* general protection fault in find_device
@ 2018-06-18 5:55 syzbot
2018-06-18 7:03 ` Nikolay Borisov
0 siblings, 1 reply; 6+ messages in thread
From: syzbot @ 2018-06-18 5:55 UTC (permalink / raw)
To: clm, dsterba, jbacik, linux-btrfs, linux-kernel, syzkaller-bugs
Hello,
syzbot found the following crash on:
HEAD commit: ce397d215ccd Linux 4.18-rc1
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14e765f8400000
kernel config: https://syzkaller.appspot.com/x/.config?x=f390986c4f7cd566
dashboard link: https://syzkaller.appspot.com/bug?extid=923aa93978c7ad27a9b1
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+923aa93978c7ad27a9b1@syzkaller.appspotmail.com
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
CPU: 0 PID: 14460 Comm: syz-executor5 Not tainted 4.18.0-rc1+ #107
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:find_device+0x94/0x130 fs/btrfs/volumes.c:366
Code: 42 80 3c 28 00 0f 85 9d 00 00 00 48 8b 1b 4c 39 f3 0f 84 86 00 00 00
e8 6a 79 b1 fe 48 8d bb c0 00 00 00 48 89 f8 48 c1 e8 03 <42> 80 3c 28 00
75 70 4c 8b bb c0 00 00 00 4c 89 e6 4c 89 ff e8 f3
RSP: 0018:ffff8801d880ee70 EFLAGS: 00010206
RAX: 0000000000000018 RBX: 0000000000000000 RCX: ffffc9000d8a5000
RDX: 0000000000002d14 RSI: ffffffff82ca3136 RDI: 00000000000000c0
RBP: ffff8801d880eea8 R08: ffff8801abee0240 R09: fffffbfff123dea8
R10: ffff8801d880f178 R11: ffffffff891ef547 R12: 231f7dc339e55e1c
R13: dffffc0000000000 R14: ffff8801d7a65b98 R15: 0000000000000000
FS: 00007faa9dcb2700(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000093002d CR3: 00000001bd208000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
device_list_add+0x230/0x1530 fs/btrfs/volumes.c:771
btrfs_scan_one_device+0x474/0xb00 fs/btrfs/volumes.c:1247
btrfs_mount_root+0x3ae/0x1e90 fs/btrfs/super.c:1542
mount_fs+0xae/0x328 fs/super.c:1277
vfs_kern_mount.part.34+0xdc/0x4e0 fs/namespace.c:1037
vfs_kern_mount+0x40/0x60 fs/namespace.c:1027
btrfs_mount+0x4a9/0x215e fs/btrfs/super.c:1661
mount_fs+0xae/0x328 fs/super.c:1277
vfs_kern_mount.part.34+0xdc/0x4e0 fs/namespace.c:1037
vfs_kern_mount fs/namespace.c:1027 [inline]
do_new_mount fs/namespace.c:2518 [inline]
do_mount+0x581/0x30e0 fs/namespace.c:2848
ksys_mount+0x12d/0x140 fs/namespace.c:3064
__do_sys_mount fs/namespace.c:3078 [inline]
__se_sys_mount fs/namespace.c:3075 [inline]
__x64_sys_mount+0xbe/0x150 fs/namespace.c:3075
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45855a
Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e 0f
1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff
ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00
RSP: 002b:00007faa9dcb1a88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000020000428 RCX: 000000000045855a
RDX: 00007faa9dcb1ad0 RSI: 00000000200000c0 RDI: 00007faa9dcb1af0
RBP: 0000000000000001 R08: 00007faa9dcb1b30 R09: 00007faa9dcb1ad0
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000013
R13: 0000000000000001 R14: 00000000004d2d78 R15: 0000000000000000
Modules linked in:
Dumping ftrace buffer:
---------------------------------
syz-exec-17250 0...2 227741094us : 0: }D
syz-exec-17250 0...2 227741101us : 0: }D
syz-exec-17250 0...2 227741106us : 0: }D
syz-exec-17250 0...2 227741109us : 0: }D
syz-exec-17250 0...2 227741112us : 0: }D
syz-exec-17250 0...2 227741115us : 0: }D
syz-exec-17250 0...2 227741119us : 0: }D
syz-exec-17250 0...2 227741122us : 0: }D
syz-exec-17250 0...2 227741125us : 0: }D
syz-exec-17250 0...2 227741128us : 0: }D
syz-exec-17250 0...2 227741131us : 0: }D
syz-exec-17250 0...2 227741133us : 0: }D
syz-exec-17250 0...2 227741135us : 0: }D
syz-exec-17250 0...2 227741139us : 0: }D
syz-exec-17250 0...2 227741141us : 0: }D
syz-exec-17250 0...2 227741143us : 0: }D
syz-exec-17250 0...2 227741148us : 0: }D
syz-exec-17250 0...2 227741150us : 0: }D
syz-exec-17250 0...2 227741153us : 0: }D
syz-exec-17250 0...2 227741155us : 0: }D
syz-exec-17250 0...2 227741158us : 0: }D
syz-exec-17250 0...2 227741161us : 0: }D
syz-exec-17250 0...2 227741163us : 0: }D
syz-exec-17250 0...2 227741166us : 0: }D
syz-exec-17250 0...2 227741168us : 0: }D
syz-exec-17250 0...2 227741171us : 0: }D
syz-exec-17250 0...2 227741173us : 0: }D
syz-exec-17250 0...2 227741176us : 0: }D
syz-exec-17250 0...2 227741179us : 0: }D
syz-exec-17250 0...2 227741181us : 0: }D
syz-exec-17250 0...2 227741184us : 0: }D
syz-exec-17250 0...2 227741187us : 0: }D
syz-exec-17250 0...2 227741189us : 0: }D
syz-exec-17250 0...2 227741192us : 0: }D
syz-exec-17250 0...2 227741195us : 0: }D
syz-exec-17250 0...2 227741198us : 0: }D
syz-exec-17250 0...2 227741200us : 0: }D
syz-exec-17250 0...2 227741202us : 0: }D
syz-exec-17250 0...2 227741205us : 0: }D
syz-exec-17250 0...2 227741207us : 0: }D
syz-exec-17250 0...2 227741210us : 0: }D
syz-exec-17250 0...2 227741213us : 0: }D
syz-exec-17250 0...2 227741215us : 0: }D
syz-exec-17250 0...2 227741218us : 0: }D
syz-exec-17250 0...2 227741221us : 0: }D
syz-exec-17250 0...2 227741223us : 0: }D
syz-exec-17250 0...2 227741226us : 0: }D
syz-exec-17250 0...2 227741228us : 0: }D
syz-exec-17250 0...2 227741231us : 0: }D
syz-exec-17250 0...2 227741234us : 0: }D
syz-exec-17250 0...2 227741236us : 0: }D
syz-exec-17250 0...2 227741239us : 0: }D
syz-exec-17250 0...2 227741242us : 0: }D
syz-exec-17250 0...2 227741244us : 0: }D
syz-exec-17250 0...2 227741247us : 0: }D
syz-exec-17250 0...2 227741249us : 0: }D
syz-exec-17250 0...2 227741252us : 0: }D
syz-exec-17250 0...2 227741254us : 0: }D
syz-exec-17250 0...2 227741257us : 0: }D
syz-exec-17250 0...2 227741259us : 0: }D
syz-exec-17250 0...2 227741261us : 0: }D
syz-exec-17250 0...2 227741263us : 0: }D
syz-exec-17250 0...2 227741265us : 0: }D
syz-exec-17250 0...2 227741268us : 0: }D
syz-exec-17250 0...2 227741271us : 0: }D
syz-exec-17250 0...2 227741273us : 0: }D
syz-exec-17250 0...2 227741276us : 0: }D
syz-exec-17250 0...2 227741279us : 0: }D
syz-exec-17250 0...2 227741282us : 0: }D
syz-exec-17250 0...2 227741285us : 0: }D
syz-exec-17250 0...2 227741287us : 0: }D
syz-exec-17250 0...2 227741290us : 0: }D
syz-exec-17250 0...2 227741292us : 0: }D
syz-exec-17250 0...2 227741295us : 0: }D
syz-exec-17250 0...2 227741298us : 0: }D
syz-exec-17250 0...2 227741300us : 0: }D
syz-exec-17250 0...2 227741303us : 0: }D
syz-exec-17250 0...2 227741306us : 0: }D
syz-exec-17250 0...2 227741309us : 0: }D
syz-exec-17250 0...2 227741311us : 0: }D
syz-exec-17250 0...2 227741313us : 0: }D
syz-exec-17250 0...2 227741316us : 0: }D
syz-exec-17250 0...2 227741319us : 0: }D
syz-exec-17250 0...2 227741321us : 0: }D
syz-exec-17250 0...2 227741324us : 0: }D
syz-exec-17250 0...2 227741326us : 0: }D
syz-exec-17250 0...2 227741329us : 0: }D
syz-exec-17250 0...2 227741332us : 0: }D
syz-exec-17250 0...2 227741335us : 0: }D
syz-exec-17250 0...2 227741337us : 0: }D
syz-exec-17250 0...2 227741339us : 0: }D
syz-exec-17250 0...2 227741341us : 0: }D
syz-exec-17250 0...2 227741344us : 0: }D
syz-exec-17250 0...2 227741346us : 0: }D
syz-exec-17250 0...2 227741349us : 0: }D
syz-exec-17250 0...2 227741351us : 0: }D
syz-exec-17250 0...2 227741354us : 0: }D
syz-exec-17250 0...2 227741356us : 0: }D
syz-exec-17250 0...2 227741358us : 0: }D
syz-exec-17250 0...2 227741361us : 0: }D
syz-exec-17250 0...2 227741364us : 0: }D
syz-exec-17250 0...2 227741366us : 0: }D
syz-exec-17250 0...2 227741369us : 0: }D
syz-exec-17250 0...2 227741372us : 0: }D
syz-exec-17250 0...2 227741374us : 0: }D
syz-exec-17250 0...2 227741377us : 0: }D
syz-exec-17250 0...2 227741380us : 0: }D
syz-exec-17250 0...2 227741383us : 0: }D
syz-exec-17250 0...2 227741385us : 0: }D
syz-exec-17250 0...2 227741387us : 0: }D
syz-exec-17250 0...2 227741389us : 0: }D
syz-exec-17250 0...2 227741392us : 0: }D
syz-exec-17250 0...2 227741395us : 0: }D
syz-exec-17250 0...2 227741398us : 0: }D
syz-exec-17250 0...2 227741400us : 0: }D
syz-exec-17250 0...2 227741403us : 0: }D
syz-exec-17250 0...2 227741406us : 0: }D
syz-exec-17250 0...2 227741409us : 0: }D
syz-exec-17250 0...2 227741411us : 0: }D
syz-exec-17250 0...2 227741413us : 0: }D
syz-exec-17250 0...2 227741415us : 0: }D
syz-exec-17250 0...2 227741418us : 0: }D
syz-exec-17250 0...2 227741421us : 0: }D
syz-exec-17250 0...2 227741423us : 0: }D
syz-exec-17250 0...2 227741426us : 0: }D
syz-exec-17250 0...2 227741429us : 0: }D
syz-exec-17250 0...2 227741432us : 0: }D
syz-exec-17250 0...2 227741434us : 0: }D
syz-exec-17250 0...2 227741437us : 0: }D
syz-exec-17250 0...2 227741439us : 0: }D
syz-exec-17250 0...2 227741442us : 0: }D
syz-exec-17250 0...2 227741444us : 0: }D
syz-exec-17250 0...2 227741447us : 0: }D
syz-exec-17250 0...2 227741450us : 0: }D
syz-exec-17250 0...2 227741453us : 0: }D
syz-exec-17250 0...2 227741456us : 0: }D
syz-exec-17250 0...2 227741459us : 0: }D
syz-exec-17250 0...2 227741461us : 0: }D
syz-exec-17250 0...2 227741463us : 0: }D
syz-exec-17250 0...2 227741466us : 0: }D
syz-exec-17250 0...2 227741469us : 0: }D
syz-exec-17250 0...2 227741471us : 0: }D
syz-exec-17250 0...2 227741474us : 0: }D
syz-exec-17250 0...2 227741477us : 0: }D
syz-exec-17250 0...2 227741480us : 0: }D
syz-exec-17250 0...2 227741482us : 0: }D
syz-exec-17250 0...2 227741485us : 0: }D
syz-exec-17250 0...2 227741487us : 0: }D
syz-exec-17250 0...2 227741489us : 0: }D
syz-exec-17250 0...2 227741492us : 0: }D
syz-exec-17250 0...2 227741494us : 0: }D
syz-exec-17250 0...2 227741497us : 0: }D
syz-exec-17250 0...2 227741500us : 0: }D
syz-exec-17250 0...2 227741503us : 0: }D
syz-exec-17250 0...2 227741505us : 0: }D
syz-exec-17250 0...2 227741508us : 0: }D
syz-exec-17250 0...2 227741511us : 0: }D
syz-exec-17250 0...2 227741513us : 0: }D
syz-exec-17250 0...2 227741515us : 0: }D
syz-exec-17250 0...2 227741518us : 0: }D
syz-exec-17250 0...2 227741520us : 0: }D
syz-exec-17250 0...2 227741523us : 0: }D
syz-exec-17250 0...2 227741526us : 0: }D
syz-exec-17250 0...2 227741528us : 0: }D
syz-exec-17250 0...2 227741532us : 0: }D
syz-exec-17250 0...2 227741534us : 0: }D
syz-exec-17250 0...2 227741536us : 0: }D
syz-exec-17250 0...2 227741539us : 0: }D
syz-exec-17250 0...2 227741541us : 0: }D
syz-exec-17250 0...2 227741546us : 0: }D
syz-exec-17250 0...2 227741549us : 0: }D
syz-exec-17250 0...2 227741551us : 0: }D
syz-exec-17250 0...2 227741561us : 0: }D
syz-exec-17250 0...2 227741564us : 0: }D
syz-exec-17250 0...2 227741567us : 0: }D
syz-exec-17250 0...2 227741571us : 0: }D
syz-exec-17250 0...2 227741574us : 0: }D
syz-exec-17250 0...2 227741577us : 0: }D
syz-exec-17250 0...2 227741581us : 0: }D
syz-exec-17250 0...2 227741583us : 0: }D
syz-exec-17250 0...2 227741585us : 0: }D
syz-exec-17250 0.N.2 227741637us : 0: }D
syz-exec-17250 0.N.2 227755585us : 0: }D
syz-exec-17250 0...2 227757920us : 0: }D
syz-exec-17250 0...2 227757927us : 0: }D
syz-exec-17250 0...2 227757931us : 0: }D
syz-exec-17250 0...2 227757934us : 0: }D
syz-exec-17250 0...2 227757936us : 0: }D
syz-exec-17250 0...2 227757941us : 0: }D
syz-exec-17250 0...2 227757944us : 0: }D
syz-exec-17250 0...2 227757946us : 0: }D
syz-exec-17250 0...2 227757949us : 0: }D
syz-exec-17250 0...2 227757953us : 0: }D
syz-exec-17250 0...2 227757956us : 0: }D
syz-exec-17250 0...2 227757958us : 0: }D
syz-exec-17250 0...2 227757962us : 0: }D
syz-exec-17250 0...2 227757965us : 0: }D
syz-exec-17250 0...2 227757968us : 0: }D
syz-exec-17250 0...2 227757970us : 0: }D
syz-exec-17250 0...2 227757974us : 0: }D
syz-exec-17250 0...2 227757977us : 0: }D
syz-exec-17250 0...2 227757979us : 0: }D
syz-exec-17250 0...2 227757982us : 0: }D
syz-exec-17250 0...2 227757986us : 0: }D
syz-exec-17250 0...2 227757988us : 0: }D
syz-exec-17250 0...2 227757991us : 0: }D
syz-exec-17250 0...2 227757995us : 0: }D
syz-exec-17250 0...2 227757998us : 0: }D
syz-exec-17250 0...2 227758000us : 0: }D
syz-exec-17250 0...2 227758002us : 0: }D
syz-exec-17250 0...2 227758006us : 0: }D
syz-exec-17250 0...2 227758008us : 0: }D
syz-exec-17250 0...2 227758011us : 0: }D
syz-exec-17250 0...2 227758013us : 0: }D
syz-exec-17250 0...2 227758016us : 0: }D
syz-exec-17250 0...2 227758018us : 0: }D
syz-exec-17250 0...2 227758021us : 0: }D
syz-exec-17250 0...2 227758023us : 0: }D
syz-exec-17250 0...2 227758026us : 0: }D
syz-exec-17250 0...2 227758029us : 0: }D
syz-exec-17250 0...2 227758031us : 0: }D
syz-exec-17250 0...2 227758034us : 0: }D
syz-exec-17250 0...2 227758035us : 0: }D
syz-exec-17250 0...2 227758037us : 0: }D
syz-exec-17250 0...2 227758040us : 0: }D
syz-exec-17250 0...2 227758042us : 0: }D
syz-exec-17250 0...2 227758044us : 0: }D
syz-exec-17250 0...2 227758047us : 0: }D
syz-exec-17250 0...2 227758049us : 0: }D
syz-exec-17250 0...2 227758052us : 0: }D
syz-exec-17250 0...2 227758054us : 0: }D
syz-exec-17250 0...2 227758058us : 0: }D
syz-exec-17250 0...2 227758060us : 0: }D
syz-exec-17250 0...2 227758063us : 0: }D
syz-exec-17250 0...2 227758066us : 0: }D
syz-exec-17250 0...2 227758069us : 0: }D
syz-exec-17250 0...2 227758071us : 0: }D
syz-exec-17250 0...2 227758074us : 0: }D
syz-exec-17250 0...2 227758077us : 0: }D
syz-exec-17250 0...2 227758080us : 0: }D
syz-exec-17250 0...2 227758083us : 0: }D
syz-exec-17250 0...2 227758086us : 0: }D
syz-exec-17250 0...2 227758089us : 0: }D
syz-exec-17250 0...2 227758091us : 0: }D
syz-exec-17250 0...2 227758093us : 0: }D
syz-exec-17250 0...2 227758096us : 0: }D
syz-exec-17250 0...2 227758099us : 0: }D
syz-exec-17250 0...2 227758101us : 0: }D
syz-exec-17250 0...2 227758104us : 0: }D
syz-exec-17250 0...2 227758107us : 0: }D
syz-exec-17250 0...2 227758109us : 0: }D
syz-exec-17250 0...2 227758111us : 0: }D
syz-exec-17250 0...2 227758113us : 0: }D
syz-exec-17250 0...2 227758115us : 0: }D
syz-exec-17250 0...2 227758117us : 0: }D
syz-exec-17250 0...2 227758120us : 0: }D
syz-exec-17250 0...2 227758122us : 0: }D
syz-exec-17250 0...2 227758125us : 0: }D
syz-exec-17250 0...2 227758128us : 0: }D
syz-exec-17250 0...2 227758130us : 0: }D
syz-exec-17250 0...2 227758133us : 0: }D
syz-exec-17250 0...2 227758136us : 0: }D
syz-exec-17250 0...2 227758138us : 0: }D
syz-exec-17250 0...2 227758141us : 0: }D
syz-exec-17250 0...2 227758143us : 0: }D
syz-exec-17250 0...2 227758146us : 0: }D
syz-exec-17250 0...2 227758148us : 0: }D
syz-exec-17250 0...2 227758151us : 0: }D
syz-exec-17250 0...2 227758154us : 0: }D
syz-exec-17250 0...2 227758156us : 0: }D
syz-exec-17250 0...2 227758159us : 0: }D
syz-exec-17250 0...2 227758162us : 0: }D
syz-exec-17250 0...2 227758164us : 0: }D
syz-exec-17250 0...2 227758166us : 0: }D
syz-exec-17250 0...2 227758168us : 0: }D
syz-exec-17250 0...2 227758171us : 0: }D
syz-exec-17250 0...2 227758174us : 0: }D
syz-exec-17250 0...2 227758176us : 0: }D
syz-exec-17250 0...2 227758179us : 0: }D
syz-exec-17250 0...2 227758182us : 0: }D
syz-exec-17250 0...2 227758184us : 0: }D
syz-exec-17250 0...2 227758187us : 0: }D
syz-exec-17250 0...2 227758190us : 0: }D
syz-exec-17250 0...2 227758192us : 0: }D
syz-exec-17250 0...2 227758195us : 0: }D
syz-exec-17250 0...2 227758198us : 0: }D
syz-exec-17250 0...2 227758201us : 0: }D
syz-exec-17250 0...2 227758204us : 0: }D
syz-exec-17250 0...2 227758206us : 0: }D
syz-exec-17250 0...2 227758209us : 0: }D
syz-exec-17250 0...2 227758212us : 0: }D
syz-exec-17250 0...2 227758214us : 0: }D
syz-exec-17250 0...2 227758217us : 0: }D
syz-exec-17250 0...2 227758220us : 0: }D
syz-exec-17250 0...2 227758223us : 0: }D
syz-exec-17250 0...2 227758225us : 0: }D
syz-exec-17250 0...2 227758228us : 0: }D
syz-exec-17250 0...2 227758230us : 0: }D
syz-exec-17250 0...2 227758233us : 0: }D
syz-exec-17250 0...2 227758235us : 0: }D
syz-exec-17250 0...2 227758237us : 0: }D
syz-exec-17250 0...2 227758240us : 0: }D
syz-exec-17250 0...2 227758242us : 0: }D
syz-exec-17250 0...2 227758245us : 0: }D
syz-exec-17250 0...2 227758247us : 0: }D
syz-exec-17250 0...2 227758250us : 0: }D
syz-exec-17250 0...2 227758253us : 0: }D
syz-exec-17250 0...2 227758255us : 0: }D
syz-exec-17250 0...2 227758257us : 0: }D
syz-exec-17250 0...2 227758260us : 0: }D
syz-exec-17250 0...2 227758262us : 0: }D
syz-exec-17250 0...2 227758264us : 0: }D
syz-exec-17250 0...2 227758267us : 0: }D
syz-exec-17250 0...2 227758269us : 0: }D
syz-exec-17250 0...2 227758272us : 0: }D
syz-exec-17250 0...2 227758274us : 0: }D
syz-exec-17250 0...2 227758276us : 0: }D
syz-exec-17250 0...2 227758279us : 0: }D
syz-exec-17250 0...2 227758281us : 0: }D
syz-exec-17250 0...2 227758284us : 0: }D
syz-exec-17250 0...2 227758286us : 0: }D
syz-exec-17250 0...2 227758289us : 0: }D
syz-exec-17250 0...2 227758291us : 0: }D
syz-exec-17250 0...2 227758294us : 0: }D
syz-exec-17250 0...2 227758297us : 0: }D
syz-exec-17250 0...2 227758299us : 0: }D
syz-exec-17250 0...2 227758302us : 0: }D
syz-exec-17250 0...2 227758305us : 0: }D
syz-exec-17250 0...2 227758307us : 0: }D
syz-exec-17250 0...2 227758310us : 0: }D
syz-exec-17250 0...2 227758313us : 0: }D
syz-exec-17250 0...2 227758316us : 0: }D
syz-exec-17250 0...2 227758319us : 0: }D
syz-exec-17250 0...2 227758321us : 0: }D
syz-exec-17250 0...2 227758324us : 0: }D
syz-exec-17250 0...2 227758326us : 0: }D
syz-exec-17250 0...2 227758329us : 0: }D
syz-exec-17250 0...2 227758332us : 0: }D
syz-exec-17250 0...2 227758334us : 0: }D
syz-exec-17250 0...2 227758340us : 0: }D
syz-exec-17250 0...2 227758343us : 0: }D
syz-exec-17250 0...2 227758346us : 0: }D
syz-exec-17250 0...2 227758349us : 0: }D
syz-exec-17250 0...2 227758352us : 0: }D
syz-exec-17250 0...2 227758355us : 0: }D
syz-exec-17250 0...2 227758357us : 0: }D
syz-exec-17250 0...2 227758360us : 0: }D
syz-exec-17250 0...2 227758363us : 0: }D
syz-exec-17250 0...2 227758366us : 0: }D
syz-exec-17250 0...2 227758368us : 0: }D
syz-exec-17250 0...2 227758371us : 0: }D
syz-exec-17250 0...2 227758374us : 0: }D
syz-exec-17250 0...2 227758377us : 0: }D
syz-exec-17250 0...2 227758379us : 0: }D
syz-exec-17250 0...2 227758382us : 0: }D
syz-exec-17250 0...2 227758385us : 0: }D
syz-exec-17250 0...2 227758388us : 0: }D
syz-exec-17250 0...2 227758391us : 0: }D
syz-exec-17250 0...2 227758393us : 0: }D
syz-exec-17250 0...2 227758396us : 0: }D
syz-exec-17250 0...2 227758399us : 0: }D
syz-exec-17250 0...2 227758401us : 0: }D
syz-exec-17250 0...2 227758404us : 0: }D
syz-exec-17250 0...2 227758407us : 0: }D
syz-exec-17250 0...2 227758410us : 0: }D
syz-exec-17250 0...2 227758412us : 0: }D
syz-exec-17250 0...2 227758415us : 0: }D
syz-exec-17250 0...2 227758417us : 0: }D
syz-exec-17250 0...2 227758420us : 0: }D
syz-exec-17250 0...2 227758423us : 0: }D
syz-exec-17250 0...2 227758426us : 0: }D
syz-exec-17250 0...2 227758428us : 0: }D
syz-exec-17250 0...2 227758431us : 0: }D
syz-exec-17250 0...2 227758433us : 0: }D
syz-exec-17250 0...2 227758436us : 0: }D
syz-exec-17250 0...2 227758439us : 0: }D
syz-exec-17250 0...2 227758442us : 0: }D
syz-exec-17250 0...2 227758445us : 0: }D
syz-exec-17250 0...2 227758448us : 0: }D
syz-exec-17250 0...2 227758451us : 0: }D
syz-exec-17250 0...2 227758454us : 0: }D
syz-exec-17250 0...2 227758456us : 0: }D
syz-exec-17250 0...2 227758459us : 0: }D
syz-exec-17250 0...2 227758462us : 0: }D
syz-exec-17250 0...2 227758465us : 0: }D
syz-exec-17250 0...2 227758468us : 0: }D
syz-exec-17250 0...2 227758471us : 0: }D
syz-exec-17250 0...2 227758474us : 0: }D
syz-exec-17250 0...2 227758476us : 0: }D
syz-exec-17250 0...2 227758479us : 0: }D
syz-exec-17250 0...2 227758482us : 0: }D
syz-exec-17250 0...2 227758485us : 0: }D
syz-exec-17250 0...2 227758488us : 0: }D
syz-exec-17250 0...2 227758491us : 0: }D
syz-exec-17250 0...2 227758493us : 0: }D
syz-exec-17250 0...2 227758496us : 0: }D
syz-exec-17250 0...2 227758498us : 0: }D
syz-exec-17250 0...2 227758501us : 0: }D
syz-exec-17250 0...2 227758504us : 0: }D
syz-exec-17250 0...2 227758506us : 0: }D
syz-exec-17250 0...2 227758509us : 0: }D
syz-exec-17250 0...2 227758512us : 0: }D
syz-exec-17250 0...2 227758514us : 0: }D
syz-exec-17250 0...2 227758517us : 0: }D
syz-exec-17250 0...2 227758520us : 0: }D
syz-exec-17250 0...2 227758523us : 0: }D
syz-exec-17250 0...2 227758526us : 0: }D
syz-exec-17250 0...2 227758528us : 0: }D
syz-exec-17250 0...2 227758531us : 0: }D
syz-exec-17250 0...2 227758533us : 0: }D
syz-exec-17250 0...2 227758536us : 0: }D
syz-exec-17250 0...2 227758539us : 0: }D
syz-exec-17250 0...2 227758541us : 0: }D
syz-exec-17250 0...2 227758544us : 0: }D
syz-exec-17250 0...2 227758546us : 0: }D
syz-exec-17250 0...2 227758549us : 0: }D
syz-exec-17250 0...2 227758559us : 0: }D
syz-exec-17250 0...2 227758563us : 0: }D
syz-exec-17250 0...2 227758566us : 0: }D
syz-exec-17250 0...2 227758571us : 0: }D
syz-exec-17250 0...2 227758573us : 0: }D
syz-exec-17250 0...2 227758576us : 0: }D
syz-exec-17250 0...2 227758579us : 0: }D
syz-exec-17250 0...2 227758582us : 0: }D
syz-exec-17250 0...2 227758585us : 0: }D
syz-exec-17250 0...2 227758588us : 0: }D
syz-exec-17250 0...2 227758628us : 0: }D
syz-exec-17250 0...2 227758631us : 0: }D
syz-exec-17250 0...2 227758635us : 0: }D
syz-exec-17250 0...2 227758638us : 0: }D
syz-exec-17250 0...2 227758642us : 0: }D
syz-exec-17250 0...2 227758645us : 0: }D
syz-exec-17250 0...2 227758648us : 0: }D
syz-exec-17250 0...2 227758651us : 0: }D
syz-exec-17250 0...2 227758654us : 0: }D
syz-exec-17250 0...2 227758657us : 0: }D
syz-exec-17250 0...2 227758659us : 0: }D
syz-exec-17250 0...2 227758662us : 0: }D
syz-exec-17250 0...2 227758665us : 0: }D
syz-exec-17250 0...2 227758668us : 0: }D
syz-exec-17250 0...2 227758670us : 0: }D
syz-exec-17250 0...2 227758673us : 0: }D
syz-exec-17250 0...2 227758676us : 0: }D
syz-exec-17250 0...2 227758679us : 0: }D
syz-exec-17250 0...2 227758682us : 0: }D
syz-exec-17250 0...2 227758685us : 0: }D
syz-exec-17250 0...2 227758688us : 0: }D
syz-exec-17250 0...2 227758691us : 0: }D
syz-exec-17250 0...2 227758694us : 0: }D
syz-exec-17250 0...2 227758697us : 0: }D
syz-exec-17250 0...2 227758699us : 0: }D
syz-exec-17250 0...2 227758702us : 0: }D
syz-exec-17250 0...2 227758705us : 0: }D
syz-exec-17250 0...2 227758708us : 0: }D
syz-exec-17250 0...2 227758711us : 0: }D
syz-exec-17250 0...2 227758714us : 0: }D
syz-exec-17250 0...2 227758716us : 0: }D
syz-exec-17250 0...2 227758719us : 0: }D
syz-exec-17250 0...2 227758722us : 0: }D
syz-exec-17250 0...2 227758725us : 0: }D
syz-exec-17250 0...2 227758727us : 0: }D
syz-exec-17250 0...2 227758730us : 0: }D
syz-exec-17250 0...2 227758775us : 0: }D
syz-exec-17250 0...2 227758780us : 0: }D
syz-exec-17250 0...2 227758782us : 0: }D
syz-exec-17250 0...2 227758785us : 0: }D
syz-exec-17250 0...2 227758789us : 0: }D
syz-exec-17250 0...2 227758792us : 0: }D
syz-exec-17250 0...2 227758795us : 0: }D
syz-exec-17250 0...2 227758799us : 0: }D
syz-exec-17250 0...2 227758802us : 0: }D
syz-exec-17250 0...2 227758804us : 0: }D
syz-exec-17250 0...2 227758807us : 0: }D
syz-exec-17250 0...2 227758830us : 0: }D
syz-exec-17250 0...2 227758834us : 0: }D
syz-exec-17250 0...2 227758837us : 0: }D
syz-exec-17250 0...2 227758841us : 0: }D
syz-exec-17250 0...2 227758845us : 0: }D
syz-exec-17250 0...2 227758848us : 0: }D
syz-exec-17250 0...2 227758850us : 0: }D
syz-exec-17250 0...2 227758855us : 0: }D
syz-exec-17250 0...2 227758858us : 0: }D
syz-exec-17250 0...2 227758860us : 0: }D
syz-exec-17250 0...2 227758864us : 0: }D
syz-exec-17250 0...2 227758868us : 0: }D
syz-exec-17250 0...2 227758870us : 0: }D
syz-exec-17250 0...2 227758872us : 0: }D
syz-exec-17250 0...2 227758875us : 0: }D
syz-exec-17250 0...2 227758878us : 0: }D
syz-exec-17250 0...2 227758881us : 0: }D
syz-exec-17250 0...2 227758883us : 0: }D
syz-exec-17250 0...2 227758886us : 0: }D
syz-exec-17250 0...2 227758889us : 0: }D
syz-exec-17250 0...2 227758892us : 0: }D
syz-exec-17250 0...2 227758895us : 0: }D
syz-exec-17250 0...2 227758897us : 0: }D
syz-exec-17250 0...2 227758899us : 0: }D
syz-exec-17250 0...2 227758902us : 0: }D
syz-exec-17250 0...2 227758904us : 0: }D
syz-exec-17250 0...2 227758907us : 0: }D
syz-exec-17250 0...2 227758910us : 0: }D
syz-exec-17250 0...2 227758913us : 0: }D
syz-exec-17250 0...2 227758915us : 0: }D
syz-exec-17250 0...2 227758918us : 0: }D
syz-exec-17250 0...2 227758920us : 0: }D
syz-exec-17250 0...2 227758923us : 0: }D
syz-exec-17250 0...2 227758925us : 0: }D
syz-exec-17250 0...2 227758927us : 0: }D
syz-exec-17250 0...2 227758930us : 0: }D
syz-exec-17250 0...2 227758934us : 0: }D
syz-exec-17250 0...2 227758937us : 0: }D
syz-exec-17250 0...2 227758940us : 0: }D
syz-exec-17250 0...2 227758943us : 0: }D
syz-exec-17250 0...2 227758945us : 0: }D
syz-exec-17250 0...2 227758948us : 0: }D
syz-exec-17250 0...2 227758951us : 0: }D
syz-exec-17250 0...2 227758953us : 0: }D
syz-exec-17250 0...2 227758956us : 0: }D
syz-exec-17250 0...2 227758959us : 0: }D
syz-exec-17250 0...2 227758962us : 0: }D
syz-exec-17250 0...2 227758965us : 0: }D
syz-exec-17250 0...2 227758967us : 0: }D
syz-exec-17250 0...2 227758970us : 0: }D
syz-exec-17250 0...2 227758973us : 0: }D
syz-exec-17250 0...2 227758975us : 0: }D
syz-exec-17250 0...2 227758978us : 0: }D
syz-exec-17250 0...2 227758981us : 0: }D
syz-exec-17250 0...2 227758983us : 0: }D
syz-exec-17250 0...2 227758986us : 0: }D
syz-exec-17250 0...2 227758989us : 0: }D
syz-exec-17250 0...2 227758991us : 0: }D
syz-exec-17250 0...2 227758994us : 0: }D
syz-exec-17250 0...2 227758997us : 0: }D
syz-exec-17250 0...2 227758999us : 0: }D
syz-exec-17250 0...2 227759002us : 0: }D
syz-exec-17250 0...2 227759005us : 0: }D
syz-exec-17250 0...2 227759007us : 0: }D
syz-exec-17250 0...2 227759010us : 0: }D
syz-exec-17250 0...2 227759013us : 0: }D
syz-exec-17250 0...2 227759015us : 0: }D
syz-exec-17250 0...2 227759018us : 0: }D
syz-exec-17250 0...2 227759021us : 0: }D
syz-exec-17250 0...2 227759024us : 0: }D
syz-exec-17250 0...2 227759027us : 0: }D
syz-exec-17250 0...2 227759030us : 0: }D
syz-exec-17250 0...2 227759033us : 0: }D
syz-exec-17250 0...2 227759035us : 0: }D
syz-exec-17250 0...2 227759038us : 0: }D
syz-exec-17250 0...2 227759041us : 0: }D
syz-exec-17250 0...2 227759043us : 0: }D
syz-exec-17250 0...2 227759046us : 0: }D
syz-exec-17250 0...2 227759049us : 0: }D
syz-exec-17250 0...2 227759052us : 0: }D
syz-exec-17250 0...2 227759054us : 0: }D
syz-exec-17250 0...2 227759057us : 0: }D
syz-exec-17250 0...2 227759060us : 0: }D
syz-exec-17250 0...2 227759063us : 0: }D
syz-exec-17250 0...2 227759065us : 0: }D
syz-exec-17250 0...2 227759068us : 0: }D
syz-exec-17250 0...2 227759071us : 0: }D
syz-exec-17250 0...2 227759074us : 0: }D
syz-exec-17250 0...2 227759076us : 0: }D
syz-exec-17250 0...2 227759079us : 0: }D
syz-exec-17250 0...2 227759082us : 0: }D
syz-exec-17250 0...2 227759085us : 0: }D
syz-exec-17250 0...2 227759087us : 0: }D
syz-exec-17250 0...2 227759090us : 0: }D
syz-exec-17250 0...2 227759093us : 0: }D
syz-exec-17250 0...2 227759095us : 0: }D
syz-exec-17250 0...2 227759098us : 0: }D
syz-exec-17250 0...2 227759101us : 0: }D
syz-exec-17250 0...2 227759104us : 0: }D
syz-exec-17250 0...2 227759107us : 0: }D
syz-exec-17250 0...2 227759109us : 0: }D
syz-exec-17250 0...2 227759112us : 0: }D
syz-exec-17250 0...2 227759115us : 0: }D
syz-exec-17250 0...2 227759118us : 0: }D
syz-exec-17250 0...2 227759121us : 0: }D
syz-exec-17250 0...2 227759123us : 0: }D
syz-exec-17250 0...2 227759126us : 0: }D
syz-exec-17250 0...2 227759129us : 0: }D
syz-exec-17250 0...2 227759132us : 0: }D
syz-exec-17250 0...2 227759134us : 0: }D
syz-exec-17250 0...2 227759137us : 0: }D
syz-exec-17250 0...2 227759140us : 0: }D
syz-exec-17250 0...2 227759142us : 0: }D
syz-exec-17250 0...2 227759145us : 0: }D
syz-exec-17250 0...2 227759148us : 0: }D
syz-exec-17250 0...2 227759150us : 0: }D
syz-exec-17250 0...2 227759153us : 0: }D
syz-exec-17250 0...2 227759156us : 0: }D
syz-exec-17250 0...2 227759159us : 0: }D
syz-exec-17250 0...2 227759162us : 0: }D
syz-exec-17250 0...2 227759165us : 0: }D
syz-exec-17250 0...2 227759168us : 0: }D
syz-exec-17250 0...2 227759170us : 0: }D
syz-exec-17250 0...2 227759173us : 0: }D
syz-exec-17250 0...2 227759176us : 0: }D
syz-exec-17250 0...2 227759179us : 0: }D
syz-exec-17250 0...2 227759182us : 0: }D
syz-exec-17250 0...2 227759184us : 0: }D
syz-exec-17250 0...2 227759187us : 0: }D
syz-exec-17250 0...2 227759190us : 0: }D
syz-exec-17250 0...2 227759193us : 0: }D
syz-exec-17250 0...2 227759195us : 0: }D
syz-exec-17250 0...2 227759198us : 0: }D
syz-exec-17250 0...2 227759201us : 0: }D
syz-exec-17250 0...2 227759204us : 0: }D
syz-exec-17250 0...2 227759206us : 0: }D
syz-exec-17250 0...2 227759209us : 0: }D
syz-exec-17250 0...2 227759211us : 0: }D
syz-exec-17250 0...2 227759214us : 0: }D
syz-exec-17250 0...2 227759217us : 0: }D
syz-exec-17250 0...2 227759220us : 0: }D
syz-exec-17250 0...2 227759222us : 0: }D
syz-exec-17250 0...2 227759225us : 0: }D
syz-exec-17250 0...2 227759228us : 0: }D
syz-exec-17250 0...2 227759231us : 0: }D
syz-exec-17250 0...2 227759234us : 0: }D
syz-exec-17250 0...2 227759237us : 0: }D
syz-exec-17250 0...2 227759239us : 0: }D
syz-exec-17250 0...2 227759242us : 0: }D
syz-exec-17250 0...2 227759244us : 0: }D
syz-exec-17250 0...2 227759247us : 0: }D
syz-exec-17250 0...2 227759250us : 0: }D
syz-exec-17250 0...2 227759252us : 0: }D
syz-exec-17250 0...2 227759255us : 0: }D
syz-exec-17250 0...2 227759257us : 0: }D
syz-exec-17250 0...2 227759260us : 0: }D
syz-exec-17250 0...2 227759263us : 0: }D
syz-exec-17250 0...2 227759265us : 0: }D
syz-exec-17250 0...2 227759269us : 0: }D
syz-exec-17250 0...2 227759271us : 0: }D
syz-exec-17250 0...2 227759274us : 0: }D
syz-exec-17250 0...2 227759277us : 0: }D
syz-exec-17250 0...2 227759280us : 0: }D
syz-exec-17250 0...2 227759283us : 0: }D
syz-exec-17250 0...2 227759285us : 0: }D
syz-exec-17250 0...2 227759288us : 0: }D
syz-exec-17250 0...2 227759291us : 0: }D
syz-exec-17250 0...2 227759293us : 0: }D
syz-exec-17250 0...2 227759296us : 0: }D
syz-exec-17250 0...2 227759298us : 0: }D
syz-exec-17250 0...2 227759301us : 0: }D
syz-exec-17250 0...2 227759303us : 0: }D
syz-exec-17250 0...2 227759306us : 0: }D
syz-exec-17250 0...2 227759308us : 0: }D
syz-exec-17250 0...2 227759311us : 0: }D
syz-exec-17250 0...2 227759314us : 0: }D
syz-exec-17250 0...2 227759317us : 0: }D
syz-exec-17250 0...2 227759320us : 0: }D
syz-exec-17250 0...2 227759322us : 0: }D
syz-exec-17250 0...2 227759325us : 0: }D
syz-exec-17250 0...2 227759328us : 0: }D
syz-exec-17250 0...2 227759331us : 0: }D
syz-exec-17250 0...2 227759333us : 0: }D
syz-exec-17250 0...2 227759336us : 0: }D
syz-exec-17250 0...2 227759339us : 0: }D
syz-exec-17250 0...2 227759342us : 0: }D
syz-exec-17250 0...2 227759344us : 0: }D
syz-exec-17250 0...2 227759347us : 0: }D
syz-exec-17250 0...2 227759349us : 0: }D
syz-exec-17250 0...2 227759352us : 0: }D
syz-exec-17250 0...2 227759354us : 0: }D
syz-exec-17250 0...2 227759357us : 0: }D
syz-exec-17250 0...2 227759360us : 0: }D
syz-exec-17250 0...2 227759362us : 0: }D
syz-exec-17250 0...2 227759364us : 0: }D
syz-exec-17250 0...2 227759367us : 0: }D
syz-exec-17250 0...2 227759369us : 0: }D
syz-exec-17250 0...2 227759372us : 0: }D
syz-exec-17250 0...2 227759375us : 0: }D
syz-exec-17250 0...2 227759377us : 0: }D
syz-exec-17250 0...2 227759380us : 0: }D
syz-exec-17250 0...2 227759382us : 0: }D
syz-exec-17250 0...2 227759384us : 0: }D
syz-exec-17250 0...2 227759386us : 0: }D
syz-exec-17250 0...2 227759389us : 0: }D
syz-exec-17250 0...2 227759391us : 0: }D
syz-exec-17250 0...2 227759395us : 0: }D
syz-exec-17250 0...2 227759398us : 0: }D
syz-exec-17250 0...2 227759401us : 0: }D
syz-exec-17250 0...2 227759404us : 0: }D
syz-exec-17250 0...2 227759406us : 0: }D
syz-exec-17250 0...2 227759409us : 0: }D
syz-exec-17250 0...2 227759411us : 0: }D
syz-exec-17250 0...2 227759414us : 0: }D
syz-exec-17250 0...2 227759417us : 0: }D
syz-exec-17250 0...2 227759419us : 0: }D
syz-exec-17250 0...2 227759422us : 0: }D
syz-exec-17250 0...2 227759424us : 0: }D
syz-exec-17250 0...2 227759426us : 0: }D
syz-exec-17250 0...2 227759429us : 0: }D
syz-exec-17250 0...2 227759431us : 0: }D
syz-exec-17250 0...2 227759433us : 0: }D
syz-exec-17250 0...2 227759435us : 0: }D
syz-exec-17250 0...2 227759437us : 0: }D
syz-exec-17250 0...2 227759440us : 0: }D
syz-exec-17250 0...2 227759442us : 0: }D
syz-exec-17250 0...2 227759445us : 0: }D
syz-exec-17250 0...2 227759447us : 0: }D
syz-exec-17250 0...2 227759449us : 0: }D
syz-exec-17250 0...2 227759452us : 0: }D
syz-exec-17250 0...2 227759454us : 0: }D
syz-exec-17250 0...2 227759457us : 0: }D
syz-exec-17250 0...2 227759459us : 0: }D
syz-exec-17250 0...2 227759462us : 0: }D
syz-exec-17250 0...2 227759464us : 0: }D
syz-exec-17250 0...2 227759467us : 0: }D
syz-exec-17250 0...2 227759469us : 0: }D
syz-exec-17250 0...2 227759472us : 0: }D
syz-exec-17250 0...2 227759474us : 0: }D
syz-exec-17250 0...2 227759477us : 0: }D
syz-exec-17250 0...2 227759479us : 0: }D
syz-exec-17250 0...2 227759481us : 0: }D
syz-exec-17250 0...2 227759484us : 0: }D
syz-exec-17250 0...2 227759486us : 0: }D
syz-exec-17250 0...2 227759489us : 0: }D
syz-exec-17250 0...2 227759491us : 0: }D
syz-exec-17250 0...2 227759494us : 0: }D
syz-exec-17250 0...2 227759496us : 0: }D
syz-exec-17250 0...2 227759498us : 0: }D
syz-exec-17250 0...2 227759501us : 0: }D
syz-exec-17250 0...2 227759503us : 0: }D
syz-exec-17250 0...2 227759506us : 0: }D
syz-exec-17250 0...2 227759509us : 0: }D
syz-exec-17250 0...2 227759511us : 0: }D
syz-exec-17250 0...2 227759514us : 0: }D
syz-exec-17250 0...2 227759516us : 0: }D
syz-exec-17250 0...2 227759519us : 0: }D
syz-exec-17250 0...2 227759521us : 0: }D
syz-exec-17250 0...2 227759524us : 0: }D
syz-exec-17250 0...2 227759526us : 0: }D
syz-exec-17250 0...2 227759529us : 0: }D
syz-exec-17250 0...2 227759531us : 0: }D
syz-exec-17250 0...2 227759534us : 0: }D
syz-exec-17250 0...2 227759537us : 0: }D
syz-exec-17250 0...2 227759540us : 0: }D
syz-exec-17250 0...2 227759542us : 0: }D
syz-exec-17250 0...2 227759545us : 0: }D
syz-exec-17250 0...2 227759548us : 0: }D
syz-exec-17250 0...2 227759557us : 0: }D
syz-exec-17250 0...2 227759560us : 0: }D
syz-exec-17250 0...2 227759564us : 0: }D
syz-exec-17250 0...2 227759567us : 0: }D
syz-exec-17250 0...2 227759569us : 0: }D
syz-exec-17250 0...2 227759573us : 0: }D
syz-exec-17250 0...2 227759576us : 0: }D
syz-exec-17250 0...2 227759578us : 0: }D
syz-exec-17250 0...2 227759580us : 0: }D
syz-exec-17250 0...2 227759585us : 0: }D
syz-exec-17250 0.N.2 227759617us : 0: }D
syz-exec-17250 0...2 227766854us : 0: }D
syz-exec-17250 0...2 227766862us : 0: }D
syz-exec-17250 0...2 227766865us : 0: }D
syz-exec-17250 0...2 227766867us : 0: }D
syz-exec-17250 0...2 227766871us : 0: }D
syz-exec-17250 0...2 227766875us : 0: }D
syz-exec-17250 0...2 227766878us : 0: }D
syz-exec-17250 0...2 227766880us : 0: }D
syz-exec-17250 0...2 227766884us : 0: }D
syz-exec-17250 0...2 227766887us : 0: }D
syz-exec-17250 0...2 227766890us : 0: }D
syz-exec-17250 0...2 227766892us : 0: }D
syz-exec-17250 0...2 227766897us : 0: }D
syz-exec-17250 0...2 227766900us : 0: }D
syz-exec-17250 0...2 227766903us : 0: }D
syz-exec-17250 0...2 227766906us : 0: }D
syz-exec-17250 0...2 227766910us : 0: }D
syz-exec-17250 0...2 227766913us : 0: }D
syz-exec-17250 0...2 227766916us : 0: }D
syz-exec-17250 0...2 227766920us : 0: }D
syz-exec-17250 0...2 227766923us : 0: }D
syz-exec-17250 0...2 227766926us : 0: }D
syz-exec-17250 0...2 227766928us : 0: }D
syz-exec-17250 0...2 227766933us : 0: }D
syz-exec-17250 0...2 227766936us : 0: }D
syz-exec-17250 0...2 227766938us : 0: }D
syz-exec-17250 0...2 227766942us : 0: }D
syz-exec-17250 0...2 227766946us : 0: }D
syz-exec-17250 0...2 227766948us : 0: }D
syz-exec-17250 0...2 227766951us : 0: }D
syz-exec-17250 0...2 227766955us : 0: }D
syz-exec-17250 0...2 227766958us : 0: }D
syz-exec-17250 0...2 227766961us : 0: }D
syz-exec-17250 0...2 227766964us : 0: }D
syz-exec-17250 0...2 227766968us : 0: }D
syz-exec-17250 0...2 227766971us : 0: }D
syz-exec-17250 0...2 227766973us : 0: }D
syz-exec-17250 0...2 227766978us : 0: }D
syz-exec-17250 0...2 227766980us : 0: }D
syz-exec-17250 0...2 227766983us : 0: }D
syz-exec-17250 0...2 227766986us : 0: }D
syz-exec-17250 0...2 227767017us : 0: }D
syz-exec-17250 0...2 227767023us : 0: }D
syz-exec-17250 0...2 227767025us : 0: }D
syz-exec-17250 0...2 227767029us : 0: }D
syz-exec-17250 0...2 227767032us : 0: }D
syz-exec-17250 0...2 227767035us : 0: }D
syz-exec-17250 0...2 227767037us : 0: }D
syz-exec-17250 0...2 227767041us : 0: }D
syz-exec-17250 0...2 227767044us : 0: }D
syz-exec-17250 0...2 227767046us : 0: }D
syz-exec-17250 0...2 227767050us : 0: }D
syz-exec-17250 0...2 227767055us : 0: }D
syz-exec-17250 0...2 227767058us : 0: }D
syz-exec-17250 0...2 227767061us : 0: }D
syz-exec-17250 0...2 227767066us : 0: }D
syz-exec-17250 0...2 227767069us : 0: }D
syz-exec-17250 0...2 227767071us : 0: }D
syz-exec-17250 0...2 227767074us : 0: }D
syz-exec-17250 0...2 227767079us : 0: }D
syz-exec-17250 0...2 227767081us : 0: }D
syz-exec-17250 0...2 227767084us : 0: }D
syz-exec-17250 0...2 227767088us : 0: }D
syz-exec-17250 0...2 227767092us : 0: }D
syz-exec-17250 0...2 227767094us : 0: }D
syz-exec-17250 0...2 227767097us : 0: }D
syz-exec-17250 0...2 227767102us : 0: }D
syz-exec-17250 0...2 227767105us : 0: }D
syz-exec-17250 0...2 227767108us : 0: }D
syz-exec-17250 0...2 227767111us : 0: }D
syz-exec-17250 0...2 227767115us : 0: }D
syz-exec-17250 0...2 227767118us : 0: }D
syz-exec-17250 0...2 227767121us : 0: }D
syz-exec-17250 0...2 227767124us : 0: }D
syz-exec-17250 0...2 227767127us : 0: }D
syz-exec-17250 0...2 227767130us : 0: }D
syz-exec-17250 0...2 227767133us : 0: }D
syz-exec-17250 0...2 227767138us : 0: }D
syz-exec-17250 0...2 227767140us : 0: }D
syz-exec-17250 0...2 227767143us : 0: }D
syz-exec-17250 0...2 227767148us : 0: }D
syz-exec-17250 0...2 227767151us : 0: }D
syz-exec-17250 0...2 227767154us : 0: }D
syz-exec-17250 0...2 227767157us : 0: }D
syz-exec-17250 0...2 227767161us : 0: }D
syz-exec-17250 0...2 227767164us : 0: }D
syz-exec-17250 0...2 227767167us : 0: }D
syz-exec-17250 0...2 227767170us : 0: }D
syz-exec-17250 0...2 227767173us : 0: }D
syz-exec-17250 0...2 227767176us : 0: }D
syz-exec-17250 0...2 227767179us : 0: }D
syz-exec-17250 0...2 227767219us : 0: }D
syz-exec-17250 0...2 227767223us : 0: }D
syz-exec-17250 0...2 227767226us : 0: }D
syz-exec-17250 0...2 227767228us : 0: }D
syz-exec-17250 0...2 227767232us : 0: }D
syz-exec-17250 0...2 227767235us : 0: }D
syz-exec-17250 0...2 227767240us : 0: }D
syz-exec-17250 0...2 227767244us : 0: }D
syz-exec-17250 0...2 227767247us : 0: }D
syz-exec-17250 0...2 227767250us : 0: }D
syz-exec-17250 0...2 227767271us : 0: }D
syz-exec-17250 0...2 227767276us : 0: }D
syz-exec-17250 0...2 227767279us : 0: }D
syz-exec-17250 0...2 227767282us : 0: }D
syz-exec-17250 0...2 227767286us : 0: }D
syz-exec-17250 0...2 227767289us : 0: }D
syz-exec-17250 0...2 227767291us : 0: }D
syz-exec-17250 0...2 227767294us : 0: }D
syz-exec-17250 0...2 227767299us : 0: }D
syz-exec-17250 0...2 227767302us : 0: }D
syz-exec-17250 0...2 227767304us : 0: }D
syz-exec-17250 0...2 227767307us : 0: }D
syz-exec-17250 0...2 227767312us : 0: }D
syz-exec-17250 0...2 227767315us : 0: }D
syz-exec-17250 0...2 227767317us : 0: }D
syz-exec-17250 0...2 227767321us : 0: }D
syz-exec-17250 0...2 227767324us : 0: }D
syz-exec-17250 0...2 227767327us : 0: }D
syz-exec-17250 0...2 227767330us : 0: }D
syz-exec-17250 0...2 227767333us : 0: }D
syz-exec-17250 0...2 227767335us : 0: }D
syz-exec-17250 0...2 227767338us : 0: }D
syz-exec-17250 0...2 227767341us : 0: }D
syz-exec-17250 0...2 227767344us : 0: }D
syz-exec-17250 0...2 227767346us : 0: }D
syz-exec-17250 0...2 227767349us : 0: }D
syz-exec-17250 0...2 227767352us : 0: }D
syz-exec-17250 0...2 227767354us : 0: }D
syz-exec-17250 0...2 227767357us : 0: }D
syz-exec-17250 0...2 227767360us : 0: }D
syz-exec-17250 0...2 227767363us : 0: }D
syz-exec-17250 0...2 227767366us : 0: }D
syz-exec-17250 0...2 227767369us : 0: }D
syz-exec-17250 0...2 227767372us : 0: }D
syz-exec-17250 0...2 227767374us : 0: }D
syz-exec-17250 0...2 227767376us : 0: }D
syz-exec-17250 0...2 227767378us : 0: }D
syz-exec-17250 0...2 227767381us : 0: }D
syz-exec-17250 0...2 227767383us : 0: }D
syz-exec-17250 0...2 227767385us : 0: }D
syz-exec-17250 0...2 227767388us : 0: }D
syz-exec-17250 0...2 227767391us : 0: }D
syz-exec-17250 0...2 227767393us : 0: }D
syz-exec-17250 0...2 227767396us : 0: }D
syz-exec-17250 0...2 227767399us : 0: }D
syz-exec-17250 0...2 227767401us : 0: }D
syz-exec-17250 0...2 227767404us : 0: }D
syz-exec-17250 0...2 227767407us : 0: }D
syz-exec-17250 0...2 227767410us : 0: }D
syz-exec-17250 0...2 227767412us : 0: }D
syz-exec-17250 0...2 227767415us : 0: }D
syz-exec-17250 0...2 227767418us : 0: }D
syz-exec-17250 0...2 227767421us : 0: }D
syz-exec-17250 0...2 227767423us : 0: }D
syz-exec-17250 0...2 227767426us : 0: }D
syz-exec-17250 0...2 227767429us : 0: }D
syz-exec-17250 0...2 227767432us : 0: }D
syz-exec-17250 0...2 227767435us : 0: }D
syz-exec-17250 0...2 227767438us : 0: }D
syz-exec-17250 0...2 227767441us : 0: }D
syz-exec-17250 0...2 227767443us : 0: }D
syz-exec-17250 0...2 227767446us : 0: }D
syz-exec-17250 0...2 227767449us : 0: }D
syz-exec-17250 0...2 227767451us : 0: }D
syz-exec-17250 0...2 227767454us : 0: }D
syz-exec-17250 0...2 227767456us : 0: }D
syz-exec-17250 0...2 227767459us : 0: }D
syz-exec-17250 0...2 227767461us : 0: }D
syz-exec-17250 0...2 227767464us : 0: }D
syz-exec-17250 0...2 227767467us : 0: }D
syz-exec-17250 0...2 227767469us : 0: }D
syz-exec-17250 0...2 227767472us : 0: }D
syz-exec-17250 0...2 227767475us : 0: }D
syz-exec-17250 0...2 227767478us : 0: }D
syz-exec-17250 0...2 227767481us : 0: }D
syz-exec-17250 0...2 227767484us : 0: }D
syz-exec-17250 0...2 227767486us : 0: }D
syz-exec-17250 0...2 227767489us : 0: }D
syz-exec-17250 0...2 227767492us : 0: }D
syz-exec-17250 0...2 227767495us : 0: }D
syz-exec-17250 0...2 227767497us : 0: }D
syz-exec-17250 0...2 227767500us : 0: }D
syz-exec-17250 0...2 227767502us : 0: }D
syz-exec-17250 0...2 227767505us : 0: }D
syz-exec-17250 0...2 227767508us : 0: }D
syz-exec-17250 0...2 227767510us : 0: }D
syz-exec-17250 0...2 227767513us : 0: }D
syz-exec-17250 0...2 227767516us : 0: }D
syz-exec-17250 0...2 227767519us : 0: }D
syz-exec-17250 0...2 227767521us : 0: }D
syz-exec-17250 0...2 227767524us : 0: }D
syz-exec-17250 0...2 227767527us : 0: }D
syz-exec-17250 0...2 227767529us : 0: }D
syz-exec-17250 0...2 227767532us : 0: }D
syz-exec-17250 0...2 227767535us : 0: }D
syz-exec-17250 0...2 227767537us : 0: }D
syz-exec-17250 0...2 227767540us : 0: }D
syz-exec-17250 0...2 227767543us : 0: }D
syz-exec-17250 0...2 227767546us : 0: }D
syz-exec-17250 0...2 227767548us : 0: }D
syz-exec-17250 0...2 227767557us : 0: }D
syz-exec-17250 0...2 227767561us : 0: }D
syz-exec-17250 0...2 227767564us : 0: }D
syz-exec-17250 0...2 227767567us : 0: }D
syz-exec-17250 0...2 227767569us : 0: }D
syz-exec-17250 0...2 227767573us : 0: }D
syz-exec-17250 0...2 227767576us : 0: }D
syz-exec-17250 0...2 227767579us : 0: }D
syz-exec-17250 0...2 227767581us : 0: }D
syz-exec-17250 0...2 227767586us : 0: }D
syz-exec-17250 0...2 227767623us : 0: }D
syz-exec-17250 0...2 227767627us : 0: }D
syz-exec-17250 0...2 227767631us : 0: }D
syz-exec-17250 0...2 227767634us : 0: }D
syz-exec-17250 0...2 227767637us : 0: }D
syz-exec-17250 0...2 227767640us : 0: }D
syz-exec-17250 0...2 227767645us : 0: }D
syz-exec-17250 0...2 227767648us : 0: }D
syz-exec-17250 0...2 227767651us : 0: }D
syz-exec-17250 0...2 227767653us : 0: }D
syz-exec-17250 0...2 227767658us : 0: }D
syz-exec-17250 0...2 227767660us : 0: }D
syz-exec-17250 0...2 227767663us : 0: }D
syz-exec-17250 0...2 227767667us : 0: }D
syz-exec-17250 0...2 227767670us : 0: }D
syz-exec-17250 0...2 227767673us : 0: }D
syz-exec-17250 0...2 227767676us : 0: }D
syz-exec-17250 0...2 227767680us : 0: }D
syz-exec-17250 0...2 227767683us : 0: }D
syz-exec-17250 0...2 227767685us : 0: }D
syz-exec-17250 0...2 227767688us : 0: }D
syz-exec-17250 0...2 227767693us : 0: }D
syz-exec-17250 0...2 227767696us : 0: }D
syz-exec-17250 0...2 227767698us : 0: }D
syz-exec-17250 0...2 227767702us : 0: }D
syz-exec-17250 0...2 227767705us : 0: }D
syz-exec-17250 0...2 227767708us : 0: }D
syz-exec-17250 0...2 227767711us : 0: }D
syz-exec-17250 0...2 227767715us : 0: }D
syz-exec-17250 0...2 227767718us : 0: }D
syz-exec-17250 0...2 227767721us : 0: }D
syz-exec-17250 0...2 227767724us : 0: }D
syz-exec-17250 0...2 227767728us : 0: }D
syz-exec-17250 0...2 227767730us : 0: }D
syz-exec-17250 0...2 227767733us : 0: }D
syz-exec-17250 0...2 227767737us : 0: }D
syz-exec-17250 0...2 227767740us : 0: }D
syz-exec-17250 0...2 227767743us : 0: }D
syz-exec-17250 0...2 227767746us : 0: }D
syz-exec-17250 0...2 227767750us : 0: }D
syz-exec-17250 0...2 227767753us : 0: }D
syz-exec-17250 0...2 227767755us : 0: }D
syz-exec-17250 0...2 227767759us : 0: }D
syz-exec-17250 0...2 227767762us : 0: }D
syz-exec-17250 0...2 227767765us : 0: }D
syz-exec-17250 0...2 227767768us : 0: }D
syz-exec-17250 0...2 227767773us : 0: }D
syz-exec-17250 0...2 227767775us : 0: }D
syz-exec-17250 0...2 227767778us : 0: }D
syz-exec-17250 0...2 227767781us : 0: }D
syz-exec-17250 0...2 227767784us : 0: }D
syz-exec-17250 0...2 227767787us : 0: }D
syz-exec-17250 0...2 227767789us : 0: }D
syz-exec-17250 0...2 227767793us : 0: }D
syz-exec-17250 0...2 227767795us : 0: }D
syz-exec-17250 0...2 227767798us : 0: }D
syz-exec-17250 0...2 227767803us : 0: }D
syz-exec-17250 0...2 227767806us : 0: }D
syz-exec-17250 0...2 227767809us : 0: }D
syz-exec-17250 0...2 227767812us : 0: }D
syz-exec-17250 0...2 227767815us : 0: }D
syz-exec-17250 0...2 227767818us : 0: }D
syz-exec-17250 0...2 227767821us : 0: }D
syz-exec-17250 0...2 227767824us : 0: }D
syz-exec-17250 0...2 227767827us : 0: }D
syz-exec-17250 0...2 227767830us : 0: }D
syz-exec-17250 0...2 227767833us : 0: }D
syz-exec-17250 0...2 227767835us : 0: }D
syz-exec-17250 0...2 227767838us : 0: }D
syz-exec-17250 0...2 227767841us : 0: }D
syz-exec-17250 0...2 227767844us : 0: }D
syz-exec-17250 0...2 227767847us : 0: }D
syz-exec-17250 0...2 227767850us : 0: }D
syz-exec-17250 0...2 227767853us : 0: }D
syz-exec-17250 0...2 227767856us : 0: }D
syz-exec-17250 0...2 227767859us : 0: }D
syz-exec-17250 0...2 227767861us : 0: }D
syz-exec-17250 0...2 227767864us : 0: }D
syz-exec-17250 0...2 227767867us : 0: }D
syz-exec-17250 0...2 227767870us : 0: }D
syz-exec-17250 0...2 227767873us : 0: }D
syz-exec-17250 0...2 227767876us : 0: }D
syz-exec-17250 0...2 227767879us : 0: }D
syz-exec-17250 0.N.2 227767905us : 0: }D
syz-exec-17250 0...2 227767969us : 0: }D
syz-exec-17250 0...2 227767974us : 0: }D
syz-exec-17250 0...2 227767976us : 0: }D
syz-exec-17250 0...2 227767979us : 0: }D
syz-exec-17250 0...2 227767983us : 0: }D
syz-exec-17250 0...2 227767987us : 0: }D
syz-exec-17250 0...2 227767989us : 0: }D
syz-exec-17250 0...2 227767992us : 0: }D
syz-exec-17250 0...2 227767997us : 0: }D
syz-exec-17250 0...2 227768000us : 0: }D
syz-exec-17250 0...2 227768002us : 0: }D
syz-exec-17250 0...2 227768005us : 0: }D
syz-exec-17250 0...2 227768010us : 0: }D
syz-exec-17250 0...2 227768013us : 0: }D
syz-exec-17250 0...2 227768016us : 0: }D
syz-exec-17250 0...2 227768020us : 0: }D
syz-exec-17250 0...2 227768023us : 0: }D
syz-exec-17250 0...2 227768026us : 0: }D
syz-exec-17250 0...2 227768029us : 0: }D
syz-exec-17250 0...2 227768032us : 0: }D
syz-exec-17250 0...2 227768035us : 0: }D
syz-exec-17250 0...2 227768038us : 0: }D
syz-exec-17250 0...2 227768042us : 0: }D
syz-exec-17250 0...2 227768045us : 0: }D
syz-exec-17250 0...2 227768048us : 0: }D
syz-exec-17250 0...2 227768050us : 0: }D
syz-exec-17250 0...2 227768053us : 0: }D
syz-exec-17250 0...2 227768056us : 0: }D
syz-exec-17250 0...2 227768058us : 0: }D
syz-exec-17250 0...2 227768061us : 0: }D
syz-exec-17250 0...2 227768064us : 0: }D
syz-exec-17250 0...2 227768067us : 0: }D
syz-exec-17250 0...2 227768069us : 0: }D
syz-exec-17250 0...2 227768072us : 0: }D
syz-exec-17250 0...2 227768075us : 0: }D
syz-exec-17250 0...2 227768078us : 0: }D
syz-exec-17250 0...2 227768081us : 0: }D
syz-exec-17250 0...2 227768084us : 0: }D
syz-exec-17250 0...2 227768087us : 0: }D
syz-exec-17250 0...2 227768090us : 0: }D
syz-exec-17250 0...2 227768093us : 0: }D
syz-exec-17250 0...2 227768096us : 0: }D
syz-exec-17250 0...2 227768098us : 0: }D
syz-exec-17250 0...2 227768101us : 0: }D
syz-exec-17250 0...2 227768104us : 0: }D
syz-exec-17250 0...2 227768106us : 0: }D
syz-exec-17250 0...2 227768109us : 0: }D
syz-exec-17250 0...2 227768112us : 0: }D
syz-exec-17250 0...2 227768114us : 0: }D
syz-exec-17250 0...2 227768117us : 0: }D
syz-exec-17250 0...2 227768120us : 0: }D
syz-exec-17250 0...2 227768122us : 0: }D
syz-exec-17250 0...2 227768125us : 0: }D
syz-exec-17250 0...2 227768127us : 0: }D
syz-exec-17250 0...2 227768130us : 0: }D
syz-exec-17250 0...2 227768133us : 0: }D
syz-exec-17250 0...2 227768135us : 0: }D
syz-exec-17250 0...2 227768138us : 0: }D
syz-exec-17250 0...2 227768141us : 0: }D
syz-exec-17250 0...2 227768143us : 0: }D
syz-exec-17250 0...2 227768145us : 0: }D
syz-exec-17250 0...2 227768147us : 0: }D
syz-exec-17250 0...2 227768150us : 0: }D
syz-exec-17250 0...2 227768152us : 0: }D
syz-exec-17250 0...2 227768155us : 0: }D
syz-exec-17250 0...2 227768157us : 0: }D
syz-exec-17250 0...2 227768160us : 0: }D
syz-exec-17250 0...2 227768162us : 0: }D
syz-exec-17250 0...2 227768165us : 0: }D
syz-exec-17250 0...2 227768168us : 0: }D
syz-exec-17250 0...2 227768171us : 0: }D
syz-exec-17250 0...2 227768173us : 0: }D
syz-exec-17250 0...2 227768176us : 0: }D
syz-exec-17250 0...2 227768178us : 0: }D
syz-exec-17250 0...2 227768180us : 0: }D
syz-exec-17250 0...2 227768183us : 0: }D
syz-exec-17250 0...2 227768186us : 0: }D
syz-exec-17250 0...2 227768188us : 0: }D
syz-exec-17250 0...2 227768191us : 0: }D
syz-exec-17250 0...2 227768193us : 0: }D
syz-exec-17250 0...2 227768196us : 0: }D
syz-exec-17250 0...2 227768199us : 0: }D
syz-exec-17250 0...2 227768202us : 0: }D
syz-exec-17250 0...2 227768204us : 0: }D
syz-exec-17250 0...2 227768207us : 0: }D
syz-exec-17250 0...2 227768209us : 0: }D
syz-exec-17250 0...2 227768212us : 0: }D
syz-exec-17250 0...2 227768214us : 0: }D
syz-exec-17250 0...2 227768217us : 0: }D
syz-exec-17250 0...2 227768220us : 0: }D
syz-exec-17250 0...2 227768222us : 0: }D
syz-exec-17250 0...2 227768224us : 0: }D
syz-exec-17250 0...2 227768227us : 0: }D
syz-exec-17250 0...2 227768229us : 0: }D
syz-exec-17250 0...2 227768233us : 0: }D
syz-exec-17250 0...2 227768235us : 0: }D
syz-exec-17250 0...2 227768238us : 0: }D
syz-exec-17250 0...2 227768240us : 0: }D
syz-exec-17250 0...2 227768243us : 0: }D
syz-exec-17250 0...2 227768246us : 0: }D
syz-exec-17250 0...2 227768248us : 0: }D
syz-exec-17250 0...2 227768250us : 0: }D
syz-exec-17250 0...2 227768253us : 0: }D
syz-exec-17250 0...2 227768256us : 0: }D
syz-exec-17250 0...2 227768259us : 0: }D
syz-exec-17250 0...2 227768262us : 0: }D
syz-exec-17250 0...2 227768264us : 0: }D
syz-exec-17250 0...2 227768267us : 0: }D
syz-exec-17250 0...2 227768270us : 0: }D
syz-exec-17250 0...2 227768272us : 0: }D
syz-exec-17250 0...2 227768275us : 0: }D
syz-exec-17250 0...2 227768278us : 0: }D
syz-exec-17250 0...2 227768280us : 0: }D
syz-exec-17250 0...2 227768283us : 0: }D
syz-exec-17250 0...2 227768285us : 0: }D
syz-exec-17250 0...2 227768287us : 0: }D
syz-exec-17250 0...2 227768289us : 0: }D
syz-exec-17250 0...2 227768292us : 0: }D
syz-exec-17250 0...2 227768294us : 0: }D
syz-exec-17250 0...2 227768297us : 0: }D
syz-exec-17250 0...2 227768300us : 0: }D
syz-exec-17250 0...2 227768303us : 0: }D
syz-exec-17250 0...2 227768306us : 0: }D
syz-exec-17250 0...2 227768308us : 0: }D
syz-exec-17250 0...2 227768311us : 0: }D
syz-exec-17250 0...2 227768313us : 0: }D
syz-exec-17250 0...2 227768316us : 0: }D
syz-exec-17250 0...2 227768320us : 0: }D
syz-exec-17250 0...2 227768323us : 0: }D
syz-exec-17250 0...2 227768325us : 0: }D
syz-exec-17250 0...2 227768327us : 0: }D
syz-exec-17250 0...2 227768329us : 0: }D
syz-exec-17250 0...2 227768332us : 0: }D
syz-exec-17250 0...2 227768335us : 0: }D
syz-exec-17250 0...2 227768337us : 0: }D
syz-exec-17250 0...2 227768340us : 0: }D
syz-exec-17250 0...2 227768343us : 0: }D
syz-exec-17250 0...2 227768346us : 0: }D
syz-exec-17250 0...2 227768348us : 0: }D
syz-exec-17250 0...2 227768351us : 0: }D
syz-exec-17250 0...2 227768354us : 0: }D
syz-exec-17250 0...2 227768357us : 0: }D
syz-exec-17250 0...2 227768361us : 0: }D
syz-exec-17250 0...2 227768364us : 0: }D
syz-exec-17250 0...2 227768366us : 0: }D
syz-exec-17250 0...2 227768369us : 0: }D
syz-exec-17250 0...2 227768372us : 0: }D
syz-exec-17250 0...2 227768375us : 0: }D
syz-exec-17250 0...2 227768377us : 0: }D
syz-exec-17250 0...2 227768380us : 0: }D
syz-exec-17250 0...2 227768383us : 0: }D
syz-exec-17250 0...2 227768386us : 0: }D
syz-exec-17250 0...2 227768389us : 0: }D
syz-exec-17250 0...2 227768392us : 0: }D
syz-exec-17250 0...2 227768395us : 0: }D
syz-exec-17250 0...2 227768398us : 0: }D
syz-exec-17250 0...2 227768401us : 0: }D
syz-exec-17250 0...2 227768403us : 0: }D
syz-exec-17250 0...2 227768406us : 0: }D
syz-exec-17250 0...2 227768409us : 0: }D
syz-exec-17250 0...2 227768411us : 0: }D
syz-exec-17250 0...2 227768414us : 0: }D
syz-exec-17250 0...2 227768417us : 0: }D
syz-exec-17250 0...2 227768420us : 0: }D
syz-exec-17250 0...2 227768422us : 0: }D
syz-exec-17250 0...2 227768425us : 0: }D
syz-exec-17250 0...2 227768428us : 0: }D
syz-exec-17250 0...2 227768431us : 0: }D
syz-exec-17250 0...2 227768433us : 0: }D
syz-exec-17250 0...2 227768435us : 0: }D
syz-exec-17250 0...2 227768438us : 0: }D
syz-exec-17250 0...2 227768441us : 0: }D
syz-exec-17250 0...2 227768444us : 0: }D
syz-exec-17250 0...2 227768447us : 0: }D
syz-exec-17250 0...2 227768450us : 0: }D
syz-exec-17250 0...2 227768452us : 0: }D
syz-exec-17250 0...2 227768454us : 0: }D
syz-exec-17250 0...2 227768457us : 0: }D
syz-exec-17250 0...2 227768459us : 0: }D
syz-exec-17250 0...2 227768461us : 0: }D
syz-exec-17250 0...2 227768463us : 0: }D
syz-exec-17250 0...2 227768466us : 0: }D
syz-exec-17250 0...2 227768468us : 0: }D
syz-exec-17250 0...2 227768471us : 0: }D
syz-exec-17250 0...2 227768473us : 0: }D
syz-exec-17250 0...2 227768476us : 0: }D
syz-exec-17250 0...2 227768478us : 0: }D
syz-exec-17250 0...2 227768480us : 0: }D
syz-exec-17250 0...2 227768482us : 0: }D
syz-exec-17250 0...2 227768485us : 0: }D
syz-exec-17250 0...2 227768487us : 0: }D
syz-exec-17250 0...2 227768490us : 0: }D
syz-exec-17250 0...2 227768493us : 0: }D
syz-exec-17250 0...2 227768495us : 0: }D
syz-exec-17250 0...2 227768498us : 0: }D
syz-exec-17250 0...2 227768501us : 0: }D
syz-exec-17250 0...2 227768503us : 0: }D
syz-exec-17250 0...2 227768506us : 0: }D
syz-exec-17250 0...2 227768509us : 0: }D
syz-exec-17250 0...2 227768512us : 0: }D
syz-exec-17250 0...2 227768514us : 0: }D
syz-exec-17250 0...2 227768517us : 0: }D
syz-exec-17250 0...2 227768520us : 0: }D
syz-exec-17250 0...2 227768522us : 0: }D
syz-exec-17250 0...2 227768526us : 0: }D
syz-exec-17250 0...2 227768528us : 0: }D
syz-exec-17250 0...2 227768530us : 0: }D
syz-exec-17250 0...2 227768532us : 0: }D
syz-exec-17250 0...2 227768534us : 0: }D
syz-exec-17250 0...2 227768536us : 0: }D
syz-exec-17250 0...2 227768539us : 0: }D
syz-exec-17250 0...2 227768541us : 0: }D
syz-exec-17250 0...2 227768544us : 0: }D
syz-exec-17250 0...2 227768546us : 0: }D
syz-exec-17250 0...2 227768549us : 0: }D
syz-exec-17250 0...2 227768563us : 0: }D
syz-exec-17250 0...2 227768566us : 0: }D
syz-exec-17250 0...2 227768570us : 0: }D
syz-exec-17250 0...2 227768572us : 0: }D
syz-exec-17250 0...2 227768574us : 0: }D
syz-exec-17250 0...2 227768578us : 0: }D
syz-exec-17250 0...2 227768582us : 0: }D
syz-exec-17250 0...2 227768585us : 0: }D
syz-exec-17250 0...2 227768588us : 0: }D
syz-exec-17250 0...2 227768640us : 0: }D
syz-exec-17250 0...2 227768643us : 0: }D
syz-exec-17250 0...2 227768646us : 0: }D
syz-exec-17250 0...2 227768650us : 0: }D
syz-exec-17250 0...2 227768654us : 0: }D
syz-exec-17250 0...2 227768657us : 0: }D
syz-exec-17250 0...2 227768659us : 0: }D
syz-exec-17250 0...2 227768663us : 0: }D
syz-exec-17250 0...2 227768666us : 0: }D
syz-exec-17250 0...2 227792102us : 0: }D
syz-exec-17250 0...2 227792109us : 0: }D
syz-exec-17250 0...2 227792113us : 0: }D
syz-exec-17250 0...2 227792116us : 0: }D
syz-exec-17250 0...2 227792119us : 0: }D
syz-exec-17250 0...2 227792121us : 0: }D
syz-exec-17250 0...2 227792125us : 0: }D
syz-exec-17250 0...2 227792128us : 0: }D
syz-exec-17250 0...2 227792131us : 0: }D
syz-exec-17250 0...2 227792135us : 0: }D
syz-exec-17250 0...2 227792137us : 0: }D
syz-exec-17250 0...2 227792139us : 0: }D
syz-exec-17250 0...2 227792142us : 0: }D
syz-exec-17250 0...2 227792145us : 0: }D
syz-exec-17250 0...2 227792147us : 0: }D
syz-exec-17250 0...2 227792149us : 0: }D
syz-exec-17250 0...2 227792152us : 0: }D
syz-exec-17250 0...2 227792155us : 0: }D
syz-exec-17250 0...2 227792157us : 0: }D
syz-exec-17250 0...2 227792160us : 0: }D
syz-exec-17250 0...2 227792163us : 0: }D
syz-exec-17250 0...2 227792165us : 0: }D
syz-exec-17250 0...2 227792168us : 0: }D
syz-exec-17250 0...2 227792171us : 0: }D
syz-exec-17250 0...2 227792173us : 0: }D
syz-exec-17250 0...2 227792176us : 0: }D
syz-exec-17250 0...2 227792178us : 0: }D
syz-exec-17250 0...2 227792181us : 0: }D
syz-exec-17250 0...2 227792183us : 0: }D
syz-exec-17250 0...2 227792186us : 0: }D
syz-exec-17250 0...2 227792189us : 0: }D
syz-exec-17250 0...2 227792192us : 0: }D
syz-exec-17250 0...2 227792194us : 0: }D
syz-exec-17250 0...2 227792197us : 0: }D
syz-exec-17250 0...2 227792200us : 0: }D
syz-exec-17250 0...2 227792203us : 0: }D
syz-exec-17250 0...2 227792205us : 0: }D
syz-exec-17250 0...2 227792208us : 0: }D
syz-exec-17250 0...2 227792211us : 0: }D
syz-exec-17250 0...2 227792213us : 0: }D
syz-exec-17250 0...2 227792216us : 0: }D
syz-exec-17250 0...2 227792219us : 0: }D
syz-exec-17250 0...2 227792221us : 0: }D
syz-exec-17250 0...2 227792224us : 0: }D
syz-exec-17250 0...2 227792226us : 0: }D
syz-exec-17250 0...2 227792229us : 0: }D
syz-exec-17250 0...2 227792232us : 0: }D
syz-exec-17250 0...2 227792234us : 0: }D
syz-exec-17250 0...2 227792237us : 0: }D
syz-exec-17250 0...2 227792240us : 0: }D
syz-exec-17250 0...2 227792242us : 0: }D
syz-exec-17250 0...2 227792244us : 0: }D
syz-exec-17250 0...2 227792247us : 0: }D
syz-exec-17250 0...2 227792249us : 0: }D
syz-exec-17250 0...2 227792252us : 0: }D
syz-exec-17250 0...2 227792254us : 0: }D
syz-exec-17250 0...2 227792256us : 0: }D
syz-exec-17250 0...2 227792259us : 0: }D
syz-exec-17250 0...2 227792261us : 0: }D
syz-exec-17250 0...2 227792263us : 0: }D
syz-exec-17250 0...2 227792266us : 0: }D
syz-exec-17250 0...2 227792268us : 0: }D
syz-exec-17250 0...2 227792271us : 0: }D
syz-exec-17250 0...2 227792274us : 0: }D
syz-exec-17250 0...2 227792276us : 0: }D
syz-exec-17250 0...2 227792279us : 0: }D
syz-exec-17250 0...2 227792281us : 0: }D
syz-exec-17250 0...2 227792284us : 0: }D
syz-exec-17250 0...2 227792286us : 0: }D
syz-exec-17250 0...2 227792289us : 0: }D
syz-exec-17250 0...2 227792291us : 0: }D
syz-exec-17250 0...2 227792293us : 0: }D
syz-exec-17250 0...2 227792295us : 0: }D
syz-exec-17250 0...2 227792298us : 0: }D
syz-exec-17250 0...2 227792300us : 0: }D
syz-exec-17250 0...2 227792302us : 0: }D
syz-exec-17250 0...2 227792304us : 0: }D
syz-exec-17250 0...2 227792307us : 0: }D
syz-exec-17250 0...2 227792309us : 0: }D
syz-exec-17250 0...2 227792314us : 0: }D
syz-exec-17250 0...2 227792317us : 0: }D
syz-exec-17250 0...2 227792319us : 0: }D
syz-exec-17250 0...2 227792321us : 0: }D
syz-exec-17250 0...2 227792324us : 0: }D
syz-exec-17250 0...2 227792326us : 0: }D
syz-exec-17250 0...2 227792329us : 0: }D
syz-exec-17250 0...2 227792331us : 0: }D
syz-exec-17250 0...2 227792333us : 0: }D
syz-exec-17250 0...2 227792336us : 0: }D
syz-exec-17250 0...2 227792338us : 0: }D
syz-exec-17250 0...2 227792340us : 0: }D
syz-exec-17250 0...2 227792343us : 0: }D
syz-exec-17250 0...2 227792345us : 0: }D
syz-exec-17250 0...2 227792347us : 0: }D
syz-exec-17250 0...2 227792350us : 0: }D
syz-exec-17250 0...2 227792353us : 0: }D
syz-exec-17250 0...2 227792355us : 0: }D
syz-exec-17250 0...2 227792358us : 0: }D
syz-exec-17250 0...2 227792361us : 0: }D
syz-exec-17250 0...2 227792363us : 0: }D
syz-exec-17250 0...2 227792366us : 0: }D
syz-exec-17250 0...2 227792369us : 0: }D
syz-exec-17250 0...2 227792372us : 0: }D
syz-exec-17250 0...2 227792375us : 0: }D
syz-exec-17250 0...2 227792377us : 0: }D
syz-exec-17250 0...2 227792379us : 0: }D
syz-exec-17250 0...2 227792382us : 0: }D
syz-exec-17250 0...2 227792385us : 0: }D
syz-exec-17250 0...2 227792387us : 0: }D
syz-exec-17250 0...2 227792389us : 0: }D
syz-exec-17250 0...2 227792392us : 0: }D
syz-exec-17250 0...2 227792394us : 0: }D
syz-exec-17250 0...2 227792397us : 0: }D
syz-exec-17250 0...2 227792399us : 0: }D
syz-exec-17250 0.N.2 227792404us : 0: }D
syz-exec-17250 0...2 227798251us : 0: }D
syz-exec-17250 0...2 227798260us : 0: }D
syz-exec-17250 0...2 227798263us : 0: }D
syz-exec-17250 0...2 227798266us : 0: }D
syz-exec-17250 0...2 227798269us : 0: }D
syz-exec-17250 0...2 227798273us : 0: }D
syz-exec-17250 0...2 227798276us : 0: }D
syz-exec-17250 0...2 227798279us : 0: }D
syz-exec-17250 0...2 227798282us : 0: }D
syz-exec-17250 0...2 227798285us : 0: }D
syz-exec-17250 0...2 227798288us : 0: }D
syz-exec-17250 0...2 227798291us : 0: }D
syz-exec-17250 0...2 227798295us : 0: }D
syz-exec-17250 0...2 227798298us : 0: }D
syz-exec-17250 0...2 227798301us : 0: }D
syz-exec-17250 0...2 227798304us : 0: }D
syz-exec-17250 0...2 227798308us : 0: }D
syz-exec-17250 0...2 227798311us : 0: }D
syz-exec-17250 0...2 227798313us : 0: }D
syz-exec-17250 0...2 227798317us : 0: }D
syz-exec-17250 0...2 227798321us : 0: }D
syz-exec-17250 0...2 227798323us : 0: }D
syz-exec-17250 0...2 227798326us : 0: }D
syz-exec-17250 0...2 227798331us : 0: }D
syz-exec-17250 0...2 227798333us : 0: }D
syz-exec-17250 0...2 227798336us : 0: }D
syz-exec-17250 0...2 227798339us : 0: }D
syz-exec-17250 0...2 227798343us : 0: }D
syz-exec-17250 0...2 227798346us : 0: }D
syz-exec-17250 0...2 227798349us : 0: }D
syz-exec-17250 0...2 227798353us : 0: }D
syz-exec-17250 0...2 227798356us : 0: }D
syz-exec-17250 0...2 227798359us : 0: }D
syz-exec-17250 0...2 227798362us : 0: }D
syz-exec-17250 0...2 227798367us : 0: }D
syz-exec-17250 0...2 227798369us : 0: }D
syz-exec-17250 0...2 227798372us : 0: }D
syz-exec-17250 0...2 227798376us : 0: }D
syz-exec-17250 0...2 227798379us : 0: }D
syz-exec-17250 0...2 227798382us : 0: }D
syz-exec-17250 0...2 227798385us : 0: }D
syz-exec-17250 0...2 227798389us : 0: }D
syz-exec-17250 0...2 227798391us : 0: }D
syz-exec-17250 0...2 227798394us : 0: }D
syz-exec-17250 0...2 227798397us : 0: }D
syz-exec-17250 0...2 227798401us : 0: }D
syz-exec-17250 0...2 227798403us : 0: }D
syz-exec-17250 0...2 227798406us : 0: }D
syz-exec-17250 0...2 227798410us : 0: }D
syz-exec-17250 0...2 227798414us : 0: }D
syz-exec-17250 0...2 227798417us : 0: }D
syz-exec-17250 0...2 227798419us : 0: }D
syz-exec-17250 0...2 227798422us : 0: }D
syz-exec-17250 0...2 227798425us : 0: }D
syz-exec-17250 0...2 227798428us : 0: }D
syz-exec-17250 0...2 227798431us : 0: }D
syz-exec-17250 0...2 227798434us : 0: }D
syz-exec-17250 0...2 227798436us : 0: }D
syz-exec-17250 0...2 227798439us : 0: }D
syz-exec-17250 0...2 227798442us : 0: }D
syz-exec-17250 0...2 227798445us : 0: }D
syz-exec-17250 0...2 227798448us : 0: }D
syz-exec-17250 0...2 227798450us : 0: }D
syz-exec-17250 0.
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: general protection fault in find_device
2018-06-18 5:55 general protection fault in find_device syzbot
@ 2018-06-18 7:03 ` Nikolay Borisov
2018-06-18 8:26 ` Nikolay Borisov
2018-06-18 13:32 ` David Sterba
0 siblings, 2 replies; 6+ messages in thread
From: Nikolay Borisov @ 2018-06-18 7:03 UTC (permalink / raw)
To: clm, dsterba, jbacik, linux-btrfs, linux-kernel, syzkaller-bugs
[Adding Anand to CC list since he's been doing devices-related work]
On 18.06.2018 08:55, syzbot wrote:
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit: ce397d215ccd Linux 4.18-rc1
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=14e765f8400000
> kernel config: https://syzkaller.appspot.com/x/.config?x=f390986c4f7cd566
> dashboard link:
> https://syzkaller.appspot.com/bug?extid=923aa93978c7ad27a9b1
> compiler: gcc (GCC) 8.0.1 20180413 (experimental)
>
> Unfortunately, I don't have any reproducer for this crash yet.
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+923aa93978c7ad27a9b1@syzkaller.appspotmail.com
>
> kasan: CONFIG_KASAN_INLINE enabled
> kasan: GPF could be caused by NULL-ptr deref or user memory access
> general protection fault: 0000 [#1] SMP KASAN
> CPU: 0 PID: 14460 Comm: syz-executor5 Not tainted 4.18.0-rc1+ #107
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> RIP: 0010:find_device+0x94/0x130 fs/btrfs/volumes.c:366
> Code: 42 80 3c 28 00 0f 85 9d 00 00 00 48 8b 1b 4c 39 f3 0f 84 86 00 00
> 00 e8 6a 79 b1 fe 48 8d bb c0 00 00 00 48 89 f8 48 c1 e8 03 <42> 80 3c
> 28 00 75 70 4c 8b bb c0 00 00 00 4c 89 e6 4c 89 ff e8 f3
> RSP: 0018:ffff8801d880ee70 EFLAGS: 00010206
> RAX: 0000000000000018 RBX: 0000000000000000 RCX: ffffc9000d8a5000
> RDX: 0000000000002d14 RSI: ffffffff82ca3136 RDI: 00000000000000c0
> RBP: ffff8801d880eea8 R08: ffff8801abee0240 R09: fffffbfff123dea8
> R10: ffff8801d880f178 R11: ffffffff891ef547 R12: 231f7dc339e55e1c
> R13: dffffc0000000000 R14: ffff8801d7a65b98 R15: 0000000000000000
> FS: 00007faa9dcb2700(0000) GS:ffff8801dae00000(0000)
> knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 000000000093002d CR3: 00000001bd208000 CR4: 00000000001406f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> Call Trace:
> device_list_add+0x230/0x1530 fs/btrfs/volumes.c:771
> btrfs_scan_one_device+0x474/0xb00 fs/btrfs/volumes.c:1247
> btrfs_mount_root+0x3ae/0x1e90 fs/btrfs/super.c:1542
> mount_fs+0xae/0x328 fs/super.c:1277
> vfs_kern_mount.part.34+0xdc/0x4e0 fs/namespace.c:1037
> vfs_kern_mount+0x40/0x60 fs/namespace.c:1027
> btrfs_mount+0x4a9/0x215e fs/btrfs/super.c:1661
> mount_fs+0xae/0x328 fs/super.c:1277
> vfs_kern_mount.part.34+0xdc/0x4e0 fs/namespace.c:1037
> vfs_kern_mount fs/namespace.c:1027 [inline]
> do_new_mount fs/namespace.c:2518 [inline]
> do_mount+0x581/0x30e0 fs/namespace.c:2848
> ksys_mount+0x12d/0x140 fs/namespace.c:3064
> __do_sys_mount fs/namespace.c:3078 [inline]
> __se_sys_mount fs/namespace.c:3075 [inline]
> __x64_sys_mount+0xbe/0x150 fs/namespace.c:3075
> do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
> entry_SYSCALL_64_after_hwframe+0x49/0xbe
> RIP: 0033:0x45855a
> Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e
> 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01
> f0 ff ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00
> RSP: 002b:00007faa9dcb1a88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
> RAX: ffffffffffffffda RBX: 0000000020000428 RCX: 000000000045855a
> RDX: 00007faa9dcb1ad0 RSI: 00000000200000c0 RDI: 00007faa9dcb1af0
> RBP: 0000000000000001 R08: 00007faa9dcb1b30 R09: 00007faa9dcb1ad0
> R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000013
> R13: 0000000000000001 R14: 00000000004d2d78 R15: 0000000000000000
So this suggests some inconsistency on fs_devices->devices list. On a
quick look indeed it doesn't seem clear what the locking rules for this
list are. In device_list_add in the !device case a device is added with
fs_devices->device_list_Mutex held and using list_add_rcu. In the same
function if we want to read the list ie invoke find_devices (because we
have found an fsid) we are using plain list_for_each_entry (ie not the
_rcu version and i don't see device_list_mutex being held while
iterating the list). Additionally in btrfs_free_extra_devids the
fs_devices->devices list is iterated with uuid_mutex being held and not
device_list_mutex. In open_fs_devices we don't get any protection
whatsoever while reading the list. Same thing in
btrfs_find_next_active_device. If the list is supposed to be
RCU-protected then the rules are:
1. There needs to be an out of band (ie not RCU) mutual exclusion of
modifiers
2. Iterating the list should use _rcu list primitives.
Currently I don't see those 2 invariants being enforced in every code path.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: general protection fault in find_device
2018-06-18 7:03 ` Nikolay Borisov
@ 2018-06-18 8:26 ` Nikolay Borisov
2018-06-18 13:32 ` David Sterba
1 sibling, 0 replies; 6+ messages in thread
From: Nikolay Borisov @ 2018-06-18 8:26 UTC (permalink / raw)
To: clm, dsterba, jbacik, linux-btrfs, linux-kernel, syzkaller-bugs
Cc: Anand Jain
[Actually adding Anand to CC, Anand see my analysis of the issue below
from previous email]
On 18.06.2018 10:03, Nikolay Borisov wrote:
> [Adding Anand to CC list since he's been doing devices-related work]
>
> On 18.06.2018 08:55, syzbot wrote:
>> Hello,
>>
>> syzbot found the following crash on:
>>
>> HEAD commit: ce397d215ccd Linux 4.18-rc1
>> git tree: upstream
>> console output: https://syzkaller.appspot.com/x/log.txt?x=14e765f8400000
>> kernel config: https://syzkaller.appspot.com/x/.config?x=f390986c4f7cd566
>> dashboard link:
>> https://syzkaller.appspot.com/bug?extid=923aa93978c7ad27a9b1
>> compiler: gcc (GCC) 8.0.1 20180413 (experimental)
>>
>> Unfortunately, I don't have any reproducer for this crash yet.
>>
>> IMPORTANT: if you fix the bug, please add the following tag to the commit:
>> Reported-by: syzbot+923aa93978c7ad27a9b1@syzkaller.appspotmail.com
>>
>> kasan: CONFIG_KASAN_INLINE enabled
>> kasan: GPF could be caused by NULL-ptr deref or user memory access
>> general protection fault: 0000 [#1] SMP KASAN
>> CPU: 0 PID: 14460 Comm: syz-executor5 Not tainted 4.18.0-rc1+ #107
>> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
>> Google 01/01/2011
>> RIP: 0010:find_device+0x94/0x130 fs/btrfs/volumes.c:366
>> Code: 42 80 3c 28 00 0f 85 9d 00 00 00 48 8b 1b 4c 39 f3 0f 84 86 00 00
>> 00 e8 6a 79 b1 fe 48 8d bb c0 00 00 00 48 89 f8 48 c1 e8 03 <42> 80 3c
>> 28 00 75 70 4c 8b bb c0 00 00 00 4c 89 e6 4c 89 ff e8 f3
>> RSP: 0018:ffff8801d880ee70 EFLAGS: 00010206
>> RAX: 0000000000000018 RBX: 0000000000000000 RCX: ffffc9000d8a5000
>> RDX: 0000000000002d14 RSI: ffffffff82ca3136 RDI: 00000000000000c0
>> RBP: ffff8801d880eea8 R08: ffff8801abee0240 R09: fffffbfff123dea8
>> R10: ffff8801d880f178 R11: ffffffff891ef547 R12: 231f7dc339e55e1c
>> R13: dffffc0000000000 R14: ffff8801d7a65b98 R15: 0000000000000000
>> FS: 00007faa9dcb2700(0000) GS:ffff8801dae00000(0000)
>> knlGS:0000000000000000
>> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> CR2: 000000000093002d CR3: 00000001bd208000 CR4: 00000000001406f0
>> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
>> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
>> Call Trace:
>> device_list_add+0x230/0x1530 fs/btrfs/volumes.c:771
>> btrfs_scan_one_device+0x474/0xb00 fs/btrfs/volumes.c:1247
>> btrfs_mount_root+0x3ae/0x1e90 fs/btrfs/super.c:1542
>> mount_fs+0xae/0x328 fs/super.c:1277
>> vfs_kern_mount.part.34+0xdc/0x4e0 fs/namespace.c:1037
>> vfs_kern_mount+0x40/0x60 fs/namespace.c:1027
>> btrfs_mount+0x4a9/0x215e fs/btrfs/super.c:1661
>> mount_fs+0xae/0x328 fs/super.c:1277
>> vfs_kern_mount.part.34+0xdc/0x4e0 fs/namespace.c:1037
>> vfs_kern_mount fs/namespace.c:1027 [inline]
>> do_new_mount fs/namespace.c:2518 [inline]
>> do_mount+0x581/0x30e0 fs/namespace.c:2848
>> ksys_mount+0x12d/0x140 fs/namespace.c:3064
>> __do_sys_mount fs/namespace.c:3078 [inline]
>> __se_sys_mount fs/namespace.c:3075 [inline]
>> __x64_sys_mount+0xbe/0x150 fs/namespace.c:3075
>> do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
>> entry_SYSCALL_64_after_hwframe+0x49/0xbe
>> RIP: 0033:0x45855a
>> Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 8f fb ff c3 66 2e
>> 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01
>> f0 ff ff 0f 83 ba 8f fb ff c3 66 0f 1f 84 00 00 00 00 00
>> RSP: 002b:00007faa9dcb1a88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
>> RAX: ffffffffffffffda RBX: 0000000020000428 RCX: 000000000045855a
>> RDX: 00007faa9dcb1ad0 RSI: 00000000200000c0 RDI: 00007faa9dcb1af0
>> RBP: 0000000000000001 R08: 00007faa9dcb1b30 R09: 00007faa9dcb1ad0
>> R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000013
>> R13: 0000000000000001 R14: 00000000004d2d78 R15: 0000000000000000
>
>
> So this suggests some inconsistency on fs_devices->devices list. On a
> quick look indeed it doesn't seem clear what the locking rules for this
> list are. In device_list_add in the !device case a device is added with
> fs_devices->device_list_Mutex held and using list_add_rcu. In the same
> function if we want to read the list ie invoke find_devices (because we
> have found an fsid) we are using plain list_for_each_entry (ie not the
> _rcu version and i don't see device_list_mutex being held while
> iterating the list). Additionally in btrfs_free_extra_devids the
> fs_devices->devices list is iterated with uuid_mutex being held and not
> device_list_mutex. In open_fs_devices we don't get any protection
> whatsoever while reading the list. Same thing in
> btrfs_find_next_active_device. If the list is supposed to be
> RCU-protected then the rules are:
>
> 1. There needs to be an out of band (ie not RCU) mutual exclusion of
> modifiers
> 2. Iterating the list should use _rcu list primitives.
>
> Currently I don't see those 2 invariants being enforced in every code path.
> --
> To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: general protection fault in find_device
2018-06-18 7:03 ` Nikolay Borisov
2018-06-18 8:26 ` Nikolay Borisov
@ 2018-06-18 13:32 ` David Sterba
2018-06-18 13:43 ` Nikolay Borisov
1 sibling, 1 reply; 6+ messages in thread
From: David Sterba @ 2018-06-18 13:32 UTC (permalink / raw)
To: Nikolay Borisov
Cc: clm, dsterba, jbacik, linux-btrfs, linux-kernel, syzkaller-bugs,
anand.jain
On Mon, Jun 18, 2018 at 10:03:18AM +0300, Nikolay Borisov wrote:
> So this suggests some inconsistency on fs_devices->devices list. On a
> quick look indeed it doesn't seem clear what the locking rules for this
> list are. In device_list_add in the !device case a device is added with
> fs_devices->device_list_Mutex held and using list_add_rcu. In the same
> function if we want to read the list ie invoke find_devices (because we
> have found an fsid) we are using plain list_for_each_entry (ie not the
> _rcu version and i don't see device_list_mutex being held while
> iterating the list). Additionally in btrfs_free_extra_devids the
> fs_devices->devices list is iterated with uuid_mutex being held and not
> device_list_mutex. In open_fs_devices we don't get any protection
> whatsoever while reading the list.
The uuid_mutex or device_list_mutex is provided by a caller up the
stack.
> Same thing in
> btrfs_find_next_active_device. If the list is supposed to be
> RCU-protected then the rules are:
>
> 1. There needs to be an out of band (ie not RCU) mutual exclusion of
> modifiers
that's device_list_mutex for fs_devices::devices
> 2. Iterating the list should use _rcu list primitives.
>
> Currently I don't see those 2 invariants being enforced in every code path.
Where is it not enforced for example?
If the device_list_mutex is held, list traversal does not use
list_for_each_entry_rcu, otherwise it does (eg the DEV_INFO ioctl or
btrfs_show_devname).
The problem that triggers this report is IMO in device_list_add that
uses the device list unprotected. Anand sent patches for that, but they
were titled as 'cleanups' so I skipped them for the merge window.
Candidate fixes are:
https://patchwork.kernel.org/patch/10437705/
https://patchwork.kernel.org/patch/10437713/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: general protection fault in find_device
2018-06-18 13:32 ` David Sterba
@ 2018-06-18 13:43 ` Nikolay Borisov
2018-06-26 9:17 ` Anand Jain
0 siblings, 1 reply; 6+ messages in thread
From: Nikolay Borisov @ 2018-06-18 13:43 UTC (permalink / raw)
To: dsterba, clm, dsterba, jbacik, linux-btrfs, linux-kernel,
syzkaller-bugs, anand.jain
On 18.06.2018 16:32, David Sterba wrote:
> On Mon, Jun 18, 2018 at 10:03:18AM +0300, Nikolay Borisov wrote:
>> So this suggests some inconsistency on fs_devices->devices list. On a
>> quick look indeed it doesn't seem clear what the locking rules for this
>> list are. In device_list_add in the !device case a device is added with
>> fs_devices->device_list_Mutex held and using list_add_rcu. In the same
>> function if we want to read the list ie invoke find_devices (because we
>> have found an fsid) we are using plain list_for_each_entry (ie not the
>> _rcu version and i don't see device_list_mutex being held while
>> iterating the list). Additionally in btrfs_free_extra_devids the
>> fs_devices->devices list is iterated with uuid_mutex being held and not
>> device_list_mutex. In open_fs_devices we don't get any protection
>> whatsoever while reading the list.
>
> The uuid_mutex or device_list_mutex is provided by a caller up the
> stack.
>
>> Same thing in
>> btrfs_find_next_active_device. If the list is supposed to be
>> RCU-protected then the rules are:
>>
>> 1. There needs to be an out of band (ie not RCU) mutual exclusion of
>> modifiers
>
> that's device_list_mutex for fs_devices::devices
>
>> 2. Iterating the list should use _rcu list primitives.
>>
>> Currently I don't see those 2 invariants being enforced in every code path.
>
> Where is it not enforced for example?
Admittedly I didn't check the whole call chain but for example in
find_device it's used "naked". Perhaps putting some lockdep_assert in
various places dealing with fs_devices->devices list would help ?
>
> If the device_list_mutex is held, list traversal does not use
> list_for_each_entry_rcu, otherwise it does (eg the DEV_INFO ioctl or
> btrfs_show_devname).
>
> The problem that triggers this report is IMO in device_list_add that
> uses the device list unprotected. Anand sent patches for that, but they
> were titled as 'cleanups' so I skipped them for the merge window.
>
> Candidate fixes are:
>
> https://patchwork.kernel.org/patch/10437705/
> https://patchwork.kernel.org/patch/10437713/
Yep those 2 definitely look like fixing unlocked accesses to
fs_devices->devices list
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: general protection fault in find_device
2018-06-18 13:43 ` Nikolay Borisov
@ 2018-06-26 9:17 ` Anand Jain
0 siblings, 0 replies; 6+ messages in thread
From: Anand Jain @ 2018-06-26 9:17 UTC (permalink / raw)
To: Nikolay Borisov, dsterba, clm, dsterba, jbacik, linux-btrfs,
linux-kernel, syzkaller-bugs
(Sorry for the delay in replay due to my vacation).
Thanks Nikolay. more below.
On 06/18/2018 09:43 PM, Nikolay Borisov wrote:
>
>
> On 18.06.2018 16:32, David Sterba wrote:
>> On Mon, Jun 18, 2018 at 10:03:18AM +0300, Nikolay Borisov wrote:
>>> So this suggests some inconsistency on fs_devices->devices list. On a
>>> quick look indeed it doesn't seem clear what the locking rules for this
>>> list are. In device_list_add in the !device case a device is added with
>>> fs_devices->device_list_Mutex held and using list_add_rcu. In the same
>>> function if we want to read the list ie invoke find_devices (because we
>>> have found an fsid) we are using plain list_for_each_entry (ie not the
>>> _rcu version and i don't see device_list_mutex being held while
>>> iterating the list). Additionally in btrfs_free_extra_devids the
>>> fs_devices->devices list is iterated with uuid_mutex being held and not
>>> device_list_mutex. In open_fs_devices we don't get any protection
>>> whatsoever while reading the list.
>>
>> The uuid_mutex or device_list_mutex is provided by a caller up the
>> stack.
>>
>>> Same thing in
>>> btrfs_find_next_active_device. If the list is supposed to be
>>> RCU-protected then the rules are:
>>>
>>> 1. There needs to be an out of band (ie not RCU) mutual exclusion of
>>> modifiers
>>
>> that's device_list_mutex for fs_devices::devices
>>
>>> 2. Iterating the list should use _rcu list primitives.
>>>
>>> Currently I don't see those 2 invariants being enforced in every code path.
>>
>> Where is it not enforced for example?
>
> Admittedly I didn't check the whole call chain but for example in
> find_device it's used "naked". Perhaps putting some lockdep_assert in
> various places dealing with fs_devices->devices list would help ?
>>
>> If the device_list_mutex is held, list traversal does not use
>> list_for_each_entry_rcu, otherwise it does (eg the DEV_INFO ioctl or
>> btrfs_show_devname).
>>
>> The problem that triggers this report is IMO in device_list_add that
>> uses the device list unprotected. Anand sent patches for that, but they
>> were titled as 'cleanups' so I skipped them for the merge window.
Ah. sorry to confuse you. Will consolidate fixes into github
(also reviewing David's fixes as well) and will use syz to confirm.
Thanks, Anand
>> Candidate fixes are:
>>
>> https://patchwork.kernel.org/patch/10437705/
>> https://patchwork.kernel.org/patch/10437713/
> Yep those 2 definitely look like fixing unlocked accesses to
> fs_devices->devices list
>>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2018-06-26 9:14 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-06-18 5:55 general protection fault in find_device syzbot
2018-06-18 7:03 ` Nikolay Borisov
2018-06-18 8:26 ` Nikolay Borisov
2018-06-18 13:32 ` David Sterba
2018-06-18 13:43 ` Nikolay Borisov
2018-06-26 9:17 ` Anand Jain
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.