Extracting prog: 21m52.755759003s
Minimizing prog: 7m51.172936753s
Simplifying prog options: 0s
Extracting C: 1m30.811566734s
Simplifying C: 23m57.569903473s


extracting reproducer from 30 programs
testing a last program of every proc
single: executing 5 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm
detailed listing:
executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=@updpolicy={0xcc, 0x19, 0x1, 0x0, 0x0, {{@in6=@empty, @in=@private, 0x0, 0x0, 0x20, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, [@XFRMA_IF_ID={0x8, 0x1f, 0x1}, @mark={0xc, 0x15, {0x35075b, 0x8}}]}, 0xcc}}, 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000680)=ANY=[@ANYBLOB="340000001800fd032abd7000fedbdf251d01040015000100040000a0020300004e9f064d62a05f05020000000800050007f8"], 0x34}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-getsockopt$SO_TIMESTAMPING
detailed listing:
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x4a, 0x0, &(0x7f00000002c0))

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat-syz_clone3
detailed listing:
executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x0, 0x0)
syz_clone3(&(0x7f0000002040)={0x204020100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021040100000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000d8000380d40000800800034000000002c8000b80480001800a00010071756f74610000003800028008000240000000030c00014000", @ANYBLOB="9b25e36cfbe7"], 0x188}}, 0x0)

program did not crash
single: failed to extract reproducer
bisect: bisecting 30 programs with base timeout 30s
testing program (duration=37s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 4:
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_SUBDEV_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000240)={0x0, 0x0, '\x00', @raw_data=[0x5, 0xff000000, 0xff, 0x6, 0x8, 0x4, 0x744d, 0xf, 0x6ff, 0x49, 0x3, 0x2, 0x9, 0x9, 0x29c1e064, 0x7fffffff, 0x5, 0x1000, 0x0, 0x8, 0xfffffffa, 0xfffffffa, 0xc12, 0x911a, 0x7, 0x1, 0x5, 0x530f, 0x9, 0xa, 0xfffffff8, 0x2]})
executing program 4:
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000000)={0x53, 0xa, 0x3, "2e9b1c2300000000000000000000e70000a2000000000000000000001000", 0x38414762})
executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@ipv4_newroute={0x2c, 0x1a, 0x1, 0x3, 0x0, {}, [@RTA_MARK={0x8, 0x10, 0x4}, @RTA_UID={0x8, 0x19, 0xffffffffffffffff}]}, 0x2c}}, 0x0)
executing program 4:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b100090581"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x14, 0x15, 0x301, 0x0, 0x25dfdbfc, {0x5}}, 0x14}}, 0x0)
executing program 2:
r0 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_G_TUNER(r0, 0xc054561d, &(0x7f0000000140)={0x31f, "13f20afd86c17f9dfa507069d57c6684154bc7ec29052b9ec48e707a4f251dd9", 0x0, 0x0, 0x0, 0x0, 0x8})
executing program 2:
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, 0x0)
executing program 2:
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000580)='./file0\x00', 0x2000000, &(0x7f00000001c0)=ANY=[], 0xfe, 0x628a, &(0x7f000001f480)="$eJzs3c1vHGcdB/DfvvolNLVyqEqEkJuWl1KaxEkJgQJtD3Dg0gOKuKFErltFpICSgNLKIq4sJA6c+AtASBwR4og48Af0wJUbJ05EspFAPTFo7OeJZze7Xbu2d9aez0dyZn7zzK6f8XdnXzIz+wQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEN/9zvdWWhFx82dpwVLEp6IT0Y5YKOvliFhYXsrrdyPi2dhpjmciojcXUd5+55+nI16JiA/PRmxtr6+Wi6/ssx/f/uPff/eDM2/+7Q+9S//90/3Oq+PWe/DgV//588PDbTMAAAA0TVEURSt9zD+fPt+36+4UADAV+fW/SPLyU1//+p9v/mWW+qNWq9Vq9RTqqmK0h9UiIjaqtynfMzgcDwAnzEZ8VHcXqJH8G60bEWfq7gQw01p1d4BjsbW9vtpK+baqrwfLu+35XJCB/Ddaj6/vGDedZPgck2k9vjajE+fG9GdhSn2YJTn/9nD+N3fb+2m9485/Wsbl39+99Klxcv6d4fyHnJ782yPzb6qcf/dA+XfkDwAAAAAAMyz///9Szcd/5w6/Kfvyccd/l6fUBwAAAAAAAAA4aocd/+8x4/8BAADAzCo/q5d+c3Zv2bjvYiuX32hFPDW0PtAw6WKZxbr7AQAAAAAAAAAAAABN0t09h/dGK6IXEU8tLhZFUf5UDdcHddjbn3RN335osrqf5AEAYNeHZ/O1/L3dBa2I+Yi4kb7rr7e4uFgU8wuLxWKxMJffz/bn5ouFyufaPC2XzfX38Ya42y/KO5uv3K5q0uflSe3D91f+rn7R2UfHjkj6Y8aY5hoDB4D0AhWx5RXplCmKp8e9+YAB9v9TaCmW6n5cMfvqfpgCAAAAx68oiqKVvs77fDrm3667UwDAVOTX/+HjAoeq22PaI47m/tVqtVqtVn+iuqoY7WG1iIiN6m3K9wyG4weAE2YjPqq7C9RI/o3WjYhn6+4EMNNadXeAY7G1vb7aSvm2qq8HaXz3fC7IQP4brZ3b5duPmk4yfI7JtB5fm9GJc2P688yU+jBLcv7t4fxv7rb303rHnf+0jMu/v3PJXPPk/DvD+Q85Pfm3R+bfVDn/7oHy78gfAAAAAABmWP7//yXHf/MmAwAAAAAAAMCJs7W9vpqve83H/z8zYj3Xf55OOf/WQfNfSPPyP9Fy/u2h/L84tF6nMv/ojb39/9/b66u/v/+vT+fpfvOfyzOt9MhqpUdEK/2mVjdND7N1T9rsdfrlb+q12p1uOuen6L0dt+NOrMXlgXXb6e+x174y0F72tDfQfmWgvftE+9WB9l763oFiIbdfjNX4cdyJt3bay7a5Cds/P6G9mNCe8+94/m+knH/38c+575f5L6b21tC09OiD9hP7fXU66ve8fvuzv7x8/Jsz0WZ0Hm9bVbl9F2roz87f5Ew/fnpv7e7FB7fu37+7EmkysPRKpMkRy/n3dn7m9p7/n99tz8/71f310Qf9A+c/KzajOzb/5yvz5fa+OOW+1SHn308/Of+3Uvvo/f8k5z9+/3+phv4AAAAAAAAAAAAAAADAxymKYucS0dcj4lq6/qeuazMBgOnKr/9Fkper1Wq1Wq0+fXVVMdpr1SIi/lq9Tfme4eej7gwAmGX/i4h/1N0JaiP/Bsvf91dOX6i7M8BU3Xvv/R/eunNn7e69unsCAAAAAAAAAHxSefzP5cr4zy9ExNLQegPjv74Ry4cd/7ObZx4PMHrEA32Psdnud9qV4cafi53xuS+OG//7Qjw5/nceE7dT3Y4xehPa+xPa5ya0z49cupfWyAs9KnL+z1XGOy/zPz80/HoTxn8dHvO+CXL+FyqP5zL/LwytV82/+O3M5b+x3xU3oz2Q/6X77/7k0r333n/59ru33ll7Z+1HV1dWLl+9du369euX3r59Z+3y7r/H0+sZkPPPY187D7RZcv45c/k3S87/c6mWf7Pk/D+favk3S84/v9+Tf7Pk/PNnH/k3S87/xVTLv1ly/l9KtfybZWt7fa7M/6VUy79Z8v7/5VTLv1ly/i+nWv7NkvO/mGr5N0vO/1Kq95G/r4c/RXL++QiX/b9Zcv4rqZZ/s+T8r6Ra/s2S87+aavk3S87/lVTLv1ly/l9JtfybJed/LdXyb5ac/1dTLf9myflfT7X8myXn/7VUy79Zcv5fT7X8myXn/2qq5d8sOf9vpFr+zZLz/2aq5d8sOf9vpVr+zZLzfy3V8m+Wve//N2NmFmZ+cbR32IkZ2a6TNlP3MxMAAAAAAAAAAAAAMGwapxPXvY0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/ZwcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2LvXGLnO+n7gZ/bmtUOIgRCc/A1sEhNCsmTXduILf1xMuDZAuSUUesF2vWuz4BteuwSKZNNAiYRRUQVq+qItINRGqiqsihe0ojQvql5elfYFfVNRVUJqVIUooCK1Fc1WM+d5Hs/MzmXXO17Pnufzkezf7sw5c54585yz81v7OwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDZ7W+a/3ytKIr6n8ZfW4viBfWvN09tbdz2uus9QgAAAGCt/rfx93M3pRsOrmClpmX+9hX/8K2lpaWl4oOjXxn/8tJS/baR+l9TRTG+qSga90WX/+1DtS83fR88VkzWRpq+H+mz+dE+94/1uX+8z/0Tfe7f1Of+yT73L9sBy2wufx/TeLAdjS+3lru0uLkYb9y3o8Naj9U2jYzE3+U01BrrLI0fKxaKE8V8MduyfLlsrbH8d26vb+vtRdzWSNO2ttdnyI8/fTSOoRb28Y6WbV15zOhHbyymfvLjTx/9o3PP3Nqp9t0NLY9XjvPuO+rj/Gy4pRxrrdiU9kkc50jTOLd3eE1GW8ZZa6xX/7p9nM+tcJyjV4a5rtpf88lipPH19xr7aaz513ppP20Pt/3XnUVRXLwy7PZllm2rGCm2tNwycuX1mSxnZP0x6lPpxcXYqubp7SuYp/U6t6N1nrYfE/H1vz2sN9ZlDM0v048+M7HsdV/tPI3qz7rbsdI+Bwd9rAzLHIzz4nuNJ/14xzm4Izz/T9/VfQ52nDsd5mB63k1z8I5+c3BkYrQx5vQi1BrrXJmDO1uWH21sqdaoT9/Vew7OnDt5Zmbxk5967cLJI8fnj8+f2r1z5+zuPXv27ds3c2zhxPxs+fdV7u3ht6UYScfAHWHfxWPg1W3LNk/Vpa8N7jic7HEcbm1bdtDH4Vj7k6utzwG5fE6Xx8bD9Z0+eWmk6HKMNV6fe9Z+HKbn3XQcjjUdhx1/pnQ4DsdWcBzWlzlzz8res4w1/ek0hmv1s2Br0xxsfz/SPgcH/X5kWObgZJgX/3JP958F28N4H59e7fuR0WVzMD3dcO6p35Le70/ua5RO8/K2+h03TBTnF+fP3vfokXPnzu4sQlkXL2maK+3zdUvTcyqWzdeRVc/XgwuvePy2DrdvDftq8rX1vya7vlb1Ze6/r/dr1fjp1nl/tty6qwhlwNZ7f3b6aV7fn6mX7LE/68t8dmbt78VTX9p0/h3vcv6Nff/z5fbSQz02Oj5WHr+jae+Mt5yPW1+qsca5q9bY9nMzKzsfj4c/630+vrnH+Xhb27KDPh+Ptz+5eD6u9fttx9q0v56TYZ6cmO19Pq4vs23XaufkWM/z8Z2h1sL+f03oFFJf1DR3us3btK2xsfHwvMbiFlrn6e6W5cdDb1bf1pO7rm6e3n1n+Vij6dldsV7zdKpt2UHP03S+6jZPa/1++3Z12l/PyTAvbt7de57Wl3nq/rWfOzfHL5vOnRP95uD46ER9zONpEpbn+6XNcQ7eVxwtThcnirnGvRON+VRrbGv6gZXNwYnwZ73Pldt6zMG725Yd9BxMP8e6zb3a2PInPwDtr+dkmBdPPNB7DtaXefPewb53vTvckpZpeu/a/vu1br/zuq1tN13L33nVx/nXe3v/bra+zIl9q+0ze++ne8MtN3TYT+3Hb7djaq5Yn/20LYzzmX3d91N9PPVlvrx/hfPpYFEUFz7+YOP3veHfV/7s/Pe/1fLvLp3+TefCxx989sZjf7Oa8QOw8T1fli3lz7qmf5layb//AwAAABtC7PtHQk30/wAAAFAZse+P/ys80f8DAABAZcS+fyzUJJP+f9ubn1l4/kKRkvlLQbw/7YaHyuVixnU2fD+1dEX99ge/Mf/Tv7iwsm2PFEXxs4d+o+Py2x6K4ypNhXFefkvr7ctXvLCi7R9+5Mpyzfn1r4bHj89npdOgUwR3tiiK79z0xcZ2pj50qVGfeuhwo77v4uOP1Zd5bn/5fVz/6ZeUy/9+CP8ePHakZf2nw374Yaiz7+i8P+J637z0mu17P3Ble3G92h0vbDztJz5cPm78nJwvPVYuH/dzt/H/5Ree/GZ9+Udf1Xn8F0Y6j//J8LjfCPW/X14u3/wa1L+P630ujD9uL65339e/23H8lz9fLn/mreVyh0ON2787fL/jrc8sNO+vR2tHWp5X8bZyubj92e//duP++Hjx8dvHP3noUsv+aJ8fT/1T+TgzbcvH2+N2oj9v2379cZrnZ9z+k791uGU/99v+5fc9/fL647Zv/9625Ubb1m//xKY/+NwXO24vjufgn55peT4H3xuO47D9Jz4c5mO4/38uf7Flu9Hh97aef+LyX916oeX5RG//Sbn9y2843qj/PvXT37vhBTe+8OIr6/uuKL73/vLx+m3/+B+ebhn/1265p/F6xPtjRr99+93E7Z/9xPSp04vnF+aa9mrjs3PeWY5n0+TmLfXx3hTOre3fHzp97iPzZ6dmp2aLYqq6H6F31b4e6rNlubja9e95JLyet/3ud7bc9Y9fiLf/88Pl7ZfeUf7cenVY7kvh9q3l67dUW+P2n7j9lsbxXXuq/L4lxz4A23f8x74VLRief/v7gjjfz7z0I439UL+v8XMjHtdrHP8P5srH+XbYr0vhk5nvuOXK9pqXj5+NcOn95fG+5v0XTnPxdf3j8Hq/64fl48dxxef7g/A+5rvbWs93cX58+8JI++M3PsXjYjifFBfL++NScX9feu6WjsOLn0NSXLy18f3vpMe5dVVPs5vFTy7OnFg4df7RmXPzi+dmFj/5qUMnT58/de5Q47M8D3203/pXzk9bGuenufk99xezm4uiOF3MrsMJ69qMv/7VysZ/5pGjc3tn75qbP3bk/LFzj5yZP3v86OLi0fm5xbuOHDs2/4l+6y/MHdi5a//uvbumjy/MHdi3f//u/dMLp07Xh1EOqo89sx+bPnX2UGOVxQP379/5wAP3z06fPD03f2Dv7Oz0+X7rN342TdfX/vXps/MnjpxbODk/vbjwqfkDO/fv2bOr76cBnjxzbHFq5uz5UzPnF+fPzpTPZepc4+b6z75+61NNi/9avp9tVys/iK9497170uez1n3jM10fqlyk7QNEnwmfRfP3LzqzbyXfx75/PNQkk/4fAAAAchD7/olQE/0/AAAAVEbs+zeFmuj/AQAAoDJi3z8ZapJJ/y//L/+/svx/eb/8f175/zMfL3OlGz3/H/Pz8v95uM75/zVvX/5f/r96+f+V5+c3+vjl/+X/WW7Y8v+x799cFFn2/wAAAJCD2PdvCTXR/wMAAEBlxL7/hlAT/T8AAABURuz7XxBqkkn/n0P+/z0dFltl/n9Xv8BV9fP/G+b6/5sL+X/5/+b8f3xx5P+zser8/QcebvlW/j+Q/5f/l/+X/5f/Z83Gu95zvfL/se+/MdQkk/4fAAAAchD7/heGmuj/AQAAoDJi339TqIn+HwAAACoj9v1bQ00y6f9zyP934vr/lc3/u/6//P9gr//fNBj5/43B9f9765z/n7hh2U3y/6vM/0/K/2/E/P/4YMc/3Pn/vsOX/+eaGLbr/8e+/0WhJpn0/wAAAJCD2Pe/ONRE/w8AAACVEfv+l4Sa6P8BAACgMmLff3OoSSb9v/y//L/8v/y//H/n7fe//n/5lfz/cJH/7831//tw/f+88v8DHv9w5/8Hff3/8be0ry//TyfDlv+Pff9LQ00y6f8BAAAgB7HvvyXURP8PAAAAlRH7/peFmuj/AQAAoDJi378t1CST/l/+X/5f/l/+X/6/8/b75/9L8v/DRf6/N/n/PuT/5f/l/1eW/+/w5lf+n0765f8ffH15nl6v/H/s+28NNcmk/wcAAIAcxL7/tlAT/T8AAABURuz7/1+oif4fAAAAKiP2/dtDTTLp/+X/5f/l//PK/987If8v/19t8v+9yf/3If8v/y//v8Lr/y+3mvz/pn4PRmX0y/+/+949jVNge/6/Q381kPx/7PtfHmqSSf8PAAAAOYh9/ytCTfT/AAAAUBmx739lqIn+HwAAACoj9v1ToSaZ9P/y/9XK///JXz3xykL+X/6/z/Yrmv+P00D+P3Py/73J//ch/y//L/+/Lvl/8nG1+f8OBpL/j33/7aEmmfT/AAAAkIPY998RaqL/BwAAgMqIff+doSb6fwAAAKiM2PfvCDXJpP+vev5/pMtiVc3/R/L/8v+9tl/R/H8i/583+f8Omg5S+f8+5P/l/7PP/8d3v/L/DMaw5f9j3/+qUJNM+n8AAADIQez77wo10f8DAABAZcS+/9WhJvp/AAAAqIzY998dapJJ/1/1/H838v/y/837S/5f/r/T9uX/Nyb5/95Wm/+fkP+X/5f/zyz/7/r/DNaw5f9j3/+aUJNM+n8AAADIQez77wk10f8DAABAZcT/v1n+v1f9PwAAAFRR7PunQ00y6f/l/+X/c8r/1+T/5f/l/ytP/r831//vQ/5f/l/+X/6fgRq2/H/s+18bapJJ/w8AAAA5iH3/faEm+n8AAACojNj3z4Sa6P8BAACgMmLfPxtqkkn/L/8v/59T/t/1/+X/5f+rT/6/N/n/PuT/5f+rlv8vCvl/rqthy//Hvn9nqEkm/T8AAADkIPb9u0JN9P8AAABQGbHv3x1qov8HAACAyoh9//2hJpn0//L/8v/y//L/8v+dty//vzH1yt9/ZQXry/8H8v/y//L/1cj/u/4/19mw5f9j3/9AqEkm/T8AAADkIPb9e0JN9P8AAABQGbHv3xtqEvr/Tv+vGwAAANhYYt+/L9Qkk3//l/+vSP7/N/+uZdvy//L/vbY/mPz/Zvn/UOX/h0tFr//fflhctY2Z/38+PX/5f/n/YR6//L/8P8sNW/4/9v37Q00y6f8BAAAgB7Hvf12oif4fAAAAKiP2/f8/1ET/DwAAAJUR+/7Xh5pk0v/L/1ck/99G/l/+v9f2Xf9f/r/KKpr/H5iNmf/vcv3/Efl/+f+1j39igOOX/19J/n9Tv4ehYq59/j9+tbL8f+z7D4SaZNL/AwAAQA5i3/9zoSb6fwAAAKiM2Pe/IdRE/w8AAACVEfv+g6EmmfT/8v/y//L/8v/XJv//hqLdMOb/65NH/r9a5P97q1T+3/X/5f+HbPzy/67/z3LDdv3/2Pe/MdQkk/4fAAAAchD7/gdDTfT/AAAAUBmx739TqIn+HwAAACoj9v1vDjXJpP+X/5f/l/+X/3f9/87bl//fmOT/e5P/70P+X/5f/l/+n4G6fvn/TR3vj33/W0JNMun/AQAAIAex739rqIn+HwAAACoj9v1vCzXR/wMAAEBlxL7/7aEmmfT/8v/y//L/1cz/b+qxffl/+f8qk//vTf6/D/l/+X/5f/l/BmrYrv8f+/6fDzXJpP8HAACAHMS+/6FQE/0/AAAAVEbs+98RaqL/BwAAgMqIff87Q00y6f/l/+X/5f+rmf/vtX35f/n/KpP/703+vw/5f/l/+X/5fwZq2PL/se9/V6hJJv0/AAAA5CD2/b8QaqL/BwAAgMqIff+7Q030/wAAAFAZse9/T6hJJv3/YPL/taJMtcr/N5P/v5r8/9KF5vXk/+X/i0Hl/+sryf9nQf6/N/n/Pjrk/zfJ/8v/y//L/3PVhi3/H/v+94aaZNL/AwAAQA5i3/++UBP9PwAAAFRG7PvfH2qi/wcAAIDKiH3/w6EmmfT/rv+fZf4/PeXhy/+7/r/8v+v/y/+vjfx/b/L/fbj+v/z/hsz/j4f6sen4s0n+n2ExbPn/2Pc/EmqSSf8PAAAAOYh9/wdCTfT/AAAAUBmx7//FUBP9PwAAAFRG7Ps/GGqSSf8v/59l/n+Ir/9ftfz/WMv8yCn/P9n0eqZ5Kf8v/78O5P97k//vQ/5f/n+Y8/9hNm/usr7r/zOMhi3/H/v+D4WaZNL/AwAAQA5i3/9LoSb6fwAAAKiM2Pf/cqiJ/h8AAAAqI/b9vxJqkkn/n0X+f2T5YvL/8v/N+8v1/13/v9P25f83Jvn/3jZu/n+i4+PJ/8v/X/X4xwY//ut3/f+S/D/DaNjy/7Hv/9VQk66N37P/uYKnCQAAAAyR2Pd/ONQkk3//BwAAgBzEvv9QqIn+HwAAACoj9v2HQ00y6f+zyP930D3/H6+oKv8v/y//L/8v/78RDS7//7Ibi0L+f3jy/67/X8j/D/345f/l/1lu2PL/se8/EmqSSf8PAAAAOYh9/6+Fmuj/AQAAoDJi33801ET/DwAAAJUR+/65UJNM+v/1zv835XrHhzP/7/r/V5v//5n8v/x/IP/fmfz/+nD9/97k//uQ/5f/l/+X/2eghi3/H/v++VCTTPp/AAAAqLD06+DY9x8LNdH/AwAAQGXEvv94qIn+HwAAACoj9v0fCTXJpP93/X/5f9f/vx75/7GW5eX/S/L/8v+DIP/fm/x/H/L/8v/y//L/DNSw5f9j378QapJJ/w8AAAA5iH3/R0NN9P8AAABQGbHv/1ioif4fAAAAKiP2/SdCTTLp/+X/5f9zz//X/o+9+2iy9CzvP35mNKlX9kvw2isv5ZW08Avw1jtXeS3bgMhBI3IGEUUGASLnnAWInHMGkXMUQQiqmlLPdV0zPX36Od3TT5/zPPf9+Wyu/8xfQ5+RGlE/T33rXizOe/9f/7/s6+v/50n/P0z/v4L+X/+v/9f/M6qp9f+5+6+LWzrZ/wAAANCD3P3/G7fY/wAAANCM3P3/F7fY/wAAANCM3P3/H7d0sv/1//r/3vv/xUbe/9/917ff/1/4J6T/1/+vw57+/tTyv26/KHzf/v/frr7+v/X/+n/9/yD9v/5f/8/lptb/5+6/V9zSyf4HAACAHuTuv3fcYv8DAABAM3L33ydusf8BAACgGbn7r49bOtn/+n/9v/5f/7+r/7/N+//6/3nz/v+wefT/V29vb+v/l9H/T/vz6//1/+w1tf4/d/9945ZO9j8AAAD0IHf//eIW+x8AAACakbv//nGL/Q8AAADNyN3/gLilk/2v/9f/6//n0v+fmfH7//H9oP/X/6+B/n/YPPp/7//r/+f5+fX/+n/2Onz/v++/tkfp/3P3PzBu6WT/AwAAQA9y9z8obrH/AQAAoBm5+x8ct9j/AAAA0Izc/Q+JWzrZ//p//b/+fy79/5re/9f/6/9n7pbFxX8n6P/30v+vsKL/Xyz0/0MO3M8v/+3N5/PvQ/+v/2evw/f/+/5HjdL/5+5/aNxy7WJx5kp/kwAAAMCk5O5/WNzSyZ//AwAAQA9y998Qt9j/AAAA0Izc/efjlk72v/5f/6//1//r/5d/ff3/PHn/f9jR+/9//efr/qff/t/7/8O8/z92/3/Pd0aT/b/MuiNT6/9z998Yt3Sy/wEAAKAHufsfHrfY/wAAANCM3P2PiFvsfwAAAGhG7v5Hxi2d7H/9/7T6/8xdrrz/v2rXr7uk/9+pXfT/a+r/T5xY+v1x9P7/P/T/+n/9/wr6/2He/19h519zW/VD/b/+3/v/3v/naKbW/+fuf1Tc0sn+BwAAgB7k7n903GL/AwAAQDNy9z8mbrH/AQAAoBm5+x8bt3Sy//X/0+r/vf/fSP+/z/eH9//1//r/46f/H6b/X6GV9/+v8Ltm0/38UW368+v/9f/sNbX+P3f/4+KWTvY/AAAA9CB3/+PjFvsfAAAAmpG7/wlxi/0PAAAAzcjd/8S4pZP9r//X/8+j/8+voP/X/x9//5/0//Ok/x+m/1+hlf7/Cm26n5/759f/6//Za2r9f+7+J8Utnex/AAAA6EHu/ifHLfY/AAAANCN3/1PiFvsfAAAAmpG7/6lxSyf7X/+v/59H/+/9f/2/9//1/wej/x+m/19B/6//1//r/xnV1Pr/3P03xS2d7H8AAADoQe7+p8Ut9j8AAAA0I3f/0+MW+x8AAACakbv/GXFLJ/tf/7+s/79T/6//1//r//X/M6X/H6b/X0H/r//X/+v/GdWE+v9LftW5xTPjlk72PwAAAPQgd/+z4hb7HwAAAJqRu//ZcYv9DwAAAM3I3X9z3NLJ/tf/T+b9/52cr63+f2uxWOj/F532/1uX/POs70v9v/5/DfT/w/T/K+j/9f/6f/0/o5pQ/7/z49z9z4lbOtn/AAAA0IPc/c+NW+x/AAAAaEbu/ufFLfY/AAAANCN3//Pjlk72v/5/Mv3/jrb6f+//X/790VP/7/3/vfT/66H/H6b/X0H/r//X/+v/GdXU+v/c/S+Im86cvuLfIgAAADAxuftfGLd08uf/AAAA0IPc/S+KW+x/AAAAmKmb9vxM7v4Xxy2d7H/9/7j9/5lLfk7/r/+//PtD/6//1/8fP/3/MP3/Cvp//b/+X//PqKbW/+fuf0nc0sn+BwAAgB7k7r8lbrH/AQAAoBm5+18at9j/AAAA0Izc/S+LWzrZ//p/7//r//X/+v/lX1//P0/6/2H6/xX0//v28wd5Glv/f+T+/+zF/6f+nzYcov/f3t6+4dj7/9z9L49bOtn/AAAA0IPc/bfGLfY/AAAANCN3/yviFvsfAAAAmpG7/5VxSyf7X//faf+f3+rz6v/PLxaT7P9P6v930/8vp/9fD/3/MP3/Cvp/7/97/1//z6im9v5/7v5XxS2d7H8AAADoQe7+V8ct9j8AAAA0I3f/a+IW+x8AAACakbv/tXFLJ/tf/99p/+/9f+//6//X3f/fvdD/r8Us+v+t/b/+1Pv/G/X/+v8B3fX///nvu36o/9f/s9fU+v/c/a+LWzrZ/wAAANCD3P2vj1vsfwAAAGhG7v43xC32PwAAADQjd/8b46ZTnex//b/+X/+v/9f/L//6a37//8xisdD/j2AW/f+Aqff/47z/f/l/yy/S/+v/5/z59f/6f/aaWv+fu/9NcUsn+x8AAAB6kLv/zXGL/Q8AAADNyN3/lrjF/gcAAIBm5O5/a9zSyf7X/+v/9f/6/+b7/xtn0f97/38k+v9h0+j/96f/1//P+fPr//X/HNym+v/c/W+LWzrZ/wAAANCD3P1vj1vsfwAAAGhG7v53xC32PwAAADQjd/8745ZO9r/+X/9/mP4/P6f+v63+/+zk+v9zu/7zOnn/X/8/Ev3/MP3/Cvp//b/+/yb9P2Oa2vv/ufvfFbd0sv8BAACgB7n73x23/k+39j8AAAA0I3f/e+IW+x8AAACakbv/vXFLJ/tf/6//9/6//r/59//1/13R/w/T/6+g/9f/6/+9/8+optb/5+5/X9zSyf4HAACAHuTuf3/cYv8DAABAM3L3fyBusf8BAACgGbn7b4tbOtn/+n/9v/5f/6//v/DPUP/fBv3/sPX0/1v6f/1/9fMn4r8F+n/9/6pfT5um1v/n7v9g3NLJ/gcAAIDWnF7yc7n7PxS32P8AAADQjNz9H45b7H8AAACYpVNLfi53/+1xyyz3/7IKfejn9f8L/b/+X/+v/9/n6+v/52kj/X9+U+j/vf8f+un//2XXj+b2/v/l//t11UL/r/9nbFPr/3P3fyRumeX+BwAAAJbJ3f/RuMX+BwAAgGbk7v9Y3GL/AwAAQDNy9388bulk/+v/9f/6f/2//n/51z/+/v9k/V3V/49ntP7/7ML7//p//f+a38+f++fX/+v/2Wtq/X/u/k/ELZ3sfwAAAOhB7v5Pxi32PwAAADQjd/+n4hb7HwAAAJqxs/szLutw/+v/9f/6f/2//n/51/f+/zxt5P1//b/+X/+/Q/+v/9f/c7mp9f+f3vlV5xafiVs62f8AAADQg9z9n41b7H8AAABoRu7+z8Ut9j8AAAA0I3f/5+OWTvb/Ifv/zF1b7f/P6/+n2v9vb2/foP8/sbhO/7+0/79jxv3/zfr/ken/h3Xc/5860AfQ/+v/J9//X/6/khfp/5miqfX/ufu/ELd0sv8BAACgB7n7vxi32P8AAADQjNz9X4pb7H8AAABoRu7+L8ctnex/7/9P4P3/c/p/7/97/3/h/X/9/0hG6//P7P55/f8FM+7/D6bF/v/cwX/7m+7nj2rTn9/7//p/9jpk/3/7cff/ufu/Erd0sv8BAACgB7n7vxq32P8AAADQjNz9X4tb7H8AAABoRu7+r8ctnex//f/6+v97/t718v7/1mL559f/6//1//r/4+b9/2H6/xVa7P8PYdP9/Nw/v/5f/89eU3v/P3f/N+KW3cPv9OF+lwAAAMCU5O7/ZtzSyZ//AwAAQA9y938rbrH/AQAAoBm5+78dt3Sy//X/E3j/v8H+3/v/y78/9P+T7v9P6v/boP8fpv9fQf+v/9f/j9T/53ez/r93U+v/c/d/J27pZP8DAABAD3L3fzduuXZrUx8JAAAAGFnu/u/FLf78HwAAAJqRu/+OuOWS/b+s7W6F/l//r//X/+v/l399/f886f+HHbT/P7s4Wv+f9P/6f/1/r/2/9/+5YM39//lV/X/u/u/HLf78HwAAAGbn9D4/n7v/B3GL/Q8AAADNyN3/w7jF/gcAAIBm5O7/Udxy58lNfaS10v/r//X/K/r/u+IbXP+v/9f/z4L+f5j3/1fQ/4/Rz1+j/2+j/18s9P8c3Zr7/5U/zt3/47jFn/8DAABAM3L3/yRusf8BAACgGbn7fxq32P8AAADQjNz9P4tbOtn/+n/9/xH7/500s+n+3/v/+v+g/58H/f+wzff/tw5+Wf1/E/2/9/8b6f+9/88YNtH/bw38/+fu/3nc0sn+BwAAgB7k7v9F3GL/AwAAQDNy9/8ybrH/AQAAoBm5+38Vt3Sy/zfW/8ffav3/7Pv/3Z//xKnO+v/thf5f/6//nxb9/7DN9//D9P/6/zl/fv2//p+9NtH/D/5451edW/w6bulk/wMAAEAPcvf/Jm6x/wEAAKAZuft/G7fY/wAAANCM3P2/i1s62f/e/9f/j9r/e/9f/6//35f+fz30/8P0/8vVPyj9v/5f/6//Z1RT6/9z9/8+bulk/wMAAEAPcvf/IW6x/wEAAKAZufvvjFvsfwAAAGhG7v4/xi1N7P9TK/8K/f8s+//Ko/X/+n/9v/6f3fT/wzbZ///XP63+st7/33j/nx9B/6//1/8ziqn1/7n7/xS3NLH/AQAAgHvk7v9z3GL/AwAAQDNy9/8lbrH/AQAAoBm5+++KWzrZ/yv6/7P1F+r/B3n/f/fn1/8v//7Q/+v/9f/HT/8/zPv/K+j/vf+v/9f/M6qp9f+5+/8at3Sy/wEAAKAHufvvjlvsfwAAAGhG7v6/xS32PwAAADQjd//f45ZO9r/3/+fU/1+j/9f/6//1//r/FfT/w/T/K+j/9f/6f/0/o5pa/5+7/x8BAAD//8M0R9g=")
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x6000, 0x0)
executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000300)=@ipv6_deladdrlabel={0x1c, 0x49, 0x1, 0x0, 0x0, {0xa, 0x0, 0x20}}, 0x1c}}, 0x0)
executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000880)={0x18, 0x42, 0x601, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @pid}]}, 0x18}], 0x1}, 0x0)
executing program 3:
r0 = socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$CAN_RAW_RECV_OWN_MSGS(r0, 0x65, 0x4, &(0x7f0000000200), &(0x7f00000001c0)=0xffffffc2)
executing program 0:
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000000)={0x3b, 0xa, 0x0, "05060000000006a2fd00", 0x38415262})
executing program 3:
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x3, 0x0, &(0x7f0000000000))
executing program 1:
syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, &(0x7f0000000500)=ANY=[], 0xc, 0xac, &(0x7f0000000100)="$eJzs0jFqwzAUBuBnY7cdu3foDXwHn6BnMB3tzZNLJ9+nlyh07RFygwxZsygYyUP2QAh8H0hPP/8ikP7PP2+xRryvESmlJu2aSPPyNQ7TvLTjMEVEG3+RVWU+Bw+uLs/ZR/4DWz72uatKfzh9f+4rNx+/eT7d7+IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEPV63Wuo+vK8WXbLgEAAP//2Bwh+A==")
mkdir(&(0x7f0000002bc0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x1)
executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newlink={0x48, 0x10, 0x401, 0x1, 0x0, {0x0, 0x0, 0x0, 0x0, 0xefff, 0x40}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0x4}}}, @IFLA_IFNAME={0x14, 0x3, 'ip6gre0\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x0)
executing program 0:
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind$802154_raw(r0, &(0x7f0000001440)={0x24, @short={0x2, 0x2, 0xffff}}, 0x8)
executing program 3:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
io_getevents(0x0, 0x3, 0x0, 0x0, 0x0)
executing program 1:
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
ioctl$SG_GET_RESERVED_SIZE(r0, 0x2272, &(0x7f00000000c0))
executing program 3:
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
ioctl$SG_NEXT_CMD_LEN(r0, 0xc0481273, &(0x7f0000000000))
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)={0xa4, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_HELP={0x10, 0x5, 0x0, 0x1, {0xa, 0x1, 'Q.931\x00'}}]}, 0xa4}}, 0x0)
executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021040100000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000d8000380d40000800800034000000002c8000b80480001800a00010071756f74610000003800028008000240000000030c00014000", @ANYBLOB="9b25e36cfbe7"], 0x188}}, 0x0)
executing program 3:
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f00000009c0)={'filter\x00', 0x7, 0x4, 0x438, 0x350, 0x240, 0x0, 0x350, 0x350, 0x350, 0x4, 0x0, {[{{@arp={@initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010101, 0x0, 0xffffff00, 0x3, 0x0, {@empty, {[0x0, 0xff, 0x0, 0x0, 0x0, 0xff]}}, {@mac=@multicast, {[0x0, 0x0, 0xff, 0x0, 0x0, 0xff]}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd, 'veth0_to_bridge\x00', 'veth1_macvtap\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@random="1758a179fe8f", @rand_addr=0x64010100, @multicast1, 0x2, 0xffffffff}}}, {{@arp={@rand_addr=0x64010101, @rand_addr, 0x0, 0x0, 0xc, 0x3, {@empty, {[0xff, 0xff, 0x0, 0x0, 0xff]}}, {@empty, {[0x8a8cfb792f7af7f0]}}, 0x0, 0xfffc, 0x0, 0xa51, 0x0, 0x1000, 'team_slave_0\x00', 'veth0\x00', {0xff}}, 0xc0, 0x130}, @unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x8, 0x5, 0x0, 0x0, "f245442f682c06144f1fb782d77bc38316214ca84d2f69b44810c3a40a495fa278a1728df4f6eaac07ddb7086bd6e732ed48ea39c4670df6527298897d41f42e"}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @local, @private=0xa010100, 0x4, 0xffffffff}}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffb}}}}, 0x488)
executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x6, [@float={0x5, 0x0, 0x0, 0x10, 0x10}]}, {0x0, [0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x2a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4)
executing program 1:
r0 = syz_open_dev$video(&(0x7f0000000000), 0xc000, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000040)={0x5, 0x1})
executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x0, 0x0)
syz_clone3(&(0x7f0000002040)={0x204020100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58)
executing program 0:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f0000000100)=""/45, 0x2d}, {&(0x7f0000000140)=""/56, 0x38}], 0x2)
executing program 1:
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
writev(r0, &(0x7f0000000400)=[{&(0x7f0000000040)="aa", 0x1}], 0x1)
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x4a, 0x0, &(0x7f00000002c0))
executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000680)=ANY=[@ANYBLOB="340000001800fd032abd7000fedbdf251d01040015000100040000a0020300004e9f064d62a05f05020000000800050007f8"], 0x34}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=@updpolicy={0xcc, 0x19, 0x1, 0x0, 0x0, {{@in6=@empty, @in=@private, 0x0, 0x0, 0x20, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, [@XFRMA_IF_ID={0x8, 0x1f, 0x1}, @mark={0xc, 0x15, {0x35075b, 0x8}}]}, 0xcc}}, 0x0)

program crashed: general protection fault in pidfs_free_pid
bisect: bisecting 30 programs
bisect: split chunks (needed=false): <30>
bisect: split chunk #0 of len 30 into 3 parts
bisect: testing without sub-chunk 1/3
testing program (duration=35s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 3:
r0 = socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$CAN_RAW_RECV_OWN_MSGS(r0, 0x65, 0x4, &(0x7f0000000200), &(0x7f00000001c0)=0xffffffc2)
executing program 0:
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000000)={0x3b, 0xa, 0x0, "05060000000006a2fd00", 0x38415262})
executing program 3:
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x3, 0x0, &(0x7f0000000000))
executing program 1:
syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, &(0x7f0000000500)=ANY=[], 0xc, 0xac, &(0x7f0000000100)="$eJzs0jFqwzAUBuBnY7cdu3foDXwHn6BnMB3tzZNLJ9+nlyh07RFygwxZsygYyUP2QAh8H0hPP/8ikP7PP2+xRryvESmlJu2aSPPyNQ7TvLTjMEVEG3+RVWU+Bw+uLs/ZR/4DWz72uatKfzh9f+4rNx+/eT7d7+IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEPV63Wuo+vK8WXbLgEAAP//2Bwh+A==")
mkdir(&(0x7f0000002bc0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x1)
executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newlink={0x48, 0x10, 0x401, 0x1, 0x0, {0x0, 0x0, 0x0, 0x0, 0xefff, 0x40}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0x4}}}, @IFLA_IFNAME={0x14, 0x3, 'ip6gre0\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x0)
executing program 0:
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind$802154_raw(r0, &(0x7f0000001440)={0x24, @short={0x2, 0x2, 0xffff}}, 0x8)
executing program 3:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
io_getevents(0x0, 0x3, 0x0, 0x0, 0x0)
executing program 1:
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
ioctl$SG_GET_RESERVED_SIZE(r0, 0x2272, &(0x7f00000000c0))
executing program 3:
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
ioctl$SG_NEXT_CMD_LEN(r0, 0xc0481273, &(0x7f0000000000))
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)={0xa4, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_HELP={0x10, 0x5, 0x0, 0x1, {0xa, 0x1, 'Q.931\x00'}}]}, 0xa4}}, 0x0)
executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021040100000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000d8000380d40000800800034000000002c8000b80480001800a00010071756f74610000003800028008000240000000030c00014000", @ANYBLOB="9b25e36cfbe7"], 0x188}}, 0x0)
executing program 3:
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f00000009c0)={'filter\x00', 0x7, 0x4, 0x438, 0x350, 0x240, 0x0, 0x350, 0x350, 0x350, 0x4, 0x0, {[{{@arp={@initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010101, 0x0, 0xffffff00, 0x3, 0x0, {@empty, {[0x0, 0xff, 0x0, 0x0, 0x0, 0xff]}}, {@mac=@multicast, {[0x0, 0x0, 0xff, 0x0, 0x0, 0xff]}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd, 'veth0_to_bridge\x00', 'veth1_macvtap\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@random="1758a179fe8f", @rand_addr=0x64010100, @multicast1, 0x2, 0xffffffff}}}, {{@arp={@rand_addr=0x64010101, @rand_addr, 0x0, 0x0, 0xc, 0x3, {@empty, {[0xff, 0xff, 0x0, 0x0, 0xff]}}, {@empty, {[0x8a8cfb792f7af7f0]}}, 0x0, 0xfffc, 0x0, 0xa51, 0x0, 0x1000, 'team_slave_0\x00', 'veth0\x00', {0xff}}, 0xc0, 0x130}, @unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x8, 0x5, 0x0, 0x0, "f245442f682c06144f1fb782d77bc38316214ca84d2f69b44810c3a40a495fa278a1728df4f6eaac07ddb7086bd6e732ed48ea39c4670df6527298897d41f42e"}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @local, @private=0xa010100, 0x4, 0xffffffff}}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffb}}}}, 0x488)
executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x6, [@float={0x5, 0x0, 0x0, 0x10, 0x10}]}, {0x0, [0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x2a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4)
executing program 1:
r0 = syz_open_dev$video(&(0x7f0000000000), 0xc000, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000040)={0x5, 0x1})
executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x0, 0x0)
syz_clone3(&(0x7f0000002040)={0x204020100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58)
executing program 0:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f0000000100)=""/45, 0x2d}, {&(0x7f0000000140)=""/56, 0x38}], 0x2)
executing program 1:
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
writev(r0, &(0x7f0000000400)=[{&(0x7f0000000040)="aa", 0x1}], 0x1)
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x4a, 0x0, &(0x7f00000002c0))
executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000680)=ANY=[@ANYBLOB="340000001800fd032abd7000fedbdf251d01040015000100040000a0020300004e9f064d62a05f05020000000800050007f8"], 0x34}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=@updpolicy={0xcc, 0x19, 0x1, 0x0, 0x0, {{@in6=@empty, @in=@private, 0x0, 0x0, 0x20, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, [@XFRMA_IF_ID={0x8, 0x1f, 0x1}, @mark={0xc, 0x15, {0x35075b, 0x8}}]}, 0xcc}}, 0x0)

program crashed: general protection fault in pidfs_free_pid
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/3
testing program (duration=32s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
detailed listing:
executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021040100000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000d8000380d40000800800034000000002c8000b80480001800a00010071756f74610000003800028008000240000000030c00014000", @ANYBLOB="9b25e36cfbe7"], 0x188}}, 0x0)
executing program 3:
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f00000009c0)={'filter\x00', 0x7, 0x4, 0x438, 0x350, 0x240, 0x0, 0x350, 0x350, 0x350, 0x4, 0x0, {[{{@arp={@initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010101, 0x0, 0xffffff00, 0x3, 0x0, {@empty, {[0x0, 0xff, 0x0, 0x0, 0x0, 0xff]}}, {@mac=@multicast, {[0x0, 0x0, 0xff, 0x0, 0x0, 0xff]}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd, 'veth0_to_bridge\x00', 'veth1_macvtap\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@random="1758a179fe8f", @rand_addr=0x64010100, @multicast1, 0x2, 0xffffffff}}}, {{@arp={@rand_addr=0x64010101, @rand_addr, 0x0, 0x0, 0xc, 0x3, {@empty, {[0xff, 0xff, 0x0, 0x0, 0xff]}}, {@empty, {[0x8a8cfb792f7af7f0]}}, 0x0, 0xfffc, 0x0, 0xa51, 0x0, 0x1000, 'team_slave_0\x00', 'veth0\x00', {0xff}}, 0xc0, 0x130}, @unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x8, 0x5, 0x0, 0x0, "f245442f682c06144f1fb782d77bc38316214ca84d2f69b44810c3a40a495fa278a1728df4f6eaac07ddb7086bd6e732ed48ea39c4670df6527298897d41f42e"}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @local, @private=0xa010100, 0x4, 0xffffffff}}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffb}}}}, 0x488)
executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x6, [@float={0x5, 0x0, 0x0, 0x10, 0x10}]}, {0x0, [0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x2a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4)
executing program 1:
r0 = syz_open_dev$video(&(0x7f0000000000), 0xc000, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000040)={0x5, 0x1})
executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x0, 0x0)
syz_clone3(&(0x7f0000002040)={0x204020100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58)
executing program 0:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f0000000100)=""/45, 0x2d}, {&(0x7f0000000140)=""/56, 0x38}], 0x2)
executing program 1:
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
writev(r0, &(0x7f0000000400)=[{&(0x7f0000000040)="aa", 0x1}], 0x1)
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x4a, 0x0, &(0x7f00000002c0))
executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000680)=ANY=[@ANYBLOB="340000001800fd032abd7000fedbdf251d01040015000100040000a0020300004e9f064d62a05f05020000000800050007f8"], 0x34}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=@updpolicy={0xcc, 0x19, 0x1, 0x0, 0x0, {{@in6=@empty, @in=@private, 0x0, 0x0, 0x20, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, [@XFRMA_IF_ID={0x8, 0x1f, 0x1}, @mark={0xc, 0x15, {0x35075b, 0x8}}]}, 0xcc}}, 0x0)

program crashed: general protection fault in pidfs_free_pid
bisect: the chunk can be dropped
bisect: testing without sub-chunk 3/3
bisect: split chunks (needed=true): <10>
bisect: split chunk #0 of len 10 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2]
detailed listing:
executing program 0:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f0000000100)=""/45, 0x2d}, {&(0x7f0000000140)=""/56, 0x38}], 0x2)
executing program 1:
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
writev(r0, &(0x7f0000000400)=[{&(0x7f0000000040)="aa", 0x1}], 0x1)
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x4a, 0x0, &(0x7f00000002c0))
executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000680)=ANY=[@ANYBLOB="340000001800fd032abd7000fedbdf251d01040015000100040000a0020300004e9f064d62a05f05020000000800050007f8"], 0x34}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=@updpolicy={0xcc, 0x19, 0x1, 0x0, 0x0, {{@in6=@empty, @in=@private, 0x0, 0x0, 0x20, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, [@XFRMA_IF_ID={0x8, 0x1f, 0x1}, @mark={0xc, 0x15, {0x35075b, 0x8}}]}, 0xcc}}, 0x0)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2, 2, 2, 2]
detailed listing:
executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021040100000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000d8000380d40000800800034000000002c8000b80480001800a00010071756f74610000003800028008000240000000030c00014000", @ANYBLOB="9b25e36cfbe7"], 0x188}}, 0x0)
executing program 3:
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f00000009c0)={'filter\x00', 0x7, 0x4, 0x438, 0x350, 0x240, 0x0, 0x350, 0x350, 0x350, 0x4, 0x0, {[{{@arp={@initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010101, 0x0, 0xffffff00, 0x3, 0x0, {@empty, {[0x0, 0xff, 0x0, 0x0, 0x0, 0xff]}}, {@mac=@multicast, {[0x0, 0x0, 0xff, 0x0, 0x0, 0xff]}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd, 'veth0_to_bridge\x00', 'veth1_macvtap\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@random="1758a179fe8f", @rand_addr=0x64010100, @multicast1, 0x2, 0xffffffff}}}, {{@arp={@rand_addr=0x64010101, @rand_addr, 0x0, 0x0, 0xc, 0x3, {@empty, {[0xff, 0xff, 0x0, 0x0, 0xff]}}, {@empty, {[0x8a8cfb792f7af7f0]}}, 0x0, 0xfffc, 0x0, 0xa51, 0x0, 0x1000, 'team_slave_0\x00', 'veth0\x00', {0xff}}, 0xc0, 0x130}, @unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x8, 0x5, 0x0, 0x0, "f245442f682c06144f1fb782d77bc38316214ca84d2f69b44810c3a40a495fa278a1728df4f6eaac07ddb7086bd6e732ed48ea39c4670df6527298897d41f42e"}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @local, @private=0xa010100, 0x4, 0xffffffff}}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffb}}}}, 0x488)
executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x6, [@float={0x5, 0x0, 0x0, 0x10, 0x10}]}, {0x0, [0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x2a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4)
executing program 1:
r0 = syz_open_dev$video(&(0x7f0000000000), 0xc000, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000040)={0x5, 0x1})
executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x0, 0x0)
syz_clone3(&(0x7f0000002040)={0x204020100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58)

program crashed: general protection fault in corrupted
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <5>
bisect: split chunk #0 of len 5 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 2]
detailed listing:
executing program 1:
r0 = syz_open_dev$video(&(0x7f0000000000), 0xc000, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000040)={0x5, 0x1})
executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x0, 0x0)
syz_clone3(&(0x7f0000002040)={0x204020100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58)

program crashed: general protection fault in pidfs_free_pid
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <2>
bisect: split chunk #0 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat-syz_clone3
detailed listing:
executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x0, 0x0)
syz_clone3(&(0x7f0000002040)={0x204020100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58)

program crashed: general protection fault in pidfs_free_pid
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <1>
bisect: split chunk #0 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: 1 programs left: 

executing program 3:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x0, 0x0)
syz_clone3(&(0x7f0000002040)={0x204020100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58)


bisect: trying to concatenate
bisect: concatenate 1 entries
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat-syz_clone3
detailed listing:
executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x0, 0x0)
syz_clone3(&(0x7f0000002040)={0x204020100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58)

program crashed: general protection fault in pidfs_free_pid
bisect: concatenation succeeded
found reproducer with 2 syscalls
minimizing guilty program
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat
detailed listing:
executing program 0:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x0, 0x0)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_clone3
detailed listing:
executing program 0:
syz_clone3(&(0x7f0000002040)={0x204020100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat-syz_clone3
detailed listing:
executing program 0:
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_clone3(&(0x7f0000002040)={0x204020100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat-syz_clone3
detailed listing:
executing program 0:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x0, 0x0)
syz_clone3(0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat-syz_clone3
program crashed: general protection fault in pidfs_free_pid
simplifying C reproducer
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat-syz_clone3
program crashed: general protection fault in pidfs_free_pid
testing compiled C program (duration=45s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat-syz_clone3
program did not crash
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat-syz_clone3
program crashed: general protection fault in pidfs_free_pid
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat-syz_clone3
program did not crash
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat-syz_clone3
program crashed: general protection fault in pidfs_free_pid
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat-syz_clone3
program crashed: general protection fault in pidfs_free_pid
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat-syz_clone3
program crashed: general protection fault in pidfs_free_pid
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat-syz_clone3
program did not crash
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat-syz_clone3
program crashed: general protection fault in pidfs_free_pid
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat-syz_clone3
program crashed: general protection fault in pidfs_free_pid
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat-syz_clone3
program crashed: general protection fault in pidfs_free_pid
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat-syz_clone3
program crashed: general protection fault in pidfs_free_pid
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat-syz_clone3
program crashed: general protection fault in pidfs_free_pid
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat-syz_clone3
program crashed: general protection fault in pidfs_free_pid
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat-syz_clone3
program crashed: general protection fault in pidfs_free_pid
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat-syz_clone3
program crashed: general protection fault in pidfs_free_pid
reproducing took 55m12.310216253s
repro crashed as (corrupted=false):
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc2-next-20250620-syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:pidfs_free_pid+0xaf/0x140 fs/pidfs.c:162
Code: f0 ff ff 73 e4 43 80 3c 3c 00 74 08 4c 89 f7 e8 67 19 de ff 49 83 3e 00 0f 85 84 00 00 00 e8 78 ee 79 ff 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 42 19 de ff 4c 8b 33 4d 85 f6 74
RSP: 0018:ffffc90000007b90 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8de95280
RDX: 0000000000000100 RSI: 0000000000000001 RDI: ffff8880762c6070
RBP: 0000000000000001 R08: ffff8880762c6003 R09: 1ffff1100ec58c00
R10: dffffc0000000000 R11: ffffed100ec58c01 R12: 1ffff1100ec58c0d
R13: ffffffff81a8bfb4 R14: ffff8880762c6068 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff888125c26000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0d8a1d81b0 CR3: 000000000df38000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 put_pid+0x9c/0x130 kernel/pid.c:103
 rcu_do_batch kernel/rcu/tree.c:2582 [inline]
 rcu_core+0xca5/0x1710 kernel/rcu/tree.c:2838
 handle_softirqs+0x286/0x870 kernel/softirq.c:579
 __do_softirq kernel/softirq.c:613 [inline]
 invoke_softirq kernel/softirq.c:453 [inline]
 __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:pv_native_safe_halt+0x13/0x20 arch/x86/kernel/paravirt.c:82
Code: 43 dd 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 83 d5 1a 00 f3 0f 1e fa fb f4 <e9> 18 dd 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c6
RAX: 63e9824468a81f00 RBX: ffffffff81975fd8 RCX: 63e9824468a81f00
RDX: 0000000000000001 RSI: ffffffff8d991d22 RDI: ffffffff8be320a0
RBP: ffffffff8de07ea8 R08: ffff8880b8632f1b R09: 1ffff110170c65e3
R10: dffffc0000000000 R11: ffffed10170c65e4 R12: ffffffff8fa193f0
R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a50
 arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline]
 default_idle+0x13/0x20 arch/x86/kernel/process.c:749
 default_idle_call+0x74/0xb0 kernel/sched/idle.c:122
 cpuidle_idle_call kernel/sched/idle.c:190 [inline]
 do_idle+0x1e8/0x510 kernel/sched/idle.c:330
 cpu_startup_entry+0x44/0x60 kernel/sched/idle.c:428
 rest_init+0x2de/0x300 init/main.c:745
 start_kernel+0x47d/0x500 init/main.c:1102
 x86_64_start_reservations+0x24/0x30 arch/x86/kernel/head64.c:307
 x86_64_start_kernel+0x143/0x1c0 arch/x86/kernel/head64.c:288
 common_startup_64+0x13e/0x147
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:pidfs_free_pid+0xaf/0x140 fs/pidfs.c:162
Code: f0 ff ff 73 e4 43 80 3c 3c 00 74 08 4c 89 f7 e8 67 19 de ff 49 83 3e 00 0f 85 84 00 00 00 e8 78 ee 79 ff 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 42 19 de ff 4c 8b 33 4d 85 f6 74
RSP: 0018:ffffc90000007b90 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8de95280
RDX: 0000000000000100 RSI: 0000000000000001 RDI: ffff8880762c6070
RBP: 0000000000000001 R08: ffff8880762c6003 R09: 1ffff1100ec58c00
R10: dffffc0000000000 R11: ffffed100ec58c01 R12: 1ffff1100ec58c0d
R13: ffffffff81a8bfb4 R14: ffff8880762c6068 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff888125c26000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0d8a1d81b0 CR3: 000000000df38000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	f0 ff                	lock (bad)
   2:	ff 73 e4             	push   -0x1c(%rbx)
   5:	43 80 3c 3c 00       	cmpb   $0x0,(%r12,%r15,1)
   a:	74 08                	je     0x14
   c:	4c 89 f7             	mov    %r14,%rdi
   f:	e8 67 19 de ff       	call   0xffde197b
  14:	49 83 3e 00          	cmpq   $0x0,(%r14)
  18:	0f 85 84 00 00 00    	jne    0xa2
  1e:	e8 78 ee 79 ff       	call   0xff79ee9b
  23:	48 89 d8             	mov    %rbx,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 38 00       	cmpb   $0x0,(%rax,%r15,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	48 89 df             	mov    %rbx,%rdi
  34:	e8 42 19 de ff       	call   0xffde197b
  39:	4c 8b 33             	mov    (%rbx),%r14
  3c:	4d 85 f6             	test   %r14,%r14
  3f:	74                   	.byte 0x74

final repro crashed as (corrupted=false):
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc2-next-20250620-syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:pidfs_free_pid+0xaf/0x140 fs/pidfs.c:162
Code: f0 ff ff 73 e4 43 80 3c 3c 00 74 08 4c 89 f7 e8 67 19 de ff 49 83 3e 00 0f 85 84 00 00 00 e8 78 ee 79 ff 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 42 19 de ff 4c 8b 33 4d 85 f6 74
RSP: 0018:ffffc90000007b90 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8de95280
RDX: 0000000000000100 RSI: 0000000000000001 RDI: ffff8880762c6070
RBP: 0000000000000001 R08: ffff8880762c6003 R09: 1ffff1100ec58c00
R10: dffffc0000000000 R11: ffffed100ec58c01 R12: 1ffff1100ec58c0d
R13: ffffffff81a8bfb4 R14: ffff8880762c6068 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff888125c26000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0d8a1d81b0 CR3: 000000000df38000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 put_pid+0x9c/0x130 kernel/pid.c:103
 rcu_do_batch kernel/rcu/tree.c:2582 [inline]
 rcu_core+0xca5/0x1710 kernel/rcu/tree.c:2838
 handle_softirqs+0x286/0x870 kernel/softirq.c:579
 __do_softirq kernel/softirq.c:613 [inline]
 invoke_softirq kernel/softirq.c:453 [inline]
 __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:pv_native_safe_halt+0x13/0x20 arch/x86/kernel/paravirt.c:82
Code: 43 dd 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 83 d5 1a 00 f3 0f 1e fa fb f4 <e9> 18 dd 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c6
RAX: 63e9824468a81f00 RBX: ffffffff81975fd8 RCX: 63e9824468a81f00
RDX: 0000000000000001 RSI: ffffffff8d991d22 RDI: ffffffff8be320a0
RBP: ffffffff8de07ea8 R08: ffff8880b8632f1b R09: 1ffff110170c65e3
R10: dffffc0000000000 R11: ffffed10170c65e4 R12: ffffffff8fa193f0
R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a50
 arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline]
 default_idle+0x13/0x20 arch/x86/kernel/process.c:749
 default_idle_call+0x74/0xb0 kernel/sched/idle.c:122
 cpuidle_idle_call kernel/sched/idle.c:190 [inline]
 do_idle+0x1e8/0x510 kernel/sched/idle.c:330
 cpu_startup_entry+0x44/0x60 kernel/sched/idle.c:428
 rest_init+0x2de/0x300 init/main.c:745
 start_kernel+0x47d/0x500 init/main.c:1102
 x86_64_start_reservations+0x24/0x30 arch/x86/kernel/head64.c:307
 x86_64_start_kernel+0x143/0x1c0 arch/x86/kernel/head64.c:288
 common_startup_64+0x13e/0x147
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:pidfs_free_pid+0xaf/0x140 fs/pidfs.c:162
Code: f0 ff ff 73 e4 43 80 3c 3c 00 74 08 4c 89 f7 e8 67 19 de ff 49 83 3e 00 0f 85 84 00 00 00 e8 78 ee 79 ff 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 42 19 de ff 4c 8b 33 4d 85 f6 74
RSP: 0018:ffffc90000007b90 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8de95280
RDX: 0000000000000100 RSI: 0000000000000001 RDI: ffff8880762c6070
RBP: 0000000000000001 R08: ffff8880762c6003 R09: 1ffff1100ec58c00
R10: dffffc0000000000 R11: ffffed100ec58c01 R12: 1ffff1100ec58c0d
R13: ffffffff81a8bfb4 R14: ffff8880762c6068 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff888125c26000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0d8a1d81b0 CR3: 000000000df38000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	f0 ff                	lock (bad)
   2:	ff 73 e4             	push   -0x1c(%rbx)
   5:	43 80 3c 3c 00       	cmpb   $0x0,(%r12,%r15,1)
   a:	74 08                	je     0x14
   c:	4c 89 f7             	mov    %r14,%rdi
   f:	e8 67 19 de ff       	call   0xffde197b
  14:	49 83 3e 00          	cmpq   $0x0,(%r14)
  18:	0f 85 84 00 00 00    	jne    0xa2
  1e:	e8 78 ee 79 ff       	call   0xff79ee9b
  23:	48 89 d8             	mov    %rbx,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 38 00       	cmpb   $0x0,(%rax,%r15,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	48 89 df             	mov    %rbx,%rdi
  34:	e8 42 19 de ff       	call   0xffde197b
  39:	4c 8b 33             	mov    (%rbx),%r14
  3c:	4d 85 f6             	test   %r14,%r14
  3f:	74                   	.byte 0x74