program: r0 = gettid() r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r1, &(0x7f0000000040), 0x8) listen(r1, 0x0) r2 = dup2(r1, r1) accept4$bt_l2cap(r2, 0x0, 0x0, 0x0) syz_mount_image$hfsplus(&(0x7f0000000180), &(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x4812, &(0x7f0000000080)=ANY=[], 0x11, 0x6ae, &(0x7f0000000dc0)="$eJzs3U1oHOcZB/D/rFYf64CsJI7jQiBqAmmpqW1ZOK17sVtKcSGU4EJ7FrEcC8uOKyvFyaFW2kKvPfRaSA/upT21lEKhYEjP7S30JnoKFHrJycmhU2Z2drVSdiXZsi25+f3E7LwfM+8888zX7oLYAJ9bF46nfTedXDj+2q2qvn5nfnn9zvy1brm1nGQySStpd2cprifFB8n5dKd8oWpshitGbedXS2cvfvjx+kfdWjsb41UvndEBtnezF2vNlNkkY818DzaN98aDjTe5USz6makS9nIvcbDfxpOUm/zo6EbPMOXYQGXk9Q48OYruc3NA9/qfSQ4lmeo90Na6na3HH+GO7utetPbo4gAAAIAD4/C928mtTO93HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAkaX7/v2imVq88m6L3+/8TA7+xP7HP4Y62fWRTvcLd1uMIBgAAAAAAAAAerRfv5XcXy3K6Vy+LtH4w1lSO1K9P5e3czGJWciK3spDVrGYlc0lmBgaauLWwuroyl5e6a35aluWINU8PXfP0LgPu7H2fAQAAAAAAAOD/yLlm/tNcyPQ+xwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJsUyVh3Vk9HeuWZtNpJppJMVMutJf/olZ9kd/c7AAAAAHgMDt/LvdzKdK9eFvVn/qP15/6pvJ3rWc1SVrOcxVyqvwvofupvrd+ZX16/M3+tmj477jf/s1H+4/SOYdQjpvvdw/AtH6uX6ORyluqWE3kjb2U5l9Kq16wc68UzPK73qpiKc11lmcndJOhSM6/2/JfN/GCYqTMy3s/IqSq2opvHp7fPxODReYAtzaXV/+bnyH3k/Ny2Wyn+W5bd0qFeS/LUd3fO+fh97cyebM3E6YGz7+j2mUi+9Kff//DK8vWrV4q14wfnNBrmxeHNk//qHaFeJrrWspj5gUw8v+tMXL55wDMxUntTrZXn+uUL+U6+n+OZzetZyVJ+nIWsZjGz+XZdWmjO5+p1ZvtMnd9Ue32nmCaa4zK2JaYvHu7Ot4vppXrd6Szle3krl7KYV+u/05nL13ImZ3J24Ag/t4urvjXkqv/z6OBf/nJT6CT5RTM/GKq8Pj2Q18F77kzdN9jSStk8WZ55aPfGno1HVnUkfjZwDe6/fiam0n9K9KJ7tpeB8aGZ+E19W7m5fP3qypWFG1vGLdaGb++VbN79g3Mjqc6XZ/r3iM1nR9X37NC+ubrvSL+vtbXvt51+305X6kTzHu6zI52u+55P8usm2qqvUt3Dq75jA+tV77em6r5Py7Lsvt8C4MA79JVDE51/d/7eeb/z886VzmtT35r8+uQLExn/2/g32qfGXmm9UPwh7+cn2fkTOgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsKOb77x7dWF5eXFlS6Esy9sjuh5JIe1kU8tf/zKwTP1bY0l2P2C19PlWUre00xTuL7DbD7Y77z1oEv7ZHJPHkvCHUpgaef5sLXxSluXBiHk3hbJxUOLZj8K+3paAx+Dk6rUbJ2++8+5Xl64tvLn45uL1s2fOnD119syr8ycvLy1P7Xd4wCNUP+vr9zn7HQkAAAAAAAAAAACwW7v755yi39JOct//2wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwBxeOp303ReZOnThV1dfvzC9XU6+8seQnSVpJitmk+CA5n+6UmYHhilHbWUsufvjx+kfdWruZ6uVbe9+LtWbKbJKxZj7E1LDG8vao8Yp6nBujx9ulopnG+i3n9zQePCT/CwAA//8FJhUQ") unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0) syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_conn_request={{0x4, 0xa}, {@any, '\x00', 0x2}}}, 0xd) syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}}}, 0x14) syz_emit_vhci(&(0x7f0000000640)=@HCI_SCODATA_PKT, 0x4) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) syz_mount_image$ocfs2(&(0x7f0000004480), &(0x7f00000044c0)='./file1\x00', 0x2800400, &(0x7f00000001c0)=ANY=[@ANYBLOB="6c6f63616c616c6c6f633d31383434363734343037333730393535313630382c726573765f6c6576656c3d30303030303030303030303030303030303030322c6865617274626561743d6e6f6e652c636f686572656e63793d62756666657265642c6572726f72733d636f6e74696e75652c6e6f696e74722c636f686572656e63793d66756c6c2c6e6f61636c2c636f686572656e63793d66756c6c2c646174613d6f7264657265642c00a6bbbf4f1c4504306b696ca03fb375edc4c5f0f579bf2195c3cc88165b8c279abaa84a848971253cb6e898fee96fa6"], 0x8, 0x446c, &(0x7f0000004780)="$eJzs281vFOcdB/DfrN1iU6B+4x2kVXuo1VbWmlNbDqXgtkKqSu2+qOoBa/0CuF17LXtdcahUqt6RIuUQ5ZwLKPcITvwLOYRrjhxIDrlEySWOdnfW3pn1hhXy2sH5fCQYzzPzvMhfz+zz6LELqdq9lc3iymaxvFasLt7ZvFL8d7WytbochQNy2P3Tm37kJPvDc+vG7/78tysR9z8a+8H29vZ21I3Enqbbvv78s/8sth9bCrk69Xb3bm2//CMiJiJiKPLjGYiIv38QkUTEaFo2lh6HI+JENK/9//1Hc0P7NJqBF49nH83OPHzycvX58I3bxa43JhHvVs7//O7qJz8euPrxT/epewAA+Ea/n7v11z+VpuNZEqeeDnbO18+mx27z42168uv+RwkAAABd7a7/R5JC0rn+n0iPXbYEw8L2zXbzj7dmfluaTvd/k47rv0iLPv3NQGMPNb/vm9//Hc3V33v/t7Of19UaX6vfkUgKU5nzQmFqKmL6evP8XHK8UKlu1n52p7q1trRvw3hjZfNv7t5n0kk39HvNfyzXfv/3/8c7fprq58X9+xE70rL5D3S9773/JT3lP56rdxD58/qy+Q82yn7UfkOx+QKo5//W4Kvzn8i136/8T9Xf7Ul9rEOZN0B9DlMv7zZfISub//caZZlXZ/qN7Pb8f5nL/3Su/cN6/09e72+vR0U2/+83yrK/tLb7/I8WXv38n8m1fxj518c/6fO/J9n8jzULsy/Pxney1/f/2Vz7fcr/QbqtGnEqifG23zp9Otj8cGjtVzeWNPXL630YxRGQzb9zl393/Vfoaf53Llf/oNZ/rX5b67/WOmQyaa7/2Fs2/+Gu9/X6/J/P1ev7+z8ZSlcA2//taz9HVDb/483CPSaAveZ/Idd+v/JvvPGHWvnvDvirY83ykvlfT7L5p1FlPgYeNP5vzP+Szty/yOV/Mdd+W/75Pw3ZJ53zv/r4J/vU21GTzf9E1/vq+X/Yw+f/pVy9/s//I0rm+q8tm//Jrvc1nv+hV+d/OVev3/n/pJ+NAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8B4ylx5FIClOZ80JhaipiPD0/F8eThfLS/EKluvivzYiJtLwYY8ndSnWhXJlfWasuLc+XK5XqYsTp9PpEDCWblWptfrW8fmanreHk3nJ5o7awXK5FxNm0/FKcbLW1sFJbLa837m1d+2GhurF+r7w2v7Sy8atSqVSK8ztjGE2W79eW12rN3ptXIy7s1B1J2gbXuHxxZywnkn9WtzbWypVG+aW2OpXqYrnSVudyeu3tGE1qG1tri+Xa8nylerfV32G6lh5nbs79Ze4P0x3Xi0nzOHawwwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgW+bZ1V++ExGDzbNCRFxrfZGk/zIGXjyefTQ78/DJy9XnwzduF/e6BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADga3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwS8cqDUNRGIDPvQoKLuroEziFZHNVFHExIvgEvkSHvmYfo0PHLqXQ3kBIGujS0uH7lkPyc+85cA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJfj87f9+6mbiBS3m5uI2eLxrp8/lVq/HT5/dYYZOZ2v7/b9o27Ku6dR/lJ+LV/zLl2v5v9R6nXvu9MM9mS4T3vjPkNT+zY1X9f3PlKuIuKh5M8p56o67i4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALbszaEJgGAQx9E7wWSzuIZOYVQE9zA6nks4jybBYBC++l46OH78AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCfcZnWuR/iyKiuzNjPtnn/u+fYvvssm6/LcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICbHTiQAQAAABDmb51H+wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIMCAAD//+N8zQE=") r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) write(r3, &(0x7f0000000180)='~', 0x1) truncate(&(0x7f0000000000)='./file1\x00', 0x9) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r2) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_LEAVE_IBSS(r2, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, r4, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x2, 0x60}}}}, ["", "", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x810) [ 68.287322][ T5306] Bluetooth: hci0: command tx timeout [ 68.384650][ T5322] loop0: detected capacity change from 0 to 1024 [ 68.425001][ T5322] hfsplus: invalid extended attribute record [ 68.430212][ T5306] BUG: sleeping function called from invalid context at net/core/sock.c:3664 [ 68.433554][ T5306] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 5306, name: kworker/u5:2 [ 68.436936][ T5306] preempt_count: 1, expected: 0 [ 68.439176][ T5306] RCU nest depth: 0, expected: 0 [ 68.441081][ T5306] 5 locks held by kworker/u5:2/5306: [ 68.443223][ T5306] #0: ffff88803f5ec148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x98b/0x18e0 [ 68.447666][ T5306] #1: ffffc9000d24fc60 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9c6/0x18e0 [ 68.452789][ T5306] #2: ffff888044100078 (&hdev->lock){+.+.}-{4:4}, at: hci_sync_conn_complete_evt+0x10d/0xb50 [ 68.457619][ T5306] #3: ffff888040f12e20 (&conn->lock#3){+.+.}-{3:3}, at: sco_connect_cfm+0x262/0xae0 [ 68.462273][ T5306] #4: ffff8880431df258 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_connect_cfm+0x439/0xae0 [ 68.466938][ T5306] Preemption disabled at: [ 68.466949][ T5306] [<0000000000000000>] 0x0 [ 68.470744][ T5306] CPU: 0 UID: 0 PID: 5306 Comm: kworker/u5:2 Not tainted 6.14.0-rc5-syzkaller-00218-g2a520073e74f #0 [ 68.470760][ T5306] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.470769][ T5306] Workqueue: hci0 hci_rx_work [ 68.470785][ T5306] Call Trace: [ 68.470790][ T5306] [ 68.470796][ T5306] dump_stack_lvl+0x241/0x360 [ 68.470813][ T5306] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.470826][ T5306] ? __pfx__printk+0x10/0x10 [ 68.470847][ T5306] __might_resched+0x5d4/0x780 [ 68.470859][ T5306] ? __pfx_lock_acquire+0x10/0x10 [ 68.470872][ T5306] ? __pfx___might_resched+0x10/0x10 [ 68.470882][ T5306] ? __pfx_lock_release+0x10/0x10 [ 68.470891][ T5306] ? do_raw_spin_lock+0x14f/0x370 [ 68.470902][ T5306] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 68.470924][ T5306] lock_sock_nested+0x5d/0x100 [ 68.470942][ T5306] sco_connect_cfm+0x439/0xae0 [ 68.470958][ T5306] ? hci_cb_lookup+0x1b3/0x3c0 [ 68.470972][ T5306] ? __pfx_sco_connect_cfm+0x10/0x10 [ 68.470986][ T5306] ? hci_cb_lookup+0x3a0/0x3c0 [ 68.471000][ T5306] ? __pfx_sco_connect_cfm+0x10/0x10 [ 68.471015][ T5306] hci_sync_conn_complete_evt+0x6f1/0xb50 [ 68.471029][ T5306] ? __pfx_hci_sync_conn_complete_evt+0x10/0x10 [ 68.471037][ T5306] ? skb_pull_data+0x112/0x230 [ 68.471047][ T5306] hci_event_packet+0xac1/0x1540 [ 68.471056][ T5306] ? __pfx_hci_sync_conn_complete_evt+0x10/0x10 [ 68.471066][ T5306] ? __pfx_hci_event_packet+0x10/0x10 [ 68.471073][ T5306] ? do_raw_spin_unlock+0x58/0x8b0 [ 68.471087][ T5306] ? kcov_remote_start+0x400/0x7d0 [ 68.471101][ T5306] ? insn_get_prefixes+0x1630/0x1ac0 [ 68.471118][ T5306] ? hci_send_to_monitor+0xdc/0x530 [ 68.471134][ T5306] hci_rx_work+0x3f3/0xdb0 [ 68.471151][ T5306] ? process_scheduled_works+0x9c6/0x18e0 [ 68.471206][ T5306] process_scheduled_works+0xabe/0x18e0 [ 68.471238][ T5306] ? __pfx_process_scheduled_works+0x10/0x10 [ 68.471259][ T5306] ? assign_work+0x364/0x3d0 [ 68.471276][ T5306] worker_thread+0x870/0xd30 [ 68.471294][ T5306] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 68.471313][ T5306] ? __kthread_parkme+0x169/0x1d0 [ 68.471329][ T5306] ? __pfx_worker_thread+0x10/0x10 [ 68.471343][ T5306] kthread+0x7a9/0x920 [ 68.471358][ T5306] ? __pfx_kthread+0x10/0x10 [ 68.471374][ T5306] ? __pfx_worker_thread+0x10/0x10 [ 68.471388][ T5306] ? __pfx_kthread+0x10/0x10 [ 68.471402][ T5306] ? __pfx_kthread+0x10/0x10 [ 68.471420][ T5306] ? __pfx_kthread+0x10/0x10 [ 68.471434][ T5306] ? _raw_spin_unlock_irq+0x23/0x50 [ 68.471446][ T5306] ? lockdep_hardirqs_on+0x99/0x150 [ 68.471459][ T5306] ? __pfx_kthread+0x10/0x10 [ 68.471475][ T5306] ret_from_fork+0x4b/0x80 [ 68.471489][ T5306] ? __pfx_kthread+0x10/0x10 [ 68.471505][ T5306] ret_from_fork_asm+0x1a/0x30 [ 68.471529][ T5306] [ 68.927506][ T5320] [ 68.928540][ T5320] ====================================================== [ 68.931390][ T5320] WARNING: possible circular locking dependency detected [ 68.934296][ T5320] 6.14.0-rc5-syzkaller-00218-g2a520073e74f #0 Tainted: G W [ 68.937714][ T5320] ------------------------------------------------------ [ 68.940536][ T5320] syz.0.0/5320 is trying to acquire lock: [ 68.942955][ T5320] ffff888040f12e20 (&conn->lock#3){+.+.}-{3:3}, at: sco_chan_del+0x74/0x180 [ 68.946702][ T5320] [ 68.946702][ T5320] but task is already holding lock: [ 68.950258][ T5320] ffff8880532d2258 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0}, at: sco_sock_release+0x5a/0x320 [ 68.954197][ T5320] [ 68.954197][ T5320] which lock already depends on the new lock. [ 68.954197][ T5320] [ 68.958516][ T5320] [ 68.958516][ T5320] the existing dependency chain (in reverse order) is: [ 68.962172][ T5320] [ 68.962172][ T5320] -> #2 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0}: [ 68.965393][ T5320] lock_acquire+0x1ed/0x550 [ 68.967408][ T5320] lock_sock_nested+0x48/0x100 [ 68.969557][ T5320] bt_accept_dequeue+0xfa/0x570 [ 68.971710][ T5320] sco_sock_accept+0x280/0x5b0 [ 68.973836][ T5320] do_accept+0x4c4/0x6d0 [ 68.975756][ T5320] __sys_accept4+0x11f/0x1d0 [ 68.977756][ T5320] __x64_sys_accept4+0x9a/0xb0 [ 68.979852][ T5320] do_syscall_64+0xf3/0x230 [ 68.981927][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.984502][ T5320] [ 68.984502][ T5320] -> #1 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}: [ 68.988065][ T5320] lock_acquire+0x1ed/0x550 [ 68.990077][ T5320] lock_sock_nested+0x48/0x100 [ 68.992132][ T5320] sco_connect_cfm+0x439/0xae0 [ 68.994206][ T5320] hci_sync_conn_complete_evt+0x6f1/0xb50 [ 68.996741][ T5320] hci_event_packet+0xac1/0x1540 [ 68.998844][ T5320] hci_rx_work+0x3f3/0xdb0 [ 69.000836][ T5320] process_scheduled_works+0xabe/0x18e0 [ 69.003256][ T5320] worker_thread+0x870/0xd30 [ 69.005243][ T5320] kthread+0x7a9/0x920 [ 69.007119][ T5320] ret_from_fork+0x4b/0x80 [ 69.009061][ T5320] ret_from_fork_asm+0x1a/0x30 [ 69.011171][ T5320] [ 69.011171][ T5320] -> #0 (&conn->lock#3){+.+.}-{3:3}: [ 69.014292][ T5320] validate_chain+0x18ef/0x5920 [ 69.016447][ T5320] __lock_acquire+0x1397/0x2100 [ 69.018563][ T5320] lock_acquire+0x1ed/0x550 [ 69.020759][ T5320] _raw_spin_lock+0x2e/0x40 [ 69.022774][ T5320] sco_chan_del+0x74/0x180 [ 69.024828][ T5320] sco_sock_release+0xb3/0x320 [ 69.026900][ T5320] sock_close+0xbc/0x240 [ 69.028873][ T5320] __fput+0x3e9/0x9f0 [ 69.030669][ T5320] task_work_run+0x24f/0x310 [ 69.032705][ T5320] syscall_exit_to_user_mode+0x13f/0x340 [ 69.035215][ T5320] do_syscall_64+0x100/0x230 [ 69.037326][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.039855][ T5320] [ 69.039855][ T5320] other info that might help us debug this: [ 69.039855][ T5320] [ 69.043879][ T5320] Chain exists of: [ 69.043879][ T5320] &conn->lock#3 --> sk_lock-AF_BLUETOOTH-BTPROTO_SCO --> sk_lock-AF_BLUETOOTH [ 69.043879][ T5320] [ 69.049691][ T5320] Possible unsafe locking scenario: [ 69.049691][ T5320] [ 69.052716][ T5320] CPU0 CPU1 [ 69.054946][ T5320] ---- ---- [ 69.057188][ T5320] lock(sk_lock-AF_BLUETOOTH); [ 69.059161][ T5320] lock(sk_lock-AF_BLUETOOTH-BTPROTO_SCO); [ 69.062590][ T5320] lock(sk_lock-AF_BLUETOOTH); [ 69.065458][ T5320] lock(&conn->lock#3); [ 69.067188][ T5320] [ 69.067188][ T5320] *** DEADLOCK *** [ 69.067188][ T5320] [ 69.070305][ T5320] 2 locks held by syz.0.0/5320: [ 69.072196][ T5320] #0: ffff888043aeda08 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x90/0x240 [ 69.076715][ T5320] #1: ffff8880532d2258 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0}, at: sco_sock_release+0x5a/0x320 [ 69.080756][ T5320] [ 69.080756][ T5320] stack backtrace: [ 69.083004][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Tainted: G W 6.14.0-rc5-syzkaller-00218-g2a520073e74f #0 [ 69.083020][ T5320] Tainted: [W]=WARN [ 69.083024][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.083031][ T5320] Call Trace: [ 69.083038][ T5320] [ 69.083043][ T5320] dump_stack_lvl+0x241/0x360 [ 69.083058][ T5320] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.083069][ T5320] ? __pfx__printk+0x10/0x10 [ 69.083081][ T5320] print_circular_bug+0x13a/0x1b0 [ 69.083094][ T5320] check_noncircular+0x36a/0x4a0 [ 69.083105][ T5320] ? __pfx_stack_trace_save+0x10/0x10 [ 69.083118][ T5320] ? __pfx_check_noncircular+0x10/0x10 [ 69.083129][ T5320] ? lockdep_lock+0x123/0x2b0 [ 69.083145][ T5320] validate_chain+0x18ef/0x5920 [ 69.083158][ T5320] ? do_raw_spin_lock+0x14f/0x370 [ 69.083171][ T5320] ? __pfx_validate_chain+0x10/0x10 [ 69.083182][ T5320] ? do_raw_spin_unlock+0x58/0x8b0 [ 69.083193][ T5320] ? arch_stack_walk+0xfd/0x150 [ 69.083205][ T5320] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 69.083218][ T5320] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 69.083232][ T5320] ? debug_object_assert_init+0x2dd/0x4b0 [ 69.083293][ T5320] ? __pfx_debug_object_assert_init+0x10/0x10 [ 69.083309][ T5320] ? mark_lock+0x9a/0x360 [ 69.083319][ T5320] __lock_acquire+0x1397/0x2100 [ 69.083339][ T5320] lock_acquire+0x1ed/0x550 [ 69.083353][ T5320] ? sco_chan_del+0x74/0x180 [ 69.083366][ T5320] ? __pfx_lock_acquire+0x10/0x10 [ 69.083380][ T5320] ? __cancel_work+0x24a/0x390 [ 69.083394][ T5320] ? lockdep_hardirqs_on+0x99/0x150 [ 69.083406][ T5320] ? __cancel_work+0x2ee/0x390 [ 69.083420][ T5320] ? __pfx___cancel_work+0x10/0x10 [ 69.083434][ T5320] ? sco_sock_release+0x5a/0x320 [ 69.083446][ T5320] _raw_spin_lock+0x2e/0x40 [ 69.083458][ T5320] ? sco_chan_del+0x74/0x180 [ 69.083469][ T5320] sco_chan_del+0x74/0x180 [ 69.083481][ T5320] sco_sock_release+0xb3/0x320 [ 69.083494][ T5320] sock_close+0xbc/0x240 [ 69.083506][ T5320] ? __pfx_sock_close+0x10/0x10 [ 69.083516][ T5320] __fput+0x3e9/0x9f0 [ 69.083534][ T5320] task_work_run+0x24f/0x310 [ 69.083545][ T5320] ? _raw_spin_unlock+0x28/0x50 [ 69.083559][ T5320] ? __pfx_task_work_run+0x10/0x10 [ 69.083570][ T5320] ? syscall_exit_to_user_mode+0xa3/0x340 [ 69.083585][ T5320] syscall_exit_to_user_mode+0x13f/0x340 [ 69.083599][ T5320] do_syscall_64+0x100/0x230 [ 69.083614][ T5320] ? clear_bhb_loop+0x35/0x90 [ 69.083628][ T5320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.083642][ T5320] RIP: 0033:0x7fdc6e18d169 [ 69.083653][ T5320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.083661][ T5320] RSP: 002b:00007fff0124d3f8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 69.083672][ T5320] RAX: 0000000000000000 RBX: 0000000000010a4c RCX: 00007fdc6e18d169 [ 69.083679][ T5320] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 69.083684][ T5320] RBP: 00007fdc6e3a7ba0 R08: 0000000000000001 R09: 000000140124d6ef [ 69.083691][ T5320] R10: 00007fdc6dfff02c R11: 0000000000000246 R12: 00007fdc6e3a5fac [ 69.083698][ T5320] R13: 00007fdc6e3a5fa0 R14: ffffffffffffffff R15: 00007fff0124d510 [ 69.083709][ T5320]