298564][ T4678]  ret_from_fork+0x4b/0x80
[   73.299963][ T4678]  ? __pfx_kthread+0x10/0x10
[   73.301657][ T4678]  ret_from_fork_asm+0x1a/0x30
[   73.303430][ T4678]  </TASK>
[   73.304599][ T4678] 
[   73.305484][ T4678] Allocated by task 4678:
[   73.307047][ T4678]  kasan_save_track+0x3f/0x80
[   73.308861][ T4678]  __kasan_kmalloc+0x98/0xb0
[   73.310522][ T4678]  __kmalloc_cache_noprof+0x19c/0x2c0
[   73.312531][ T4678]  __hci_conn_add+0x2f9/0x1850
[   73.314251][ T4678]  hci_le_big_sync_established_evt+0x414/0xc20
[   73.316505][ T4678]  hci_event_packet+0xa55/0x1540
[   73.318463][ T4678]  hci_rx_work+0x3e8/0xca0
[   73.320247][ T4678]  process_scheduled_works+0xa63/0x1850
[   73.322418][ T4678]  worker_thread+0x870/0xd30
[   73.323915][ T4678]  kthread+0x2f0/0x390
[   73.325381][ T4678]  ret_from_fork+0x4b/0x80
[   73.326949][ T4678]  ret_from_fork_asm+0x1a/0x30
[   73.328658][ T4678] 
[   73.329558][ T4678] Freed by task 4678:
[   73.331034][ T4678]  kasan_save_track+0x3f/0x80
[   73.332709][ T4678]  kasan_save_free_info+0x40/0x50
[   73.334485][ T4678]  __kasan_slab_free+0x59/0x70
[   73.336198][ T4678]  kfree+0x1a0/0x440
[   73.337643][ T4678]  device_release+0x99/0x1c0
[   73.339400][ T4678]  kobject_put+0x22f/0x480
[   73.340983][ T4678]  hci_conn_del+0x8c4/0xc40
[   73.342601][ T4678]  hci_le_create_big_complete_evt+0x619/0xae0
[   73.344717][ T4678]  hci_event_packet+0xa55/0x1540
[   73.346621][ T4678]  hci_rx_work+0x3e8/0xca0
[   73.348438][ T4678]  process_scheduled_works+0xa63/0x1850
[   73.350589][ T4678]  worker_thread+0x870/0xd30
[   73.352352][ T4678]  kthread+0x2f0/0x390
[   73.353930][ T4678]  ret_from_fork+0x4b/0x80
[   73.355666][ T4678]  ret_from_fork_asm+0x1a/0x30
[   73.357570][ T4678] 
[   73.358453][ T4678] The buggy address belongs to the object at ffff888042a08000
[   73.358453][ T4678]  which belongs to the cache kmalloc-8k of size 8192
[   73.363456][ T4678] The buggy address is located 0 bytes inside of
[   73.363456][ T4678]  freed 8192-byte region [ffff888042a08000, ffff888042a0a000)
[   73.368669][ T4678] 
[   73.369632][ T4678] The buggy address belongs to the physical page:
[   73.372160][ T4678] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x42a08
[   73.375646][ T4678] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   73.378922][ T4678] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[   73.381835][ T4678] page_type: f5(slab)
[   73.383257][ T4678] raw: 04fff00000000040 ffff88801ac42280 ffffea00010ae800 0000000000000006
[   73.386297][ T4678] raw: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[   73.389330][ T4678] head: 04fff00000000040 ffff88801ac42280 ffffea00010ae800 0000000000000006
[   73.392412][ T4678] head: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[   73.395560][ T4678] head: 04fff00000000003 ffffea00010a8201 ffffffffffffffff 0000000000000000
[   73.398908][ T4678] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   73.402068][ T4678] page dumped because: kasan: bad access detected
[   73.404511][ T4678] page_owner tracks the page as allocated
[   73.406788][ T4678] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5313, tgid 5313 (sh), ts 64887977965, free_ts 64805832450
[   73.413855][ T4678]  post_alloc_hook+0x1f3/0x230
[   73.415633][ T4678]  get_page_from_freelist+0x3649/0x3790
[   73.417619][ T4678]  __alloc_pages_noprof+0x292/0x710
[   73.419604][ T4678]  alloc_pages_mpol_noprof+0x3e8/0x680
[   73.421685][ T4678]  alloc_slab_page+0x6a/0x140
[   73.423563][ T4678]  allocate_slab+0x5a/0x2f0
[   73.425457][ T4678]  ___slab_alloc+0xcd1/0x14b0
[   73.427294][ T4678]  __slab_alloc+0x58/0xa0
[   73.429041][ T4678]  __kmalloc_cache_noprof+0x1d5/0x2c0
[   73.431170][ T4678]  tomoyo_init_log+0x11cd/0x2050
[   73.433030][ T4678]  tomoyo_supervisor+0x38a/0x11f0
[   73.434837][ T4678]  tomoyo_env_perm+0x178/0x210
[   73.436744][ T4678]  tomoyo_find_next_domain+0x146e/0x1d40
[   73.438711][ T4678]  tomoyo_bprm_check_security+0x117/0x180
[   73.440434][ T4678]  security_bprm_check+0x86/0x250
[   73.441966][ T4678]  bprm_execve+0xa56/0x1770
[   73.443442][ T4678] page last free pid 5301 tgid 5301 stack trace:
[   73.445658][ T4678]  free_unref_page+0xdf9/0x1140
[   73.447519][ T4678]  vfree+0x186/0x2e0
[   73.449008][ T4678]  kcov_close+0x28/0x50
[   73.450626][ T4678]  __fput+0x23c/0xa50
[   73.452157][ T4678]  __x64_sys_close+0x7f/0x110
[   73.454051][ T4678]  do_syscall_64+0xf3/0x230
[   73.455842][ T4678]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.458025][ T4678] 
[   73.458957][ T4678] Memory state around the buggy address:
[   73.460847][ T4678]  ffff888042a07f00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   73.463858][ T4678]  ffff888042a07f80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   73.466798][ T4678] >ffff888042a08000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   73.469860][ T4678]                    ^
[   73.471404][ T4678]  ffff888042a08080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   73.474569][ T4678]  ffff888042a08100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   73.477656][ T4678] ==================================================================
[   73.490071][ T4678] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   73.492610][ T4678] CPU: 0 UID: 0 PID: 4678 Comm: kworker/u5:1 Tainted: G        W          6.12.0-syzkaller-01892-g8f7c8b88bda4 #0
[   73.497277][ T4678] Tainted: [W]=WARN
[   73.498830][ T4678] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   73.502679][ T4678] Workqueue: hci0 hci_rx_work
[   73.504429][ T4678] Call Trace:
[   73.505489][ T4678]  <TASK>
[   73.506501][ T4678]  dump_stack_lvl+0x241/0x360
[   73.508255][ T4678]  ? __pfx_dump_stack_lvl+0x10/0x10
[   73.510166][ T4678]  ? __pfx__printk+0x10/0x10
[   73.512004][ T4678]  ? rcu_is_watching+0x15/0xb0
[   73.513916][ T4678]  ? preempt_schedule+0xe1/0xf0
[   73.515806][ T4678]  ? vscnprintf+0x5d/0x90
[   73.517497][ T4678]  panic+0x349/0x880
[   73.518878][ T4678]  ? check_panic_on_warn+0x21/0xb0
[   73.520781][ T4678]  ? __pfx_panic+0x10/0x10
[   73.522476][ T4678]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   73.524724][ T4678]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   73.527032][ T4678]  ? print_report+0x502/0x550
[   73.528770][ T4678]  check_panic_on_warn+0x86/0xb0
[   73.530583][ T4678]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   73.533374][ T4678]  end_report+0x77/0x160
[   73.535267][ T4678]  kasan_report+0x154/0x180
[   73.537126][ T4678]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   73.539678][ T4678]  hci_le_create_big_complete_evt+0x383/0xae0
[   73.541897][ T4678]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   73.544208][ T4678]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   73.546554][ T4678]  ? hci_le_meta_evt+0x366/0x580
[   73.548396][ T4678]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   73.550785][ T4678]  hci_event_packet+0xa55/0x1540
[   73.552670][ T4678]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   73.554605][ T4678]  ? __pfx_hci_event_packet+0x10/0x10
[   73.556651][ T4678]  ? do_raw_spin_unlock+0x58/0x8b0
[   73.558558][ T4678]  ? hci_send_to_monitor+0xd8/0x7f0
[   73.560680][ T4678]  ? kcov_remote_start+0x97/0x7d0
[   73.562834][ T4678]  hci_rx_work+0x3e8/0xca0
[   73.564857][ T4678]  ? process_scheduled_works+0x976/0x1850
[   73.567510][ T4678]  process_scheduled_works+0xa63/0x1850
[   73.569848][ T4678]  ? __pfx_process_scheduled_works+0x10/0x10
[   73.572454][ T4678]  ? assign_work+0x364/0x3d0
[   73.574346][ T4678]  worker_thread+0x870/0xd30
[   73.576118][ T4678]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   73.578508][ T4678]  ? __kthread_parkme+0x169/0x1d0
[   73.580687][ T4678]  ? __pfx_worker_thread+0x10/0x10
[   73.582788][ T4678]  kthread+0x2f0/0x390
[   73.584535][ T4678]  ? __pfx_worker_thread+0x10/0x10
[   73.586587][ T4678]  ? __pfx_kthread+0x10/0x10
[   73.588293][ T4678]  ret_from_fork+0x4b/0x80
[   73.589869][ T4678]  ? __pfx_kthread+0x10/0x10
[   73.591514][ T4678]  ret_from_fork_asm+0x1a/0x30
[   73.593155][ T4678]  </TASK>
[   73.594534][ T4678] Kernel Offset: disabled
[   73.596121][ T4678] Rebooting in 86400 seconds..