program:
r0 = syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000580)=ANY=[@ANYBLOB="0000000023c1c0410331e42feb4843c2ad208cbd77523e06aa2e4e4c7092b7985907f0e4d9aa4719c0f7d08ae876ee594284f8e11997deb121f0f406000000000000ca36733c31a04ea742afb3c8c330130d3402137390283e3a4d87c976f409d5f2c89ed0af92ae7bbc8a5120b1120ed29a302ba87aee38ec35b70191d40e3308f4c1b634e39f2672a7032992694eba51db5f48bad85d137f7a06cd43ee1f310581f83aecffffb2e7c67f5ce86129ae975af128c5df677f119b6fc798ac22dc5724e2ed86fc6125c367fd6218884d0be755917816a21287d5b1595e2c765f519b359aee3626e013d2070451cb4d373fb2220357f7eac054f494764550b00c52e50bc986e485b765ba86b7236b5bd441c058ea685e15d68b14e7257a07d9b687020303c553ff251341774ef3951bd1fd1124e51cd5167b414971d0ff573c410198fd993b8beb5f633e59f6d00733a5f53a7181db2c13cf73d4d7f53f4fe2748b86303f5a997ace", @ANYRES16=r0, @ANYBLOB="01000000000000000000010000001400020077673200000000000000000000000000e401088030000080060005000000000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff60010080140004000200000000000000000000000000000008000a000100000008000a000100000014010980e8000080060001000a00000014000200ff0100000000000000000000000000010500030000000000060001000200000008000200e00000010500030000000000060001000a000000a0000200fc0100000000000000000000000000000500030000000000060001000a00000014000200fe8000000000000000000000000000bb0500030000000000060001000200000008000200e00000010500030000000000060001000a00000014000200ff0100000000000000000000000000010500030000000000060001000a00000014000200ff020000000000000000000000000001050003000000000028000080060001000a000000140002002001000000000000000000000000000205000300000000002400010000000000000000000000000000000000000000000000000000000000000000005000008024000100975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cdbf691c200004000a0000000000000000000000000000000000ffff7f000001000000000800030000000000"], 0x20c}}, 0x0)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x34, r0, 0x0, 0x70bd28, 0x25dfdbfb, {}, [@WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e21}, @WGDEVICE_A_FWMARK={0x8, 0x7, 0x9}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e22}]}, 0x34}, 0x1, 0x0, 0x0, 0x2400c845}, 0x40800)
r1 = socket$packet(0x11, 0x3, 0x300)
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000080)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c726573765f6c6576656c3d30303030303030303030303030303030303030332c646174613d6f7264657265642c636f686572656e63793d66756c6c2c636c75737465725f737461636b3d6f3203622c636f686572656e63793d66756c6c2c6e6f61636c2c61636c2c00"], 0x1, 0x442a, &(0x7f0000008940)="$eJzs3c9PXNUeAPBzL7xX6Gv7oK+LvuQlb5LX5Bk1BLpSaSKltBRarKm2MW6mA0xbdGAaGIyLLnDXxJWJC+Oi0cQdq4aF2/onuHFZ10104cbEpBEzM3dg7mUmjIQB23w+C07v+Q3fuWfOXdyeOFG5u7CSW1jJFZZy5bnbK2dzH5VLq4vFEB+Qwx6fznQjTmJ/eK5duPTOzbMhfDf/w9PNzc3NUNUbWhpp+vevv9yfa04b4kybar+te9sfPeH9EMKpHfOql4Xw3rchRCGE80neeJL2hxBOhHrZzfuf3srt03wePSmeyz+bebAxemZ6/eFG+989CuHL0r9fvbP40/96Rn98eZ+GBwAAAAAAAAAAAAAAAADgOTd5/dqNt4dHwuMo9K5HO9/XnUzSdu/Hbu6b/3b/lwUAAAAAAAAAAAAAAAAAAIC/qO33/3PRyRbv/08k6Vib9ptvdn+OdM/UW9cmLg6PJOe/RzvKX0uyfj7fEwZbnPuePf/9fKZ96/Pfd46zV435NcbdjKJ4qOl6IMTx0FAIXycHv5+Ojsal8krlldvl1aX5fZvGcysd//rp/anoJAf6dxr/8Uz/3T7/P4R/7fg0Va9v7d9H7IWWjn9P23rffBJ1FP8LmXYHEX/2Lh3/3lpef3OFsfoCUI3/Z727x38i03+34n8ihJCLqnPNpVaA6h6mmt9uv0JaOv5/q+Wlls7kD9nu/v8tE/+Lmf4Pa/1fy34R0VI6/n+v5fWlamzf/4Px7vf/pUz/hxH/6vzXfP93JB3/I/XM3lSV2l+y0/V/MtN/t+J/I07meSJKfQLWo3p+u/+vjrR0/Pt2lG8//8Ud7f8uZ9of1PNfY9yBUH/+ayz/L0X15z9aS8e/v229Tu//qUy7bq//Y7X9H3uVjv/RWl567zxQ+9lp/KezA3Qp/rVdSV8j/tvrye9H6vlf2f91JB3/f9Qz4+Yaa7Wftf1ftPv+/0qm/8PY/1XnvxZ3d9QXRTr+x9rWq8b/+w6+/69m2nU//iEM2+vvWTr+x9vWq93/fbvHfybTrtvx/383OwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4Down6UCI4qHUdRwPDYVwIbk+HY5Gs4X5/GypPPfhSggTSX4unIzulMqzhVJ+Yak8X8wXSqXyXAgXk/JToS9aKZUr+cXCvUtbffVHd4uF5cpssVAJIUwm+f8Jxxt9zS5UFgv3QgiXt8r+GZeX790tLOXnF5bfGB4eHg5TW3MYjIofV4pLlfro9dIQprfaDkRNk6sVX9may7Hog/Lq8lKhVMu/2tSmVJ4rlJrazCRln4fBqLK8ujRXqBTzpfKdxniHaSxJJ6auv3v96siO8ltRPR0/2GkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Cc9Hn39ixBCb1NWFEKIkzTK1n/0pHgu/2zmwcbomen1hxtPW9UBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4gx04EAAAAAAA8n9thKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqirs0j1Ow0AQBtDdpYCSY1BZdkdrBEJQYITECeAYHIYcJZfIHVKkSJsiihKvpcg/kht37zUjzSd7RtoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYL7Xr+b7s6xCiOHueBvC+nezvc7fc/1/Gv/+pi1p6T1ZxttH8/xSVvnd4yB/zK1dnS7pYf/3E0ZqZ9W7k/49tYZz+qbubWq/bu59iOncqnP+EFMqinn/AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADixAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04FgAAAAAQ5m8dRd8GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwK8AAAD//29QHzc=")
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000001e80)=0x6, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
ftruncate(0xffffffffffffffff, 0x4000000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$unix(0x1, 0x2, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4, 0x700000000000000}, 0x0)
write$binfmt_elf32(0xffffffffffffffff, 0x0, 0xfffffffffffffc7e)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b708"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010024bd7000fddbdf250700000008000300", @ANYRES32=r6, @ANYBLOB="0c009900010800000e0000001400040073797a6b616c6c657230c264ac1a0000080005000b000000a976b30341eca565e95c08"], 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044894)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r7)
socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r8, 0x84, 0x66, &(0x7f0000000000)={<r9=>0x0, 0xfffff084}, &(0x7f0000000280)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r8, 0x84, 0x9, &(0x7f0000000140)={r9, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
sendto$inet6(r8, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

[   68.616134][ T5313] Bluetooth: hci0: command tx timeout
[   68.833470][ T5327] loop0: detected capacity change from 0 to 32768
[   68.846487][ T5327] =======================================================
[   68.846487][ T5327] WARNING: The mand mount option has been deprecated and
[   68.846487][ T5327]          and is ignored by this kernel. Remove the mand
[   68.846487][ T5327]          option from the mount to silence this warning.
[   68.846487][ T5327] =======================================================
[   68.878054][ T5327] (syz.0.0,5327,0):ocfs2_verify_volume:2355 ERROR: found superblock with bad version: found 3.90, should be 0.90
[   68.890931][ T5327] (syz.0.0,5327,0):ocfs2_verify_volume:2383 ERROR: status = -22
[   68.893900][ T5327] (syz.0.0,5327,0):ocfs2_fill_super:990 ERROR: superblock probe failed!
[   68.898069][ T5327] (syz.0.0,5327,0):ocfs2_fill_super:1178 ERROR: status = -22
[   68.997723][ T5313] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585
[   69.001406][ T5313] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5313, name: kworker/u5:2
[   69.005891][ T5313] preempt_count: 0, expected: 0
[   69.008038][ T5313] RCU nest depth: 1, expected: 0
[   69.009933][ T5313] 4 locks held by kworker/u5:2/5313:
[   69.011936][ T5313]  #0: ffff888036b3e948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[   69.016363][ T5313]  #1: ffffc9000d187d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[   69.020939][ T5313]  #2: ffff88804e018078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0
[   69.027115][ T5313]  #3: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0
[   69.031436][ T5313] CPU: 0 UID: 0 PID: 5313 Comm: kworker/u5:2 Not tainted 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0
[   69.035603][ T5313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.039697][ T5313] Workqueue: hci0 hci_rx_work
[   69.041478][ T5313] Call Trace:
[   69.042718][ T5313]  <TASK>
[   69.043835][ T5313]  dump_stack_lvl+0x241/0x360
[   69.045555][ T5313]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.047497][ T5313]  ? __pfx__printk+0x10/0x10
[   69.049221][ T5313]  __might_resched+0x5d4/0x780
[   69.051044][ T5313]  ? __mutex_lock+0x112/0xd70
[   69.052765][ T5313]  ? __pfx___might_resched+0x10/0x10
[   69.054753][ T5313]  __mutex_lock+0xc1/0xd70
[   69.056430][ T5313]  ? __pfx_lock_acquire+0x10/0x10
[   69.058317][ T5313]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   69.060643][ T5313]  ? __pfx_lock_release+0x10/0x10
[   69.062547][ T5313]  ? __pfx___mutex_lock+0x10/0x10
[   69.064353][ T5313]  ? trace_contention_end+0x3c/0x120
[   69.066307][ T5313]  ? skb_pull_data+0x112/0x230
[   69.068144][ T5313]  ? hci_conn_set_handle+0x9a/0x270
[   69.069979][ T5313]  hci_le_create_big_complete_evt+0x3d9/0xae0
[   69.072269][ T5313]  ? __copy_skb_header+0x437/0x5b0
[   69.074073][ T5313]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   69.076203][ T5313]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   69.078474][ T5313]  ? hci_le_meta_evt+0x366/0x580
[   69.080311][ T5313]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   69.082870][ T5313]  hci_event_packet+0xa55/0x1540
[   69.084681][ T5313]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   69.086629][ T5313]  ? __pfx_hci_event_packet+0x10/0x10
[   69.088546][ T5313]  ? do_raw_spin_unlock+0x58/0x8b0
[   69.090493][ T5313]  ? hci_send_to_monitor+0xd8/0x7f0
[   69.092410][ T5313]  ? kcov_remote_start+0x97/0x7d0
[   69.094277][ T5313]  hci_rx_work+0x3e8/0xca0
[   69.095916][ T5313]  ? process_scheduled_works+0x976/0x1850
[   69.098018][ T5313]  process_scheduled_works+0xa63/0x1850
[   69.100266][ T5313]  ? __pfx_process_scheduled_works+0x10/0x10
[   69.102551][ T5313]  ? assign_work+0x364/0x3d0
[   69.104315][ T5313]  worker_thread+0x870/0xd30
[   69.106017][ T5313]  ? __kthread_parkme+0x169/0x1d0
[   69.107903][ T5313]  ? __pfx_worker_thread+0x10/0x10
[   69.109756][ T5313]  kthread+0x2f0/0x390
[   69.111240][ T5313]  ? __pfx_worker_thread+0x10/0x10
[   69.113057][ T5313]  ? __pfx_kthread+0x10/0x10
[   69.114748][ T5313]  ret_from_fork+0x4b/0x80
[   69.116547][ T5313]  ? __pfx_kthread+0x10/0x10
[   69.118256][ T5313]  ret_from_fork_asm+0x1a/0x30
[   69.120262][ T5313]  </TASK>
[   69.125777][ T5313] 
[   69.126904][ T5313] =============================
[   69.128802][ T5313] [ BUG: Invalid wait context ]
[   69.130667][ T5313] 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0 Tainted: G        W         
[   69.134020][ T5313] -----------------------------
[   69.135864][ T5313] kworker/u5:2/5313 is trying to lock:
[   69.138060][ T5313] ffffffff8fe40568 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0x3d9/0xae0
[   69.142025][ T5313] other info that might help us debug this:
[   69.144128][ T5313] context-{4:4}
[   69.145349][ T5313] 4 locks held by kworker/u5:2/5313:
[   69.147151][ T5313]  #0: ffff888036b3e948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[   69.151049][ T5313]  #1: ffffc9000d187d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[   69.155295][ T5313]  #2: ffff88804e018078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0
[   69.158859][ T5313]  #3: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0
[   69.163128][ T5313] stack backtrace:
[   69.164491][ T5313] CPU: 0 UID: 0 PID: 5313 Comm: kworker/u5:2 Tainted: G        W          6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0
[   69.169283][ T5313] Tainted: [W]=WARN
[   69.170960][ T5313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.174892][ T5313] Workqueue: hci0 hci_rx_work
[   69.176617][ T5313] Call Trace:
[   69.177898][ T5313]  <TASK>
[   69.179008][ T5313]  dump_stack_lvl+0x241/0x360
[   69.180761][ T5313]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.182761][ T5313]  ? __pfx__printk+0x10/0x10
[   69.184517][ T5313]  __lock_acquire+0x154a/0x2050
[   69.186411][ T5313]  lock_acquire+0x1ed/0x550
[   69.188226][ T5313]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   69.190647][ T5313]  ? __pfx_lock_acquire+0x10/0x10
[   69.192559][ T5313]  ? __mutex_lock+0x112/0xd70
[   69.194352][ T5313]  ? __pfx___might_resched+0x10/0x10
[   69.196368][ T5313]  __mutex_lock+0x136/0xd70
[   69.198047][ T5313]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   69.200236][ T5313]  ? __pfx_lock_acquire+0x10/0x10
[   69.202102][ T5313]  ? hci_le_create_big_complete_evt+0x3d9/0xae0
[   69.204395][ T5313]  ? __pfx_lock_release+0x10/0x10
[   69.206245][ T5313]  ? __pfx___mutex_lock+0x10/0x10
[   69.208117][ T5313]  ? trace_contention_end+0x3c/0x120
[   69.210110][ T5313]  ? skb_pull_data+0x112/0x230
[   69.211925][ T5313]  ? hci_conn_set_handle+0x9a/0x270
[   69.213826][ T5313]  hci_le_create_big_complete_evt+0x3d9/0xae0
[   69.216055][ T5313]  ? __copy_skb_header+0x437/0x5b0
[   69.217865][ T5313]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   69.219994][ T5313]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   69.222291][ T5313]  ? hci_le_meta_evt+0x366/0x580
[   69.224020][ T5313]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   69.226297][ T5313]  hci_event_packet+0xa55/0x1540
[   69.228014][ T5313]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   69.229871][ T5313]  ? __pfx_hci_event_packet+0x10/0x10
[   69.231849][ T5313]  ? do_raw_spin_unlock+0x58/0x8b0
[   69.233707][ T5313]  ? hci_send_to_monitor+0xd8/0x7f0
[   69.235579][ T5313]  ? kcov_remote_start+0x97/0x7d0
[   69.237545][ T5313]  hci_rx_work+0x3e8/0xca0
[   69.239211][ T5313]  ? process_scheduled_works+0x976/0x1850
[   69.241385][ T5313]  process_scheduled_works+0xa63/0x1850
[   69.243456][ T5313]  ? __pfx_process_scheduled_works+0x10/0x10
[   69.245637][ T5313]  ? assign_work+0x364/0x3d0
[   69.247394][ T5313]  worker_thread+0x870/0xd30
[   69.249129][ T5313]  ? __kthread_parkme+0x169/0x1d0
[   69.251041][ T5313]  ? __pfx_worker_thread+0x10/0x10
[   69.252932][ T5313]  kthread+0x2f0/0x390
[   69.254418][ T5313]  ? __pfx_worker_thread+0x10/0x10
[   69.256158][ T5313]  ? __pfx_kthread+0x10/0x10
[   69.257856][ T5313]  ret_from_fork+0x4b/0x80
[   69.259500][ T5313]  ? __pfx_kthread+0x10/0x10
[   69.261212][ T5313]  ret_from_fork_asm+0x1a/0x30
[   69.262915][ T5313]  </TASK>
[   69.269202][ T5313] ==================================================================
[   69.272204][ T5313] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0x383/0xae0
[   69.275158][ T5313] Read of size 8 at addr ffff888043f2c000 by task kworker/u5:2/5313
[   69.277575][ T5313] 
[   69.278390][ T5313] CPU: 0 UID: 0 PID: 5313 Comm: kworker/u5:2 Tainted: G        W          6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0
[   69.282406][ T5313] Tainted: [W]=WARN
[   69.283691][ T5313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.287461][ T5313] Workqueue: hci0 hci_rx_work
[   69.289136][ T5313] Call Trace:
[   69.290303][ T5313]  <TASK>
[   69.291425][ T5313]  dump_stack_lvl+0x241/0x360
[   69.293210][ T5313]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.295222][ T5313]  ? __pfx__printk+0x10/0x10
[   69.296801][ T5313]  ? _printk+0xd5/0x120
[   69.298221][ T5313]  ? __virt_addr_valid+0x183/0x530
[   69.300180][ T5313]  ? __virt_addr_valid+0x183/0x530
[   69.302151][ T5313]  print_report+0x169/0x550
[   69.303937][ T5313]  ? __virt_addr_valid+0x183/0x530
[   69.305902][ T5313]  ? __virt_addr_valid+0x183/0x530
[   69.307835][ T5313]  ? __virt_addr_valid+0x45f/0x530
[   69.309702][ T5313]  ? __phys_addr+0xba/0x170
[   69.311395][ T5313]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   69.313673][ T5313]  kasan_report+0x143/0x180
[   69.315212][ T5313]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   69.317510][ T5313]  hci_le_create_big_complete_evt+0x383/0xae0
[   69.319734][ T5313]  ? __copy_skb_header+0x437/0x5b0
[   69.321422][ T5313]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   69.323474][ T5313]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   69.325722][ T5313]  ? hci_le_meta_evt+0x366/0x580
[   69.327616][ T5313]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   69.330313][ T5313]  hci_event_packet+0xa55/0x1540
[   69.332191][ T5313]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   69.334150][ T5313]  ? __pfx_hci_event_packet+0x10/0x10
[   69.336459][ T5313]  ? do_raw_spin_unlock+0x58/0x8b0
[   69.338414][ T5313]  ? hci_send_to_monitor+0xd8/0x7f0
[   69.340314][ T5313]  ? kcov_remote_start+0x97/0x7d0
[   69.342039][ T5313]  hci_rx_work+0x3e8/0xca0
[   69.343634][ T5313]  ? process_scheduled_works+0x976/0x1850
[   69.345778][ T5313]  process_scheduled_works+0xa63/0x1850
[   69.347706][ T5313]  ? __pfx_process_scheduled_works+0x10/0x10
[   69.349952][ T5313]  ? assign_work+0x364/0x3d0
[   69.351601][ T5313]  worker_thread+0x870/0xd30
[   69.353310][ T5313]  ? __kthread_parkme+0x169/0x1d0
[   69.355164][ T5313]  ? __pfx_worker_thread+0x10/0x10
[   69.357082][ T5313]  kthread+0x2f0/0x390
[   69.358635][ T5313]  ? __pfx_worker_thread+0x10/0x10
[   69.360519][ T5313]  ? __pfx_kthread+0x10/0x10
[   69.362324][ T5313]  ret_from_fork+0x4b/0x80
[   69.363955][ T5313]  ? __pfx_kthread+0x10/0x10
[   69.365580][ T5313]  ret_from_fork_asm+0x1a/0x30
[   69.367289][ T5313]  </TASK>
[   69.368386][ T5313] 
[   69.369263][ T5313] Allocated by task 5313:
[   69.370724][ T5313]  kasan_save_track+0x3f/0x80
[   69.372462][ T5313]  __kasan_kmalloc+0x98/0xb0
[   69.374024][ T5313]  __kmalloc_cache_noprof+0x19c/0x2c0
[   69.375962][ T5313]  __hci_conn_add+0x2f9/0x1850
[   69.377738][ T5313]  hci_le_big_sync_established_evt+0x414/0xc20
[   69.379958][ T5313]  hci_event_packet+0xa55/0x1540
[   69.381513][ T5313]  hci_rx_work+0x3e8/0xca0
[   69.383011][ T5313]  process_scheduled_works+0xa63/0x1850
[   69.384744][ T5313]  worker_thread+0x870/0xd30
[   69.386404][ T5313]  kthread+0x2f0/0x390
[   69.387841][ T5313]  ret_from_fork+0x4b/0x80
[   69.389444][ T5313]  ret_from_fork_asm+0x1a/0x30
[   69.391127][ T5313] 
[   69.392007][ T5313] Freed by task 5313:
[   69.393449][ T5313]  kasan_save_track+0x3f/0x80
[   69.395114][ T5313]  kasan_save_free_info+0x40/0x50
[   69.396668][ T5313]  __kasan_slab_free+0x59/0x70
[   69.398284][ T5313]  kfree+0x1a0/0x440
[   69.399687][ T5313]  device_release+0x99/0x1c0
[   69.401529][ T5313]  kobject_put+0x22f/0x480
[   69.403223][ T5313]  hci_conn_del+0x8c4/0xc40
[   69.404907][ T5313]  hci_le_create_big_complete_evt+0x619/0xae0
[   69.407238][ T5313]  hci_event_packet+0xa55/0x1540
[   69.409253][ T5313]  hci_rx_work+0x3e8/0xca0
[   69.410984][ T5313]  process_scheduled_works+0xa63/0x1850
[   69.413059][ T5313]  worker_thread+0x870/0xd30
[   69.414869][ T5313]  kthread+0x2f0/0x390
[   69.416465][ T5313]  ret_from_fork+0x4b/0x80
[   69.418218][ T5313]  ret_from_fork_asm+0x1a/0x30
[   69.420051][ T5313] 
[   69.421027][ T5313] The buggy address belongs to the object at ffff888043f2c000
[   69.421027][ T5313]  which belongs to the cache kmalloc-8k of size 8192
[   69.425409][ T5313] The buggy address is located 0 bytes inside of
[   69.425409][ T5313]  freed 8192-byte region [ffff888043f2c000, ffff888043f2e000)
[   69.429752][ T5313] 
[   69.430555][ T5313] The buggy address belongs to the physical page:
[   69.432602][ T5313] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x43f28
[   69.435262][ T5313] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   69.437947][ T5313] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[   69.440532][ T5313] page_type: f5(slab)
[   69.441973][ T5313] raw: 04fff00000000040 ffff88801ac42280 ffffea00010c8600 0000000000000002
[   69.445242][ T5313] raw: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
[   69.448262][ T5313] head: 04fff00000000040 ffff88801ac42280 ffffea00010c8600 0000000000000002
[   69.451273][ T5313] head: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
[   69.454431][ T5313] head: 04fff00000000003 ffffea00010fca01 ffffffffffffffff 0000000000000000
[   69.457383][ T5313] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   69.460285][ T5313] page dumped because: kasan: bad access detected
[   69.462551][ T5313] page_owner tracks the page as allocated
[   69.464491][ T5313] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5306, tgid 5306 (sshd), ts 58776849020, free_ts 58759431536
[   69.471599][ T5313]  post_alloc_hook+0x1f3/0x230
[   69.473323][ T5313]  get_page_from_freelist+0x3649/0x3790
[   69.475404][ T5313]  __alloc_pages_noprof+0x292/0x710
[   69.477420][ T5313]  alloc_pages_mpol_noprof+0x3e8/0x680
[   69.479397][ T5313]  alloc_slab_page+0x6a/0x140
[   69.481135][ T5313]  allocate_slab+0x5a/0x2f0
[   69.482715][ T5313]  ___slab_alloc+0xcd1/0x14b0
[   69.484378][ T5313]  __slab_alloc+0x58/0xa0
[   69.485947][ T5313]  __kmalloc_node_track_caller_noprof+0x281/0x440
[   69.488135][ T5313]  kmalloc_reserve+0x111/0x2a0
[   69.489807][ T5313]  __alloc_skb+0x1f3/0x440
[   69.491304][ T5313]  netlink_dump+0x1f7/0xd80
[   69.492854][ T5313]  netlink_recvmsg+0x6bb/0x11d0
[   69.494512][ T5313]  sock_recvmsg+0x22f/0x280
[   69.496069][ T5313]  ____sys_recvmsg+0x1c6/0x480
[   69.497736][ T5313]  __sys_recvmsg+0x2e6/0x3d0
[   69.499519][ T5313] page last free pid 5306 tgid 5306 stack trace:
[   69.501892][ T5313]  free_unref_page+0xdf9/0x1140
[   69.503657][ T5313]  __put_partials+0xeb/0x130
[   69.505386][ T5313]  put_cpu_partial+0x17c/0x250
[   69.507087][ T5313]  __slab_free+0x2ea/0x3d0
[   69.508751][ T5313]  qlist_free_all+0x9a/0x140
[   69.510526][ T5313]  kasan_quarantine_reduce+0x14f/0x170
[   69.512551][ T5313]  __kasan_slab_alloc+0x23/0x80
[   69.514369][ T5313]  kmem_cache_alloc_noprof+0x135/0x2a0
[   69.516444][ T5313]  getname_flags+0xb7/0x540
[   69.518171][ T5313]  do_sys_openat2+0xd2/0x1d0
[   69.519906][ T5313]  __x64_sys_openat+0x247/0x2a0
[   69.521814][ T5313]  do_syscall_64+0xf3/0x230
[   69.523298][ T5313]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.525445][ T5313] 
[   69.526262][ T5313] Memory state around the buggy address:
[   69.528114][ T5313]  ffff888043f2bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   69.530869][ T5313]  ffff888043f2bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   69.533428][ T5313] >ffff888043f2c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   69.535969][ T5313]                    ^
[   69.537491][ T5313]  ffff888043f2c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   69.540370][ T5313]  ffff888043f2c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   69.543383][ T5313] ==================================================================
[   69.558736][ T5313] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   69.561445][ T5313] CPU: 0 UID: 0 PID: 5313 Comm: kworker/u5:2 Tainted: G        W          6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0
[   69.565955][ T5313] Tainted: [W]=WARN
[   69.567431][ T5313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.571436][ T5313] Workqueue: hci0 hci_rx_work
[   69.573242][ T5313] Call Trace:
[   69.574534][ T5313]  <TASK>
[   69.575701][ T5313]  dump_stack_lvl+0x241/0x360
[   69.577721][ T5313]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.579744][ T5313]  ? __pfx__printk+0x10/0x10
[   69.581472][ T5313]  ? rcu_is_watching+0x15/0xb0
[   69.583266][ T5313]  ? preempt_schedule+0xe1/0xf0
[   69.585113][ T5313]  ? vscnprintf+0x5d/0x90
[   69.586750][ T5313]  panic+0x349/0x880
[   69.588051][ T5313]  ? check_panic_on_warn+0x21/0xb0
[   69.589946][ T5313]  ? __pfx_panic+0x10/0x10
[   69.591533][ T5313]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   69.593640][ T5313]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   69.595758][ T5313]  ? print_report+0x502/0x550
[   69.597602][ T5313]  check_panic_on_warn+0x86/0xb0
[   69.599458][ T5313]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   69.601410][ T5313]  end_report+0x77/0x160
[   69.602770][ T5313]  kasan_report+0x154/0x180
[   69.604351][ T5313]  ? hci_le_create_big_complete_evt+0x383/0xae0
[   69.606717][ T5313]  hci_le_create_big_complete_evt+0x383/0xae0
[   69.608926][ T5313]  ? __copy_skb_header+0x437/0x5b0
[   69.610928][ T5313]  ? hci_le_create_big_complete_evt+0xdb/0xae0
[   69.613220][ T5313]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   69.615773][ T5313]  ? hci_le_meta_evt+0x366/0x580
[   69.617423][ T5313]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[   69.619697][ T5313]  hci_event_packet+0xa55/0x1540
[   69.621304][ T5313]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   69.623154][ T5313]  ? __pfx_hci_event_packet+0x10/0x10
[   69.625074][ T5313]  ? do_raw_spin_unlock+0x58/0x8b0
[   69.626867][ T5313]  ? hci_send_to_monitor+0xd8/0x7f0
[   69.628415][ T5313]  ? kcov_remote_start+0x97/0x7d0
[   69.630202][ T5313]  hci_rx_work+0x3e8/0xca0
[   69.631659][ T5313]  ? process_scheduled_works+0x976/0x1850
[   69.633656][ T5313]  process_scheduled_works+0xa63/0x1850
[   69.635622][ T5313]  ? __pfx_process_scheduled_works+0x10/0x10
[   69.637813][ T5313]  ? assign_work+0x364/0x3d0
[   69.639541][ T5313]  worker_thread+0x870/0xd30
[   69.641214][ T5313]  ? __kthread_parkme+0x169/0x1d0
[   69.643027][ T5313]  ? __pfx_worker_thread+0x10/0x10
[   69.644890][ T5313]  kthread+0x2f0/0x390
[   69.646417][ T5313]  ? __pfx_worker_thread+0x10/0x10
[   69.648319][ T5313]  ? __pfx_kthread+0x10/0x10
[   69.649980][ T5313]  ret_from_fork+0x4b/0x80
[   69.651570][ T5313]  ? __pfx_kthread+0x10/0x10
[   69.653256][ T5313]  ret_from_fork_asm+0x1a/0x30
[   69.655017][ T5313]  </TASK>
[   69.656444][ T5313] Kernel Offset: disabled
[   69.658086][ T5313] Rebooting in 86400 seconds..