WARNING: refcount bug in smap_release_sock

17 views

Skip to first unread message

syzbot

unread,

Jun 13, 2018, 1:32:02 PM6/13/18

to a...@kernel.org, dan...@iogearbox.net, linux-...@vger.kernel.org, net...@vger.kernel.org, syzkall...@googlegroups.com

Hello,

syzbot found the following crash on:

HEAD commit: 75d4e704fa8d netdev-FAQ: clarify DaveM's position for stab..
git tree: bpf-next
console output: https://syzkaller.appspot.com/x/log.txt?x=17cbfeaf800000
kernel config: https://syzkaller.appspot.com/x/.config?x=a601a80fec461d44
dashboard link: https://syzkaller.appspot.com/bug?extid=d464d2c20c717ef5a6a8
compiler: gcc (GCC) 8.0.1 20180413 (experimental)

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+d464d2...@syzkaller.appspotmail.com

------------[ cut here ]------------
refcount_t: underflow; use-after-free.
WARNING: CPU: 0 PID: 24475 at lib/refcount.c:187
refcount_sub_and_test+0x2d3/0x330 lib/refcount.c:187
Kernel panic - not syncing: panic_on_warn set ...

CPU: 0 PID: 24475 Comm: syz-executor2 Not tainted 4.17.0-rc7+ #38
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1b9/0x294 lib/dump_stack.c:113
panic+0x22f/0x4de kernel/panic.c:184
__warn.cold.8+0x163/0x1b3 kernel/panic.c:536
report_bug+0x252/0x2d0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:178 [inline]
do_error_trap+0x1de/0x490 arch/x86/kernel/traps.c:296
do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:315
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:992
RIP: 0010:refcount_sub_and_test+0x2d3/0x330 lib/refcount.c:187
RSP: 0018:ffff8801c864f800 EFLAGS: 00010282
RAX: 0000000000000026 RBX: 0000000000000000 RCX: ffffc90003c0b000
RDX: 0000000000003662 RSI: ffffffff8160fbe1 RDI: ffff8801c864f360
RBP: ffff8801c864f8e8 R08: ffff880196a0a040 R09: 0000000000000006
R10: 0000000000000000 R11: 0000000000000000 R12: 00000000ffffffff
R13: ffff8801c864f8c0 R14: 0000000000000001 R15: ffff8801ba9cea00
refcount_dec_and_test+0x1a/0x20 lib/refcount.c:212
smap_release_sock+0x6e/0x2f0 kernel/bpf/sockmap.c:1358
sock_hash_ctx_update_elem.isra.23+0x896/0x1560 kernel/bpf/sockmap.c:2281
sock_hash_update_elem+0x14f/0x2d0 kernel/bpf/sockmap.c:2303
map_update_elem+0x5c4/0xc90 kernel/bpf/syscall.c:765
__do_sys_bpf kernel/bpf/syscall.c:2357 [inline]
__se_sys_bpf kernel/bpf/syscall.c:2328 [inline]
__x64_sys_bpf+0x32d/0x510 kernel/bpf/syscall.c:2328
do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x455b29
RSP: 002b:00007f097e0d7c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f097e0d86d4 RCX: 0000000000455b29
RDX: 0000000000000020 RSI: 0000000020000180 RDI: 0000000000000002
RBP: 000000000072bf50 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004bb81b R14: 00000000004c8110 R15: 0000000000000001
Dumping ftrace buffer:
---------------------------------
syz-exec-14028 0...2 137035717us : 0: }D
syz-exec-14028 0...2 137035726us : 0: }D
syz-exec-14028 0...2 137035729us : 0: }D
syz-exec-14028 0...2 137035732us : 0: }D
syz-exec-14028 0...2 137035734us : 0: }D
syz-exec-14028 0...2 137035737us : 0: }D
syz-exec-14028 0...2 137035740us : 0: }D
syz-exec-14028 0...2 137035744us : 0: }D
syz-exec-14028 0...2 137035748us : 0: }D
syz-exec-14028 0...2 137035751us : 0: }D
syz-exec-14028 0...2 137035755us : 0: }D
syz-exec-14028 0...2 137035759us : 0: }D
syz-exec-14028 0...2 137035763us : 0: }D
syz-exec-14028 0...2 137035767us : 0: }D
syz-exec-14028 0...2 137035770us : 0: }D
syz-exec-14028 0...2 137035774us : 0: }D
syz-exec-14028 0...2 137035777us : 0: }D
syz-exec-14028 0...2 137035781us : 0: }D
syz-exec-14028 0...2 137035785us : 0: }D
syz-exec-14028 0...2 137035788us : 0: }D
syz-exec-14028 0...2 137035791us : 0: }D
syz-exec-14028 0...2 137035795us : 0: }D
syz-exec-14028 0...2 137035799us : 0: }D
syz-exec-14028 0...2 137035802us : 0: }D
syz-exec-14028 0...2 137035806us : 0: }D
syz-exec-14028 0...2 137035810us : 0: }D
syz-exec-14028 0...2 137035813us : 0: }D
syz-exec-14028 0...2 137035817us : 0: }D
syz-exec-14028 0...2 137035821us : 0: }D
syz-exec-14028 0...2 137035824us : 0: }D
syz-exec-14028 0...2 137035826us : 0: }D
syz-exec-14028 0...2 137035829us : 0: }D
syz-exec-14028 0...2 137035832us : 0: }D
syz-exec-14028 0...2 137035834us : 0: }D
syz-exec-14028 0...2 137035837us : 0: }D
syz-exec-14028 0...2 137035839us : 0: }D
syz-exec-14028 0...2 137035842us : 0: }D
syz-exec-14028 0...2 137035844us : 0: }D
syz-exec-14028 0...2 137035847us : 0: }D
syz-exec-14028 0...2 137035849us : 0: }D
syz-exec-14028 0...2 137035852us : 0: }D
syz-exec-14028 0...2 137035855us : 0: }D
syz-exec-14028 0...2 137035857us : 0: }D
syz-exec-14028 0...2 137035860us : 0: }D
syz-exec-14028 0...2 137035862us : 0: }D
syz-exec-14028 0...2 137035865us : 0: }D
syz-exec-14028 0...2 137035867us : 0: }D
syz-exec-14028 0...2 137035870us : 0: }D
syz-exec-14028 0...2 137035874us : 0: }D
syz-exec-14028 0...2 137035876us : 0: }D
syz-exec-14028 0...2 137035879us : 0: }D
syz-exec-14028 0...2 137035882us : 0: }D
syz-exec-14028 0...2 137035885us : 0: }D
syz-exec-14028 0...2 137035888us : 0: }D
syz-exec-14028 0...2 137035891us : 0: }D
syz-exec-14028 0...2 137035894us : 0: }D
syz-exec-14028 0...2 137035897us : 0: }D
syz-exec-14028 0...2 137035900us : 0: }D
syz-exec-14028 0...2 137035902us : 0: }D
syz-exec-14028 0...2 137035905us : 0: }D
syz-exec-14028 0...2 137035908us : 0: }D
syz-exec-14028 0...2 137035911us : 0: }D
syz-exec-14028 0...2 137035914us : 0: }D
syz-exec-14028 0...2 137035917us : 0: }D
syz-exec-14028 0...2 137035921us : 0: }D
syz-exec-14028 0...2 137035923us : 0: }D
syz-exec-14028 0...2 137035926us : 0: }D
syz-exec-14028 0...2 137035929us : 0: }D
syz-exec-14028 0...2 137035932us : 0: }D
syz-exec-14028 0...2 137035935us : 0: }D
syz-exec-14028 0...2 137035938us : 0: }D
syz-exec-14028 0...2 137035941us : 0: }D
syz-exec-14028 0...2 137035944us : 0: }D
syz-exec-14028 0...2 137035947us : 0: }D
syz-exec-14028 0...2 137035950us : 0: }D
syz-exec-14028 0...2 137035953us : 0: }D
syz-exec-14028 0...2 137035956us : 0: }D
syz-exec-14028 0...2 137035959us : 0: }D
syz-exec-14028 0...2 137035962us : 0: }D
syz-exec-14028 0...2 137035965us : 0: }D
syz-exec-14028 0...2 137035968us : 0: }D
syz-exec-14028 0...2 137035971us : 0: }D
syz-exec-14028 0...2 137035974us : 0: }D
syz-exec-14028 0...2 137035977us : 0: }D
syz-exec-14028 0...2 137035979us : 0: }D
syz-exec-14028 0...2 137035983us : 0: }D
syz-exec-14028 0...2 137035986us : 0: }D
syz-exec-14028 0...2 137035989us : 0: }D
syz-exec-14028 0...2 137035992us : 0: }D
syz-exec-14028 0...2 137035995us : 0: }D
syz-exec-14028 0...2 137035997us : 0: }D
syz-exec-14028 0...2 137036000us : 0: }D
syz-exec-14028 0...2 137036003us : 0: }D
syz-exec-14028 0...2 137036006us : 0: }D
syz-exec-14028 0...2 137036009us : 0: }D
syz-exec-14028 0...2 137036013us : 0: }D
syz-exec-14028 0...2 137036016us : 0: }D
syz-exec-14028 0...2 137036019us : 0: }D
syz-exec-14028 0...2 137036022us : 0: }D
syz-exec-14028 0...2 137036025us : 0: }D
syz-exec-14028 0...2 137036028us : 0: }D
syz-exec-14028 0...2 137036031us : 0: }D
syz-exec-14028 0...2 137036034us : 0: }D
syz-exec-14028 0...2 137036036us : 0: }D
syz-exec-14028 0...2 137036039us : 0: }D
syz-exec-14028 0...2 137036042us : 0: }D
syz-exec-14028 0...2 137036045us : 0: }D
syz-exec-14028 0...2 137036048us : 0: }D
syz-exec-14028 0...2 137036051us : 0: }D
syz-exec-14028 0...2 137036054us : 0: }D
syz-exec-14028 0...2 137036057us : 0: }D
syz-exec-14028 0...2 137036060us : 0: }D
syz-exec-14028 0...2 137036063us : 0: }D
syz-exec-14028 0...2 137036067us : 0: }D
syz-exec-14028 0...2 137036070us : 0: }D
syz-exec-14028 0...2 137036072us : 0: }D
syz-exec-14028 0...2 137036075us : 0: }D
syz-exec-14028 0...2 137036078us : 0: }D
syz-exec-14028 0...2 137036081us : 0: }D
syz-exec-14028 0...2 137036084us : 0: }D
syz-exec-14028 0...2 137036087us : 0: }D
syz-exec-14028 0...2 137036090us : 0: }D
syz-exec-14028 0...2 137036093us : 0: }D
syz-exec-14028 0...2 137036096us : 0: }D
syz-exec-14028 0...2 137036099us : 0: }D
syz-exec-14028 0...2 137036102us : 0: }D
syz-exec-14028 0...2 137036106us : 0: }D
syz-exec-14028 0...2 137036109us : 0: }D
syz-exec-14028 0...2 137036112us : 0: }D
syz-exec-14028 0...2 137036115us : 0: }D
syz-exec-14028 0...2 137036118us : 0: }D
syz-exec-14028 0...2 137036121us : 0: }D
syz-exec-14028 0...2 137036124us : 0: }D
syz-exec-14028 0...2 137036127us : 0: }D
syz-exec-14028 0...2 137036130us : 0: }D
syz-exec-14028 0...2 137036133us : 0: }D
syz-exec-14028 0...2 137036136us : 0: }D
syz-exec-14028 0...2 137036139us : 0: }D
syz-exec-14028 0...2 137036142us : 0: }D
syz-exec-14028 0...2 137036145us : 0: }D
syz-exec-14028 0...2 137036148us : 0: }D
syz-exec-14028 0...2 137036151us : 0: }D
syz-exec-14028 0...2 137036154us : 0: }D
syz-exec-14028 0...2 137036157us : 0: }D
syz-exec-14028 0...2 137036165us : 0: }D
syz-exec-14028 0...2 137036168us : 0: }D
syz-exec-14028 0...2 137036172us : 0: }D
syz-exec-14028 0...2 137036175us : 0: }D
syz-exec-14028 0...2 137036178us : 0: }D
syz-exec-14028 0...2 137036181us : 0: }D
syz-exec-14028 0...2 137036184us : 0: }D
syz-exec-14028 0...2 137036187us : 0: }D
syz-exec-14028 0...2 137036190us : 0: }D
syz-exec-14028 0...2 137036194us : 0: }D
syz-exec-14028 0...2 137036197us : 0: }D
syz-exec-14028 0...2 137036200us : 0: }D
syz-exec-14028 0...2 137036203us : 0: }D
syz-exec-14028 0...2 137036207us : 0: }D
syz-exec-14028 0...2 137036210us : 0: }D
syz-exec-14028 0...2 137036213us : 0: }D
syz-exec-14028 0...2 137036216us : 0: }D
syz-exec-14028 0...2 137036219us : 0: }D
syz-exec-14028 0...2 137036222us : 0: }D
syz-exec-14028 0...2 137036225us : 0: }D
syz-exec-14028 0...2 137036229us : 0: }D
syz-exec-14028 0.N.2 137036482us : 0: }D
syz-exec-14028 0...2 137039870us : 0: }D
syz-exec-14028 0...2 137039876us : 0: }D
syz-exec-14028 0...2 137039879us : 0: }D
syz-exec-14028 0...2 137039885us : 0: }D
syz-exec-14028 0...2 137039889us : 0: }D
syz-exec-14028 0...2 137039892us : 0: }D
syz-exec-14028 0...2 137039895us : 0: }D
syz-exec-14028 0...2 137039898us : 0: }D
syz-exec-14028 0...2 137039902us : 0: }D
syz-exec-14028 0...2 137039905us : 0: }D
syz-exec-14028 0...2 137039908us : 0: }D
syz-exec-14028 0...2 137039910us : 0: }D
syz-exec-14028 0...2 137039915us : 0: }D
syz-exec-14028 0...2 137039917us : 0: }D
syz-exec-14028 0...2 137039920us : 0: }D
syz-exec-14028 0...2 137039924us : 0: }D
syz-exec-14028 0...2 137039927us : 0: }D
syz-exec-14028 0...2 137039930us : 0: }D
syz-exec-14028 0...2 137039933us : 0: }D
syz-exec-14028 0...2 137039936us : 0: }D
syz-exec-14028 0...2 137039939us : 0: }D
syz-exec-14028 0...2 137039942us : 0: }D
syz-exec-14028 0...2 137039945us : 0: }D
syz-exec-14028 0...2 137039948us : 0: }D
syz-exec-14028 0...2 137039951us : 0: }D
syz-exec-14028 0...2 137039954us : 0: }D
syz-exec-14028 0...2 137039958us : 0: }D
syz-exec-14028 0...2 137039961us : 0: }D
syz-exec-14028 0...2 137039963us : 0: }D
syz-exec-14028 0...2 137039966us : 0: }D
syz-exec-14028 0...2 137039970us : 0: }D
syz-exec-14028 0...2 137039973us : 0: }D
syz-exec-14028 0...2 137039976us : 0: }D
syz-exec-14028 0...2 137039980us : 0: }D
syz-exec-14028 0...2 137039984us : 0: }D
syz-exec-14028 0...2 137039987us : 0: }D
syz-exec-14028 0...2 137039990us : 0: }D
syz-exec-14028 0...2 137039993us : 0: }D
syz-exec-14028 0...2 137039996us : 0: }D
syz-exec-14028 0...2 137039999us : 0: }D
syz-exec-14028 0...2 137040002us : 0: }D
syz-exec-14028 0...2 137040006us : 0: }D
syz-exec-14028 0...2 137040009us : 0: }D
syz-exec-14028 0...2 137040012us : 0: }D
syz-exec-14028 0...2 137040016us : 0: }D
syz-exec-14028 0...2 137040019us : 0: }D
syz-exec-14028 0...2 137040022us : 0: }D
syz-exec-14028 0...2 137040025us : 0: }D
syz-exec-14028 0...2 137040028us : 0: }D
syz-exec-14028 0...2 137040032us : 0: }D
syz-exec-14028 0...2 137040035us : 0: }D
syz-exec-14028 0...2 137040038us : 0: }D
syz-exec-14028 0...2 137040041us : 0: }D
syz-exec-14028 0...2 137040044us : 0: }D
syz-exec-14028 0...2 137040047us : 0: }D
syz-exec-14028 0...2 137040050us : 0: }D
syz-exec-14028 0...2 137040053us : 0: }D
syz-exec-14028 0...2 137040056us : 0: }D
syz-exec-14028 0...2 137040059us : 0: }D
syz-exec-14028 0...2 137040062us : 0: }D
syz-exec-14028 0...2 137040065us : 0: }D
syz-exec-14028 0...2 137040068us : 0: }D
syz-exec-14028 0...2 137040071us : 0: }D
syz-exec-14028 0...2 137040074us : 0: }D
syz-exec-14028 0...2 137040077us : 0: }D
syz-exec-14028 0...2 137040080us : 0: }D
syz-exec-14028 0...2 137040083us : 0: }D
syz-exec-14028 0...2 137040087us : 0: }D
syz-exec-14028 0...2 137040090us : 0: }D
syz-exec-14028 0...2 137040093us : 0: }D
syz-exec-14028 0...2 137040096us : 0: }D
syz-exec-14028 0...2 137040099us : 0: }D
syz-exec-14028 0...2 137040102us : 0: }D
syz-exec-14028 0...2 137040105us : 0: }D
syz-exec-14028 0...2 137040108us : 0: }D
syz-exec-14028 0...2 137040111us : 0: }D
syz-exec-14028 0...2 137040114us : 0: }D
syz-exec-14028 0...2 137040117us : 0: }D
syz-exec-14028 0...2 137040119us : 0: }D
syz-exec-14028 0...2 137040122us : 0: }D
syz-exec-14028 0...2 137040125us : 0: }D
syz-exec-14028 0...2 137040129us : 0: }D
syz-exec-14028 0...2 137040132us : 0: }D
syz-exec-14028 0...2 137040135us : 0: }D
syz-exec-14028 0...2 137040138us : 0: }D
syz-exec-14028 0...2 137040141us : 0: }D
syz-exec-14028 0...2 137040144us : 0: }D
syz-exec-14028 0...2 137040147us : 0: }D
syz-exec-14028 0...2 137040150us : 0: }D
syz-exec-14028 0...2 137040153us : 0: }D
syz-exec-14028 0...2 137040156us : 0: }D
syz-exec-14028 0...2 137040159us : 0: }D
syz-exec-14028 0...2 137040168us : 0: }D
syz-exec-14028 0...2 137040171us : 0: }D
syz-exec-14028 0...2 137040174us : 0: }D
syz-exec-14028 0...2 137040177us : 0: }D
syz-exec-14028 0...2 137040180us : 0: }D
syz-exec-14028 0...2 137040183us : 0: }D
syz-exec-14028 0...2 137040186us : 0: }D
syz-exec-14028 0...2 137040189us : 0: }D
syz-exec-14028 0...2 137040192us : 0: }D
syz-exec-14028 0...2 137040195us : 0: }D
syz-exec-14028 0...2 137040197us : 0: }D
syz-exec-14028 0...2 137040200us : 0: }D
syz-exec-14028 0...2 137040203us : 0: }D
syz-exec-14028 0...2 137040207us : 0: }D
syz-exec-14028 0...2 137040209us : 0: }D
syz-exec-14028 0...2 137040213us : 0: }D
syz-exec-14028 0...2 137040216us : 0: }D
syz-exec-14028 0...2 137040219us : 0: }D
syz-exec-14028 0...2 137040221us : 0: }D
syz-exec-14028 0...2 137040224us : 0: }D
syz-exec-14028 0...2 137040227us : 0: }D
syz-exec-14028 0...2 137040230us : 0: }D
syz-exec-14028 0...2 137042704us : 0: }D
syz-exec-14028 0...2 137042709us : 0: }D
syz-exec-14028 0...2 137042713us : 0: }D
syz-exec-14028 0...2 137042715us : 0: }D
syz-exec-14028 0...2 137042717us : 0: }D
syz-exec-14028 0...2 137042720us : 0: }D
syz-exec-14028 0...2 137042724us : 0: }D
syz-exec-14028 0...2 137042727us : 0: }D
syz-exec-14028 0...2 137042729us : 0: }D
syz-exec-14028 0...2 137042733us : 0: }D
syz-exec-14028 0...2 137042736us : 0: }D
syz-exec-14028 0...2 137042739us : 0: }D
syz-exec-14028 0...2 137042741us : 0: }D
syz-exec-14028 0...2 137042746us : 0: }D
syz-exec-14028 0...2 137042748us : 0: }D
syz-exec-14028 0...2 137042751us : 0: }D
syz-exec-14028 0...2 137042755us : 0: }D
syz-exec-14028 0...2 137042758us : 0: }D
syz-exec-14028 0...2 137042760us : 0: }D
syz-exec-14028 0...2 137042763us : 0: }D
syz-exec-14028 0...2 137042766us : 0: }D
syz-exec-14028 0...2 137042769us : 0: }D
syz-exec-14028 0...2 137042771us : 0: }D
syz-exec-14028 0...2 137042774us : 0: }D
syz-exec-14028 0...2 137042777us : 0: }D
syz-exec-14028 0...2 137042780us : 0: }D
syz-exec-14028 0...2 137042782us : 0: }D
syz-exec-14028 0...2 137042784us : 0: }D
syz-exec-14028 0...2 137042787us : 0: }D
syz-exec-14028 0...2 137042789us : 0: }D
syz-exec-14028 0...2 137042792us : 0: }D
syz-exec-14028 0...2 137042795us : 0: }D
syz-exec-14028 0...2 137042798us : 0: }D
syz-exec-14028 0...2 137042800us : 0: }D
syz-exec-14028 0...2 137042803us : 0: }D
syz-exec-14028 0...2 137042806us : 0: }D
syz-exec-14028 0...2 137042809us : 0: }D
syz-exec-14028 0...2 137042811us : 0: }D
syz-exec-14028 0...2 137042814us : 0: }D
syz-exec-14028 0...2 137042816us : 0: }D
syz-exec-14028 0...2 137042819us : 0: }D
syz-exec-14028 0...2 137042822us : 0: }D
syz-exec-14028 0...2 137042824us : 0: }D
syz-exec-14028 0...2 137042826us : 0: }D
syz-exec-14028 0...2 137042828us : 0: }D
syz-exec-14028 0...2 137042831us : 0: }D
syz-exec-14028 0...2 137042833us : 0: }D
syz-exec-14028 0...2 137042835us : 0: }D
syz-exec-14028 0...2 137042838us : 0: }D
syz-exec-14028 0...2 137042841us : 0: }D
syz-exec-14028 0...2 137042844us : 0: }D
syz-exec-14028 0...2 137042846us : 0: }D
syz-exec-14028 0...2 137042849us : 0: }D
syz-exec-14028 0...2 137042851us : 0: }D
syz-exec-14028 0...2 137042854us : 0: }D
syz-exec-14028 0...2 137042857us : 0: }D
syz-exec-14028 0...2 137042860us : 0: }D
syz-exec-14028 0...2 137042862us : 0: }D
syz-exec-14028 0...2 137042865us : 0: }D
syz-exec-14028 0...2 137042870us : 0: }D
syz-exec-14028 0...2 137042873us : 0: }D
syz-exec-14028 0...2 137042876us : 0: }D
syz-exec-14028 0...2 137042878us : 0: }D
syz-exec-14028 0...2 137042881us : 0: }D
syz-exec-14028 0...2 137042883us : 0: }D
syz-exec-14028 0...2 137042886us : 0: }D
syz-exec-14028 0...2 137042889us : 0: }D
syz-exec-14028 0...2 137042892us : 0: }D
syz-exec-14028 0...2 137042894us : 0: }D
syz-exec-14028 0...2 137042897us : 0: }D
syz-exec-14028 0...2 137042900us : 0: }D
syz-exec-14028 0...2 137042903us : 0: }D
syz-exec-14028 0...2 137042906us : 0: }D
syz-exec-14028 0...2 137042909us : 0: }D
syz-exec-14028 0...2 137042911us : 0: }D
syz-exec-14028 0...2 137042914us : 0: }D
syz-exec-14028 0...2 137042917us : 0: }D
syz-exec-14028 0...2 137042920us : 0: }D
syz-exec-14028 0...2 137042923us : 0: }D
syz-exec-14028 0...2 137042926us : 0: }D
syz-exec-14028 0...2 137042929us : 0: }D
syz-exec-14028 0...2 137042932us : 0: }D
syz-exec-14028 0...2 137042935us : 0: }D
syz-exec-14028 0...2 137042938us : 0: }D
syz-exec-14028 0...2 137042941us : 0: }D
syz-exec-14028 0...2 137042944us : 0: }D
syz-exec-14028 0...2 137042947us : 0: }D
syz-exec-14028 0...2 137042950us : 0: }D
syz-exec-14028 0...2 137042953us : 0: }D
syz-exec-14028 0...2 137042955us : 0: }D
syz-exec-14028 0...2 137042958us : 0: }D
syz-exec-14028 0...2 137042961us : 0: }D
syz-exec-14028 0...2 137042964us : 0: }D
syz-exec-14028 0...2 137042966us : 0: }D
syz-exec-14028 0...2 137042969us : 0: }D
syz-exec-14028 0...2 137042971us : 0: }D
syz-exec-14028 0...2 137042973us : 0: }D
syz-exec-14028 0...2 137042976us : 0: }D
syz-exec-14028 0...2 137042978us : 0: }D
syz-exec-14028 0...2 137042981us : 0: }D
syz-exec-14028 0...2 137042984us : 0: }D
syz-exec-14028 0...2 137042987us : 0: }D
syz-exec-14028 0...2 137042990us : 0: }D
syz-exec-14028 0...2 137042993us : 0: }D
syz-exec-14028 0...2 137042996us : 0: }D
syz-exec-14028 0...2 137042999us : 0: }D
syz-exec-14028 0...2 137043002us : 0: }D
syz-exec-14028 0...2 137043004us : 0: }D
syz-exec-14028 0...2 137043007us : 0: }D
syz-exec-14028 0...2 137043010us : 0: }D
syz-exec-14028 0...2 137043013us : 0: }D
syz-exec-14028 0...2 137043016us : 0: }D
syz-exec-14028 0...2 137043019us : 0: }D
syz-exec-14028 0...2 137043022us : 0: }D
syz-exec-14028 0...2 137043025us : 0: }D
syz-exec-14028 0...2 137043028us : 0: }D
syz-exec-14028 0...2 137043031us : 0: }D
syz-exec-14028 0...2 137043034us : 0: }D
syz-exec-14028 0...2 137043037us : 0: }D
syz-exec-14028 0...2 137043040us : 0: }D
syz-exec-14028 0...2 137043043us : 0: }D
syz-exec-14028 0...2 137043046us : 0: }D
syz-exec-14028 0...2 137043049us : 0: }D
syz-exec-14028 0...2 137043052us : 0: }D
syz-exec-14028 0...2 137043055us : 0: }D
syz-exec-14028 0...2 137043058us : 0: }D
syz-exec-14028 0...2 137043061us : 0: }D
syz-exec-14028 0...2 137043064us : 0: }D
syz-exec-14028 0...2 137043067us : 0: }D
syz-exec-14028 0...2 137043070us : 0: }D
syz-exec-14028 0...2 137043073us : 0: }D
syz-exec-14028 0...2 137043076us : 0: }D
syz-exec-14028 0...2 137043079us : 0: }D
syz-exec-14028 0...2 137043082us : 0: }D
syz-exec-14028 0...2 137043085us : 0: }D
syz-exec-14028 0...2 137043088us : 0: }D
syz-exec-14028 0...2 137043090us : 0: }D
syz-exec-14028 0...2 137043093us : 0: }D
syz-exec-14028 0...2 137043096us : 0: }D
syz-exec-14028 0...2 137043099us : 0: }D
syz-exec-14028 0...2 137043102us : 0: }D
syz-exec-14028 0...2 137043105us : 0: }D
syz-exec-14028 0...2 137043108us : 0: }D
syz-exec-14028 0...2 137043111us : 0: }D
syz-exec-14028 0...2 137043114us : 0: }D
syz-exec-14028 0...2 137043116us : 0: }D
syz-exec-14028 0...2 137043119us : 0: }D
syz-exec-14028 0...2 137043122us : 0: }D
syz-exec-14028 0...2 137043125us : 0: }D
syz-exec-14028 0...2 137043128us : 0: }D
syz-exec-14028 0...2 137043131us : 0: }D
syz-exec-14028 0...2 137043134us : 0: }D
syz-exec-14028 0...2 137043137us : 0: }D
syz-exec-14028 0...2 137043140us : 0: }D
syz-exec-14028 0...2 137043143us : 0: }D
syz-exec-14028 0...2 137043146us : 0: }D
syz-exec-14028 0...2 137043149us : 0: }D
syz-exec-14028 0...2 137043152us : 0: }D
syz-exec-14028 0...2 137043155us : 0: }D
syz-exec-14028 0...2 137043158us : 0: }D
syz-exec-14028 0...2 137043168us : 0: }D
syz-exec-14028 0...2 137043171us : 0: }D
syz-exec-14028 0...2 137043174us : 0: }D
syz-exec-14028 0...2 137043177us : 0: }D
syz-exec-14028 0...2 137043180us : 0: }D
syz-exec-14028 0...2 137043183us : 0: }D
syz-exec-14028 0...2 137043186us : 0: }D
syz-exec-14028 0...2 137043189us : 0: }D
syz-exec-14028 0...2 137043192us : 0: }D
syz-exec-14028 0...2 137043195us : 0: }D
syz-exec-14028 0...2 137043198us : 0: }D
syz-exec-14028 0...2 137043202us : 0: }D
syz-exec-14028 0...2 137043205us : 0: }D
syz-exec-14028 0...2 137043207us : 0: }D
syz-exec-14028 0...2 137043210us : 0: }D
syz-exec-14028 0...2 137043214us : 0: }D
syz-exec-14028 0...2 137043216us : 0: }D
syz-exec-14028 0...2 137043219us : 0: }D
syz-exec-14028 0...2 137043222us : 0: }D
syz-exec-14028 0...2 137043225us : 0: }D
syz-exec-14028 0...2 137043228us : 0: }D
syz-exec-14028 0...2 137043231us : 0: }D
syz-exec-14028 0...2 137043267us : 0: }D
syz-exec-14028 0...2 137043270us : 0: }D
syz-exec-14028 0...2 137043273us : 0: }D
syz-exec-14028 0.N.2 137043280us : 0: }D
syz-exec-14028 0...2 137045368us : 0: }D
syz-exec-14028 0...2 137045373us : 0: }D
syz-exec-14028 0...2 137045378us : 0: }D
syz-exec-14028 0...2 137045381us : 0: }D
syz-exec-14028 0...2 137045384us : 0: }D
syz-exec-14028 0...2 137045387us : 0: }D
syz-exec-14028 0...2 137045391us : 0: }D
syz-exec-14028 0...2 137045394us : 0: }D
syz-exec-14028 0...2 137045397us : 0: }D
syz-exec-14028 0...2 137045400us : 0: }D
syz-exec-14028 0...2 137045404us : 0: }D
syz-exec-14028 0...2 137045407us : 0: }D
syz-exec-14028 0...2 137045410us : 0: }D
syz-exec-14028 0...2 137045413us : 0: }D
syz-exec-14028 0...2 137045417us : 0: }D
syz-exec-14028 0...2 137045420us : 0: }D
syz-exec-14028 0...2 137045423us : 0: }D
syz-exec-14028 0...2 137045426us : 0: }D
syz-exec-14028 0...2 137045429us : 0: }D
syz-exec-14028 0...2 137045432us : 0: }D
syz-exec-14028 0...2 137045436us : 0: }D
syz-exec-14028 0...2 137045439us : 0: }D
syz-exec-14028 0...2 137045443us : 0: }D
syz-exec-14028 0...2 137045446us : 0: }D
syz-exec-14028 0...2 137045449us : 0: }D
syz-exec-14028 0...2 137045452us : 0: }D
syz-exec-14028 0...2 137045455us : 0: }D
syz-exec-14028 0...2 137045458us : 0: }D
syz-exec-14028 0...2 137045462us : 0: }D
syz-exec-14028 0...2 137045465us : 0: }D
syz-exec-14028 0...2 137045468us : 0: }D
syz-exec-14028 0...2 137045472us : 0: }D
syz-exec-14028 0...2 137045475us : 0: }D
syz-exec-14028 0...2 137045478us : 0: }D
syz-exec-14028 0...2 137045481us : 0: }D
syz-exec-14028 0...2 137045485us : 0: }D
syz-exec-14028 0...2 137045488us : 0: }D
syz-exec-14028 0...2 137045491us : 0: }D
syz-exec-14028 0...2 137045494us : 0: }D
syz-exec-14028 0...2 137045498us : 0: }D
syz-exec-14028 0...2 137045501us : 0: }D
syz-exec-14028 0...2 137045504us : 0: }D
syz-exec-14028 0...2 137045508us : 0: }D
syz-exec-14028 0...2 137045513us : 0: }D
syz-exec-14028 0...2 137045516us : 0: }D
syz-exec-14028 0...2 137045519us : 0: }D
syz-exec-14028 0...2 137045522us : 0: }D
syz-exec-14028 0...2 137045525us : 0: }D
syz-exec-14028 0...2 137045528us : 0: }D
syz-exec-14028 0...2 137045531us : 0: }D
syz-exec-14028 0...2 137045534us : 0: }D
syz-exec-14028 0...2 137045537us : 0: }D
syz-exec-14028 0...2 137045540us : 0: }D
syz-exec-14028 0...2 137045543us : 0: }D
syz-exec-14028 0...2 137045546us : 0: }D
syz-exec-14028 0...2 137045549us : 0: }D
syz-exec-14028 0...2 137045552us : 0: }D
syz-exec-14028 0...2 137045555us : 0: }D
syz-exec-14028 0...2 137045559us : 0: }D
syz-exec-14028 0...2 137045562us : 0: }D
syz-exec-14028 0...2 137045565us : 0: }D
syz-exec-14028 0...2 137045568us : 0: }D
syz-exec-14028 0...2 137045571us : 0: }D
syz-exec-14028 0...2 137045574us : 0: }D
syz-exec-14028 0...2 137045577us : 0: }D
syz-exec-14028 0...2 137045580us : 0: }D
syz-exec-14028 0...2 137045583us : 0: }D
syz-exec-14028 0...2 137045586us : 0: }D
syz-exec-14028 0...2 137045589us : 0: }D
syz-exec-14028 0...2 137045592us : 0: }D
syz-exec-14028 0...2 137045596us : 0: }D
syz-exec-14028 0...2 137045662us : 0: }D
syz-exec-14028 0...2 137045665us : 0: }D
syz-exec-14028 0...2 137045669us : 0: }D
syz-exec-14028 0...2 137045672us : 0: }D
syz-exec-14028 0...2 137045675us : 0: }D
syz-exec-14028 0...2 137045678us : 0: }D
syz-exec-14028 0...2 137045682us : 0: }D
syz-exec-14028 0...2 137045685us : 0: }D
syz-exec-14028 0...2 137045688us : 0: }D
syz-exec-14028 0...2 137045691us : 0: }D
syz-exec-14028 0...2 137045694us : 0: }D
syz-exec-14028 0...2 137045697us : 0: }D
syz-exec-14028 0...2 137045700us : 0: }D
syz-exec-14028 0...2 137045703us : 0: }D
syz-exec-14028 0...2 137045707us : 0: }D
syz-exec-14028 0...2 137045710us : 0: }D
syz-exec-14028 0...2 137045713us : 0: }D
syz-exec-14028 0...2 137045717us : 0: }D
syz-exec-14028 0...2 137045720us : 0: }D
syz-exec-14028 0...2 137045723us : 0: }D
syz-exec-14028 0...2 137045726us : 0: }D
syz-exec-14028 0...2 137045730us : 0: }D
syz-exec-14028 0...2 137045733us : 0: }D
syz-exec-14028 0...2 137045736us : 0: }D
syz-exec-14028 0...2 137045740us : 0: }D
syz-exec-14028 0...2 137045743us : 0: }D
syz-exec-14028 0...2 137045746us : 0: }D
syz-exec-14028 0...2 137045749us : 0: }D
syz-exec-14028 0...2 137045753us : 0: }D
syz-exec-14028 0...2 137045756us : 0: }D
syz-exec-14028 0...2 137045759us : 0: }D
syz-exec-14028 0...2 137045762us : 0: }D
syz-exec-14028 0...2 137045766us : 0: }D
syz-exec-14028 0...2 137045769us : 0: }D
syz-exec-14028 0...2 137045772us : 0: }D
syz-exec-14028 0...2 137045775us : 0: }D
syz-exec-14028 0...2 137045778us : 0: }D
syz-exec-14028 0...2 137045781us : 0: }D
syz-exec-14028 0...2 137045784us : 0: }D
syz-exec-14028 0...2 137045788us : 0: }D
syz-exec-14028 0...2 137045791us : 0: }D
syz-exec-14028 0...2 137045794us : 0: }D
syz-exec-14028 0...2 137045798us : 0: }D
syz-exec-14028 0...2 137045801us : 0: }D
syz-exec-14028 0...2 137045804us : 0: }D
syz-exec-14028 0...2 137045807us : 0: }D
syz-exec-14028 0...2 137045810us : 0: }D
syz-exec-14028 0...2 137045813us : 0: }D
syz-exec-14028 0...2 137045816us : 0: }D
syz-exec-14028 0...2 137045819us : 0: }D
syz-exec-14028 0...2 137045822us : 0: }D
syz-exec-14028 0...2 137045825us : 0: }D
syz-exec-14028 0...2 137045828us : 0: }D
syz-exec-14028 0...2 137045831us : 0: }D
syz-exec-14028 0...2 137045834us : 0: }D
syz-exec-14028 0...2 137045837us : 0: }D
syz-exec-14028 0...2 137045839us : 0: }D
syz-exec-14028 0...2 137045842us : 0: }D
syz-exec-14028 0...2 137045845us : 0: }D
syz-exec-14028 0...2 137045848us : 0: }D
syz-exec-14028 0...2 137045851us : 0: }D
syz-exec-14028 0...2 137045854us : 0: }D
syz-exec-14028 0...2 137045857us : 0: }D
syz-exec-14028 0...2 137045860us : 0: }D
syz-exec-14028 0...2 137045863us : 0: }D
syz-exec-14028 0...2 137045866us : 0: }D
syz-exec-14028 0...2 137045869us : 0: }D
syz-exec-14028 0...2 137045872us : 0: }D
syz-exec-14028 0...2 137045875us : 0: }D
syz-exec-14028 0...2 137045878us : 0: }D
syz-exec-14028 0...2 137045881us : 0: }D
syz-exec-14028 0...2 137045884us : 0: }D
syz-exec-14028 0...2 137045887us : 0: }D
syz-exec-14028 0...2 137045890us : 0: }D
syz-exec-14028 0...2 137045894us : 0: }D
syz-exec-14028 0...2 137045897us : 0: }D
syz-exec-14028 0...2 137045899us : 0: }D
syz-exec-14028 0...2 137045902us : 0: }D
syz-exec-14028 0...2 137045905us : 0: }D
syz-exec-14028 0...2 137045908us : 0: }D
syz-exec-14028 0...2 137045911us : 0: }D
syz-exec-14028 0...2 137045914us : 0: }D
syz-exec-14028 0...2 137045917us : 0: }D
syz-exec-14028 0...2 137045920us : 0: }D
syz-exec-14028 0...2 137045923us : 0: }D
syz-exec-14028 0...2 137045926us : 0: }D
syz-exec-14028 0...2 137045929us : 0: }D
syz-exec-14028 0...2 137045932us : 0: }D
syz-exec-14028 0...2 137045934us : 0: }D
syz-exec-14028 0...2 137045937us : 0: }D
syz-exec-14028 0...2 137045940us : 0: }D
syz-exec-14028 0...2 137045943us : 0: }D
syz-exec-14028 0...2 137045946us : 0: }D
syz-exec-14028 0...2 137045949us : 0: }D
syz-exec-14028 0...2 137045951us : 0: }D
syz-exec-14028 0...2 137045954us : 0: }D
syz-exec-14028 0...2 137045957us : 0: }D
syz-exec-14028 0...2 137045960us : 0: }D
syz-exec-14028 0...2 137045962us : 0: }D
syz-exec-14028 0...2 137045965us : 0: }D
syz-exec-14028 0...2 137045968us : 0: }D
syz-exec-14028 0...2 137045970us : 0: }D
syz-exec-14028 0...2 137045973us : 0: }D
syz-exec-14028 0...2 137045975us : 0: }D
syz-exec-14028 0...2 137045978us : 0: }D
syz-exec-14028 0...2 137045981us : 0: }D
syz-exec-14028 0...2 137045984us : 0: }D
syz-exec-14028 0...2 137045987us : 0: }D
syz-exec-14028 0...2 137045989us : 0: }D
syz-exec-14028 0...2 137045992us : 0: }D
syz-exec-14028 0...2 137045995us : 0: }D
syz-exec-14028 0...2 137045997us : 0: }D
syz-exec-14028 0...2 137046000us : 0: }D
syz-exec-14028 0...2 137046003us : 0: }D
syz-exec-14028 0...2 137046006us : 0: }D
syz-exec-14028 0...2 137046008us : 0: }D
syz-exec-14028 0...2 137046011us : 0: }D
syz-exec-14028 0...2 137046014us : 0: }D
syz-exec-14028 0...2 137046017us : 0: }D
syz-exec-14028 0...2 137046020us : 0: }D
syz-exec-14028 0...2 137046023us : 0: }D
syz-exec-14028 0...2 137046025us : 0: }D
syz-exec-14028 0...2 137046028us : 0: }D
syz-exec-14028 0...2 137046031us : 0: }D
syz-exec-14028 0...2 137046034us : 0: }D
syz-exec-14028 0...2 137046037us : 0: }D
syz-exec-14028 0...2 137046040us : 0: }D
syz-exec-14028 0...2 137046043us : 0: }D
syz-exec-14028 0...2 137046046us : 0: }D
syz-exec-14028 0...2 137046049us : 0: }D
syz-exec-14028 0...2 137046051us : 0: }D
syz-exec-14028 0...2 137046054us : 0: }D
syz-exec-14028 0...2 137046057us : 0: }D
syz-exec-14028 0...2 137046060us : 0: }D
syz-exec-14028 0...2 137046063us : 0: }D
syz-exec-14028 0...2 137046066us : 0: }D
syz-exec-14028 0...2 137046068us : 0: }D
syz-exec-14028 0...2 137046071us : 0: }D
syz-exec-14028 0...2 137046074us : 0: }D
syz-exec-14028 0...2 137046077us : 0: }D
syz-exec-14028 0...2 137046080us : 0: }D
syz-exec-14028 0...2 137046083us : 0: }D
syz-exec-14028 0...2 137046087us : 0: }D
syz-exec-14028 0...2 137046090us : 0: }D
syz-exec-14028 0...2 137046092us : 0: }D
syz-exec-14028 0...2 137046095us : 0: }D
syz-exec-14028 0...2 137046098us : 0: }D
syz-exec-14028 0...2 137046101us : 0: }D
syz-exec-14028 0...2 137046103us : 0: }D
syz-exec-14028 0...2 137046106us : 0: }D
syz-exec-14028 0...2 137046109us : 0: }D
syz-exec-14028 0...2 137046112us : 0: }D
syz-exec-14028 0...2 137046115us : 0: }D
syz-exec-14028 0...2 137046117us : 0: }D
syz-exec-14028 0...2 137046120us : 0: }D
syz-exec-14028 0...2 137046123us : 0: }D
syz-exec-14028 0...2 137046126us : 0: }D
syz-exec-14028 0...2 137046129us : 0: }D
syz-exec-14028 0...2 137046131us : 0: }D
syz-exec-14028 0...2 137046134us : 0: }D
syz-exec-14028 0...2 137046137us : 0: }D
syz-exec-14028 0...2 137046140us : 0: }D
syz-exec-14028 0...2 137046143us : 0: }D
syz-exec-14028 0...2 137046145us : 0: }D
syz-exec-14028 0...2 137046148us : 0: }D
syz-exec-14028 0...2 137046151us : 0: }D
syz-exec-14028 0...2 137046154us : 0: }D
syz-exec-14028 0...2 137046157us : 0: }D
syz-exec-14028 0...2 137046165us : 0: }D
syz-exec-14028 0...2 137046168us : 0: }D
syz-exec-14028 0...2 137046170us : 0: }D
syz-exec-14028 0...2 137046173us : 0: }D
syz-exec-14028 0...2 137046176us : 0: }D
syz-exec-14028 0...2 137046178us : 0: }D
syz-exec-14028 0...2 137046181us : 0: }D
syz-exec-14028 0...2 137046184us : 0: }D
syz-exec-14028 0...2 137046187us : 0: }D
syz-exec-14028 0...2 137046190us : 0: }D
syz-exec-14028 0...2 137046193us : 0: }D
syz-exec-14028 0...2 137046196us : 0: }D
syz-exec-14028 0...2 137046199us : 0: }D
syz-exec-14028 0...2 137046202us : 0: }D
syz-exec-14028 0...2 137046204us : 0: }D
syz-exec-14028 0...2 137046208us : 0: }D
syz-exec-14028 0...2 137046210us : 0: }D
syz-exec-14028 0...2 137046213us : 0: }D
syz-exec-14028 0...2 137046216us : 0: }D
syz-exec-14028 0...2 137046219us : 0: }D
syz-exec-14028 0...2 137046222us : 0: }D
syz-exec-14028 0...2 137046225us : 0: }D
syz-exec-14028 0...2 137046228us : 0: }D
syz-exec-14028 0...2 137046231us : 0: }D
syz-exec-14028 0...2 137046340us : 0: }D
syz-exec-14028 0...2 137046343us : 0: }D
syz-exec-14028 0...2 137046347us : 0: }D
syz-exec-14028 0...2 137046350us : 0: }D
syz-exec-14028 0...2 137046352us : 0: }D
syz-exec-14028 0...2 137046356us : 0: }D
syz-exec-14028 0...2 137046359us : 0: }D
syz-exec-14028 0...2 137046362us : 0: }D
syz-exec-14028 0...2 137046365us : 0: }D
syz-exec-14028 0...2 137046369us : 0: }D
syz-exec-14028 0...2 137046372us : 0: }D
syz-exec-14028 0...2 137046375us : 0: }D
syz-exec-14028 0...2 137046379us : 0: }D
syz-exec-14028 0...2 137046382us : 0: }D
syz-exec-14028 0...2 137046385us : 0: }D
syz-exec-14028 0...2 137046388us : 0: }D
syz-exec-14028 0...2 137046392us : 0: }D
syz-exec-14028 0...2 137046395us : 0: }D
syz-exec-14028 0...2 137046398us : 0: }D
syz-exec-14028 0...2 137046401us : 0: }D
syz-exec-14028 0...2 137046456us : 0: }D
syz-exec-14028 0...2 137046459us : 0: }D
syz-exec-14028 0...2 137046462us : 0: }D
syz-exec-14028 0...2 137046466us : 0: }D
syz-exec-14028 0...2 137046469us : 0: }D
syz-exec-14028 0...2 137046471us : 0: }D
syz-exec-14028 0...2 137046475us : 0: }D
syz-exec-14028 0...2 137046478us : 0: }D
syz-exec-14028 0...2 137046481us : 0: }D
syz-exec-14028 0...2 137046484us : 0: }D
syz-exec-14028 0...2 137046488us : 0: }D
syz-exec-14028 0...2 137046491us : 0: }D
syz-exec-14028 0...2 137046494us : 0: }D
syz-exec-14028 0...2 137046497us : 0: }D
syz-exec-14028 0...2 137046500us : 0: }D
syz-exec-14028 0...2 137046503us : 0: }D
syz-exec-14028 0...2 137046506us : 0: }D
syz-exec-14028 0...2 137046510us : 0: }D
syz-exec-14028 0...2 137046513us : 0: }D
syz-exec-14028 0...2 137046516us : 0: }D
syz-exec-14028 0...2 137046518us : 0: }D
syz-exec-14028 0...2 137046522us : 0: }D
syz-exec-14028 0...2 137046525us : 0: }D
syz-exec-14028 0...2 137046528us : 0: }D
syz-exec-14028 0...2 137046531us : 0: }D
syz-exec-14028 0...2 137046534us : 0: }D
syz-exec-14028 0...2 137046537us : 0: }D
syz-exec-14028 0...2 137046540us : 0: }D
syz-exec-14028 0...2 137046543us : 0: }D
syz-exec-14028 0...2 137046546us : 0: }D
syz-exec-14028 0...2 137046549us : 0: }D
syz-exec-14028 0...2 137046552us : 0: }D
syz-exec-14028 0...2 137046556us : 0: }D
syz-exec-14028 0...2 137046559us : 0: }D
syz-exec-14028 0...2 137046562us : 0: }D
syz-exec-14028 0...2 137046567us : 0: }D
syz-exec-14028 0...2 137046569us : 0: }D
syz-exec-14028 0...2 137046572us : 0: }D
syz-exec-14028 0...2 137046574us : 0: }D
syz-exec-14028 0...2 137046577us : 0: }D
syz-exec-14028 0...2 137046580us : 0: }D
syz-exec-14028 0...2 137046583us : 0: }D
syz-exec-14028 0...2 137046586us : 0: }D
syz-exec-14028 0...2 137046588us : 0: }D
syz-exec-14028 0...2 137046591us : 0: }D
syz-exec-14028 0...2 137046594us : 0: }D
syz-exec-14028 0...2 137046597us : 0: }D
syz-exec-14028 0...2 137046600us : 0: }D
syz-exec-14028 0...2 137046602us : 0: }D
syz-exec-14028 0...2 137046605us : 0: }D
syz-exec-14028 0...2 137046607us : 0: }D
syz-exec-14028 0...2 137046610us : 0: }D
syz-exec-14028 0...2 137046612us : 0: }D
syz-exec-14028 0...2 137046615us : 0: }D
syz-exec-14028 0...2 137046618us : 0: }D
syz-exec-14028 0...2 137046621us : 0: }D
syz-exec-14028 0...2 137046624us : 0: }D
syz-exec-14028 0...2 137046626us : 0: }D
syz-exec-14028 0...2 137046630us : 0: }D
syz-exec-14028 0...2 137046632us : 0: }D
syz-exec-14028 0...2 137046635us : 0: }D
syz-exec-14028 0...2 137046637us : 0: }D
syz-exec-14028 0...2 137046640us : 0: }D
syz-exec-14028 0...2 137046642us : 0: }D
syz-exec-14028 0...2 137046645us : 0: }D
syz-exec-14028 0...2 137046648us : 0: }D
syz-exec-14028 0...2 137046650us : 0: }D
syz-exec-14028 0...2 137046653us : 0: }D
syz-exec-14028 0...2 137046656us : 0: }D
syz-exec-14028 0...2 137046658us : 0: }D
syz-exec-14028 0...2 137046661us : 0: }D
syz-exec-14028 0...2 137046664us : 0: }D
syz-exec-14028 0...2 137046666us : 0: }D
syz-exec-14028 0...2 137046668us : 0: }D
syz-exec-14028 0...2 137046670us : 0: }D
syz-exec-14028 0...2 137046673us : 0: }D
syz-exec-14028 0...2 137046676us : 0: }D
syz-exec-14028 0...2 137046679us : 0: }D
syz-exec-14028 0...2 137046681us : 0: }D
syz-exec-14028 0...2 137046684us : 0: }D
syz-exec-14028 0...2 137046687us : 0: }D
syz-exec-14028 0...2 137046690us : 0: }D
syz-exec-14028 0...2 137046692us : 0: }D
syz-exec-14028 0...2 137046694us : 0: }D
syz-exec-14028 0...2 137046697us : 0: }D
syz-exec-14028 0.N.2 137046720us : 0: }D
syz-exec-14028 0...2 137051520us : 0: }D
syz-exec-14028 0...2 137051526us : 0: }D
syz-exec-14028 0...2 137051529us : 0: }D
syz-exec-14028 0...2 137051533us : 0: }D
syz-exec-14028 0...2 137051536us : 0: }D
syz-exec-14028 0...2 137051540us : 0: }D
syz-exec-14028 0...2 137051543us : 0: }D
syz-exec-14028 0...2 137051546us : 0: }D
syz-exec-14028 0...2 137051549us : 0: }D
syz-exec-14028 0...2 137051552us : 0: }D
syz-exec-14028 0...2 137051556us : 0: }D
syz-exec-14028 0...2 137051559us : 0: }D
syz-exec-14028 0...2 137051562us : 0: }D
syz-exec-14028 0...2 137051565us : 0: }D
syz-exec-14028 0...2 137051570us : 0: }D
syz-exec-14028 0...2 137051573us : 0: }D
syz-exec-14028 0...2 137051576us : 0: }D
syz-exec-14028 0...2 137051579us : 0: }D
syz-exec-14028 0...2 137051582us : 0: }D
syz-exec-14028 0...2 137051585us : 0: }D
syz-exec-14028 0...2 137051588us : 0: }D
syz-exec-14028 0...2 137051592us : 0: }D
syz-exec-14028 0...2 137051595us : 0: }D
syz-exec-14028 0...2 137051598us : 0: }D
syz-exec-14028 0...2 137051602us : 0: }D
syz-exec-14028 0...2 137051605us : 0: }D
syz-exec-14028 0...2 137051608us : 0: }D
syz-exec-14028 0...2 137051611us : 0: }D
syz-exec-14028 0...2 137051615us : 0: }D
syz-exec-14028 0...2 137051618us : 0: }D
syz-exec-14028 0...2 137051621us : 0: }D
syz-exec-14028 0...2 137051624us : 0: }D
syz-exec-14028 0...2 137051628us : 0: }D
syz-exec-14028 0...2 137051631us : 0: }D
syz-exec-14028 0...2 137051634us : 0: }D
syz-exec-14028 0...2 137051638us : 0: }D
syz-exec-14028 0...2 137051641us : 0: }D
syz-exec-14028 0...2 137051644us : 0: }D
syz-exec-14028 0...2 137051648us : 0: }D
syz-exec-14028 0...2 137051651us : 0: }D
syz-exec-14028 0...2 137051654us : 0: }D
syz-exec-14028 0...2 137051657us : 0: }D
syz-exec-14028 0...2 137051660us : 0: }D
syz-exec-14028 0...2 137051662us : 0: }D
syz-exec-14028 0...2 137051665us : 0: }D
syz-exec-14028 0...2 137051668us : 0: }D
syz-exec-14028 0...2 137051671us : 0: }D
syz-exec-14028 0...2 137051674us : 0: }D
syz-exec-14028 0...2 137051677us : 0: }D
syz-exec-14028 0...2 137051680us : 0: }D
syz-exec-14028 0...2 137051683us : 0: }D
syz-exec-14028 0...2 137051686us : 0: }D
syz-exec-14028 0...2 137051689us : 0: }D
syz-exec-14028 0...2 137051692us : 0: }D
syz-exec-14028 0...2 137051695us : 0: }D
syz-exec-14028 0...2 137051698us : 0: }D
syz-exec-14028 0...2 137051701us : 0: }D
syz-exec-14028 0...2 137051704us : 0: }D
syz-exec-14028 0...2 137051707us : 0: }D
syz-exec-14028 0...2 137051710us : 0: }D
syz-exec-14028 0...2 137051713us : 0: }D
syz-exec-14028 0...2 137051716us : 0: }D
syz-exec-14028 0...2 137051719us : 0: }D
syz-exec-14028 0...2 137051722us : 0: }D
syz-exec-14028 0...2 137051725us : 0: }D
syz-exec-14028 0...2 137051728us : 0: }D
syz-exec-14028 0...2 137051731us : 0: }D
syz-exec-14028 0...2 137051734us : 0: }D
syz-exec-14028 0...2 137051737us : 0: }D
syz-exec-14028 0...2 137051740us : 0: }D
syz-exec-14028 0...2 137051743us : 0: }D
syz-exec-14028 0...2 137051746us : 0: }D
syz-exec-14028 0...2 137051749us : 0: }D
syz-exec-14028 0...2 137051752us : 0: }D
syz-exec-14028 0...2 137051755us : 0: }D
syz-exec-14028 0...2 137051758us : 0: }D
syz-exec-14028 0...2 137051761us : 0: }D
syz-exec-14028 0...2 137051764us : 0: }D
syz-exec-14028 0...2 137051767us : 0: }D
syz-exec-14028 0...2 137051771us : 0: }D
syz-exec-14028 0...2 137051774us : 0: }D
syz-exec-14028 0...2 137051777us : 0: }D
syz-exec-14028 0...2 137051780us : 0: }D
syz-exec-14028 0...2 137051782us : 0: }D
syz-exec-14028 0...2 137051785us : 0: }D
syz-exec-14028 0...2 137051789us : 0: }D
syz-exec-14028 0...2 137051792us : 0: }D
syz-exec-14028 0...2 137051795us : 0: }D
syz-exec-14028 0...2 137051798us : 0: }D
syz-exec-14028 0...2 137051801us : 0: }D
syz-exec-14028 0...2 137051804us : 0: }D
syz-exec-14028 0...2 137051807us : 0: }D
syz-exec-14028 0...2 137051810us : 0: }D
syz-exec-14028 0...2 137051813us : 0: }D
syz-exec-14028 0...2 137051816us : 0: }D
syz-exec-14028 0...2 137051819us : 0: }D
syz-exec-14028 0...2 137051822us : 0: }D
syz-exec-14028 0...2 137051825us : 0: }D
syz-exec-14028 0...2 137051828us : 0: }D
syz-exec-14028 0...2 137051831us : 0: }D
syz-exec-14028 0...2 137051834us : 0: }D
syz-exec-14028 0...2 137051837us : 0: }D
syz-exec-14028 0...2 137051840us : 0: }D
syz-exec-14028 0...2 137051843us : 0: }D
syz-exec-14028 0...2 137051846us : 0: }D
syz-exec-14028 0...2 137051849us : 0: }D
syz-exec-14028 0...2 137051852us : 0: }D
syz-exec-14028 0...2 137051855us : 0: }D
syz-exec-14028 0...2 137051858us : 0: }D
syz-exec-14028 0...2 137051861us : 0: }D
syz-exec-14028 0...2 137051864us : 0: }D
syz-exec-14028 0...2 137051867us : 0: }D
syz-exec-14028 0...2 137051870us : 0: }D
syz-exec-14028 0...2 137051873us : 0: }D
syz-exec-14028 0...2 137051876us : 0: }D
syz-exec-14028 0...2 137051879us : 0: }D
syz-exec-14028 0...2 137051882us : 0: }D
syz-exec-14028 0...2 137051885us : 0: }D
syz-exec-14028 0...2 137051888us : 0: }D
syz-exec-14028 0...2 137051891us : 0: }D
syz-exec-14028 0...2 137051894us : 0: }D
syz-exec-14028 0...2 137051897us : 0: }D
syz-exec-14028 0...2 137051900us : 0: }D
syz-exec-14028 0...2 137051903us : 0: }D
syz-exec-14028 0...2 137051906us : 0: }D
syz-exec-14028 0...2 137051909us : 0: }D
syz-exec-14028 0...2 137051912us : 0: }D
syz-exec-14028 0...2 137051915us : 0: }D
syz-exec-14028 0...2 137051918us : 0: }D
syz-exec-14028 0...2 137051921us : 0: }D
syz-exec-14028 0...2 137051924us : 0: }D
syz-exec-14028 0...2 137051927us : 0: }D
syz-exec-14028 0...2 137051930us : 0: }D
syz-exec-14028 0...2 137051933us : 0: }D
syz-exec-14028 0...2 137051935us : 0: }D
syz-exec-14028 0...2 137051938us : 0: }D
syz-exec-14028 0...2 137051940us : 0: }D
syz-exec-14028 0...2 137051943us : 0: }D
syz-exec-14028 0...2 137051945us : 0: }D
syz-exec-14028 0...2 137051948us : 0: }D
syz-exec-14028 0...2 137051951us : 0: }D
syz-exec-14028 0...2 137051953us : 0: }D
syz-exec-14028 0...2 137051955us : 0: }D
syz-exec-14028 0...2 137051958us : 0: }D
syz-exec-14028 0...2 137051961us : 0: }D
syz-exec-14028 0...2 137051964us : 0: }D
syz-exec-14028 0...2 137051966us : 0: }D
syz-exec-14028 0...2 137051969us : 0: }D
syz-exec-14028 0...2 137051971us : 0: }D
syz-exec-14028 0...2 137051974us : 0: }D
syz-exec-14028 0...2 137051976us : 0: }D
syz-exec-14028 0...2 137051979us : 0: }D
syz-exec-14028 0...2 137051982us : 0: }D
syz-exec-14028 0...2 137051984us : 0: }D
syz-exec-14028 0...2 137051987us : 0: }D
syz-exec-14028 0...2 137051990us : 0: }D
syz-exec-14028 0...2 137051992us : 0: }D
syz-exec-14028 0...2 137051995us : 0: }D
syz-exec-14028 0...2 137051998us : 0: }D
syz-exec-14028 0...2 137052000us : 0: }D
syz-exec-14028 0...2 137052003us : 0: }D
syz-exec-14028 0...2 137052006us : 0: }D
syz-exec-14028 0...2 137052008us : 0: }D
syz-exec-14028 0...2 137052011us : 0: }D
syz-exec-14028 0...2 137052013us : 0: }D
syz-exec-14028 0...2 137052016us : 0: }D
syz-exec-14028 0...2 137052018us : 0: }D
syz-exec-14028 0...2 137052021us : 0: }D
syz-exec-14028 0...2 137052024us : 0: }D
syz-exec-14028 0...2 137052026us : 0: }D
syz-exec-14028 0...2 137052029us : 0: }D
syz-exec-14028 0...2 137052031us : 0: }D
syz-exec-14028 0...2 137052034us : 0: }D
syz-exec-14028 0...2 137052036us : 0: }D
syz-exec-14028 0...2 137052039us : 0: }D
syz-exec-14028 0...2 137052041us : 0: }D
syz-exec-14028 0...2 137052043us : 0: }D
syz-exec-14028 0...2 137052046us : 0: }D
syz-exec-14028 0...2 137052048us : 0: }D
syz-exec-14028 0...2 137052051us : 0: }D
syz-exec-14028 0...2 137052053us : 0: }D
syz-exec-14028 0...2 137052056us : 0: }D
syz-exec-14028 0...2 137052058us : 0: }D
syz-exec-14028 0...2 137052061us : 0: }D
syz-exec-14028 0...2 137052065us : 0: }D
syz-exec-14028 0...2 137052068us : 0: }D
syz-exec-14028 0...2 137052070us : 0: }D
syz-exec-14028 0...2 137052073us : 0: }D
syz-exec-14028 0...2 137052075us : 0: }D
syz-exec-14028 0...2 137052078us : 0: }D
syz-exec-14028 0...2 137052081us : 0: }D
syz-exec-14028 0...2 137052083us : 0: }D
syz-exec-14028 0...2 137052086us : 0: }D
syz-exec-14028 0...2 137052088us : 0: }D
syz-exec-14028 0...2 137052090us : 0: }D
syz-exec-14028 0...2 137052092us : 0: }D
syz-exec-14028 0...2 137052095us : 0: }D
syz-exec-14028 0...2 137052097us : 0: }D
syz-exec-14028 0...2 137052099us : 0: }D
syz-exec-14028 0...2 137052102us : 0: }D
syz-exec-14028 0...2 137052104us : 0: }D
syz-exec-14028 0...2 137052106us : 0: }D
syz-exec-14028 0...2 137052109us : 0: }D
syz-exec-14028 0...2 137052111us : 0: }D
syz-exec-14028 0...2 137052114us : 0: }D
syz-exec-14028 0...2 137052116us : 0: }D
syz-exec-14028 0...2 137052119us : 0: }D
syz-exec-14028 0...2 137052121us : 0: }D
syz-exec-14028 0...2 137052124us : 0: }D
syz-exec-14028 0...2 137052126us : 0: }D
syz-exec-14028 0...2 137052129us : 0: }D
syz-exec-14028 0...2 137052132us : 0: }D
syz-exec-14028 0...2 137052135us : 0: }D
syz-exec-14028 0...2 137052138us : 0: }D
syz-exec-14028 0...2 137052141us : 0: }D
syz-exec-14028 0...2 137052144us : 0: }D
syz-exec-14028 0...2 137052147us : 0: }D
syz-exec-14028 0...2 137052150us : 0: }D
syz-exec-14028 0...2 137052153us : 0: }D
syz-exec-14028 0...2 137052156us : 0: }D
syz-exec-14028 0...2 137052164us : 0: }D
syz-exec-14028 0...2 137052167us : 0: }D
syz-exec-14028 0...2 137052170us : 0: }D
syz-exec-14028 0...2 137052173us : 0: }D
syz-exec-14028 0...2 137052175us : 0: }D
syz-exec-14028 0...2 137052178us : 0: }D
syz-exec-14028 0...2 137052181us : 0: }D
syz-exec-14028 0...2 137052184us : 0: }D
syz-exec-14028 0...2 137052187us : 0: }D
syz-exec-14028 0...2 137052190us : 0: }D
syz-exec-14028 0...2 137052193us : 0: }D
syz-exec-14028 0...2 137052196us : 0: }D
syz-exec-14028 0...2 137052198us : 0: }D
syz-exec-14028 0...2 137052201us : 0: }D
syz-exec-14028 0...2 137052204us : 0: }D
syz-exec-14028 0...2 137052206us : 0: }D
syz-exec-14028 0...2 137052208us : 0: }D
syz-exec-14028 0...2 137052212us : 0: }D
syz-exec-14028 0...2 137052214us : 0: }D
syz-exec-14028 0...2 137052217us : 0: }D
syz-exec-14028 0...2 137052220us : 0: }D
syz-exec-14028 0...2 137052223us : 0: }D
syz-exec-14028 0...2 137052226us : 0: }D
syz-exec-14028 0...2 137052228us : 0: }D
syz-exec-14028 0...2 137052231us : 0: }D
syz-exec-14028 0...2 137052267us : 0: }D
syz-exec-14028 0...2 137052271us : 0: }D
syz-exec-14028 0...2 137052273us : 0: }D
syz-exec-14028 0...2 137052277us : 0: }D
syz-exec-14028 0...2 137052280us : 0: }D
syz-exec-14028 0...2 137052283us : 0: }D
syz-exec-14028 0...2 137052286us : 0: }D
syz-exec-14028 0...2 137052289us : 0: }D
syz-exec-14028 0...2 137052292us : 0: }D
syz-exec-14028 0...2 137052295us : 0: }D
syz-exec-14028 0...2 137052298us : 0: }D
syz-exec-14028 0...2 137052301us : 0: }D
syz-exec-14028 0...2 137052304us : 0: }D
syz-exec-14028 0...2 137052307us : 0: }D
syz-exec-14028 0...2 137052311us : 0: }D
syz-exec-14028 0...2 137052314us : 0: }D
syz-exec-14028 0...2 137052317us : 0: }D
syz-exec-14028 0...2 137052320us : 0: }D
syz-exec-14028 0...2 137052323us : 0: }D
syz-exec-14028 0...2 137052326us : 0: }D
syz-exec-14028 0...2 137052329us : 0: }D
syz-exec-14028 0...2 137052332us : 0: }D
syz-exec-14028 0...2 137052334us : 0: }D
syz-exec-14028 0...2 137052337us : 0: }D
syz-exec-14028 0...2 137052341us : 0: }D
syz-exec-14028 0...2 137052344us : 0: }D
syz-exec-14028 0...2 137052347us : 0: }D
syz-exec-14028 0...2 137052349us : 0: }D
syz-exec-14028 0...2 137052353us : 0: }D
syz-exec-14028 0...2 137052355us : 0: }D
syz-exec-14028 0...2 137052358us : 0: }D
syz-exec-14028 0...2 137052361us : 0: }D
syz-exec-14028 0...2 137052364us : 0: }D
syz-exec-14028 0...2 137052367us : 0: }D
syz-exec-14028 0...2 137052370us : 0: }D
syz-exec-14028 0...2 137052373us : 0: }D
syz-exec-14028 0...2 137052376us : 0: }D
syz-exec-14028 0...2 137052379us : 0: }D
syz-exec-14028 0...2 137052382us : 0: }D
syz-exec-14028 0...2 137052385us : 0: }D
syz-exec-14028 0...2 137052388us : 0: }D
syz-exec-14028 0...2 137052391us : 0: }D
syz-exec-14028 0...2 137052393us : 0: }D
syz-exec-14028 0...2 137052396us : 0: }D
syz-exec-14028 0...2 137052398us : 0: }D
syz-exec-14028 0...2 137052401us : 0: }D
syz-exec-14028 0...2 137052403us : 0: }D
syz-exec-14028 0...2 137052405us : 0: }D
syz-exec-14028 0...2 137052408us : 0: }D
syz-exec-14028 0...2 137052410us : 0: }D
syz-exec-14028 0...2 137052412us : 0: }D
syz-exec-14028 0...2 137052415us : 0: }D
syz-exec-14028 0...2 137052418us : 0: }D
syz-exec-14028 0...2 137052420us : 0: }D
syz-exec-14028 0...2 137052423us : 0: }D
syz-exec-14028 0...2 137052425us : 0: }D
syz-exec-14028 0...2 137052428us : 0: }D
syz-exec-14028 0...2 137052431us : 0: }D
syz-exec-14028 0...2 137052434us : 0: }D
syz-exec-14028 0...2 137052437us : 0: }D
syz-exec-14028 0...2 137052439us : 0: }D
syz-exec-14028 0...2 137052442us : 0: }D
syz-exec-14028 0...2 137052445us : 0: }D
syz-exec-14028 0...2 137052448us : 0: }D
syz-exec-14028 0...2 137052451us : 0: }D
syz-exec-14028 0...2 137052453us : 0: }D
syz-exec-14028 0...2 137052456us : 0: }D
syz-exec-14028 0...2 137052459us : 0: }D
syz-exec-14028 0...2 137052461us : 0: }D
syz-exec-14028 0...2 137052464us : 0: }D
syz-exec-14028 0...2 137052467us : 0: }D
syz-exec-14028 0...2 137052470us : 0: }D
syz-exec-14028 0...2 137052472us : 0: }D
syz-exec-14028 0...2 137052475us : 0: }D
syz-exec-14028 0...2 137052478us : 0: }D
syz-exec-14028 0...2 137052481us : 0: }D
syz-exec-14028 0...2 137052483us : 0: }D
syz-exec-14028 0...2 137052486us : 0: }D
syz-exec-14028 0...2 137052489us : 0: }D
syz-exec-14028 0...2 137052491us : 0: }D
syz-exec-14028 0...2 137052494us : 0: }D
syz-exec-14028 0...2 137052497us : 0: }D
syz-exec-14028 0...2 137052500us : 0: }D
syz-exec-14028 0...2 137052503us : 0: }D
syz-exec-14028 0...2 137052506us : 0: }D
syz-exec-14028 0...2 137052509us : 0: }D
syz-exec-14028 0...2 137052511us : 0: }D
syz-exec-14028 0...2 137052514us : 0: }D
syz-exec-14028 0...2 137052517us : 0: }D
syz-exec-14028 0...2 137052520us : 0: }D
syz-exec-14028 0...2 137052523us : 0: }D
syz-exec-14028 0...2 137052525us : 0: }D
syz-exec-14028 0...2 137052529us : 0: }D
syz-exec-14028 0.N.2 137052571us : 0: }D
syz-exec-14028 0...2 137059783us : 0: }D
syz-exec-14028 0...2 137059790us : 0: }D
syz-exec-14028 0...2 137059793us : 0: }D
syz-exec-14028 0...2 137059796us : 0: }D
syz-exec-14028 0...2 137059799us : 0: }D
syz-exec-14028 0...2 137059803us : 0: }D
syz-exec-14028 0...2 137059806us : 0: }D
syz-exec-14028 0...2 137059809us : 0: }D
syz-exec-14028 0...2 137059812us : 0: }D
syz-exec-14028 0...2 137059816us : 0: }D
syz-exec-14028 0...2 137059819us : 0: }D
syz-exec-14028 0...2 137059823us : 0: }D
syz-exec-14028 0...2 137059826us : 0: }D
syz-exec-14028 0...2 137059829us : 0: }D
syz-exec-14028 0...2 137059832us : 0: }D
syz-exec-14028 0...2 137059837us : 0: }D
syz-exec-14028 0...2 137059840us : 0: }D
syz-exec-14028 0...2 137059843us : 0: }D
syz-exec-14028 0...2 137059846us : 0: }D
syz-exec-14028 0...2 137059849us : 0: }D
syz-exec-14028 0...2 137059852us : 0: }D
syz-exec-14028 0...2 137059855us : 0: }D
syz-exec-14028 0...2 137059858us : 0: }D
syz-exec-14028 0...2 137059861us : 0: }D
syz-exec-14028 0...2 137059864us : 0: }D
syz-exec-14028 0...2 137059867us : 0: }D
syz-exec-14028 0...2 137059870us : 0: }D
syz-exec-14028 0...2 137059873us : 0: }D
syz-exec-14028 0...2 137059876us : 0: }D
syz-exec-14028 0...2 137059878us : 0: }D
syz-exec-14028 0...2 137059881us : 0: }D
syz-exec-14028 0...2 137059884us : 0: }D
syz-exec-14028 0...2 137059887us : 0: }D
syz-exec-14028 0...2 137059890us : 0: }D
syz-exec-14028 0...2 137059893us : 0: }D
syz-exec-14028 0...2 137059895us : 0: }D
syz-exec-14028 0...2 137059898us : 0: }D
syz-exec-14028 0...2 137059900us : 0: }D
syz-exec-14028 0...2 137059902us : 0: }D
syz-exec-14028 0...2 137059905us : 0: }D
syz-exec-14028 0...2 137059908us : 0: }D
syz-exec-14028 0...2 137059911us : 0: }D
syz-exec-14028 0...2 137059914us : 0: }D
syz-exec-14028 0...2 137059917us : 0: }D
syz-exec-14028 0...2 137059919us : 0: }D
syz-exec-14028 0...2 137059922us : 0: }D
syz-exec-14028 0...2 137059924us : 0: }D
syz-exec-14028 0...2 137059926us : 0: }D
syz-exec-14028 0...2 137059929us : 0: }D
syz-exec-14028 0...2 137059931us : 0: }D
syz-exec-14028 0...2 137059934us : 0: }D
syz-exec-14028 0...2 137059937us : 0: }D
syz-exec-14028 0...2 137059940us : 0: }D
syz-exec-14028 0...2 137059943us : 0: }D
syz-exec-14028 0...2 137059945us : 0: }D
syz-exec-14028 0...2 137059948us : 0: }D
syz-exec-14028 0...2 137059951us : 0: }D
syz-exec-14028 0...2 137059954us : 0: }D
syz-exec-14028 0...2 137059957us : 0: }D
syz-exec-14028 0...2 137059960us : 0: }D
syz-exec-14028 0...2 137059963us : 0: }D
syz-exec-14028 0...2 137059966us : 0: }D
syz-exec-14028 0...2 137059969us : 0: }D
syz-exec-14028 0...2 137059972us : 0: }D
syz-exec-14028 0...2 137059975us : 0: }D
syz-exec-14028 0...2 137059978us : 0: }D
syz-exec-14028 0...2 137059980us : 0: }D
syz-exec-14028 0...2 137059983us : 0: }D
syz-exec-14028 0...2 137059986us : 0: }D
syz-exec-14028 0...2 137059989us : 0: }D
syz-exec-14028 0...2 137059992us : 0: }D
syz-exec-14028 0...2 137059995us : 0: }D
syz-exec-14028 0...2 137059998us : 0: }D
syz-exec-14028 0...2 137060001us : 0: }D
syz-exec-14028 0...2 137060004us : 0: }D
syz-exec-14028 0...2 137060006us : 0: }D
syz-exec-14028 0...2 137060009us : 0: }D
syz-exec-14028 0...2 137060012us : 0: }D
syz-exec-14028 0...2 137060015us : 0: }D
syz-exec-14028 0...2 137060018us : 0: }D
syz-exec-14028 0...2 137060021us : 0: }D
syz-exec-14028 0...2 137060023us : 0: }D
syz-exec-14028 0...2 137060026us : 0: }D
syz-exec-14028 0...2 137060029us : 0: }D
syz-exec-14028 0...2 137060032us : 0: }D
syz-exec-14028 0...2 137060035us : 0: }D
syz-exec-14028 0...2 137060037us : 0: }D
syz-exec-14028 0...2 137060040us : 0: }D
syz-exec-14028 0...2 137060043us : 0: }D
syz-exec-14028 0...2 137060046us : 0: }D
syz-exec-14028 0...2 137060049us : 0: }D
syz-exec-14028 0...2 137060052us : 0: }D
syz-exec-14028 0...2 137060055us : 0: }D
syz-exec-14028 0...2 137060058us : 0: }D
syz-exec-14028 0...2 137060060us : 0: }D
syz-exec-14028 0...2 137060063us : 0: }D
syz-exec-14028 0...2 137060066us : 0: }D
syz-exec-14028 0...2 137060069us : 0: }D
syz-exec-14028 0...2 137060072us : 0: }D
syz-exec-14028 0...2 137060075us : 0: }D
syz-exec-14028 0...2 137060078us : 0: }D
syz-exec-14028 0...2 137060081us : 0: }D
syz-exec-14028 0...2 137060084us : 0: }D
syz-exec-14028 0...2 137060087us : 0: }D
syz-exec-14028 0...2 137060089us : 0: }D
syz-exec-14028 0...2 137060092us : 0: }D
syz-exec-14049 0...2 137068365us : 0: }D
syz-exec-14049 0...2 137068371us : 0: }D
syz-exec-14049 0...2 137068375us : 0: }D
syz-exec-14049 0...2 137068378us : 0: }D
syz-exec-14049 0...2 137068381us : 0: }D
syz-exec-14049 0...2 137068384us : 0: }D
syz-exec-14049 0...2 137068388us : 0: }D
syz-exec-14049 0...2 137068390us : 0: }D
syz-exec-14049 0...2 137068393us : 0: }D
syz-exec-14049 0...2 137068397us : 0: }D
syz-exec-14049 0...2 137068399us : 0: }D
syz-exec-14049 0...2 137068402us : 0: }D
syz-exec-14049 0...2 137068405us : 0: }D
syz-exec-14049 0.N.2 137068434us : 0: }D
syz-exec-14049 0...2 137068468us : 0: }D
syz-exec-14049 0...2 137068471us : 0: }D
syz-exec-14049 0...2 137068475us : 0: }D
syz-exec-14049 0...2 137068478us : 0: }D
syz-exec-14049 0...2 137068481us : 0: }D
syz-exec-14049 0...2 137068484us : 0: }D
syz-exec-14049 0...2 137068487us : 0: }D
syz-exec-14049 0...2 137068490us : 0: }D
syz-exec-14049 0...2 137068493us : 0: }D
syz-exec-14049 0...2 137068497us : 0: }D
syz-exec-14049 0...2 137068500us : 0: }D
syz-exec-14049 0...2 137068502us : 0: }D
syz-exec-14049 0...2 137068506us : 0: }D
syz-exec-14049 0...2 137068509us : 0: }D
syz-exec-14049 0...2 137068512us : 0: }D
syz-exec-14049 0...2 137068515us : 0: }D
syz-exec-14049 0...2 137068518us : 0: }D
syz-exec-14049 0...2 137068521us : 0: }D
syz-exec-14049 0...2 137068524us : 0: }D
syz-exec-14049 0...2 137068527us : 0: }D
syz-exec-14049 0...2 137068531us : 0: }D
syz-exec-14049 0...2 137068533us : 0: }D
syz-exec-14049 0...2 137068536us : 0: }D
syz-exec-14049 0...2 137068540us : 0: }D
syz-exec-14049 0...2 137068543us : 0: }D
syz-exec-14049 0...2 137068546us : 0: }D
syz-exec-14049 0...2 137068549us : 0: }D
syz-exec-14049 0...2 137068552us : 0: }D
syz-exec-14049 0...2 137068555us : 0: }D
syz-exec-14049 0...2 137068558us : 0: }D
syz-exec-14049 0...2 137068561us : 0: }D
syz-exec-14049 0...2 137068565us : 0: }D
syz-exec-14049 0...2 137068568us : 0: }D
syz-exec-14049 0...2 137068570us : 0: }D
syz-exec-14049 0...2 137068574us : 0: }D
syz-exec-14049 0...2 137068577us : 0: }D
syz-exec-14049 0...2 137068580us : 0: }D
syz-exec-14049 0...2 137068583us : 0: }D
syz-exec-14049 0...2 137068587us : 0: }D
syz-exec-14049 0...2 137068590us : 0: }D
syz-exec-14049 0...2 137068592us : 0: }D
syz-exec-14049 0...2 137068596us : 0: }D
syz-exec-14049 0...2 137068599us : 0: }D
syz-exec-14049 0...2 137068602us : 0: }D
syz-exec-14049 0...2 137068605us : 0: }D
syz-exec-14049 0...2 137068609us : 0: }D
syz-exec-14049 0...2 137068612us : 0: }D
syz-exec-14049 0...2 137068614us : 0: }D
syz-exec-14049 0...2 137068617us : 0: }D
syz-exec-14049 0...2 137068621us : 0: }D
syz-exec-14049 0...2 137068624us : 0: }D
syz-exec-14049 0...2 137068627us : 0: }D
syz-exec-14049 0...2 137068630us : 0: }D
syz-exec-14049 0...2 137068632us : 0: }D
syz-exec-14049 0...2 137068635us : 0: }D
syz-exec-14049 0...2 137068638us : 0: }D
syz-exec-14049 0...2 137068641us : 0: }D
syz-exec-14049 0...2 137068644us : 0: }D
syz-exec-14049 0...2 137068647us : 0: }D
syz-exec-14049 0...2 137068650us : 0: }D
syz-exec-14049 0...2 137068653us : 0: }D
syz-exec-14049 0...2 137068656us : 0: }D
syz-exec-14049 0...2 137068658us : 0: }D
syz-exec-14049 0...2 137068661us : 0: }D
syz-exec-14049 0...2 137068664us : 0: }D
syz-exec-14049 0...2 137068669us : 0: }D
syz-exec-14049 0...2 137068672us : 0: }D
syz-exec-14049 0...2 137068675us : 0: }D
syz-exec-14049 0...2 137068678us : 0: }D
syz-exec-14049 0...2 137068681us : 0: }D
syz-exec-14049 0...2 137068684us : 0: }D
syz-exec-14049 0...2 137068686us : 0: }D
syz-exec-14049 0...2 137068689us : 0: }D
syz-exec-14049 0...2 137068692us : 0: }D
syz-exec-14049 0...2 137068695us : 0: }D
syz-exec-14049 0...2 137068698us : 0: }D
syz-exec-14049 0...2 137068701us : 0: }D
syz-exec-14049 0...2 137068704us : 0: }D
syz-exec-14049 0...2 137068707us : 0: }D
syz-exec-14049 0...2 137068710us : 0: }D
syz-exec-14049 0...2 137068713us : 0: }D
syz-exec-14049 0...2 137068716us : 0: }D
syz-exec-14049 0...2 137068719us : 0: }D
syz-exec-14049 0...2 137068721us : 0: }D
syz-exec-14049 0...2 137068724us : 0: }D
syz-exec-14049 0...2 137068727us : 0: }D
syz-exec-14049 0...2 137068730us : 0: }D
syz-exec-14049 0...2 137068733us : 0: }D
syz-exec-14049 0...2 137068736us : 0: }D
syz-exec-14049 0...2 137068739us : 0: }D
syz-exec-14049 0...2 137068742us : 0: }D
syz-exec-14049 0...2 137068744us : 0: }D
syz-exec-14049 0...2 137068747us : 0: }D
syz-exec-14049 0...2 137068750us : 0: }D
syz-exec-14049 0...2 137068753us : 0: }D
syz-exec-14049 0...2 137068756us : 0: }D
syz-exec-14049 0...2 137068759us : 0: }D
syz-exec-14049 0...2 137068762us : 0: }D
syz-exec-14049 0...2 137068765us : 0: }D
syz-exec-14049 0...2 137068768us : 0: }D
syz-exec-14049 0...2 137068770us : 0: }D
syz-exec-14049 0...2 137068773us : 0: }D
syz-exec-14049 0...2 137068776us : 0: }D
syz-exec-14049 0...2 137068779us : 0: }D
syz-exec-14049 0...2 137068782us : 0: }D
syz-exec-14049 0...2 137068785us : 0: }D
syz-exec-14049 0...2 137068788us : 0: }D
syz-exec-14049 0...2 137068791us : 0: }D
syz-exec-14049 0...2 137068794us : 0: }D
syz-exec-14049 0...2 137068797us : 0: }D
syz-exec-14049 0...2 137068800us : 0: }D
syz-exec-14049 0...2 137068803us : 0: }D
syz-exec-14049 0...2 137068806us : 0: }D
syz-exec-14049 0...2 137068809us : 0: }D
syz-exec-14049 0...2 137068811us : 0: }D
syz-exec-14049 0...2 137068814us : 0: }D
syz-exec-14049 0...2 137068817us : 0: }D
syz-exec-14049 0...2 137068820us : 0: }D
syz-exec-14049 0...2 137068823us : 0: }D
syz-exec-14049 0...2 137068826us : 0: }D
syz-exec-14049 0...2 137068829us : 0: }D
syz-exec-14049 0...2 137068831us : 0: }D
syz-exec-14049 0...2 137068834us : 0: }D
syz-exec-14049 0...2 137068837us : 0: }D
syz-exec-14049 0...2 137068840us : 0: }D
syz-exec-14049 0...2 137068843us : 0: }D
syz-exec-14049 0...2 137068846us : 0: }D
syz-exec-14049 0...2 137068849us : 0: }D
syz-exec-14049 0...2 137068852us : 0: }D
syz-exec-14049 0...2 137068855us : 0: }D
syz-exec-14049 0...2 137068857us : 0: }D
syz-exec-14049 0...2 137068861us : 0: }D
syz-exec-14049 0...2 137068863us : 0: }D
syz-exec-14049 0...2 137068866us : 0: }D
syz-exec-14049 0...2 137068869us : 0: }D
syz-exec-14049 0...2 137068872us : 0: }D
syz-exec-14049 0...2 137068875us : 0: }D
syz-exec-14049 0...2 137068878us : 0: }D
syz-exec-14049 0...2 137068881us : 0: }D
syz-exec-14049 0...2 137068884us : 0: }D
syz-exec-14049 0...2 137068887us : 0: }D
syz-exec-14049 0...2 137068890us : 0: }D
syz-exec-14049 0...2 137068893us : 0: }D
syz-exec-14049 0...2 137068896us : 0: }D
syz-exec-14049 0...2 137068899us : 0: }D
syz-exec-14049 0...2 137068902us : 0: }D
syz-exec-14049 0...2 137068905us : 0: }D
syz-exec-14049 0...2 137068908us : 0: }D
syz-exec-14049 0...2 137068911us : 0: }D
syz-exec-14049 0...2 137068914us : 0: }D
syz-exec-14049 0...2 137068917us : 0: }D
syz-exec-14049 0...2 137068920us : 0: }D
syz-exec-14049 0...2 137068922us : 0: }D
syz-exec-14049 0...2 137068925us : 0: }D
syz-exec-14049 0...2 137068928us : 0: }D
syz-exec-14049 0...2 137068931us : 0: }D
syz-exec-14049 0...2 137068934us : 0: }D
syz-exec-14049 0...2 137068937us : 0: }D
syz-exec-14049 0...2 137068940us : 0: }D
syz-exec-14049 0...2 137068943us : 0: }D
syz-exec-14049 0...2 137068946us : 0: }D
syz-exec-14049 0...2 137068949us : 0: }D
syz-exec-14049 0...2 137068952us : 0: }D
syz-exec-14049 0...2 137068955us : 0: }D
syz-exec-14049 0...2 137068958us : 0: }D
syz-exec-14049 0...2 137068961us : 0: }D
syz-exec-14049 0...2 137068963us : 0: }D
syz-exec-14049 0...2 137068966us : 0: }D
syz-exec-14049 0...2 137068969us : 0: }D
syz-exec-14049 0...2 137068972us : 0: }D
syz-exec-14049 0...2 137068975us : 0: }D
syz-exec-14049 0...2 137068978us : 0: }D
syz-exec-14049 0...2 137068981us : 0: }D
syz-exec-14049 0...2 137068984us : 0: }D
syz-exec-14049 0...2 137068987us : 0: }D
syz-exec-14049 0...2 137068990us : 0: }D
syz-exec-14049 0...2 137068993us : 0: }D
syz-exec-

---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.

syzbot

unread,

Jun 22, 2018, 3:35:02 AM6/22/18

to a...@kernel.org, dan...@iogearbox.net, linux-...@vger.kernel.org, net...@vger.kernel.org, syzkall...@googlegroups.com

syzbot has found a reproducer for the following crash on:

HEAD commit: f0dc7f9c6dd9 Merge git://git.kernel.org/pub/scm/linux/kern..
git tree: bpf-next
console output: https://syzkaller.appspot.com/x/log.txt?x=1609ed08400000
kernel config: https://syzkaller.appspot.com/x/.config?x=fa9c20c48788d1c1

dashboard link: https://syzkaller.appspot.com/bug?extid=d464d2c20c717ef5a6a8
compiler: gcc (GCC) 8.0.1 20180413 (experimental)

syzkaller repro:https://syzkaller.appspot.com/x/repro.syz?x=10a53fbf800000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11d27aa0400000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+d464d2...@syzkaller.appspotmail.com

random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
device lo entered promiscuous mode

------------[ cut here ]------------
refcount_t: underflow; use-after-free.

WARNING: CPU: 0 PID: 4505 at lib/refcount.c:187

refcount_sub_and_test+0x2d3/0x330 lib/refcount.c:187
Kernel panic - not syncing: panic_on_warn set ...

CPU: 0 PID: 4505 Comm: syz-executor540 Not tainted 4.17.0+ #39

Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1b9/0x294 lib/dump_stack.c:113
panic+0x22f/0x4de kernel/panic.c:184
__warn.cold.8+0x163/0x1b3 kernel/panic.c:536
report_bug+0x252/0x2d0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:178 [inline]

do_error_trap+0x1fc/0x4d0 arch/x86/kernel/traps.c:296
do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316

invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:992
RIP: 0010:refcount_sub_and_test+0x2d3/0x330 lib/refcount.c:187

Code: 89 de e8 40 7e 21 fe 84 db 74 07 31 db e9 52 ff ff ff e8 60 7d 21 fe
48 c7 c7 20 4b 1a 88 c6 05 78 64 40 06 01 e8 8d 97 ed fd <0f> 0b 31 db e9
31 ff ff ff 48 8b bd 28 ff ff ff 89 85 34 ff ff ff
RSP: 0018:ffff8801b18b7800 EFLAGS: 00010282
RAX: 0000000000000026 RBX: 0000000000000000 RCX: ffffffff8161907a
RDX: 0000000000000000 RSI: ffffffff8161f371 RDI: ffff8801b18b74d8
RBP: ffff8801b18b78e8 R08: ffff8801b24923c0 R09: 0000000000000006

R10: 0000000000000000 R11: 0000000000000000 R12: 00000000ffffffff

R13: ffff8801b18b78c0 R14: 0000000000000001 R15: ffff8801b318f040

refcount_dec_and_test+0x1a/0x20 lib/refcount.c:212
smap_release_sock+0x6e/0x2f0 kernel/bpf/sockmap.c:1358

sock_hash_ctx_update_elem.isra.24+0x896/0x1560 kernel/bpf/sockmap.c:2281

sock_hash_update_elem+0x14f/0x2d0 kernel/bpf/sockmap.c:2303
map_update_elem+0x5c4/0xc90 kernel/bpf/syscall.c:765
__do_sys_bpf kernel/bpf/syscall.c:2357 [inline]
__se_sys_bpf kernel/bpf/syscall.c:2328 [inline]
__x64_sys_bpf+0x32d/0x510 kernel/bpf/syscall.c:2328

do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x445a69
Code: e8 3c b6 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 db 51 00 00 c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f90f7ac8db8 EFLAGS: 00000293 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00000000006dac94 RCX: 0000000000445a69

RDX: 0000000000000020 RSI: 0000000020000180 RDI: 0000000000000002

RBP: 00000000006dac90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 00007ffc108bd18f R14: 00007f90f7ac99c0 R15: 0000000000000001
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..

John Fastabend

unread,

Jun 22, 2018, 10:32:45 AM6/22/18

to syzbot, a...@kernel.org, dan...@iogearbox.net, syzkall...@googlegroups.com

Looks like a duplicate lets test the latest branch with
fixes to be sure.

#syz test: git://github.com/cilium/linux.git test-fix

syzbot

unread,

Jun 22, 2018, 10:56:03 AM6/22/18

to a...@kernel.org, dan...@iogearbox.net, john.fa...@gmail.com, syzkall...@googlegroups.com

Hello,

syzbot has tested the proposed patch but the reproducer still triggered
crash:
WARNING: refcount bug in smap_release_sock

device lo entered promiscuous mode
device lo entered promiscuous mode
device lo entered promiscuous mode
------------[ cut here ]------------
refcount_t: underflow; use-after-free.

WARNING: CPU: 1 PID: 6932 at lib/refcount.c:187
refcount_sub_and_test+0x2e7/0x350 lib/refcount.c:187

Kernel panic - not syncing: panic_on_warn set ...

CPU: 1 PID: 6932 Comm: syz-executor7 Not tainted 4.17.0+ #1

Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]

dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
panic+0x238/0x4e7 kernel/panic.c:184
__warn.cold.8+0x163/0x1ba kernel/panic.c:536

report_bug+0x252/0x2d0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:178 [inline]
do_error_trap+0x1fc/0x4d0 arch/x86/kernel/traps.c:296
do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:992

RIP: 0010:refcount_sub_and_test+0x2e7/0x350 lib/refcount.c:187
Code: 89 de e8 cc 36 1d fe 84 db 74 07 31 db e9 46 ff ff ff e8 ec 35 1d fe
48 c7 c7 a0 4c 1a 88 c6 05 47 f5 3a 06 01 e8 29 bd e8 fd <0f> 0b 31 db e9
25 ff ff ff 48 8b bd 28 ff ff ff 89 85 34 ff ff ff
RSP: 0018:ffff8801c2db7788 EFLAGS: 00010282
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8162d6a1 RDI: ffff8801c2db7460
RBP: ffff8801c2db7870 R08: ffff8801bc2560c0 R09: 0000000000000006

R10: 0000000000000000 R11: 0000000000000000 R12: 00000000ffffffff

R13: ffff8801c2db7848 R14: 0000000000000001 R15: ffff8801d7d765f4
refcount_dec_and_test+0x1a/0x20 lib/refcount.c:212
smap_release_sock+0x76/0x300 kernel/bpf/sockmap.c:1463
sock_hash_ctx_update_elem.isra.25+0x8cb/0x16a0 kernel/bpf/sockmap.c:2387
sock_hash_update_elem+0x157/0x2f0 kernel/bpf/sockmap.c:2409

do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x455b29
Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7

48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff

ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f0a8a5eec68 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f0a8a5ef6d4 RCX: 0000000000455b29

RDX: 0000000000000020 RSI: 0000000020000180 RDI: 0000000000000002

RBP: 000000000072c000 R08: 0000000000000000 R09: 0000000000000000

R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff

R13: 00000000004bb81b R14: 00000000004c8530 R15: 0000000000000002

Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..

Tested on:

commit: 90d2b83ceb4e bpf: sockhash, add release routine
git tree: git://github.com/cilium/linux.git/test-fix
console output: https://syzkaller.appspot.com/x/log.txt?x=14497d80400000
kernel config: https://syzkaller.appspot.com/x/.config?x=660aff0b5d39557d

syzbot

unread,

Jun 22, 2018, 2:09:03 PM6/22/18

to john.fa...@gmail.com, syzkall...@googlegroups.com

Hello,

syzbot has tested the proposed patch but the reproducer still triggered
crash:
WARNING: refcount bug in smap_release_sock

8021q: adding VLAN 0 to HW filter on device team0
8021q: adding VLAN 0 to HW filter on device team0

device lo entered promiscuous mode
------------[ cut here ]------------
refcount_t: underflow; use-after-free.

WARNING: CPU: 1 PID: 6910 at lib/refcount.c:187

refcount_sub_and_test+0x2e7/0x350 lib/refcount.c:187
Kernel panic - not syncing: panic_on_warn set ...

CPU: 1 PID: 6910 Comm: syz-executor6 Not tainted 4.17.0+ #1

Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
panic+0x238/0x4e7 kernel/panic.c:184
__warn.cold.8+0x163/0x1ba kernel/panic.c:536
report_bug+0x252/0x2d0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:178 [inline]
do_error_trap+0x1fc/0x4d0 arch/x86/kernel/traps.c:296
do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:992
RIP: 0010:refcount_sub_and_test+0x2e7/0x350 lib/refcount.c:187
Code: 89 de e8 cc 36 1d fe 84 db 74 07 31 db e9 46 ff ff ff e8 ec 35 1d fe
48 c7 c7 a0 4c 1a 88 c6 05 47 f5 3a 06 01 e8 29 bd e8 fd <0f> 0b 31 db e9
25 ff ff ff 48 8b bd 28 ff ff ff 89 85 34 ff ff ff

RSP: 0018:ffff8801d92f7788 EFLAGS: 00010282

RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000

RDX: 0000000000000000 RSI: ffffffff8162d6a1 RDI: ffff8801d92f7460
RBP: ffff8801d92f7870 R08: ffff8801d85460c0 R09: 0000000000000006

R10: 0000000000000000 R11: 0000000000000000 R12: 00000000ffffffff

R13: ffff8801d92f7848 R14: 0000000000000001 R15: ffff8801d90abaf4
refcount_dec_and_test+0x1a/0x20 lib/refcount.c:212
smap_release_sock+0x76/0x300 kernel/bpf/sockmap.c:1452
sock_hash_ctx_update_elem.isra.25+0x8cb/0x16a0 kernel/bpf/sockmap.c:2376
sock_hash_update_elem+0x157/0x2f0 kernel/bpf/sockmap.c:2398

map_update_elem+0x5c4/0xc90 kernel/bpf/syscall.c:765
__do_sys_bpf kernel/bpf/syscall.c:2357 [inline]
__se_sys_bpf kernel/bpf/syscall.c:2328 [inline]
__x64_sys_bpf+0x32d/0x510 kernel/bpf/syscall.c:2328
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x455b29
Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00

RSP: 002b:00007fb4adda2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fb4adda36d4 RCX: 0000000000455b29

RDX: 0000000000000020 RSI: 0000000020000180 RDI: 0000000000000002
RBP: 000000000072c000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004bb81b R14: 00000000004c8530 R15: 0000000000000002
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..

Tested on:

commit: 273a6e111393 bpf: sockhash, add release routine
git tree: git://github.com/cilium/linux.git/test-fix
console output: https://syzkaller.appspot.com/x/log.txt?x=1242fd3f800000

John Fastabend

unread,

Jun 29, 2018, 10:01:37 PM6/29/18

to syzbot, syzkall...@googlegroups.com

#syz test: git://github.com/cilium/linux.git test-err-path

syzbot

unread,

Jun 29, 2018, 11:11:03 PM6/29/18

to john.fa...@gmail.com, syzkall...@googlegroups.com

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger
crash:

Reported-and-tested-by:
syzbot+d464d2...@syzkaller.appspotmail.com

Tested on:

commit: f145ac5f99dc bpf: sockmap, error path can not release psoc..
git tree: git://github.com/cilium/linux.git/test-err-path

kernel config: https://syzkaller.appspot.com/x/.config?x=660aff0b5d39557d
compiler: gcc (GCC) 8.0.1 20180413 (experimental)