Warning: Permanently added '10.128.0.239' (ECDSA) to the list of known hosts.
2021/04/16 12:24:18 fuzzer started
2021/04/16 12:24:18 dialing manager at 10.128.0.163:33075
2021/04/16 12:24:18 syscalls: 1982
2021/04/16 12:24:18 code coverage: enabled
2021/04/16 12:24:18 comparison tracing: enabled
2021/04/16 12:24:18 extra coverage: enabled
2021/04/16 12:24:18 setuid sandbox: enabled
2021/04/16 12:24:18 namespace sandbox: enabled
2021/04/16 12:24:18 Android sandbox: enabled
2021/04/16 12:24:18 fault injection: enabled
2021/04/16 12:24:18 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2021/04/16 12:24:18 net packet injection: /dev/net/tun does not exist
2021/04/16 12:24:18 net device setup: enabled
2021/04/16 12:24:18 concurrency sanitizer: enabled
2021/04/16 12:24:18 devlink PCI setup: PCI device 0000:00:10.0 is not available
2021/04/16 12:24:18 USB emulation: /dev/raw-gadget does not exist
2021/04/16 12:24:18 hci packet injection: /dev/vhci does not exist
2021/04/16 12:24:18 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist
2021/04/16 12:24:18 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist
2021/04/16 12:24:19 suppressing KCSAN reports in functions: 'step_into' 'ext4_free_inode' 'exit_mm' 'n_tty_receive_buf_common' '__xa_clear_mark' 'blk_mq_rq_ctx_init' 'generic_write_end' '__ext4_update_other_inode_time' '__ext4_new_inode' 
2021/04/16 12:24:19 fetching corpus: 0, signal 0/2000 (executing program)
2021/04/16 12:24:19 fetching corpus: 49, signal 17136/20473 (executing program)
2021/04/16 12:24:19 fetching corpus: 99, signal 28556/32938 (executing program)
2021/04/16 12:24:19 fetching corpus: 149, signal 36371/41649 (executing program)
2021/04/16 12:24:19 fetching corpus: 199, signal 40714/46881 (executing program)
2021/04/16 12:24:19 fetching corpus: 249, signal 44983/51860 (executing program)
2021/04/16 12:24:19 fetching corpus: 299, signal 48681/56227 (executing program)
2021/04/16 12:24:19 fetching corpus: 349, signal 53734/61655 (executing program)
2021/04/16 12:24:19 fetching corpus: 399, signal 55142/63831 (executing program)
[   18.927028][ T1765] ==================================================================
[   18.928818][ T1765] BUG: KCSAN: data-race in complete_signal / futex_wait_queue_me
[   18.930716][ T1765] 
[   18.931345][ T1765] write to 0xffff88810550c0ec of 4 bytes by task 1754 on cpu 1:
[   18.932524][ T1765]  futex_wait_queue_me+0x198/0x260
[   18.933425][ T1765]  futex_wait+0x143/0x430
[   18.934575][ T1765]  do_futex+0x9e8/0x1e10
[   18.935599][ T1765]  __se_sys_futex+0x2a8/0x390
[   18.936364][ T1765]  __x64_sys_futex+0x74/0x80
[   18.937208][ T1765]  do_syscall_64+0x34/0x50
[   18.938098][ T1765]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   18.939065][ T1765] 
[   18.939580][ T1765] read to 0xffff88810550c0ec of 4 bytes by task 1765 on cpu 0:
[   18.942070][ T1765]  complete_signal+0x7c/0x600
[   18.943120][ T1765]  __send_signal+0x680/0x760
[   18.943976][ T1765]  send_signal+0x38e/0x3d0
[   18.944912][ T1765]  do_send_specific+0x13d/0x1c0
[   18.945843][ T1765]  __x64_sys_tgkill+0x108/0x140
[   18.946969][ T1765]  do_syscall_64+0x34/0x50
[   18.951016][ T1765]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   18.956885][ T1765] 
[   18.959184][ T1765] Reported by Kernel Concurrency Sanitizer on:
[   18.965323][ T1765] CPU: 0 PID: 1765 Comm: syz-fuzzer Not tainted 5.12.0-rc7-syzkaller #0
2021/04/16 12:24:19 fetching corpus: 449, signal 58650/67625 (executing program)
[   18.973624][ T1765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   18.983652][ T1765] ==================================================================
2021/04/16 12:24:19 fetching corpus: 498, signal 60737/70217 (executing program)
2021/04/16 12:24:19 fetching corpus: 548, signal 63963/73642 (executing program)
2021/04/16 12:24:19 fetching corpus: 598, signal 67138/76852 (executing program)
2021/04/16 12:24:19 fetching corpus: 648, signal 69028/79029 (executing program)
2021/04/16 12:24:19 fetching corpus: 698, signal 70422/80773 (executing program)
2021/04/16 12:24:19 fetching corpus: 748, signal 71346/82092 (executing program)
2021/04/16 12:24:19 fetching corpus: 798, signal 73184/84012 (executing program)
2021/04/16 12:24:20 fetching corpus: 848, signal 74613/85620 (executing program)
2021/04/16 12:24:20 fetching corpus: 898, signal 76286/87315 (executing program)
2021/04/16 12:24:20 fetching corpus: 948, signal 77902/88924 (executing program)
2021/04/16 12:24:20 fetching corpus: 998, signal 80074/90734 (executing program)
2021/04/16 12:24:20 fetching corpus: 1045, signal 81290/91920 (executing program)
2021/04/16 12:24:20 fetching corpus: 1095, signal 83131/93434 (executing program)
2021/04/16 12:24:20 fetching corpus: 1145, signal 84241/94457 (executing program)
2021/04/16 12:24:20 fetching corpus: 1195, signal 86346/96002 (executing program)
2021/04/16 12:24:20 fetching corpus: 1245, signal 88381/97503 (executing program)
2021/04/16 12:24:20 fetching corpus: 1295, signal 89439/98374 (executing program)
2021/04/16 12:24:20 fetching corpus: 1345, signal 91268/99585 (executing program)
2021/04/16 12:24:20 fetching corpus: 1395, signal 92958/100711 (executing program)
2021/04/16 12:24:20 fetching corpus: 1445, signal 94344/101598 (executing program)
2021/04/16 12:24:20 fetching corpus: 1495, signal 95639/102424 (executing program)
2021/04/16 12:24:20 fetching corpus: 1545, signal 96718/103072 (executing program)
2021/04/16 12:24:20 fetching corpus: 1595, signal 97392/103550 (executing program)
2021/04/16 12:24:20 fetching corpus: 1645, signal 98506/104111 (executing program)
2021/04/16 12:24:20 fetching corpus: 1695, signal 99909/104758 (executing program)
2021/04/16 12:24:20 fetching corpus: 1745, signal 101126/105319 (executing program)
2021/04/16 12:24:20 fetching corpus: 1795, signal 102085/105731 (executing program)
2021/04/16 12:24:20 fetching corpus: 1844, signal 102888/106087 (executing program)
2021/04/16 12:24:20 fetching corpus: 1894, signal 103921/106463 (executing program)
2021/04/16 12:24:20 fetching corpus: 1943, signal 105186/106844 (executing program)
2021/04/16 12:24:20 fetching corpus: 1983, signal 106370/107192 (executing program)
2021/04/16 12:24:20 fetching corpus: 1983, signal 106370/107210 (executing program)
2021/04/16 12:24:20 fetching corpus: 1984, signal 106390/107227 (executing program)
2021/04/16 12:24:20 fetching corpus: 1984, signal 106390/107253 (executing program)
2021/04/16 12:24:20 fetching corpus: 1984, signal 106390/107300 (executing program)
2021/04/16 12:24:20 fetching corpus: 1984, signal 106390/107339 (executing program)
2021/04/16 12:24:20 fetching corpus: 1984, signal 106390/107376 (executing program)
2021/04/16 12:24:20 fetching corpus: 1984, signal 106390/107415 (executing program)
2021/04/16 12:24:20 fetching corpus: 1984, signal 106390/107454 (executing program)
2021/04/16 12:24:20 fetching corpus: 1984, signal 106390/107479 (executing program)
2021/04/16 12:24:20 fetching corpus: 1984, signal 106390/107493 (executing program)
2021/04/16 12:24:20 fetching corpus: 1984, signal 106390/107511 (executing program)
2021/04/16 12:24:20 fetching corpus: 1984, signal 106390/107541 (executing program)
2021/04/16 12:24:20 fetching corpus: 1984, signal 106390/107558 (executing program)
2021/04/16 12:24:20 fetching corpus: 1984, signal 106390/107558 (executing program)
2021/04/16 12:24:22 starting 6 fuzzer processes
12:24:22 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340)='nl80211\x00', 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_REG(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000380)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0xe}]}, 0x1c}}, 0x0)

12:24:22 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
getsockopt$inet_pktinfo(r0, 0x0, 0x29, 0x0, 0x0)

12:24:22 executing program 5:
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x4000)
shmat(r0, &(0x7f0000ffd000/0x3000)=nil, 0x6000)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x0, 0x0)
mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)

12:24:22 executing program 2:
r0 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x1269, 0xffffffffffffffff)

12:24:22 executing program 3:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000180)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00000}]})
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000100)={<r1=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0x80082102, &(0x7f00000001c0)={r1})

12:24:22 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = socket(0x11, 0x800000003, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r1, 0x0)
r2 = perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f00001bf000/0x1000)=nil, 0x1000, 0x0, 0x6011, r2, 0x0)

[   21.661790][   T25] audit: type=1400 audit(1618575862.379:8): avc:  denied  { execmem } for  pid=1769 comm="syz-executor.1" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   21.816347][ T1774] cgroup: Unknown subsys name 'perf_event'
[   21.821378][ T1775] cgroup: Unknown subsys name 'perf_event'
[   21.822871][ T1774] cgroup: Unknown subsys name 'net_cls'
[   21.849132][ T1775] cgroup: Unknown subsys name 'net_cls'
[   21.857989][ T1776] cgroup: Unknown subsys name 'perf_event'
[   21.863961][ T1776] cgroup: Unknown subsys name 'net_cls'
[   21.867284][ T1778] cgroup: Unknown subsys name 'perf_event'
[   21.877544][ T1778] cgroup: Unknown subsys name 'net_cls'
[   21.884790][ T1780] cgroup: Unknown subsys name 'perf_event'
[   21.893070][ T1780] cgroup: Unknown subsys name 'net_cls'
[   21.897670][ T1784] cgroup: Unknown subsys name 'perf_event'
[   21.904532][ T1784] cgroup: Unknown subsys name 'net_cls'
12:24:26 executing program 2:
r0 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x1269, 0xffffffffffffffff)

12:24:26 executing program 2:
r0 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x1269, 0xffffffffffffffff)

12:24:26 executing program 2:
r0 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x1269, 0xffffffffffffffff)

12:24:26 executing program 5:
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x4000)
shmat(r0, &(0x7f0000ffd000/0x3000)=nil, 0x6000)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x0, 0x0)
mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)

12:24:26 executing program 2:
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x4000)
shmat(r0, &(0x7f0000ffd000/0x3000)=nil, 0x6000)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x0, 0x0)
mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)

12:24:26 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
getsockopt$inet_pktinfo(r0, 0x0, 0x29, 0x0, 0x0)

12:24:26 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340)='nl80211\x00', 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_REG(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000380)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0xe}]}, 0x1c}}, 0x0)

12:24:26 executing program 5:
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x4000)
shmat(r0, &(0x7f0000ffd000/0x3000)=nil, 0x6000)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x0, 0x0)
mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)

12:24:26 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = socket(0x11, 0x800000003, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r1, 0x0)
r2 = perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f00001bf000/0x1000)=nil, 0x1000, 0x0, 0x6011, r2, 0x0)

12:24:26 executing program 2:
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x4000)
shmat(r0, &(0x7f0000ffd000/0x3000)=nil, 0x6000)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x0, 0x0)
mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)

[   26.694253][   T25] audit: type=1326 audit(1618575867.411:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=4512 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x466459 code=0x7fc00000
[   26.718169][   T25] audit: type=1326 audit(1618575867.411:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=4512 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=257 compat=0 ip=0x466459 code=0x7fc00000
[   26.742208][   T25] audit: type=1326 audit(1618575867.411:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=4512 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x466459 code=0x7fc00000
[   26.766225][   T25] audit: type=1326 audit(1618575867.411:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=4512 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x466459 code=0x7fc00000
[   26.790039][   T25] audit: type=1326 audit(1618575867.411:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=4512 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x466459 code=0x7fc00000
[   26.813957][   T25] audit: type=1326 audit(1618575867.411:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=4512 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x466459 code=0x7fc00000
[   26.838087][   T25] audit: type=1326 audit(1618575867.411:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=4512 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x466459 code=0x7fc00000
[   26.861892][   T25] audit: type=1326 audit(1618575867.411:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=4512 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x466459 code=0x7fc00000
12:24:27 executing program 3:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000180)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00000}]})
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000100)={<r1=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0x80082102, &(0x7f00000001c0)={r1})

12:24:27 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
getsockopt$inet_pktinfo(r0, 0x0, 0x29, 0x0, 0x0)

12:24:27 executing program 5:
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x4000)
shmat(r0, &(0x7f0000ffd000/0x3000)=nil, 0x6000)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x0, 0x0)
mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)

12:24:27 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340)='nl80211\x00', 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_REG(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000380)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0xe}]}, 0x1c}}, 0x0)

12:24:27 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = socket(0x11, 0x800000003, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r1, 0x0)
r2 = perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f00001bf000/0x1000)=nil, 0x1000, 0x0, 0x6011, r2, 0x0)

12:24:27 executing program 2:
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x4000)
shmat(r0, &(0x7f0000ffd000/0x3000)=nil, 0x6000)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x0, 0x0)
mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)

[   26.885746][   T25] audit: type=1326 audit(1618575867.411:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=4512 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x466459 code=0x7fc00000
[   26.909548][   T25] audit: type=1326 audit(1618575867.411:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:kernel_t:s0 pid=4512 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x466459 code=0x7fc00000
12:24:27 executing program 1:
r0 = socket$inet(0x2, 0x1, 0x0)
getsockopt$inet_pktinfo(r0, 0x0, 0x29, 0x0, 0x0)

12:24:27 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = socket(0x11, 0x800000003, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r1, 0x0)
r2 = perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f00001bf000/0x1000)=nil, 0x1000, 0x0, 0x6011, r2, 0x0)

12:24:27 executing program 4:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = socket(0x11, 0x800000003, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r1, 0x0)
r2 = perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f00001bf000/0x1000)=nil, 0x1000, 0x0, 0x6011, r2, 0x0)

12:24:27 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = socket(0x11, 0x800000003, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r1, 0x0)
r2 = perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f00001bf000/0x1000)=nil, 0x1000, 0x0, 0x6011, r2, 0x0)

12:24:27 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340)='nl80211\x00', 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_REG(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000380)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0xe}]}, 0x1c}}, 0x0)

12:24:27 executing program 1:
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x4000)
shmat(r0, &(0x7f0000ffd000/0x3000)=nil, 0x6000)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x0, 0x0)
mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)

12:24:28 executing program 3:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000180)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00000}]})
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000100)={<r1=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0x80082102, &(0x7f00000001c0)={r1})

12:24:28 executing program 4:
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x4000)
shmat(r0, &(0x7f0000ffd000/0x3000)=nil, 0x6000)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x0, 0x0)
mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)

12:24:28 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = socket(0x11, 0x800000003, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r1, 0x0)
r2 = perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f00001bf000/0x1000)=nil, 0x1000, 0x0, 0x6011, r2, 0x0)

12:24:28 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = socket(0x11, 0x800000003, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r1, 0x0)
r2 = perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f00001bf000/0x1000)=nil, 0x1000, 0x0, 0x6011, r2, 0x0)

12:24:28 executing program 0:
set_mempolicy(0x2, &(0x7f0000000200)=0x2e5, 0x40)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x200000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000082e36724c6f34caa846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000012600)="ed41000010000000daf4655fdbf4655fdbf4655f000000000000040080", 0x1d, 0x4400}], 0x0, &(0x7f00000000c0)=ANY=[])

12:24:28 executing program 1:
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x4000)
shmat(r0, &(0x7f0000ffd000/0x3000)=nil, 0x6000)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x0, 0x0)
mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)

12:24:28 executing program 4:
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x4000)
shmat(r0, &(0x7f0000ffd000/0x3000)=nil, 0x6000)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x0, 0x0)
mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)

12:24:28 executing program 1:
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x4000)
shmat(r0, &(0x7f0000ffd000/0x3000)=nil, 0x6000)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x0, 0x0)
mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)

12:24:28 executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = socket(0x11, 0x800000003, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r1, 0x0)
r2 = perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f00001bf000/0x1000)=nil, 0x1000, 0x0, 0x6011, r2, 0x0)

12:24:28 executing program 4:
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
shmat(r0, &(0x7f0000ffc000/0x4000)=nil, 0x4000)
shmat(r0, &(0x7f0000ffd000/0x3000)=nil, 0x6000)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x0, 0x0)
mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)

12:24:28 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = socket(0x11, 0x800000003, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r1, 0x0)
r2 = perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f00001bf000/0x1000)=nil, 0x1000, 0x0, 0x6011, r2, 0x0)

[   27.826726][ T4606] loop0: detected capacity change from 0 to 4096
12:24:28 executing program 1:
r0 = getpid()
prctl$PR_SET_PTRACER(0x59616d61, r0)
clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
socket$inet(0x2, 0x0, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x10)
wait4(0x0, 0x0, 0x0, 0x0)

[   27.887820][ T4606] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
12:24:29 executing program 3:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000180)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00000}]})
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000100)={<r1=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0x80082102, &(0x7f00000001c0)={r1})

12:24:29 executing program 2:
r0 = socket(0x2, 0x2, 0x0)
sendmmsg$inet(r0, &(0x7f0000000700)=[{{&(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10, 0x0}}, {{&(0x7f0000000000)={0x2, 0x4e23, @dev}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@generic={0x88, 0x2}, @ra={0x94, 0x4}]}}}], 0x18}}], 0x2, 0x0)

12:24:29 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240)='ethtool\x00', 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_GET(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000400)={0x14, r2, 0x411}, 0x14}, 0x8}, 0x0)

12:24:29 executing program 4:
shmat(0x0, &(0x7f0000000000/0x3000)=nil, 0x5000)
pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000100), &(0x7f0000000180)={0x0})

12:24:29 executing program 0:
set_mempolicy(0x2, &(0x7f0000000200)=0x2e5, 0x40)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x200000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000082e36724c6f34caa846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000012600)="ed41000010000000daf4655fdbf4655fdbf4655f000000000000040080", 0x1d, 0x4400}], 0x0, &(0x7f00000000c0)=ANY=[])

12:24:29 executing program 1:
r0 = getpid()
prctl$PR_SET_PTRACER(0x59616d61, r0)
clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
socket$inet(0x2, 0x0, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x10)
wait4(0x0, 0x0, 0x0, 0x0)

12:24:29 executing program 4:
shmat(0x0, &(0x7f0000000000/0x3000)=nil, 0x5000)
pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000100), &(0x7f0000000180)={0x0})

12:24:29 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240)='ethtool\x00', 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_GET(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000400)={0x14, r2, 0x411}, 0x14}, 0x8}, 0x0)

12:24:29 executing program 2:
r0 = socket(0x2, 0x2, 0x0)
sendmmsg$inet(r0, &(0x7f0000000700)=[{{&(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10, 0x0}}, {{&(0x7f0000000000)={0x2, 0x4e23, @dev}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@generic={0x88, 0x2}, @ra={0x94, 0x4}]}}}], 0x18}}], 0x2, 0x0)

12:24:29 executing program 0:
set_mempolicy(0x2, &(0x7f0000000200)=0x2e5, 0x40)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x200000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c200001203", 0x66, 0x400}, {&(0x7f0000010100)="00000000000000000000000082e36724c6f34caa846ed2e527703378010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000012600)="ed41000010000000daf4655fdbf4655fdbf4655f000000000000040080", 0x1d, 0x4400}], 0x0, &(0x7f00000000c0)=ANY=[])

12:24:29 executing program 4:
shmat(0x0, &(0x7f0000000000/0x3000)=nil, 0x5000)
pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000100), &(0x7f0000000180)={0x0})

12:24:29 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800007, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240)='ethtool\x00', 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_GET(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000400)={0x14, r2, 0x411}, 0x14}, 0x8}, 0x0)

[   28.684357][ T4662] loop0: detected capacity change from 0 to 4096
[   28.713314][ T4662] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   28.793281][ T4697] loop0: detected capacity change from 0 to 4096
[   28.807348][ T4697] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.