MSan: Uninitialized Memory in do_sys_mknodat

[syzbot]

Hello,

syzbot found the following crash on:

HEAD commit: 162c6ffc Do not try to recovery from data page fault in in..
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=165161dde00000
kernel config: https://syzkaller.appspot.com/x/.config?x=9544af77043190a5
dashboard link: https://syzkaller.appspot.com/bug?extid=a38dd76a4348973d2e53
compiler: clang version 3.8.0-2ubuntu4 (tags/RELEASE_380/final)

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+a38dd7...@syzkaller.appspotmail.com

[ 97.5740013] panic: MSan: Uninitialized Variable 'vattr' From do_sys_mknodat()

[ 97.5851426] cpu1: Begin traceback...
[ 97.6185217] vpanic() at netbsd:vpanic+0x7c1 sys/kern/subr_prf.c:334
[ 97.6964554] panic() at netbsd:panic+0x1ad sys/kern/subr_prf.c:255
[ 97.7632636] __msan_warning() at netbsd:__msan_warning+0x127 kmsan_report_inline sys/kern/subr_msan.c:229 [inline]
[ 97.7632636] __msan_warning() at netbsd:__msan_warning+0x127 sys/kern/subr_msan.c:612
[ 97.8412037] do_sys_mknodat() at netbsd:do_sys_mknodat+0x9e0 sys/kern/vfs_syscalls.c:2290
[ 97.9079964] sys___syscall() at netbsd:sys___syscall+0x27e sys/kern/sys_syscall.c:77
[ 97.9970667] syscall() at netbsd:syscall+0x35d sy_call sys/sys/syscallvar.h:65 [inline]
[ 97.9970667] syscall() at netbsd:syscall+0x35d sy_invoke sys/sys/syscallvar.h:94 [inline]
[ 97.9970667] syscall() at netbsd:syscall+0x35d sys/arch/x86/x86/syscall.c:138
[ 98.0193352] --- syscall (number 198) ---
[ 98.0416020] 77ed1b643b9a:
[ 98.0527326] cpu1: End traceback...
[ 98.0527326] fatal breakpoint trap in supervisor mode
[ 98.0638766] trap type 1 code 0 rip 0xffffffff8022025d cs 0x8 rflags 0x246 cr2 0x20001440 ilevel 0 rsp 0xffffbe0086406930
[ 98.0749986] curlwp 0xffffbe00123eba00 pid 45.4 lowest kstack 0xffffbe00863ff2c0
Stopped in pid 45.4 (syz-executor.2) at netbsd:breakpoint+0x5: leave
?
breakpoint() at netbsd:breakpoint+0x5
vpanic() at netbsd:vpanic+0x7c1 sys/kern/subr_prf.c:334
panic() at netbsd:panic+0x1ad sys/kern/subr_prf.c:255
__msan_warning() at netbsd:__msan_warning+0x127 kmsan_report_inline sys/kern/subr_msan.c:229 [inline]
__msan_warning() at netbsd:__msan_warning+0x127 sys/kern/subr_msan.c:612
do_sys_mknodat() at netbsd:do_sys_mknodat+0x9e0 sys/kern/vfs_syscalls.c:2290
sys___syscall() at netbsd:sys___syscall+0x27e sys/kern/sys_syscall.c:77
syscall() at netbsd:syscall+0x35d sy_call sys/sys/syscallvar.h:65 [inline]
syscall() at netbsd:syscall+0x35d sy_invoke sys/sys/syscallvar.h:94 [inline]
syscall() at netbsd:syscall+0x35d sys/arch/x86/x86/syscall.c:138
--- syscall (number 198) ---
77ed1b643b9a:
ds 6920
es 0
fs 1fa1
gs 104
rdi ffffbe0011464830
rsi fffff80000000000
rbp ffffbe0086406930
rbx 0
rdx ffff810011464830
rcx 33625ea2
rax ffffbe0011aec808
r8 1
r9 0
r10 0
r11 0
r12 0
r13 104
r14 1fa1
r15 0
rip ffffffff8022025d breakpoint+0x5
cs 8
rflags 246
rsp ffffbe0086406930
ss 10
netbsd:breakpoint+0x5: leave
PID LID S CPU FLAGS STRUCT LWP * NAME WAIT
527 2 3 0 40080 ffffbe001137a640 syz-executor.1 parked
568 4 2 0 0 ffffbe001081f180 syz-executor.1
568 3 2 1 0 ffffbe00123ee1c0 syz-executor.1
568 2 3 0 4 ffffbe00123eb180 syz-executor.1 vfork
568 > 1 7 0 10040000 ffffbe00123d7580 syz-executor.1
45 > 4 7 1 0 ffffbe00123eba00 syz-executor.2
45 3 3 0 20080 ffffbe00123eb5c0 syz-executor.2 lwpwait
45 2 3 1 20080 ffffbe00123d7140 syz-executor.2 lwpwait
45 1 2 1 10000000 ffffbe001236b100 syz-executor.2
517 1 2 1 40000 ffffbe0012202940 syz-executor.4
40 1 3 0 40080 ffffbe0012202500 syz-executor.5 pipe_rd
41 1 2 0 40000 ffffbe00122020c0 syz-executor.3
563 1 2 1 0 ffffbe001212a900 syz-executor.2
607 1 2 0 0 ffffbe001212a4c0 syz-executor.1
560 1 2 0 0 ffffbe001212a080 syz-executor.0
590 10 3 1 80 ffffbe00107409c0 syz-fuzzer parked
590 9 3 0 80 ffffbe001211c480 syz-fuzzer parked
590 8 3 1 80 ffffbe001211c040 syz-fuzzer parked
590 7 3 1 80 ffffbe0011c2abc0 syz-fuzzer parked
590 6 3 0 80 ffffbe0011c2a780 syz-fuzzer parked
590 5 3 0 80 ffffbe0011363a00 syz-fuzzer parked
590 4 3 1 80 ffffbe00111e0a80 syz-fuzzer parked
590 3 2 1 0 ffffbe001136ea40 syz-fuzzer
590 2 3 1 80 ffffbe00103902c0 syz-fuzzer parked
590 1 2 1 0 ffffbe00111f8680 syz-fuzzer
538 1 3 1 80 ffffbe000febe6c0 sshd select
569 1 3 1 80 ffffbe0011385ac0 getty nanoslp
534 1 3 1 80 ffffbe0011385240 getty nanoslp
539 1 3 1 80 ffffbe0011390280 getty nanoslp
465 1 3 0 80 ffffbe001134b540 getty ttyraw
532 1 3 0 80 ffffbe0011c2a340 cron nanoslp
498 1 3 1 80 ffffbe0011292780 inetd kqueue
501 1 3 1 80 ffffbe0010bf4180 sshd select
478 1 3 0 80 ffffbe0010975480 powerd kqueue
395 1 2 0 40000 ffffbe0010af1a00 makemandb
202 1 3 1 80 ffffbe0011213b00 syslogd kqueue
279 1 3 0 80 ffffbe0010b4a740 dhcpcd kqueue
236 1 3 1 80 ffffbe0010a6b4c0 dhcpcd kqueue
1 1 3 0 80 ffffbe00105860c0 init wait
0 44 3 0 204 ffffbe0010586940 physiod physiod
0 48 3 0 204 ffffbe0010713980 pooldrain pooldrain
0 47 3 0 200 ffffbe0010713540 ioflush syncer
0 46 3 1 200 ffffbe0010713100 pgdaemon pgdaemon
0 29 3 1 200 ffffbe000febe280 npfgc-0 npfgccv
0 43 3 1 204 ffffbe0010576900 rt_free rt_free
0 42 3 1 204 ffffbe00105764c0 unpgc unpgc
0 41 3 1 204 ffffbe0010576080 key_timehandler key_timehandler
0 40 3 1 204 ffffbe00105728c0 icmp6_wqinput/1 icmp6_wqinput
0 39 3 0 204 ffffbe0010572480 icmp6_wqinput/0 icmp6_wqinput
0 38 3 1 204 ffffbe0010572040 nd6_timer nd6_timer
0 37 3 1 204 ffffbe001056abc0 carp6_wqinput/1 carp6_wqinput
0 36 3 0 204 ffffbe001056a780 carp6_wqinput/0 carp6_wqinput
0 35 3 1 204 ffffbe001056a340 carp_wqinput/1 carp_wqinput
0 34 3 0 204 ffffbe00103a6b80 carp_wqinput/0 carp_wqinput
0 33 3 1 204 ffffbe00103a6740 icmp_wqinput/1 icmp_wqinput
0 32 3 0 204 ffffbe00103a6300 icmp_wqinput/0 icmp_wqinput
0 31 3 1 204 ffffbe0010390b40 rt_timer rt_timer
0 30 3 1 204 ffffbe000febeb00 vmem_rehash vmem_rehash
0 28 3 0 204 ffffbe000eb32ac0 scsibus0 sccomp
0 27 3 0 200 ffffbe000eb32680 pms0 pmsreset
0 26 3 1 204 ffffbe000eb32240 xcall/1 xcall
0 25 1 1 200 ffffbe000eb30a80 softser/1
0 24 1 1 200 ffffbe000eb30640 softclk/1
0 23 1 1 200 ffffbe000eb30200 softbio/1
0 22 1 1 200 ffffbe000d545a40 softnet/1
0 21 1 1 201 ffffbe000d545600 idle/1
0 20 3 0 204 ffffbe000d5451c0 lnxpwrwq lnxpwrwq
0 19 3 0 204 ffffbe000d544a00 lnxlngwq lnxlngwq
0 18 3 0 204 ffffbe000d5445c0 lnxsyswq lnxsyswq
0 17 3 0 204 ffffbe000d544180 lnxrcugc lnxrcugc
0 16 3 0 204 ffffbe000d53f9c0 sysmon smtaskq
0 15 3 1 204 ffffbe000d53f580 pmfsuspend pmfsuspend
0 14 3 1 204 ffffbe000d53f140 pmfevent pmfevent
0 13 3 0 204 ffffbe000d535980 sopendfree sopendfr
0 12 3 0 204 ffffbe000d535540 iflnkst iflnkst
0 11 3 1 204 ffffbe000d535100 nfssilly nfssilly
0 10 3 0 200 ffffbe000d52c940 cachegc cachegc
0 9 3 0 204 ffffbe000d52c500 vdrain vdrain
0 8 3 0 200 ffffbe000d52c0c0 modunload mod_unld
0 7 3 0 204 ffffbe000cf65900 xcall/0 xcall
0 6 1 0 200 ffffbe000cf654c0 softser/0
0 5 1 0 200 ffffbe000cf65080 softclk/0
0 4 1 0 200 ffffbe000cf608c0 softbio/0
0 3 1 0 200 ffffbe000cf60480 softnet/0
0 2 1 0 201 ffffbe000cf60040 idle/0
0 1 3 0 200 ffffffff859a3b40 swapper uvm
[Locks tracked through LWPs]

****** LWP 45.4 (syz-executor.2) @ 0xffffbe00123eba00, l_stat=7

*** Locks held:

* Lock 0 (initialized at vcache_new)
lock address : 0xffffbe0012120740 type : sleep/adaptive
initialized : 0xffffffff83886a28
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 1
relevant lwp : 0xffffbe00123eba00 last held: 0xffffbe00123eba00
last locked* : 0xffffffff838ff289 unlocked : 0xffffffff838ff5f6
owner/count : 0xffffbe00123eba00 flags : 0x0000000000000004
Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 517.1 (syz-executor.4) @ 0xffffbe0012202940, l_stat=2

*** Locks held:

* Lock 0 (initialized at kcov_open)
lock address : 0xffffbe001233e9c8 type : sleep/adaptive
initialized : 0xffffffff835d849d
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 1
relevant lwp : 0xffffbe0012202940 last held: 0xffffbe0012202940
last locked* : 0xffffffff835d8607 unlocked : 000000000000000000
owner field : 0xffffbe0012202940 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 40.1 (syz-executor.5) @ 0xffffbe0012202500, l_stat=3

*** Locks held:

* Lock 0 (initialized at kcov_open)
lock address : 0xffffbe00117e8f48 type : sleep/adaptive
initialized : 0xffffffff835d849d
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffbe0012202500 last held: 0xffffbe0012202500
last locked* : 0xffffffff835d8607 unlocked : 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

* Lock 1 (initialized at uvm_obj_init)
lock address : 0xffffbe001181e400 type : sleep/adaptive
initialized : 0xffffffff832ee0de
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffbe0012202500 last held: 0xffffbe0012202500
last locked* : 0xffffffff832844f9 unlocked : 0xffffffff8329205e
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 41.1 (syz-executor.3) @ 0xffffbe00122020c0, l_stat=2

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at uvm_obj_init)
lock address : 0xffffbe0010724300 type : sleep/adaptive
initialized : 0xffffffff832ee0de
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 1
relevant cpu : 0 last held: 0
relevant lwp : 0xffffbe00122020c0 last held: 000000000000000000
last locked : 0xffffffff832844f9 unlocked*: 0xffffffff8329205e
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 395.1 (makemandb) @ 0xffffbe0010af1a00, l_stat=2

*** Locks held:

* Lock 0 (initialized at vcache_get)
lock address : 0xffffbe001037db80 type : sleep/adaptive
initialized : 0xffffffff83884c06
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 1
relevant lwp : 0xffffbe0010af1a00 last held: 0xffffbe0010af1a00
last locked* : 0xffffffff838ff289 unlocked : 0xffffffff838ff5f6
owner/count : 0xffffbe0010af1a00 flags : 0x0000000000000004
Turnstile: no active turnstile for this lock.

* Lock 1 (initialized at vcache_get)
lock address : 0xffffbe001180db40 type : sleep/adaptive
initialized : 0xffffffff83884c06
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 1
relevant lwp : 0xffffbe0010af1a00 last held: 0xffffbe0010af1a00
last locked* : 0xffffffff838ff289 unlocked : 0xffffffff838ff5f6
owner/count : 0xffffbe0010af1a00 flags : 0x0000000000000004
Turnstile: no active turnstile for this lock.

* Lock 2 (initialized at uvm_obj_init)
lock address : 0xffffbe0010891f80 type : sleep/adaptive
initialized : 0xffffffff832ee0de
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 1
relevant lwp : 0xffffbe0010af1a00 last held: 0xffffbe0010af1a00
last locked* : 0xffffffff8387ab41 unlocked : 0xffffffff838829a8
owner field : 0xffffbe0010af1a00 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 0.24 (softclk/1) @ 0xffffbe000eb30640, l_stat=1

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff85a5d440 type : sleep/adaptive
initialized : 0xffffffff8344fc73
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0
relevant lwp : 0xffffbe000eb30640 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.12 (iflnkst) @ 0xffffbe000d535540, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff85a5d440 type : sleep/adaptive
initialized : 0xffffffff8344fc73
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffbe000d535540 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.5 (softclk/0) @ 0xffffbe000cf65080, l_stat=1

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff85a5d440 type : sleep/adaptive
initialized : 0xffffffff8344fc73
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffbe000cf65080 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

[Locks tracked through CPUs]

PAGE FLAG PQ UOBJECT UANON
0xffffbe0000014180 0041 00000000 0x0 0x0
0xffffbe00000141f8 0041 00000000 0x0 0x0
0xffffbe0000014270 0041 00000000 0x0 0x0
0xffffbe00000142e8 0041 00000000 0x0 0x0
0xffffbe0000014360 0041 00000000 0x0 0x0
0xffffbe00000143d8 0041 00000000 0x0 0x0
0xffffbe0000014450 0041 00000000 0x0 0x0
0xffffbe00000144c8 0041 00000000 0x0 0x0
0xffffbe0000014540 0041 00000000 0x0 0x0
0xffffbe00000145b8 0041 00000000 0x0 0x0
0xffffbe0000014630 0041 00000000 0x0 0x0
0xffffbe00000146a8 0041 00000000 0x0 0x0
0xffffbe0000014720 0041 00000000 0x0 0x0
0xffffbe0000014798 0041 00000000 0x0 0x0
0xffffbe0000014810 0041 00000000 0x0 0x0
0xffffbe0000014888 0041 00000000 0x0 0x0
0xffffbe0000014900 0041 00000000 0x0 0x0
0xffffbe0000014978 0041 00000000 0x0 0x0
0xffffbe00000149f0 0041 00000000 0x0 0x0
0xffffbe0000014a68 0041 00000000 0x0 0x0
0xffffbe0000014ae0 0041 00000000 0x0 0x0
0xffffbe0000014b58 0041 00000000 0x0 0x0
0xffffbe0000014bd0 0041 00000000 0x0 0x0
0xffffbe0000014c48 0041 00000000 0x0 0x0
0xffffbe0000014cc0 0041 00000000 0x0 0x0
0xffffbe0000014d38 0041 00000000 0x0 0x0
0xffffbe0000014db0 0041 00000000 0x0 0x0
0xffffbe0000014e28 0041 00000000 0x0 0x0
0xffffbe0000014ea0 0041 00000000 0x0 0x0
0xffffbe0000014f18 0041 00000000 0x0 0x0
0xffffbe0000014f90 0041 00000000 0x0 0x0
0xffffbe0000015008 0041 00000000 0x0 0x0
0xffffbe0000015080 0041 00000000 0x0 0x0
0xffffbe00000150f8 0041 00000000 0x0 0x0
0xffffbe0000015170 0041 00000000 0x0 0x0
0xffffbe00000151e8 0041 00000000 0x0 0x0
0xffffbe0000015260 0041 00000000 0x0 0x0
0xffffbe00000152d8 0041 00000000 0x0 0x0
0xffffbe0000015350 0041 00000000 0x0 0x0
0xffffbe00000153c8 0041 00000000 0x0 0x0
0xffffbe0000015440 0041 00000000 0x0 0x0
0xffffbe00000154b8 0041 00000000 0x0 0x0
0xffffbe0000015530 0041 00000000 0x0 0x0
0xffffbe00000155a8 0041 00000000 0x0 0x0
0xffffbe0000015620 0041 00000000 0x0 0x0
0xffffbe0000015698 0041 00000000 0x0 0x0
0xffffbe0000015710 0041 00000000 0x0 0x0
0xffffbe0000015788 0041 00000000 0x0 0x0
0xffffbe0000015800 0041 00000000 0x0 0x0
0xffffbe0000015878 0041 00000000 0x0 0x0
0xffffbe00000158f0 0041 00000000 0x0 0x0
0xffffbe0000015968 0041 00000000 0x0 0x0
0xffffbe00000159e0 0041 00000000 0x0 0x0
0xffffbe0000015a58 0041 00000000 0x0 0x0
0xffffbe0000015ad0 0041 00000000 0x0 0x0
0xffffbe0000015b48 0041 00000000 0x0 0x0
0xffffbe0000015bc0 0041 00000000 0x0 0x0
0xffffbe0000015c38 0041 00000000 0x0 0x0
0xffffbe0000015cb0 0041 00000000 0x0 0x0
0xffffbe0000015d28 0041 00000000 0x0 0x0
0xffffbe0000015da0 0041 00000000 0x0 0x0
0xffffbe0000015e18 0041 00000000 0x0 0x0
0xffffbe0000015e90 0041 00000000 0x0 0x0
0xffffbe0000015f08 0041 00000000 0x0 0x0
0xffffbe0000015f80 0041 00000000 0x0 0x0
0xffffbe0000015ff8 0041 00000000 0x0 0x0
0xffffbe0000016070 0041 00000000 0x0 0x0
0xffffbe00000160e8 0041 00000000 0x0 0x0
0xffffbe0000016160 0041 00000000 0x0 0x0
0xffffbe00000161d8 0041 00000000 0x0 0x0
0xffffbe0000016250 0041 00000000 0x0 0x0
0xffffbe00000162c8 0041 00000000 0x0 0x0
0xffffbe0000016340 0041 00000000 0x0 0x0
0xffffbe00000163b8 0041 00000000 0x0 0x0
0xffffbe0000016430 0041 00000000 0x0 0x0
0xffffbe00000164a8 0041 00000000 0x0 0x0
0xffffbe0000016520 0041 00000000 0x0 0x0
0xffffbe0000016598 0041 00000000 0x0 0x0
0xffffbe0000016610 0041 00000000 0x0 0x0
0xffffbe0000016688 0041 00000000 0x0 0x0
0xffffbe0000016700 0041 00000000 0x0 0x0
0xffffbe0000016778 0041 00000000 0x0 0x0
0xffffbe00000167f0 0041 00000000 0x0 0x0
0xffffbe0000016868 0041 00000000 0x0 0x0
0xffffbe00000168e0 0041 00000000 0x0 0x0
0xffffbe0000016958 0041 00000000 0x0 0x0
0xffffbe00000169d0 0041 00000000 0x0 0x0
0xffffbe0000016a48 0041 00000000 0x0 0x0
0xffffbe0000016ac0 0041 00000000 0x0 0x0
0xffffbe0000016b38 0041 00000000 0x0 0x0
0xffffbe0000016bb0 0041 00000000 0x0 0x0
0xffffbe0000016c28 0041 00000000 0x0 0x0
0xffffbe0000016ca0 0041 00000000 0x0 0x0
0xffffbe0000016d18 0041 00000000 0x0 0x0
0xffffbe0000016d90 0041 00000000 0x0 0x0
0xffffbe0000016e08 0041 00000000 0x0 0x0
0xffffbe0000016e80 0041 00000000 0x0 0x0
0xffffbe0000016ef8 0041 00000000 0x0 0x0
0xffffbe0000016f70 0041 00000000 0x0 0x0
0xffffbe0000016fe8 0041 00000000 0x0 0x0
0xffffbe0000017060 0041 00000000 0x0 0x0
0xffffbe00000170d8 0041 00000000 0x0 0x0
0xffffbe0000017150 0041 00000000 0x0 0x0
0xffffbe00000171c8 0041 00000000 0x0 0x0
0xffffbe0000017240 0041 00000000 0x0 0x0
0xffffbe00000172b8 0041 00000000 0x0 0x0
0xffffbe0000017330 0041 00000000 0x0 0x0
0xffffbe00000173a8 0041 00000000 0x0 0x0
0xffffbe0000017420 0041 00000000 0x0 0x0
0xffffbe0000017498 0041 00000000 0x0 0x0
0xffffbe0000017510 0041 00000000 0x0 0x0
0xffffbe0000017588 0041 00000000 0x0 0x0
0xffffbe0000017600 0041 00000000 0x0 0x0
0xffffbe0000017678 0041 00000000 0x0 0x0
0xffffbe00000176f0 0041 00000000 0x0 0x0
0xffffbe0000017768 0041 00000000 0x0 0x0
0xffffbe00000177e0 0041 00000000 0x0 0x0
0xffffbe0000017858 0041 00000000 0x0 0x0
0xffffbe00000178d0 0041 00000000 0x0 0x0
0xffffbe0000017948 0041 00000000 0x0 0x0
0xffffbe00000179c0 0041 00000000 0x0 0x0
0xffffbe0000017a38 0041 00000000 0x0 0x0
0xffffbe0000017ab0 0041 00000000 0x0 0x0
0xffffbe0000017b28 0041 00000000 0x0 0x0
0xffffbe0000017ba0 0041 00000000 0x0 0x0
0xffffbe0000017c18 0041 00000000 0x0 0x0
0xffffbe0000017c90 0041 00000000 0x0 0x0
0xffffbe0000017d08 0041 00000000 0x0 0x0
0xffffbe0000017d80 0041 00000000 0x0 0x0
0xffffbe0000017df8 0041 00000000 0x0 0x0
0xffffbe0000017e70 0041 00000000 0x0 0x0
0xffffbe0000017ee8 0041 00000000 0x0 0x0
0xffffbe0000017f60 0041 00000000 0x0 0x0
0xffffbe0000017fd8 0041 00000000 0x0 0x0
0xffffbe0000018050 0041 00000000 0x0 0x0
0xffffbe00000180c8 0041 00000000 0x0 0x0
0xffffbe0000018140 0041 00000000 0x0 0x0
0xffffbe00000181b8 0041 00000000 0x0 0x0
0xffffbe0000018230 0041 00000000 0x0 0x0
0xffffbe00000182a8 0041 00000000 0x0 0x0
0xffffbe0000018320 0041 00000000 0x0 0x0
0xffffbe0000018398 0041 00000000 0x0 0x0
0xffffbe0000018410 0041 00000000 0x0 0x0
0xffffbe0000018488 0041 00000000 0x0 0x0
0xffffbe0000018500 0041 00000000 0x0 0x0
0xffffbe0000018578 0041 00000000 0x0 0x0
0xffffbe00000185f0 0041 00000000 0x0 0x0
0xffffbe0000018668 0041 00000000 0x0 0x0
0xffffbe00000186e0 0041 00000000 0x0 0x0
0xffffbe0000018758 0041 00000000 0x0 0x0
0xffffbe00000187d0 0041 00000000 0x0 0x0
0xffffbe0000018848 0041 00000000 0x0 0x0
0xffffbe00000188c0 0041 00000000 0x0 0x0
0xffffbe0000018938 0041 00000000 0x0 0x0
0xffffbe00000189b0 0041 00000000 0x0 0x0
0xffffbe0000018a28 0041 00000000 0x0 0x0
0xffffbe0000018aa0 0041 00000000 0x0 0x0
0xffffbe0000018b18 0041 00000000 0x0 0x0
0xffffbe0000018b90 0041 00000000 0x0 0x0
0xffffbe0000018c08 0041 00000000 0x0 0x0
0xffffbe0000018c80 0041 00000000 0x0 0x0
0xffffbe0000018cf8 0041 00000000 0x0 0x0
0xffffbe0000018d70 0041 00000000 0x0 0x0
0xffffbe0000018de8 0041 00000000 0x0 0x0
0xffffbe0000018e60 0041 00000000 0x0 0x0
0xffffbe0000018ed8 0041 00000000 0x0 0x0
0xffffbe0000018f50 0041 00000000 0x0 0x0
0xffffbe0000018fc8 0041 00000000 0x0 0x0
0xffffbe0000019040 0041 00000000 0x0 0x0
0xffffbe00000190b8 0041 00000000 0x0 0x0
0xffffbe0000019130 0041 00000000 0x0 0x0
0xffffbe00000191a8 0041 00000000 0x0 0x0
0xffffbe0000019220 0041 00000000 0x0 0x0
0xffffbe0000019298 0041 00000000 0x0 0x0
0xffffbe0000019310 0041 00000000 0x0 0x0
0xffffbe0000019388 0041 00000000 0x0 0x0
0xffffbe0000019400 0041 00000000 0x0 0x0
0xffffbe0000019478 0041 00000000 0x0 0x0
0xffffbe00000194f0 0041 00000000 0x0 0x0
0xffffbe0000019568 0041 00000000 0x0 0x0
0xffffbe00000195e0 0041 00000000 0x0 0x0
0xffffbe0000019658 0041 00000000 0x0 0x0
0xffffbe00000196d0 0041 00000000 0x0 0x0
0xffffbe0000019748 0041 00000000 0x0 0x0
0xffffbe00000197c0 0041 00000000 0x0 0x0
0xffffbe0000019838 0041 00000000 0x0 0x0
0xffffbe00000198b0 0041 00000000 0x0 0x0
0xffffbe0000019928 0041 00000000 0x0 0x0
0xffffbe00000199a0 0041 00000000 0x0 0x0
0xffffbe0000019a18 0041 00000000 0x0 0x0
0xffffbe0000019a90 0041 00000000 0x0 0x0
0xffffbe0000019b08 0041 00000000 0x0 0x0
0xffffbe0000019b80 0041 00000000 0x0 0x0
0xffffbe0000019bf8 0041 00000000 0x0 0x0
0xffffbe0000019c70 0041 00000000 0x0 0x0
0xffffbe0000019ce8 0041 00000000 0x0 0x0
0xffffbe0000019d60 0041 00000000 0x0 0x0
0xffffbe0000019dd8 0041 00000000 0x0 0x0
0xffffbe0000019e50 0041 00000000 0x0 0x0
0xffffbe0000019ec8 0041 00000000 0x0 0x0
0xffffbe0000019f40 0041 00000000 0x0 0x0
0xffffbe0000019fb8 0041 00000000 0x0 0x0
0xffffbe000001a030 0041 00000000 0x0 0x0
0xffffbe000001a0a8 0041 00000000 0x0 0x0
0xffffbe000001a120 0041 00000000 0x0 0x0
0xffffbe000001a198 0041 00000000 0x0 0x0
0xffffbe000001a210 0041 00000000 0x0 0x0
0xffffbe000001a288 0041 00000000 0x0 0x0
0xffffbe000001a300 0041 00000000 0x0 0x0
0xffffbe000001a378 0041 00000000 0x0 0x0
0xffffbe000001a3f0 0041 00000000 0x0 0x0
0xffffbe000001a468 0041 00000000 0x0 0x0
0xffffbe000001a4e0 0041 00000000 0x0 0x0
0xffffbe000001a558 0041 00000000 0x0 0x0
0xffffbe000001a5d0 0041 00000000 0x0 0x0
0xffffbe000001a648 0041 00000000 0x0 0x0
0xffffbe000001a6c0 0041 00000000 0x0 0x0
0xffffbe000001a738 0041 00000000 0x0 0x0
0xffffbe000001a7b0 0041 00000000 0x0 0x0
0xffffbe000001a828 0041 00000000 0x0 0x0
0xffffbe000001a8a0 0041 00000000 0x0 0x0
0xffffbe000001a918 0041 00000000 0x0 0x0
0xffffbe000001a990 0041 00000000 0x0 0x0
0xffffbe000001aa08 0041 00000000 0x0 0x0
0xffffbe000001aa80 0041 00000000 0x0 0x0
0xffffbe000001aaf8 0041 00000000 0x0 0x0
0xffffbe000001ab70 0041 00000000 0x0 0x0
0xffffbe000001abe8 0045 00000000 0x0 0x0
0xffffbe000001ac60 0045 00000000 0x0 0x0
0xffffbe000001acd8 0045 00000000 0x0 0x0
0xffffbe000001ad50 0041 00000000 0x0 0x0
0xffffbe000001adc8 0041 00000000 0x0 0x0
0xffffbe000001ae40 0045 00000000 0x0 0x0
0xffffbe000001aeb8 0041 00000000 0x0 0x0
0xffffbe000001af30 0041 00000000 0x0 0x0
0xffffbe000001afa8 0045 00000000 0x0 0x0
0xffffbe000001b020 0045 00000000 0x0 0x0
0xffffbe000001b098 0045 00000000 0x0 0x0
0xffffbe000001b110 0045 00000000 0x0 0x0
0xffffbe000001b188 0041 00000000 0x0 0x0
0xffffbe000001b200 0045 00000000 0x0 0x0
0xffffbe000001b278 0045 00000000 0x0 0x0
0xffffbe000001b2f0 0045 00000000 0x0 0x0
0xffffbe000001b368 0041 00000000 0x0 0x0
0xffffbe000001b3e0 0041 00000000 0x0 0x0
0xffffbe000001b458 0041 00000000 0x0 0x0
0xffffbe000001b4d0 0045 00000000 0x0 0x0
0xffffbe000001b548 0045 00000000 0x0 0x0
0xffffbe000001b5c0 0041 00000000 0x0 0x0
0xffffbe000001b638 0045 00000000 0x0 0x0
0xffffbe000001b6b0 0045 00000000 0x0 0x0
0xffffbe000001b728 0041 00000000 0x0 0x0
0xffffbe000001b7a0 0041 00000000 0x0 0x0
0xffffbe000001b818 0041 00000000 0x0 0x0
0xffffbe000001b890 0041 00000000 0x0 0x0
0xffffbe000001b908 0045 00000000 0x0 0x0
0xffffbe000001b980 0041 00000000 0x0 0x0
0xffffbe000001b9f8 0041 00000000 0x0 0x0
0xffffbe000001ba70 0041 00000000 0x0 0x0
0xffffbe000001bae8 0041 00000000 0x0 0x0
0xffffbe000001bb60 0041 00000000 0x0 0x0
0xffffbe000001bbd8 0041 00000000 0x0 0x0
0xffffbe000001bc50 0041 00000000 0x0 0x0
0xffffbe000001bcc8 0041 00000000 0x0 0x0
0xffffbe000001bd40 0041 00000000 0x0 0x0
0xffffbe000001bdb8 0041 00000000 0x0 0x0
0xffffbe000001be30 0041 00000000 0x0 0x0
0xffffbe000001bea8 0041 00000000 0x0 0x0
0xffffbe000001bf20 0041 00000000 0x0 0x0
0xffffbe000001bf98 0041 00000000 0x0 0x0
0xffffbe000001c010 0041 00000000 0x0 0x0
0xffffbe000001c088 0041 00000000 0x0 0x0
0xffffbe000001c100 0041 00000000 0x0 0x0
0xffffbe000001c178 0041 00000000 0x0 0x0
0xffffbe000001c1f0 0041 00000000 0x0 0x0
0xffffbe000001c268 0041 00000000 0x0 0x0
0xffffbe000001c2e0 0041 00000000 0x0 0x0
0xffffbe000001c358 0041 00000000 0x0 0x0
0xffffbe000001c3d0 0041 00000000 0x0 0x0
0xffffbe000001c448 0041 00000000 0x0 0x0
0xffffbe000001c4c0 0041 00000000 0x0 0x0
0xffffbe000001c538 0041 00000000 0x0 0x0
0xffffbe000001c5b0 0041 00000000 0x0 0x0
0xffffbe000001c628 0041 00000000 0x0 0x0
0xffffbe000001c6a0 0041 00000000 0x0 0x0
0xffffbe000001c718 0041 00000000 0x0 0x0
0xffffbe000001c790 0041 00000000 0x0 0x0
0xffffbe000001c808 0041 00000000 0x0 0x0
0xffffbe000001c880 0041 00000000 0x0 0x0
0xffffbe000001c8f8 0041 00000000 0x0 0x0
0xffffbe000001c970 0041 00000000 0x0 0x0
0xffffbe000001c9e8 0041 00000000 0x0 0x0
0xffffbe000001ca60 0041 00000000 0x0 0x0
0xffffbe000001cad8 0041 00000000 0x0 0x0
0xffffbe000001cb50 0041 00000000 0x0 0x0
0xffffbe000001cbc8 0041 00000000 0x0 0x0
0xffffbe000001cc40 0041 00000000 0x0 0x0
0xffffbe000001ccb8 0041 00000000 0x0 0x0
0xffffbe000001cd30 0041 00000000 0x0 0x0
0xffffbe000001cda8 0041 00000000 0x0 0x0
0xffffbe000001ce20 0041 00000000 0x0 0x0
0xffffbe000001ce98 0041 00000000 0x0 0x0
0xffffbe000001cf10 0041 00000000 0x0 0x0
0xffffbe000001cf88 0041 00000000 0x0 0x0
0xffffbe000001d000 0041 00000000 0x0 0x0
0xffffbe000001d078 0041 00000000 0x0 0x0
0xffffbe000001d0f0 0041 00000000 0x0 0x0
0xffffbe000001d168 0041 00000000 0x0 0x0
0xffffbe000001d1e0 0041 00000000 0x0 0x0
0xffffbe000001d258 0041 00000000 0x0 0x0
0xffffbe000001d2d0 0041 00000000 0x0 0x0
0xffffbe000001d348 0041 00000000 0x0 0x0
0xffffbe000001d3c0 0041 00000000 0x0 0x0
0xffffbe000001d438 0041 00000000 0x0 0x0
0xffffbe000001d4b0 0041 00000000 0x0 0x0
0xffffbe000001d528 0041 00000000 0x0 0x0
0xffffbe000001d5a0 0041 00000000 0x0 0x0
0xffffbe000001d618 0041 00000000 0x0 0x0
0xffffbe000001d690 0041 00000000 0x0 0x0
0xffffbe000001d708 0041 00000000 0x0 0x0
0xffffbe000001d780 0041 00000000 0x0 0x0
0xffffbe000001d7f8 0041 00000000 0x0 0x0
0xffffbe000001d870 0041 00000000 0x0 0x0
0xffffbe000001d8e8 0041 00000000 0x0 0x0
0xffffbe000001d960 0041 00000000 0x0 0x0
0xffffbe000001d9d8 0041 00000000 0x0 0x0
0xffffbe000001da50 0041 00000000 0x0 0x0
0xffffbe000001dac8 0041 00000000 0x0 0x0
0xffffbe000001db40 0041 00000000 0x0 0x0
0xffffbe000001dbb8 0041 00000000 0x0 0x0
0xffffbe000001dc30 0041 00000000 0x0 0x0
0xffffbe000001dca8 0041 00000000 0x0 0x0
0xffffbe000001dd20 0041 00000000 0x0 0x0
0xffffbe000001dd98 0041 00000000 0x0 0x0
0xffffbe000001de10 0041 00000000 0x0 0x0
0xffffbe000001de88 0041 00000000 0x0 0x0
0xffffbe000001df00 0041 00000000 0x0 0x0
0xffffbe000001df78 0041 00000000 0x0 0x0
0xffffbe000001dff0 0041 00000000 0x0 0x0
0xffffbe000001e068 0041 00000000 0x0 0x0
0xffffbe000001e0e0 0041 00000000 0x0 0x0
0xffffbe000001e158 0041 00000000 0x0 0x0
0xffffbe000001e1d0 0041 00000000 0x0 0x0
0xffffbe000001e248 0041 00000000 0x0 0x0
0xffffbe000001e2c0 0041 00000000 0x0 0x0
0xffffbe000001e338 0041 00000000 0x0 0x0
0xffffbe000001e3b0 0041 00000000 0x0 0x0
0xffffbe000001e428 0041 00000000 0x0 0x0
0xffffbe000001e4a0 0041 00000000 0x0 0x0
0xffffbe000001e518 0041 00000000 0x0 0x0
0xffffbe000001e590 0041 00000000 0x0 0x0
0xffffbe000001e608 0041 00000000 0x0 0x0
0xffffbe000001e680 0041 00000000 0x0 0x0
0xffffbe000001e6f8 0041 00000000 0x0 0x0
0xffffbe000001e770 0041 00000000 0x0 0x0
0xffffbe000001e7e8 0041 00000000 0x0 0x0
0xffffbe000001e860 0041 00000000 0x0 0x0
0xffffbe000001e8d8 0041 00000000 0x0 0x0
0xffffbe000001e950 0041 00000000 0x0 0x0
0xffffbe000001e9c8 0041 00000000 0x0 0x0
0xffffbe000001ea40 0041 00000000 0x0 0x0
0xffffbe000001eab8 0041 00000000 0x0 0x0
0xffffbe000001eb30 0041 00000000 0x0 0x0
0xffffbe000001eba8 0041 00000000 0x0 0x0
0xffffbe000001ec20 0041 00000000 0x0 0x0
0xffffbe000001ec98 0041 00000000 0x0 0x0
0xffffbe000001ed10 0041 00000000 0x0 0x0
0xffffbe000001ed88 0041 00000000 0x0 0x0
0xffffbe000001ee00 0041 00000000 0x0 0x0
0xffffbe000001ee78 0041 00000000 0x0 0x0
0xffffbe000001eef0 0041 00000000 0x0 0x0
0xffffbe000001ef68 0041 00000000 0x0 0x0
0xffffbe000001efe0 0041 00000000 0x0 0x0
0xffffbe000001f058 0041 00000000 0x0 0x0
0xffffbe000001f0d0 0041 00000000 0x0 0x0
0xffffbe000001f148 0041 00000000 0x0 0x0
0xffffbe000001f1c0 0041 00000000 0x0 0x0
0xffffbe000001f238 0041 00000000 0x0 0x0
0xffffbe000001f2b0 0041 00000000 0x0 0x0
0xffffbe000001f328 0041 00000000 0x0 0x0
0xffffbe000001f3a0 0041 00000000 0x0 0x0
0xffffbe000001f418 0041 00000000 0x0 0x0
0xffffbe000001f490 0041 00000000 0x0 0x0
0xffffbe000001f508 0041 00000000 0x0 0x0
0xffffbe000001f580 0041 00000000 0x0 0x0
0xffffbe000001f5f8 0041 00000000 0x0 0x0
0xffffbe000001f670 0041 00000000 0x0 0x0
0xffffbe000001f6e8 0041 00000000 0x0 0x0
0xffffbe000001f760 0041 00000000 0x0 0x0
0xffffbe000001f7d8 0041 00000000 0x0 0x0
0xffffbe000001f850 0041 00000000 0x0 0x0
0xffffbe000001f8c8 0041 00000000 0x0 0x0
0xffffbe000001f940 0041 00000000 0x0 0x0
0xffffbe000001f9b8 0041 00000000 0x0 0x0
0xffffbe000001fa30 0041 00000000 0x0 0x0
0xffffbe000001faa8 0041 00000000 0x0 0x0
0xffffbe000001fb20 0041 00000000 0x0 0x0
0xffffbe000001fb98 0041 00000000 0x0 0x0
0xffffbe000001fc10 0041 00000000 0x0 0x0
0xffffbe000001fc88 0041 00000000 0x0 0x0
0xffffbe000001fd00 0041 00000000 0x0 0x0
0xffffbe000001fd78 0041 00000000 0x0 0x0
0xffffbe000001fdf0 0041 00000000 0x0 0x0
0xffffbe000001fe68 0041 00000000 0x0 0x0
0xffffbe000001fee0 0041 00000000 0x0 0x0
0xffffbe000001ff58 0041 00000000 0x0 0x0
0xffffbe000001ffd0 0041 00000000 0x0 0x0
0xffffbe0000020048 0041 00000000 0x0 0x0
0xffffbe00000200c0 0041 00000000 0x0 0x0
0xffffbe0000020138 0041 00000000 0x0 0x0
0xffffbe00000201b0 0041 00000000 0x0 0x0
0xffffbe0000020228 0041 00000000 0x0 0x0
0xffffbe00000202a0 0041 00000000 0x0 0x0
0xffffbe0000020318 0041 00000000 0x0 0x0
0xffffbe0000020390 0041 00000000 0x0 0x0
0xffffbe0000020408 0041 00000000 0x0 0x0
0xffffbe0000020480 0041 00000000 0x0 0x0
0xffffbe00000204f8 0041 00000000 0x0 0x0
0xffffbe0000020570 0041 00000000 0x0 0x0
0xffffbe00000205e8 0041 00000000 0x0 0x0
0xffffbe0000020660 0041 00000000 0x0 0x0
0xffffbe00000206d8 0041 00000000 0x0 0x0
0xffffbe0000020750 0041 00000000 0x0 0x0
0xffffbe00000207c8 0041 00000000 0x0 0x0
0xffffbe0000020840 0041 00000000 0x0 0x0
0xffffbe00000208b8 0041 00000000 0x0 0x0
0xffffbe0000020930 0041 00000000 0x0 0x0
0xffffbe00000209a8 0041 00000000 0x0 0x0
0xffffbe0000020a20 0041 00000000 0x0 0x0
0xffffbe0000020a98 0041 00000000 0x0 0x0
0xffffbe0000020b10 0041 00000000 0x0 0x0
0xffffbe0000020b88 0041 00000000 0x0 0x0
0xffffbe0000020c00 0041 00000000 0x0 0x0
0xffffbe0000020c78 0041 00000000 0x0 0x0
0xffffbe0000020cf0 0041 00000000 0x0 0x0
0xffffbe0000020d68 0041 00000000 0x0 0x0
0xffffbe0000020de0 0041 00000000 0x0 0x0
0xffffbe0000020e58 0041 00000000 0x0 0x0
0xffffbe0000020ed0 0041 00000000 0x0 0x0
0xffffbe0000020f48 0041 00000000 0x0 0x0
0xffffbe0000020fc0 0041 00000000 0x0 0x0
0xffffbe0000021038 0041 00000000 0x0 0x0
0xffffbe00000210b0 0041 00000000 0x0 0x0
0xffffbe0000021128 0041 00000000 0x0 0x0
0xffffbe00000211a0 0041 00000000 0x0 0x0
0xffffbe0000021218 0041 00000000 0x0 0x0
0xffffbe0000021290 0041 00000000 0x0 0x0
0xffffbe0000021308 0041 00000000 0x0 0x0
0xffffbe0000021380 0041 00000000 0x0 0x0
0xffffbe00000213f8 0041 00000000 0x0 0x0
0xffffbe0000021470 0041 00000000 0x0 0x0
0xffffbe00000214e8 0041 00000000 0x0 0x0
0xffffbe0000021560 0041 00000000 0x0 0x0
0xffffbe00000215d8 0041 00000000 0x0 0x0
0xffffbe0000021650 0041 00000000 0x0 0x0
0xffffbe00000216c8 0041 00000000 0x0 0x0
0xffffbe0000021740 0041 00000000 0x0 0x0
0xffffbe00000217b8 0041 00000000 0x0 0x0
0xffffbe0000021830 0041 00000000 0x0 0x0
0xffffbe00000218a8 0041 00000000 0x0 0x0
0xffffbe0000021920 0041 00000000 0x0 0x0
0xffffbe0000021998 0041 00000000 0x0 0x0
0xffffbe0000021a10 0041 00000000 0x0 0x0
0xffffbe0000021a88 0041 00000000 0x0 0x0
0xffffbe0000021b00 0041 00000000 0x0 0x0
0xffffbe0000021b78 0041 00000000 0x0 0x0
0xffffbe0000021bf0 0041 00000000 0x0 0x0
0xffffbe0000021c68 0041 00000000 0x0 0x0
0xffffbe0000021ce0 0041 00000000 0x0 0x0
0xffffbe0000021d58 0041 00000000 0x0 0x0
0xffffbe0000021dd0 0041 00000000 0x0 0x0
0xffffbe0000021e48 0041 00000000 0x0 0x0
0xffffbe0000021ec0 0041 00000000 0x0 0x0
0xffffbe0000021f38 0041 00000000 0x0 0x0
0xffffbe0000021fb0 0041 00000000 0x0 0x0
0xffffbe0000022028 0041 00000000 0x0 0x0
0xffffbe00000220a0 0041 00000000 0x0 0x0
0xffffbe0000022118 0041 00000000 0x0 0x0
0xffffbe0000022190 0041 00000000 0x0 0x0
0xffffbe0000022208 0041 00000000 0x0 0x0
0xffffbe0000022280 0041 00000000 0x0 0x0
0xffffbe00000222f8 0041 00000000 0x0 0x0
0xffffbe0000022370 0041 00000000 0x0 0x0
0xffffbe00000223e8 0041 00000000 0x0 0x0
0xffffbe0000022460 0041 00000000 0x0 0x0
0xffffbe00000224d8 0041 00000000 0x0 0x0
0xffffbe0000022550 0041 00000000 0x0 0x0
0xffffbe00000225c8 0041 00000000 0x0 0x0
0xffffbe0000022640 0041 00000000 0x0 0x0
0xffffbe00000226b8 0041 00000000 0x0 0x0
0xffffbe0000022730 0041 00000000 0x0 0x0
0xffffbe00000227a8 0041 00000000 0x0 0x0
0xffffbe0000022820 0041 00000000 0x0 0x0
0xffffbe0000022898 0041 00000000 0x0 0x0
0xffffbe0000022910 0041 00000000 0x0 0x0
0xffffbe0000022988 0041 00000000 0x0 0x0
0xffffbe0000022a00 0041 00000000 0x0 0x0
0xffffbe0000022a78 0041 00000000 0x0 0x0
0xffffbe0000022af0 0041 00000000 0x0 0x0
0xffffbe0000022b68 0041 00000000 0x0 0x0
0xffffbe0000022be0 0041 00000000 0x0 0x0
0xffffbe0000022c58 0041 00000000 0x0 0x0
0xffffbe0000022cd0 0041 00000000 0x0 0x0
0xffffbe0000022d48 0041 00000000 0x0 0x0
0xffffbe0000022dc0 0041 00000000 0x0 0x0
0xffffbe0000022e38 0041 00000000 0x0 0x0
0xffffbe0000022eb0 0041 00000000 0x0 0x0
0xffffbe0000022f28 0041 00000000 0x0 0x0
0xffffbe0000022fa0 0041 00000000 0x0 0x0
0xffffbe0000023018 0041 00000000 0x0 0x0
0xffffbe0000023090 0041 00000000 0x0 0x0
0xffffbe0000023108 0041 00000000 0x0 0x0
0xffffbe0000023180 0041 00000000 0x0 0x0
0xffffbe00000231f8 0041 00000000 0x0 0x0
0xffffbe0000023270 0041 00000000 0x0 0x0
0xffffbe00000232e8 0041 00000000 0x0 0x0
0xffffbe0000023360 0041 00000000 0x0 0x0
0xffffbe00000233d8 0041 00000000 0x0 0x0
0xffffbe0000023450 0041 00000000 0x0 0x0
0xffffbe00000234c8 0041 00000000 0x0 0x0
0xffffbe0000023540 0041 00000000 0x0 0x0
0xffffbe00000235b8 0041 00000000 0x0 0x0
0xffffbe0000023630 0041 00000000 0x0 0x0
0xffffbe00000236a8 0041 00000000 0x0 0x0
0xffffbe0000023720 0041 00000000 0x0 0x0
0xffffbe0000023798 0041 00000000 0x0 0x0
0xffffbe0000023810 0041 00000000 0x0 0x0
0xffffbe0000023888 0041 00000000 0x0 0x0
0xffffbe0000023900 0041 00000000 0x0 0x0
0xffffbe0000023978 0041 00000000 0x0 0x0
0xffffbe00000239f0 0041 00000000 0x0 0x0
0xffffbe0000023a68 0041 00000000 0x0 0x0
0xffffbe0000023ae0 0041 00000000 0x0 0x0
0xffffbe0000023b58 0041 00000000 0x0 0x0
0xffffbe0000023bd0 0041 00000000 0x0 0x0
0xffffbe0000023c48 0041 00000000 0x0 0x0
0xffffbe0000023cc0 0041 00000000 0x0 0x0
0xffffbe0000023d38 0041 00000000 0x0 0x0
0xffffbe0000023db0 0041 00000000 0x0 0x0
0xffffbe0000023e28 0041 00000000 0x0 0x0
0xffffbe0000023ea0 0041 00000000 0x0 0x0
0xffffbe0000023f18 0041 00000000 0x0 0x0
0xffffbe0000023f90 0041 00000000 0x0 0x0
0xffffbe0000024008 0041 00000000 0x0 0x0
0xffffbe0000024080 0041 00000000 0x0 0x0
0xffffbe00000240f8 0041 00000000 0x0 0x0
0xffffbe0000024170 0041 00000000 0x0 0x0
0xffffbe00000241e8 0041 00000000 0x0 0x0
0xffffbe0000024260 0041 00000000 0x0 0x0
0xffffbe00000242d8 0041 00000000 0x0 0x0
0xffffbe0000024350 0041 00000000 0x0 0x0
0xffffbe00000243c8 0041 00000000 0x0 0x0
0xffffbe0000024440 0041 00000000 0x0 0x0
0xffffbe00000244b8 0041 00000000 0x0 0x0
0xffffbe0000024530 0041 00000000 0x0 0x0
0xffffbe00000245a8 0041 00000000 0x0 0x0
0xffffbe0000024620 0041 00000000 0x0 0x0
0xffffbe0000024698 0041 00000000 0x0 0x0
0xffffbe0000024710 0041 00000000 0x0 0x0
0xffffbe0000024788 0041 00000000 0x0 0x0
0xffffbe0000024800 0041 00000000 0x0 0x0
0xffffbe0000024878 0041 00000000 0x0 0x0
0xffffbe00000248f0 0041 00000000 0x0 0x0
0xffffbe0000024968 0041 00000000 0x0 0x0
0xffffbe00000249e0 0041 00000000 0x0 0x0
0xffffbe0000024a58 0041 00000000 0x0 0x0
0xffffbe0000024ad0 0041 00000000 0x0 0x0
0xffffbe0000024b48 0041 00000000 0x0 0x0
0xffffbe0000024bc0 0041 00000000 0x0 0x0
0xffffbe0000024c38 0041 00000000 0x0 0x0
0xffffbe0000024cb0 0041 00000000 0x0 0x0
0xffffbe0000024d28 0041 00000000 0x0 0x0
0xffffbe0000024da0 0041 00000000 0x0 0x0
0xffffbe0000024e18 0041 00000000 0x0 0x0
0xffffbe0000024e90 0041 00000000 0x0 0x0
0xffffbe0000024f08 0041 00000000 0x0 0x0
0xffffbe0000024f80 0041 00000000 0x0 0x0
0xffffbe0000024ff8 0041 00000000 0x0 0x0
0xffffbe0000025070 0041 00000000 0x0 0x0
0xffffbe00000250e8 0041 00000000 0x0 0x0
0xffffbe0000025160 0041 00000000 0x0 0x0
0xffffbe00000251d8 0041 00000000 0x0 0x0
0xffffbe0000025250 0041 00000000 0x0 0x0
0xffffbe00000252c8 0041 00000000 0x0 0x0
0xffffbe0000025340 0041 00000000 0x0 0x0
0xffffbe00000253b8 0041 00000000 0x0 0x0
0xffffbe0000025430 0041 00000000 0x0 0x0
0xffffbe00000254a8 0041 00000000 0x0 0x0
0xffffbe0000025520 0041 00000000 0x0 0x0
0xffffbe0000025598 0041 00000000 0x0 0x0
0xffffbe0000025610 0041 00000000 0x0 0x0
0xffffbe0000025688 0041 00000000 0x0 0x0
0xffffbe0000025700 0041 00000000 0x0 0x0
0xffffbe0000025778 0041 00000000 0x0 0x0
0xffffbe00000257f0 0041 00000000 0x0 0x0
0xffffbe0000025868 0041 00000000 0x0 0x0
0xffffbe00000258e0 0041 00000000 0x0 0x0
0xffffbe0000025958 0041 00000000 0x0 0x0
0xffffbe00000259d0 0041 00000000 0x0 0x0
0xffffbe0000025a48 0041 00000000 0x0 0x0
0xffffbe0000025ac0 0041 00000000 0x0 0x0
0xffffbe0000025b38 0041 00000000 0x0 0x0
0xffffbe0000025bb0 0041 00000000 0x0 0x0
0xffffbe0000025c28 0041 00000000 0x0 0x0
0xffffbe0000025ca0 0041 00000000 0x0 0x0
0xffffbe0000025d18 0041 00000000 0x0 0x0
0xffffbe0000025d90 0041 00000000 0x0 0x0
0xffffbe0000025e08 0041 00000000 0x0 0x0
0xffffbe0000025e80 0041 00000000 0x0 0x0
0xffffbe0000025ef8 0041 00000000 0x0 0x0
0xffffbe0000025f70 0041 00000000 0x0 0x0
0xffffbe0000025fe8 0041 00000000 0x0 0x0
0xffffbe0000026060 0041 00000000 0x0 0x0
0xffffbe00000260d8 0041 00000000 0x0 0x0
0xffffbe0000026150 0041 00000000 0x0 0x0
0xffffbe00000261c8 0041 00000000 0x0 0x0
0xffffbe0000026240 0041 00000000 0x0 0x0
0xffffbe00000262b8 0041 00000000 0x0 0x0
0xffffbe0000026330 0041 00000000 0x0 0x0
0xffffbe00000263a8 0041 00000000 0x0 0x0
0xffffbe0000026420 0041 00000000 0x0 0x0
0xffffbe0000026498 0041 00000000 0x0 0x0
0xffffbe0000026510 0041 00000000 0x0 0x0
0xffffbe0000026588 0041 00000000 0x0 0x0
0xffffbe0000026600 0041 00000000 0x0 0x0
0xffffbe0000026678 0041 00000000 0x0 0x0
0xffffbe00000266f0 0041 00000000 0x0 0x0
0xffffbe0000026768 0041 00000000 0x0 0x0
0xffffbe00000267e0 0041 00000000 0x0 0x0
0xffffbe0000026858 0041 00000000 0x0 0x0
0xffffbe00000268d0 0041 00000000 0x0 0x0
0xffffbe0000026948 0041 00000000 0x0 0x0
0xffffbe00000269c0 0041 00000000 0x0 0x0
0xffffbe0000026a38 0041 00000000 0x0 0x0
0xffffbe0000026ab0 0041 00000000 0x0 0x0
0xffffbe0000026b28 0041 00000000 0x0 0x0
0xffffbe0000026ba0 0041 00000000 0x0 0x0
0xffffbe0000026c18 0041 00000000 0x0 0x0
0xffffbe0000026c90 0041 00000000 0x0 0x0
0xffffbe0000026d08 0041 00000000 0x0 0x0
0xffffbe0000026d80 0041 00000000 0x0 0x0
0xffffbe0000026df8 0041 00000000 0x0 0x0
0xffffbe0000026e70 0041 00000000 0x0 0x0
0xffffbe0000026ee8 0041 00000000 0x0 0x0
0xffffbe0000026f60 0041 00000000 0x0 0x0
0xffffbe0000026fd8 0041 00000000 0x0 0x0
0xffffbe0000027050 0041 00000000 0x0 0x0
0xffffbe00000270c8 0041 00000000 0x0 0x0
0xffffbe0000027140 0041 00000000 0x0 0x0
0xffffbe00000271b8 0041 00000000 0x0 0x0
0xffffbe0000027230 0041 00000000 0x0 0x0
0xffffbe00000272a8 0041 00000000 0x0 0x0
0xffffbe0000027320 0041 00000000 0x0 0x0
0xffffbe0000027398 0041 00000000 0x0 0x0
0xffffbe0000027410 0041 00000000 0x0 0x0
0xffffbe0000027488 0041 00000000 0x0 0x0
0xffffbe0000027500 0041 00000000 0x0 0x0
0xffffbe0000027578 0041 00000000 0x0 0x0
0xffffbe00000275f0 0041 00000000 0x0 0x0
0xffffbe0000027668 0041 00000000 0x0 0x0
0xffffbe00000276e0 0041 00000000 0x0 0x0
0xffffbe0000027758 0041 00000000 0x0 0x0
0xffffbe00000277d0 0041 00000000 0x0 0x0
0xffffbe0000027848 0041 00000000 0x0 0x0
0xffffbe00000278c0 0041 00000000 0x0 0x0
0xffffbe0000027938 0041 00000000 0x0 0x0
0xffffbe00000279b0 0041 00000000 0x0 0x0
0xffffbe0000027a28 0041 00000000 0x0 0x0
0xffffbe0000027aa0 0041 00000000 0x0 0x0
0xffffbe0000027b18 0041 00000000 0x0 0x0
0xffffbe0000027b90 0041 00000000 0x0 0x0
0xffffbe0000027c08 0041 00000000 0x0 0x0
0xffffbe0000027c80 0041 00000000 0x0 0x0
0xffffbe0000027cf8 0041 00000000 0x0 0x0
0xffffbe0000027d70 0041 00000000 0x0 0x0
0xffffbe0000027de8 0041 00000000 0x0 0x0
0xffffbe0000027e60 0041 00000000 0x0 0x0
0xffffbe0000027ed8 0041 00000000 0x0 0x0
0xffffbe0000027f50 0041 00000000 0x0 0x0
0xffffbe0000027fc8 0041 00000000 0x0 0x0
0xffffbe0000028040 0041 00000000 0x0 0x0
0xffffbe00000280b8 0041 00000000 0x0 0x0
0xffffbe0000028130 0041 00000000 0x0 0x0
0xffffbe00000281a8 0041 00000000 0x0 0x0
0xffffbe0000028220 0041 00000000 0x0 0x0
0xffffbe0000028298 0041 00000000 0x0 0x0
0xffffbe0000028310 0041 00000000 0x0 0x0
0xffffbe0000028388 0041 00000000 0x0 0x0
0xffffbe0000028400 0041 00000000 0x0 0x0
0xffffbe0000028478 0041 00000000 0x0 0x0
0xffffbe00000284f0 0041 00000000 0x0 0x0
0xffffbe0000028568 0041 00000000 0x0 0x0
0xffffbe00000285e0 0041 00000000 0x0 0x0
0xffffbe0000028658 0041 00000000 0x0 0x0
0xffffbe00000286d0 0041 00000000 0x0 0x0
0xffffbe0000028748 0041 00000000 0x0 0x0
0xffffbe00000287c0 0041 00000000 0x0 0x0
0xffffbe0000028838 0041 00000000

---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

[Maxime Villard]

That's a problem I noticed some time ago when running ATF.

There is no actual uninitialized variable here.

What happens is that here:

2290 if (error == 0 && optype == VOP_MKNOD_DESCOFFSET
2291 && vattr.va_rdev == VNOVAL)
2292 error = EINVAL;

LLVM reorders the checks and accesses 'vattr' before 'error'.

The thing is, if error!=0, 'vattr' is actually uninitialized, but
because of the reordering KMSAN fires because we still access 'vattr'
in that case. Overall this is harmless, but KMSAN will still
complain.

I'll just inline this block in the parent block.

[syzbot]

syzbot has found a reproducer for the following crash on:

HEAD commit: 162c6ffc Do not try to recovery from data page fault in in..
git tree: netbsd

console output: https://syzkaller.appspot.com/x/log.txt?x=17cd5245e00000

kernel config: https://syzkaller.appspot.com/x/.config?x=9544af77043190a5
dashboard link: https://syzkaller.appspot.com/bug?extid=a38dd76a4348973d2e53
compiler: clang version 3.8.0-2ubuntu4 (tags/RELEASE_380/final)

syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1158fe09e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=120fec81e00000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+a38dd7...@syzkaller.appspotmail.com

[ 72.4777890] panic: MSan: Uninitialized Variable 'vattr' From do_sys_mknodat()

[ 72.4855229] cpu1: Begin traceback...
[ 72.5088790] vpanic() at netbsd:vpanic+0x7c1 sys/kern/subr_prf.c:334
[ 72.5633671] panic() at netbsd:panic+0x1ad sys/kern/subr_prf.c:255
[ 72.6178573] __msan_warning() at netbsd:__msan_warning+0x127 kmsan_report_inline sys/kern/subr_msan.c:229 [inline]
[ 72.6178573] __msan_warning() at netbsd:__msan_warning+0x127 sys/kern/subr_msan.c:612
[ 72.6723471] do_sys_mknodat() at netbsd:do_sys_mknodat+0x9e0 sys/kern/vfs_syscalls.c:2290
[ 72.7268399] sys_syscall() at netbsd:sys_syscall+0x27b sys/kern/sys_syscall.c:77
[ 72.7891146] syscall() at netbsd:syscall+0x35d sy_call sys/sys/syscallvar.h:65 [inline]
[ 72.7891146] syscall() at netbsd:syscall+0x35d sy_invoke sys/sys/syscallvar.h:94 [inline]
[ 72.7891146] syscall() at netbsd:syscall+0x35d sys/arch/x86/x86/syscall.c:138
[ 72.8046820] --- syscall (number 0) ---
[ 72.8280345] 774e100e4b5a:
[ 72.8319300] cpu1: End traceback...
[ 72.8358207] fatal breakpoint trap in supervisor mode
[ 72.8397141] trap type 1 code 0 rip 0xffffffff8022025d cs 0x8 rflags 0x246 cr2 0xffffb3006fca7000 ilevel 0 rsp 0xffffb30079d3f930
[ 72.8513882] curlwp 0xffffb300122870c0 pid 607.2 lowest kstack 0xffffb30079d382c0
Stopped in pid 607.2 (syz-executor0777) at netbsd:breakpoint+0x5: leave

?
breakpoint() at netbsd:breakpoint+0x5
vpanic() at netbsd:vpanic+0x7c1 sys/kern/subr_prf.c:334
panic() at netbsd:panic+0x1ad sys/kern/subr_prf.c:255
__msan_warning() at netbsd:__msan_warning+0x127 kmsan_report_inline sys/kern/subr_msan.c:229 [inline]
__msan_warning() at netbsd:__msan_warning+0x127 sys/kern/subr_msan.c:612
do_sys_mknodat() at netbsd:do_sys_mknodat+0x9e0 sys/kern/vfs_syscalls.c:2290

sys_syscall() at netbsd:sys_syscall+0x27b sys/kern/sys_syscall.c:77

syscall() at netbsd:syscall+0x35d sy_call sys/sys/syscallvar.h:65 [inline]
syscall() at netbsd:syscall+0x35d sy_invoke sys/sys/syscallvar.h:94 [inline]
syscall() at netbsd:syscall+0x35d sys/arch/x86/x86/syscall.c:138

--- syscall (number 0) ---
774e100e4b5a:
ds f920
es 0
fs 1f3f
gs 104
rdi 8000000000
rsi ffff950000000000
rbp ffffb30079d3f930
rbx 0
rdx ffff810012287378
rcx 0
rax 0
r8 1
r9 0
r10 ffffb30079d3f7e0
r11 10
r12 0
r13 104
r14 1f3f

r15 0
rip ffffffff8022025d breakpoint+0x5
cs 8
rflags 246

rsp ffffb30079d3f930

ss 10
netbsd:breakpoint+0x5: leave
PID LID S CPU FLAGS STRUCT LWP * NAME WAIT

458 2 2 0 0 ffffb3001229c980 syz-executor0777
458 1 2 0 0 ffffb3001229c540 syz-executor0777
646 2 2 1 0 ffffb30012287500 syz-executor0777
646 1 2 1 0 ffffb30012163900 syz-executor0777
629 2 2 1 0 ffffb30012287940 syz-executor0777
629 1 2 1 0 ffffb30012163080 syz-executor0777
523 1 2 1 0 ffffb3001214c8c0 syz-executor0777
607 > 2 7 1 0 ffffb300122870c0 syz-executor0777
607 1 2 1 0 ffffb3001214c480 syz-executor0777
620 1 2 1 0 ffffb3001213cbc0 syz-executor0777
507 2 2 1 0 ffffb3001229c100 syz-executor0777
507 1 2 1 0 ffffb3001214c040 syz-executor0777
611 1 2 1 0 ffffb3001213c780 syz-executor0777
421 2 3 0 0 ffffb300121634c0 syz-executor0777 tstile
421 1 2 0 0 ffffb3001213c340 syz-executor0777
630 1 2 1 0 ffffb300108ffb00 syz-executor0777
45 1 2 1 0 ffffb300108ff280 syz-executor0777
604 1 2 1 0 ffffb300109edb40 syz-executor0777
574 1 3 0 80 ffffb30010a13780 syz-executor0777 nanoslp
40 1 3 0 80 ffffb30010a13bc0 sshd select
569 1 3 0 80 ffffb300108ff6c0 getty nanoslp
563 1 3 1 80 ffffb300108a1a80 getty nanoslp
568 1 3 1 80 ffffb300108a1640 getty nanoslp
462 1 3 1 80 ffffb300108e6680 getty ttyraw
423 1 3 1 80 ffffb3001135f0c0 cron nanoslp
570 1 3 1 80 ffffb30011378580 inetd kqueue
516 1 3 0 80 ffffb30011229b80 sshd select
465 1 3 1 80 ffffb30010ba4940 powerd kqueue
413 1 2 0 0 ffffb30010af1600 makemandb
335 1 3 0 80 ffffb300112988c0 syslogd kqueue
215 1 3 1 80 ffffb30010ba40c0 dhcpcd kqueue
244 1 3 0 80 ffffb30010a6b140 dhcpcd kqueue
1 1 3 0 80 ffffb3001056c0c0 init wait
0 44 3 0 204 ffffb30010713100 physiod physiod
0 48 3 0 204 ffffb30010715140 pooldrain pooldrain
0 47 2 0 200 ffffb30010713980 ioflush
0 46 3 1 200 ffffb30010713540 pgdaemon pgdaemon
0 43 3 0 200 ffffb3001056c500 npfgc-0 npfgccv
0 42 3 1 204 ffffb3001055a900 rt_free rt_free
0 41 3 1 204 ffffb3001055a4c0 unpgc unpgc
0 29 3 0 204 ffffb3000febe280 key_timehandler key_timehandler
0 40 3 1 204 ffffb3001055a080 icmp6_wqinput/1 icmp6_wqinput
0 39 3 0 204 ffffb300105528c0 icmp6_wqinput/0 icmp6_wqinput
0 38 3 0 204 ffffb30010552480 nd6_timer nd6_timer
0 37 3 1 204 ffffb30010552040 carp6_wqinput/1 carp6_wqinput
0 36 3 0 204 ffffb30010550bc0 carp6_wqinput/0 carp6_wqinput
0 35 3 1 204 ffffb30010550780 carp_wqinput/1 carp_wqinput
0 34 3 0 204 ffffb30010550340 carp_wqinput/0 carp_wqinput
0 33 3 1 204 ffffb300103a5b80 icmp_wqinput/1 icmp_wqinput
0 32 3 0 204 ffffb300103a5740 icmp_wqinput/0 icmp_wqinput
0 31 3 0 204 ffffb300103a5300 rt_timer rt_timer
0 30 3 0 204 ffffb30010392700 vmem_rehash vmem_rehash
0 28 3 0 204 ffffb3000eb32ac0 scsibus0 sccomp
0 27 3 0 200 ffffb3000eb32680 pms0 pmsreset
0 26 3 1 204 ffffb3000eb32240 xcall/1 xcall
0 25 1 1 200 ffffb3000eb30a80 softser/1
0 24 1 1 200 ffffb3000eb30640 softclk/1
0 23 1 1 200 ffffb3000eb30200 softbio/1
0 22 1 1 200 ffffb3000d545a40 softnet/1
0 21 1 1 201 ffffb3000d545600 idle/1
0 20 3 0 204 ffffb3000d5451c0 lnxpwrwq lnxpwrwq
0 19 3 0 204 ffffb3000d544a00 lnxlngwq lnxlngwq
0 18 3 0 204 ffffb3000d5445c0 lnxsyswq lnxsyswq
0 17 3 0 204 ffffb3000d544180 lnxrcugc lnxrcugc
0 16 3 0 204 ffffb3000d53f9c0 sysmon smtaskq
0 15 3 0 204 ffffb3000d53f580 pmfsuspend pmfsuspend
0 14 3 0 204 ffffb3000d53f140 pmfevent pmfevent
0 13 3 0 204 ffffb3000d535980 sopendfree sopendfr
0 12 3 1 204 ffffb3000d535540 iflnkst iflnkst
0 11 3 0 204 ffffb3000d535100 nfssilly nfssilly
0 10 2 1 200 ffffb3000d52c940 cachegc
0 9 3 0 204 ffffb3000d52c500 vdrain vdrain
0 8 3 1 200 ffffb3000d52c0c0 modunload mod_unld
0 7 3 0 204 ffffb3000cf65900 xcall/0 xcall
0 6 1 0 200 ffffb3000cf654c0 softser/0
0 5 1 0 200 ffffb3000cf65080 softclk/0
0 4 1 0 200 ffffb3000cf608c0 softbio/0
0 3 1 0 200 ffffb3000cf60480 softnet/0
0 2 1 0 201 ffffb3000cf60040 idle/0
0 > 1 7 0 200 ffffffff859a3b40 swapper
[Locks tracked through LWPs]

****** LWP 458.1 (syz-executor0777) @ 0xffffb3001229c540, l_stat=2

*** Locks held:

* Lock 0 (initialized at uvm_obj_init)
lock address : 0xffffb30010726300 type : sleep/adaptive

initialized : 0xffffffff832ee0de
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xffffb3001229c540 last held: 0xffffb3001229c540

last locked* : 0xffffffff832844f9 unlocked : 0xffffffff8329205e
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 646.2 (syz-executor0777) @ 0xffffb30012287500, l_stat=2

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at vcache_get)
lock address : 0xffffb30011d7e980 type : sleep/adaptive

initialized : 0xffffffff83884c06
shared holds : 0 exclusive: 1

shares wanted: 0 exclusive: 3

relevant cpu : 1 last held: 1

relevant lwp : 0xffffb30012287500 last held: 0xffffb300122870c0

last locked* : 0xffffffff838ff289 unlocked : 0xffffffff838ff5f6

owner/count : 0xffffb300122870c0 flags : 0x0000000000000007
Turnstile:
=> 0 waiting readers:
=> 1 waiting writers: 0xffffb300121634c0

****** LWP 629.2 (syz-executor0777) @ 0xffffb30012287940, l_stat=2

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at vcache_get)
lock address : 0xffffb30011d7e980 type : sleep/adaptive

initialized : 0xffffffff83884c06
shared holds : 0 exclusive: 1

shares wanted: 0 exclusive: 3

relevant cpu : 1 last held: 1

relevant lwp : 0xffffb30012287940 last held: 0xffffb300122870c0

last locked* : 0xffffffff838ff289 unlocked : 0xffffffff838ff5f6

owner/count : 0xffffb300122870c0 flags : 0x0000000000000007
Turnstile:
=> 0 waiting readers:
=> 1 waiting writers: 0xffffb300121634c0

****** LWP 607.2 (syz-executor0777) @ 0xffffb300122870c0, l_stat=7

*** Locks held:

* Lock 0 (initialized at vcache_get)
lock address : 0xffffb30011d7e980 type : sleep/adaptive

initialized : 0xffffffff83884c06
shared holds : 0 exclusive: 1

shares wanted: 0 exclusive: 3

relevant cpu : 1 last held: 1

relevant lwp : 0xffffb300122870c0 last held: 0xffffb300122870c0

last locked* : 0xffffffff838ff289 unlocked : 0xffffffff838ff5f6

owner/count : 0xffffb300122870c0 flags : 0x0000000000000007
Turnstile:
=> 0 waiting readers:
=> 1 waiting writers: 0xffffb300121634c0

*** Locks wanted: none

****** LWP 507.2 (syz-executor0777) @ 0xffffb3001229c100, l_stat=2

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at vcache_get)
lock address : 0xffffb30011d7e980 type : sleep/adaptive

initialized : 0xffffffff83884c06
shared holds : 0 exclusive: 1

shares wanted: 0 exclusive: 3

relevant cpu : 1 last held: 1

relevant lwp : 0xffffb3001229c100 last held: 0xffffb300122870c0

last locked* : 0xffffffff838ff289 unlocked : 0xffffffff838ff5f6

owner/count : 0xffffb300122870c0 flags : 0x0000000000000007
Turnstile:
=> 0 waiting readers:
=> 1 waiting writers: 0xffffb300121634c0

****** LWP 0.24 (softclk/1) @ 0xffffb3000eb30640, l_stat=1

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff85a5d440 type : sleep/adaptive
initialized : 0xffffffff8344fc73
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0

relevant lwp : 0xffffb3000eb30640 last held: 000000000000000000

last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.12 (iflnkst) @ 0xffffb3000d535540, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff85a5d440 type : sleep/adaptive
initialized : 0xffffffff8344fc73
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0

relevant cpu : 1 last held: 0

relevant lwp : 0xffffb3000d535540 last held: 000000000000000000

last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.5 (softclk/0) @ 0xffffb3000cf65080, l_stat=1

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff85a5d440 type : sleep/adaptive
initialized : 0xffffffff8344fc73
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xffffb3000cf65080 last held: 000000000000000000

last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

[Locks tracked through CPUs]

PAGE FLAG PQ UOBJECT UANON

0xffffb30000014180 0041 00000000 0x0 0x0
0xffffb300000141f8 0041 00000000 0x0 0x0
0xffffb30000014270 0041 00000000 0x0 0x0
0xffffb300000142e8 0041 00000000 0x0 0x0
0xffffb30000014360 0041 00000000 0x0 0x0
0xffffb300000143d8 0041 00000000 0x0 0x0
0xffffb30000014450 0041 00000000 0x0 0x0
0xffffb300000144c8 0041 00000000 0x0 0x0
0xffffb30000014540 0041 00000000 0x0 0x0
0xffffb300000145b8 0041 00000000 0x0 0x0
0xffffb30000014630 0041 00000000 0x0 0x0
0xffffb300000146a8 0041 00000000 0x0 0x0
0xffffb30000014720 0041 00000000 0x0 0x0
0xffffb30000014798 0041 00000000 0x0 0x0
0xffffb30000014810 0041 00000000 0x0 0x0
0xffffb30000014888 0041 00000000 0x0 0x0
0xffffb30000014900 0041 00000000 0x0 0x0
0xffffb30000014978 0041 00000000 0x0 0x0
0xffffb300000149f0 0041 00000000 0x0 0x0
0xffffb30000014a68 0041 00000000 0x0 0x0
0xffffb30000014ae0 0041 00000000 0x0 0x0
0xffffb30000014b58 0041 00000000 0x0 0x0
0xffffb30000014bd0 0041 00000000 0x0 0x0
0xffffb30000014c48 0041 00000000 0x0 0x0
0xffffb30000014cc0 0041 00000000 0x0 0x0
0xffffb30000014d38 0041 00000000 0x0 0x0
0xffffb30000014db0 0041 00000000 0x0 0x0
0xffffb30000014e28 0041 00000000 0x0 0x0
0xffffb30000014ea0 0041 00000000 0x0 0x0
0xffffb30000014f18 0041 00000000 0x0 0x0
0xffffb30000014f90 0041 00000000 0x0 0x0
0xffffb30000015008 0041 00000000 0x0 0x0
0xffffb30000015080 0041 00000000 0x0 0x0
0xffffb300000150f8 0041 00000000 0x0 0x0
0xffffb30000015170 0041 00000000 0x0 0x0
0xffffb300000151e8 0041 00000000 0x0 0x0
0xffffb30000015260 0041 00000000 0x0 0x0
0xffffb300000152d8 0041 00000000 0x0 0x0
0xffffb30000015350 0041 00000000 0x0 0x0
0xffffb300000153c8 0041 00000000 0x0 0x0
0xffffb30000015440 0041 00000000 0x0 0x0
0xffffb300000154b8 0041 00000000 0x0 0x0
0xffffb30000015530 0041 00000000 0x0 0x0
0xffffb300000155a8 0041 00000000 0x0 0x0
0xffffb30000015620 0041 00000000 0x0 0x0
0xffffb30000015698 0041 00000000 0x0 0x0
0xffffb30000015710 0041 00000000 0x0 0x0
0xffffb30000015788 0041 00000000 0x0 0x0
0xffffb30000015800 0041 00000000 0x0 0x0
0xffffb30000015878 0041 00000000 0x0 0x0
0xffffb300000158f0 0041 00000000 0x0 0x0
0xffffb30000015968 0041 00000000 0x0 0x0
0xffffb300000159e0 0041 00000000 0x0 0x0
0xffffb30000015a58 0041 00000000 0x0 0x0
0xffffb30000015ad0 0041 00000000 0x0 0x0
0xffffb30000015b48 0041 00000000 0x0 0x0
0xffffb30000015bc0 0041 00000000 0x0 0x0
0xffffb30000015c38 0041 00000000 0x0 0x0
0xffffb30000015cb0 0041 00000000 0x0 0x0
0xffffb30000015d28 0041 00000000 0x0 0x0
0xffffb30000015da0 0041 00000000 0x0 0x0
0xffffb30000015e18 0041 00000000 0x0 0x0
0xffffb30000015e90 0041 00000000 0x0 0x0
0xffffb30000015f08 0041 00000000 0x0 0x0
0xffffb30000015f80 0041 00000000 0x0 0x0
0xffffb30000015ff8 0041 00000000 0x0 0x0
0xffffb30000016070 0041 00000000 0x0 0x0
0xffffb300000160e8 0041 00000000 0x0 0x0
0xffffb30000016160 0041 00000000 0x0 0x0
0xffffb300000161d8 0041 00000000 0x0 0x0
0xffffb30000016250 0041 00000000 0x0 0x0
0xffffb300000162c8 0041 00000000 0x0 0x0
0xffffb30000016340 0041 00000000 0x0 0x0
0xffffb300000163b8 0041 00000000 0x0 0x0
0xffffb30000016430 0041 00000000 0x0 0x0
0xffffb300000164a8 0041 00000000 0x0 0x0
0xffffb30000016520 0041 00000000 0x0 0x0
0xffffb30000016598 0041 00000000 0x0 0x0
0xffffb30000016610 0041 00000000 0x0 0x0
0xffffb30000016688 0041 00000000 0x0 0x0
0xffffb30000016700 0041 00000000 0x0 0x0
0xffffb30000016778 0041 00000000 0x0 0x0
0xffffb300000167f0 0041 00000000 0x0 0x0
0xffffb30000016868 0041 00000000 0x0 0x0
0xffffb300000168e0 0041 00000000 0x0 0x0
0xffffb30000016958 0041 00000000 0x0 0x0
0xffffb300000169d0 0041 00000000 0x0 0x0
0xffffb30000016a48 0041 00000000 0x0 0x0
0xffffb30000016ac0 0041 00000000 0x0 0x0
0xffffb30000016b38 0041 00000000 0x0 0x0
0xffffb30000016bb0 0041 00000000 0x0 0x0
0xffffb30000016c28 0041 00000000 0x0 0x0
0xffffb30000016ca0 0041 00000000 0x0 0x0
0xffffb30000016d18 0041 00000000 0x0 0x0
0xffffb30000016d90 0041 00000000 0x0 0x0
0xffffb30000016e08 0041 00000000 0x0 0x0
0xffffb30000016e80 0041 00000000 0x0 0x0
0xffffb30000016ef8 0041 00000000 0x0 0x0
0xffffb30000016f70 0041 00000000 0x0 0x0
0xffffb30000016fe8 0041 00000000 0x0 0x0
0xffffb30000017060 0041 00000000 0x0 0x0
0xffffb300000170d8 0041 00000000 0x0 0x0
0xffffb30000017150 0041 00000000 0x0 0x0
0xffffb300000171c8 0041 00000000 0x0 0x0
0xffffb30000017240 0041 00000000 0x0 0x0
0xffffb300000172b8 0041 00000000 0x0 0x0
0xffffb30000017330 0041 00000000 0x0 0x0
0xffffb300000173a8 0041 00000000 0x0 0x0
0xffffb30000017420 0041 00000000 0x0 0x0
0xffffb30000017498 0041 00000000 0x0 0x0
0xffffb30000017510 0041 00000000 0x0 0x0
0xffffb30000017588 0041 00000000 0x0 0x0
0xffffb30000017600 0041 00000000 0x0 0x0
0xffffb30000017678 0041 00000000 0x0 0x0
0xffffb300000176f0 0041 00000000 0x0 0x0
0xffffb30000017768 0041 00000000 0x0 0x0
0xffffb300000177e0 0041 00000000 0x0 0x0
0xffffb30000017858 0041 00000000 0x0 0x0
0xffffb300000178d0 0041 00000000 0x0 0x0
0xffffb30000017948 0041 00000000 0x0 0x0
0xffffb300000179c0 0041 00000000 0x0 0x0
0xffffb30000017a38 0041 00000000 0x0 0x0
0xffffb30000017ab0 0041 00000000 0x0 0x0
0xffffb30000017b28 0041 00000000 0x0 0x0
0xffffb30000017ba0 0041 00000000 0x0 0x0
0xffffb30000017c18 0041 00000000 0x0 0x0
0xffffb30000017c90 0041 00000000 0x0 0x0
0xffffb30000017d08 0041 00000000 0x0 0x0
0xffffb30000017d80 0041 00000000 0x0 0x0
0xffffb30000017df8 0041 00000000 0x0 0x0
0xffffb30000017e70 0041 00000000 0x0 0x0
0xffffb30000017ee8 0041 00000000 0x0 0x0
0xffffb30000017f60 0041 00000000 0x0 0x0
0xffffb30000017fd8 0041 00000000 0x0 0x0
0xffffb30000018050 0041 00000000 0x0 0x0
0xffffb300000180c8 0041 00000000 0x0 0x0
0xffffb30000018140 0041 00000000 0x0 0x0
0xffffb300000181b8 0041 00000000 0x0 0x0
0xffffb30000018230 0041 00000000 0x0 0x0
0xffffb300000182a8 0041 00000000 0x0 0x0
0xffffb30000018320 0041 00000000 0x0 0x0
0xffffb30000018398 0041 00000000 0x0 0x0
0xffffb30000018410 0041 00000000 0x0 0x0
0xffffb30000018488 0041 00000000 0x0 0x0
0xffffb30000018500 0041 00000000 0x0 0x0
0xffffb30000018578 0041 00000000 0x0 0x0
0xffffb300000185f0 0041 00000000 0x0 0x0
0xffffb30000018668 0041 00000000 0x0 0x0
0xffffb300000186e0 0041 00000000 0x0 0x0
0xffffb30000018758 0041 00000000 0x0 0x0
0xffffb300000187d0 0041 00000000 0x0 0x0
0xffffb30000018848 0041 00000000 0x0 0x0
0xffffb300000188c0 0041 00000000 0x0 0x0
0xffffb30000018938 0041 00000000 0x0 0x0
0xffffb300000189b0 0041 00000000 0x0 0x0
0xffffb30000018a28 0041 00000000 0x0 0x0
0xffffb30000018aa0 0041 00000000 0x0 0x0
0xffffb30000018b18 0041 00000000 0x0 0x0
0xffffb30000018b90 0041 00000000 0x0 0x0
0xffffb30000018c08 0041 00000000 0x0 0x0
0xffffb30000018c80 0041 00000000 0x0 0x0
0xffffb30000018cf8 0041 00000000 0x0 0x0
0xffffb30000018d70 0041 00000000 0x0 0x0
0xffffb30000018de8 0041 00000000 0x0 0x0
0xffffb30000018e60 0041 00000000 0x0 0x0
0xffffb30000018ed8 0041 00000000 0x0 0x0
0xffffb30000018f50 0041 00000000 0x0 0x0
0xffffb30000018fc8 0041 00000000 0x0 0x0
0xffffb30000019040 0041 00000000 0x0 0x0
0xffffb300000190b8 0041 00000000 0x0 0x0
0xffffb30000019130 0041 00000000 0x0 0x0
0xffffb300000191a8 0041 00000000 0x0 0x0
0xffffb30000019220 0041 00000000 0x0 0x0
0xffffb30000019298 0041 00000000 0x0 0x0
0xffffb30000019310 0041 00000000 0x0 0x0
0xffffb30000019388 0041 00000000 0x0 0x0
0xffffb30000019400 0041 00000000 0x0 0x0
0xffffb30000019478 0041 00000000 0x0 0x0
0xffffb300000194f0 0041 00000000 0x0 0x0
0xffffb30000019568 0041 00000000 0x0 0x0
0xffffb300000195e0 0041 00000000 0x0 0x0
0xffffb30000019658 0041 00000000 0x0 0x0
0xffffb300000196d0 0041 00000000 0x0 0x0
0xffffb30000019748 0041 00000000 0x0 0x0
0xffffb300000197c0 0041 00000000 0x0 0x0
0xffffb30000019838 0041 00000000 0x0 0x0
0xffffb300000198b0 0041 00000000 0x0 0x0
0xffffb30000019928 0041 00000000 0x0 0x0
0xffffb300000199a0 0041 00000000 0x0 0x0
0xffffb30000019a18 0041 00000000 0x0 0x0
0xffffb30000019a90 0041 00000000 0x0 0x0
0xffffb30000019b08 0041 00000000 0x0 0x0
0xffffb30000019b80 0041 00000000 0x0 0x0
0xffffb30000019bf8 0041 00000000 0x0 0x0
0xffffb30000019c70 0041 00000000 0x0 0x0
0xffffb30000019ce8 0041 00000000 0x0 0x0
0xffffb30000019d60 0041 00000000 0x0 0x0
0xffffb30000019dd8 0041 00000000 0x0 0x0
0xffffb30000019e50 0041 00000000 0x0 0x0
0xffffb30000019ec8 0041 00000000 0x0 0x0
0xffffb30000019f40 0041 00000000 0x0 0x0
0xffffb30000019fb8 0041 00000000 0x0 0x0
0xffffb3000001a030 0041 00000000 0x0 0x0
0xffffb3000001a0a8 0041 00000000 0x0 0x0
0xffffb3000001a120 0041 00000000 0x0 0x0
0xffffb3000001a198 0041 00000000 0x0 0x0
0xffffb3000001a210 0041 00000000 0x0 0x0
0xffffb3000001a288 0041 00000000 0x0 0x0
0xffffb3000001a300 0041 00000000 0x0 0x0
0xffffb3000001a378 0041 00000000 0x0 0x0
0xffffb3000001a3f0 0041 00000000 0x0 0x0
0xffffb3000001a468 0041 00000000 0x0 0x0
0xffffb3000001a4e0 0041 00000000 0x0 0x0
0xffffb3000001a558 0041 00000000 0x0 0x0
0xffffb3000001a5d0 0041 00000000 0x0 0x0
0xffffb3000001a648 0041 00000000 0x0 0x0
0xffffb3000001a6c0 0041 00000000 0x0 0x0
0xffffb3000001a738 0041 00000000 0x0 0x0
0xffffb3000001a7b0 0041 00000000 0x0 0x0
0xffffb3000001a828 0041 00000000 0x0 0x0
0xffffb3000001a8a0 0041 00000000 0x0 0x0
0xffffb3000001a918 0041 00000000 0x0 0x0
0xffffb3000001a990 0041 00000000 0x0 0x0
0xffffb3000001aa08 0041 00000000 0x0 0x0
0xffffb3000001aa80 0041 00000000 0x0 0x0
0xffffb3000001aaf8 0041 00000000 0x0 0x0
0xffffb3000001ab70 0041 00000000 0x0 0x0
0xffffb3000001abe8 0045 00000000 0x0 0x0
0xffffb3000001ac60 0045 00000000 0x0 0x0
0xffffb3000001acd8 0045 00000000 0x0 0x0
0xffffb3000001ad50 0041 00000000 0x0 0x0
0xffffb3000001adc8 0041 00000000 0x0 0x0
0xffffb3000001ae40 0045 00000000 0x0 0x0
0xffffb3000001aeb8 0041 00000000 0x0 0x0
0xffffb3000001af30 0041 00000000 0x0 0x0
0xffffb3000001afa8 0045 00000000 0x0 0x0
0xffffb3000001b020 0045 00000000 0x0 0x0
0xffffb3000001b098 0045 00000000 0x0 0x0
0xffffb3000001b110 0045 00000000 0x0 0x0
0xffffb3000001b188 0041 00000000 0x0 0x0
0xffffb3000001b200 0045 00000000 0x0 0x0
0xffffb3000001b278 0045 00000000 0x0 0x0
0xffffb3000001b2f0 0045 00000000 0x0 0x0
0xffffb3000001b368 0041 00000000 0x0 0x0
0xffffb3000001b3e0 0041 00000000 0x0 0x0
0xffffb3000001b458 0041 00000000 0x0 0x0
0xffffb3000001b4d0 0045 00000000 0x0 0x0
0xffffb3000001b548 0045 00000000 0x0 0x0
0xffffb3000001b5c0 0041 00000000 0x0 0x0
0xffffb3000001b638 0045 00000000 0x0 0x0
0xffffb3000001b6b0 0045 00000000 0x0 0x0
0xffffb3000001b728 0041 00000000 0x0 0x0
0xffffb3000001b7a0 0041 00000000 0x0 0x0
0xffffb3000001b818 0041 00000000 0x0 0x0
0xffffb3000001b890 0041 00000000 0x0 0x0
0xffffb3000001b908 0045 00000000 0x0 0x0
0xffffb3000001b980 0041 00000000 0x0 0x0
0xffffb3000001b9f8 0041 00000000 0x0 0x0
0xffffb3000001ba70 0041 00000000 0x0 0x0
0xffffb3000001bae8 0041 00000000 0x0 0x0
0xffffb3000001bb60 0041 00000000 0x0 0x0
0xffffb3000001bbd8 0041 00000000 0x0 0x0
0xffffb3000001bc50 0041 00000000 0x0 0x0
0xffffb3000001bcc8 0041 00000000 0x0 0x0
0xffffb3000001bd40 0041 00000000 0x0 0x0
0xffffb3000001bdb8 0041 00000000 0x0 0x0
0xffffb3000001be30 0041 00000000 0x0 0x0
0xffffb3000001bea8 0041 00000000 0x0 0x0
0xffffb3000001bf20 0041 00000000 0x0 0x0
0xffffb3000001bf98 0041 00000000 0x0 0x0
0xffffb3000001c010 0041 00000000 0x0 0x0
0xffffb3000001c088 0041 00000000 0x0 0x0
0xffffb3000001c100 0041 00000000 0x0 0x0
0xffffb3000001c178 0041 00000000 0x0 0x0
0xffffb3000001c1f0 0041 00000000 0x0 0x0
0xffffb3000001c268 0041 00000000 0x0 0x0
0xffffb3000001c2e0 0041 00000000 0x0 0x0
0xffffb3000001c358 0041 00000000 0x0 0x0
0xffffb3000001c3d0 0041 00000000 0x0 0x0
0xffffb3000001c448 0041 00000000 0x0 0x0
0xffffb3000001c4c0 0041 00000000 0x0 0x0
0xffffb3000001c538 0041 00000000 0x0 0x0
0xffffb3000001c5b0 0041 00000000 0x0 0x0
0xffffb3000001c628 0041 00000000 0x0 0x0
0xffffb3000001c6a0 0041 00000000 0x0 0x0
0xffffb3000001c718 0041 00000000 0x0 0x0
0xffffb3000001c790 0041 00000000 0x0 0x0
0xffffb3000001c808 0041 00000000 0x0 0x0
0xffffb3000001c880 0041 00000000 0x0 0x0
0xffffb3000001c8f8 0041 00000000 0x0 0x0
0xffffb3000001c970 0041 00000000 0x0 0x0
0xffffb3000001c9e8 0041 00000000 0x0 0x0
0xffffb3000001ca60 0041 00000000 0x0 0x0
0xffffb3000001cad8 0041 00000000 0x0 0x0
0xffffb3000001cb50 0041 00000000 0x0 0x0
0xffffb3000001cbc8 0041 00000000 0x0 0x0
0xffffb3000001cc40 0041 00000000 0x0 0x0
0xffffb3000001ccb8 0041 00000000 0x0 0x0
0xffffb3000001cd30 0041 00000000 0x0 0x0
0xffffb3000001cda8 0041 00000000 0x0 0x0
0xffffb3000001ce20 0041 00000000 0x0 0x0
0xffffb3000001ce98 0041 00000000 0x0 0x0
0xffffb3000001cf10 0041 00000000 0x0 0x0
0xffffb3000001cf88 0041 00000000 0x0 0x0
0xffffb3000001d000 0041 00000000 0x0 0x0
0xffffb3000001d078 0041 00000000 0x0 0x0
0xffffb3000001d0f0 0041 00000000 0x0 0x0
0xffffb3000001d168 0041 00000000 0x0 0x0
0xffffb3000001d1e0 0041 00000000 0x0 0x0
0xffffb3000001d258 0041 00000000 0x0 0x0
0xffffb3000001d2d0 0041 00000000 0x0 0x0
0xffffb3000001d348 0041 00000000 0x0 0x0
0xffffb3000001d3c0 0041 00000000 0x0 0x0
0xffffb3000001d438 0041 00000000 0x0 0x0
0xffffb3000001d4b0 0041 00000000 0x0 0x0
0xffffb3000001d528 0041 00000000 0x0 0x0
0xffffb3000001d5a0 0041 00000000 0x0 0x0
0xffffb3000001d618 0041 00000000 0x0 0x0
0xffffb3000001d690 0041 00000000 0x0 0x0
0xffffb3000001d708 0041 00000000 0x0 0x0
0xffffb3000001d780 0041 00000000 0x0 0x0
0xffffb3000001d7f8 0041 00000000 0x0 0x0
0xffffb3000001d870 0041 00000000 0x0 0x0
0xffffb3000001d8e8 0041 00000000 0x0 0x0
0xffffb3000001d960 0041 00000000 0x0 0x0
0xffffb3000001d9d8 0041 00000000 0x0 0x0
0xffffb3000001da50 0041 00000000 0x0 0x0
0xffffb3000001dac8 0041 00000000 0x0 0x0
0xffffb3000001db40 0041 00000000 0x0 0x0
0xffffb3000001dbb8 0041 00000000 0x0 0x0
0xffffb3000001dc30 0041 00000000 0x0 0x0
0xffffb3000001dca8 0041 00000000 0x0 0x0
0xffffb3000001dd20 0041 00000000 0x0 0x0
0xffffb3000001dd98 0041 00000000 0x0 0x0
0xffffb3000001de10 0041 00000000 0x0 0x0
0xffffb3000001de88 0041 00000000 0x0 0x0
0xffffb3000001df00 0041 00000000 0x0 0x0
0xffffb3000001df78 0041 00000000 0x0 0x0
0xffffb3000001dff0 0041 00000000 0x0 0x0
0xffffb3000001e068 0041 00000000 0x0 0x0
0xffffb3000001e0e0 0041 00000000 0x0 0x0
0xffffb3000001e158 0041 00000000 0x0 0x0
0xffffb3000001e1d0 0041 00000000 0x0 0x0
0xffffb3000001e248 0041 00000000 0x0 0x0
0xffffb3000001e2c0 0041 00000000 0x0 0x0
0xffffb3000001e338 0041 00000000 0x0 0x0
0xffffb3000001e3b0 0041 00000000 0x0 0x0
0xffffb3000001e428 0041 00000000 0x0 0x0
0xffffb3000001e4a0 0041 00000000 0x0 0x0
0xffffb3000001e518 0041 00000000 0x0 0x0
0xffffb3000001e590 0041 00000000 0x0 0x0
0xffffb3000001e608 0041 00000000 0x0 0x0
0xffffb3000001e680 0041 00000000 0x0 0x0
0xffffb3000001e6f8 0041 00000000 0x0 0x0
0xffffb3000001e770 0041 00000000 0x0 0x0
0xffffb3000001e7e8 0041 00000000 0x0 0x0
0xffffb3000001e860 0041 00000000 0x0 0x0
0xffffb3000001e8d8 0041 00000000 0x0 0x0
0xffffb3000001e950 0041 00000000 0x0 0x0
0xffffb3000001e9c8 0041 00000000 0x0 0x0
0xffffb3000001ea40 0041 00000000 0x0 0x0
0xffffb3000001eab8 0041 00000000 0x0 0x0
0xffffb3000001eb30 0041 00000000 0x0 0x0
0xffffb3000001eba8 0041 00000000 0x0 0x0
0xffffb3000001ec20 0041 00000000 0x0 0x0
0xffffb3000001ec98 0041 00000000 0x0 0x0
0xffffb3000001ed10 0041 00000000 0x0 0x0
0xffffb3000001ed88 0041 00000000 0x0 0x0
0xffffb3000001ee00 0041 00000000 0x0 0x0
0xffffb3000001ee78 0041 00000000 0x0 0x0
0xffffb3000001eef0 0041 00000000 0x0 0x0
0xffffb3000001ef68 0041 00000000 0x0 0x0
0xffffb3000001efe0 0041 00000000 0x0 0x0
0xffffb3000001f058 0041 00000000 0x0 0x0
0xffffb3000001f0d0 0041 00000000 0x0 0x0
0xffffb3000001f148 0041 00000000 0x0 0x0
0xffffb3000001f1c0 0041 00000000 0x0 0x0
0xffffb3000001f238 0041 00000000 0x0 0x0
0xffffb3000001f2b0 0041 00000000 0x0 0x0
0xffffb3000001f328 0041 00000000 0x0 0x0
0xffffb3000001f3a0 0041 00000000 0x0 0x0
0xffffb3000001f418 0041 00000000 0x0 0x0
0xffffb3000001f490 0041 00000000 0x0 0x0
0xffffb3000001f508 0041 00000000 0x0 0x0
0xffffb3000001f580 0041 00000000 0x0 0x0
0xffffb3000001f5f8 0041 00000000 0x0 0x0
0xffffb3000001f670 0041 00000000 0x0 0x0
0xffffb3000001f6e8 0041 00000000 0x0 0x0
0xffffb3000001f760 0041 00000000 0x0 0x0
0xffffb3000001f7d8 0041 00000000 0x0 0x0
0xffffb3000001f850 0041 00000000 0x0 0x0
0xffffb3000001f8c8 0041 00000000 0x0 0x0
0xffffb3000001f940 0041 00000000 0x0 0x0
0xffffb3000001f9b8 0041 00000000 0x0 0x0
0xffffb3000001fa30 0041 00000000 0x0 0x0
0xffffb3000001faa8 0041 00000000 0x0 0x0
0xffffb3000001fb20 0041 00000000 0x0 0x0
0xffffb3000001fb98 0041 00000000 0x0 0x0
0xffffb3000001fc10 0041 00000000 0x0 0x0
0xffffb3000001fc88 0041 00000000 0x0 0x0
0xffffb3000001fd00 0041 00000000 0x0 0x0
0xffffb3000001fd78 0041 00000000 0x0 0x0
0xffffb3000001fdf0 0041 00000000 0x0 0x0
0xffffb3000001fe68 0041 00000000 0x0 0x0
0xffffb3000001fee0 0041 00000000 0x0 0x0
0xffffb3000001ff58 0041 00000000 0x0 0x0
0xffffb3000001ffd0 0041 00000000 0x0 0x0
0xffffb30000020048 0041 00000000 0x0 0x0
0xffffb300000200c0 0041 00000000 0x0 0x0
0xffffb30000020138 0041 00000000 0x0 0x0
0xffffb300000201b0 0041 00000000 0x0 0x0
0xffffb30000020228 0041 00000000 0x0 0x0
0xffffb300000202a0 0041 00000000 0x0 0x0
0xffffb30000020318 0041 00000000 0x0 0x0
0xffffb30000020390 0041 00000000 0x0 0x0
0xffffb30000020408 0041 00000000 0x0 0x0
0xffffb30000020480 0041 00000000 0x0 0x0
0xffffb300000204f8 0041 00000000 0x0 0x0
0xffffb30000020570 0041 00000000 0x0 0x0
0xffffb300000205e8 0041 00000000 0x0 0x0
0xffffb30000020660 0041 00000000 0x0 0x0
0xffffb300000206d8 0041 00000000 0x0 0x0
0xffffb30000020750 0041 00000000 0x0 0x0
0xffffb300000207c8 0041 00000000 0x0 0x0
0xffffb30000020840 0041 00000000 0x0 0x0
0xffffb300000208b8 0041 00000000 0x0 0x0
0xffffb30000020930 0041 00000000 0x0 0x0
0xffffb300000209a8 0041 00000000 0x0 0x0
0xffffb30000020a20 0041 00000000 0x0 0x0
0xffffb30000020a98 0041 00000000 0x0 0x0
0xffffb30000020b10 0041 00000000 0x0 0x0
0xffffb30000020b88 0041 00000000 0x0 0x0
0xffffb30000020c00 0041 00000000 0x0 0x0
0xffffb30000020c78 0041 00000000 0x0 0x0
0xffffb30000020cf0 0041 00000000 0x0 0x0
0xffffb30000020d68 0041 00000000 0x0 0x0
0xffffb30000020de0 0041 00000000 0x0 0x0
0xffffb30000020e58 0041 00000000 0x0 0x0
0xffffb30000020ed0 0041 00000000 0x0 0x0
0xffffb30000020f48 0041 00000000 0x0 0x0
0xffffb30000020fc0 0041 00000000 0x0 0x0
0xffffb30000021038 0041 00000000 0x0 0x0
0xffffb300000210b0 0041 00000000 0x0 0x0
0xffffb30000021128 0041 00000000 0x0 0x0
0xffffb300000211a0 0041 00000000 0x0 0x0
0xffffb30000021218 0041 00000000 0x0 0x0
0xffffb30000021290 0041 00000000 0x0 0x0
0xffffb30000021308 0041 00000000 0x0 0x0
0xffffb30000021380 0041 00000000 0x0 0x0
0xffffb300000213f8 0041 00000000 0x0 0x0
0xffffb30000021470 0041 00000000 0x0 0x0
0xffffb300000214e8 0041 00000000 0x0 0x0
0xffffb30000021560 0041 00000000 0x0 0x0
0xffffb300000215d8 0041 00000000 0x0 0x0
0xffffb30000021650 0041 00000000 0x0 0x0
0xffffb300000216c8 0041 00000000 0x0 0x0
0xffffb30000021740 0041 00000000 0x0 0x0
0xffffb300000217b8 0041 00000000 0x0 0x0
0xffffb30000021830 0041 00000000 0x0 0x0
0xffffb300000218a8 0041 00000000 0x0 0x0
0xffffb30000021920 0041 00000000 0x0 0x0
0xffffb30000021998 0041 00000000 0x0 0x0
0xffffb30000021a10 0041 00000000 0x0 0x0
0xffffb30000021a88 0041 00000000 0x0 0x0
0xffffb30000021b00 0041 00000000 0x0 0x0
0xffffb30000021b78 0041 00000000 0x0 0x0
0xffffb30000021bf0 0041 00000000 0x0 0x0
0xffffb30000021c68 0041 00000000 0x0 0x0
0xffffb30000021ce0 0041 00000000 0x0 0x0
0xffffb30000021d58 0041 00000000 0x0 0x0
0xffffb30000021dd0 0041 00000000 0x0 0x0
0xffffb30000021e48 0041 00000000 0x0 0x0
0xffffb30000021ec0 0041 00000000 0x0 0x0
0xffffb30000021f38 0041 00000000 0x0 0x0
0xffffb30000021fb0 0041 00000000 0x0 0x0
0xffffb30000022028 0041 00000000 0x0 0x0
0xffffb300000220a0 0041 00000000 0x0 0x0
0xffffb30000022118 0041 00000000 0x0 0x0
0xffffb30000022190 0041 00000000 0x0 0x0
0xffffb30000022208 0041 00000000 0x0 0x0
0xffffb30000022280 0041 00000000 0x0 0x0
0xffffb300000222f8 0041 00000000 0x0 0x0
0xffffb30000022370 0041 00000000 0x0 0x0
0xffffb300000223e8 0041 00000000 0x0 0x0
0xffffb30000022460 0041 00000000 0x0 0x0
0xffffb300000224d8 0041 00000000 0x0 0x0
0xffffb30000022550 0041 00000000 0x0 0x0
0xffffb300000225c8 0041 00000000 0x0 0x0
0xffffb30000022640 0041 00000000 0x0 0x0
0xffffb300000226b8 0041 00000000 0x0 0x0
0xffffb30000022730 0041 00000000 0x0 0x0
0xffffb300000227a8 0041 00000000 0x0 0x0
0xffffb30000022820 0041 00000000 0x0 0x0
0xffffb30000022898 0041 00000000 0x0 0x0
0xffffb30000022910 0041 00000000 0x0 0x0
0xffffb30000022988 0041 00000000 0x0 0x0
0xffffb30000022a00 0041 00000000 0x0 0x0
0xffffb30000022a78 0041 00000000 0x0 0x0
0xffffb30000022af0 0041 00000000 0x0 0x0
0xffffb30000022b68 0041 00000000 0x0 0x0
0xffffb30000022be0 0041 00000000 0x0 0x0
0xffffb30000022c58 0041 00000000 0x0 0x0
0xffffb30000022cd0 0041 00000000 0x0 0x0
0xffffb30000022d48 0041 00000000 0x0 0x0
0xffffb30000022dc0 0041 00000000 0x0 0x0
0xffffb30000022e38 0041 00000000 0x0 0x0
0xffffb30000022eb0 0041 00000000 0x0 0x0
0xffffb30000022f28 0041 00000000 0x0 0x0
0xffffb30000022fa0 0041 00000000 0x0 0x0
0xffffb30000023018 0041 00000000 0x0 0x0
0xffffb30000023090 0041 00000000 0x0 0x0
0xffffb30000023108 0041 00000000 0x0 0x0
0xffffb30000023180 0041 00000000 0x0 0x0
0xffffb300000231f8 0041 00000000 0x0 0x0
0xffffb30000023270 0041 00000000 0x0 0x0
0xffffb300000232e8 0041 00000000 0x0 0x0
0xffffb30000023360 0041 00000000 0x0 0x0
0xffffb300000233d8 0041 00000000 0x0 0x0
0xffffb30000023450 0041 00000000 0x0 0x0
0xffffb300000234c8 0041 00000000 0x0 0x0
0xffffb30000023540 0041 00000000 0x0 0x0
0xffffb300000235b8 0041 00000000 0x0 0x0
0xffffb30000023630 0041 00000000 0x0 0x0
0xffffb300000236a8 0041 00000000 0x0 0x0
0xffffb30000023720 0041 00000000 0x0 0x0
0xffffb30000023798 0041 00000000 0x0 0x0
0xffffb30000023810 0041 00000000 0x0 0x0
0xffffb30000023888 0041 00000000 0x0 0x0
0xffffb30000023900 0041 00000000 0x0 0x0
0xffffb30000023978 0041 00000000 0x0 0x0
0xffffb300000239f0 0041 00000000 0x0 0x0
0xffffb30000023a68 0041 00000000 0x0 0x0
0xffffb30000023ae0 0041 00000000 0x0 0x0
0xffffb30000023b58 0041 00000000 0x0 0x0
0xffffb30000023bd0 0041 00000000 0x0 0x0
0xffffb30000023c48 0041 00000000 0x0 0x0
0xffffb30000023cc0 0041 00000000 0x0 0x0
0xffffb30000023d38 0041 00000000 0x0 0x0
0xffffb30000023db0 0041 00000000 0x0 0x0
0xffffb30000023e28 0041 00000000 0x0 0x0
0xffffb30000023ea0 0041 00000000 0x0 0x0
0xffffb30000023f18 0041 00000000 0x0 0x0
0xffffb30000023f90 0041 00000000 0x0 0x0
0xffffb30000024008 0041 00000000 0x0 0x0
0xffffb30000024080 0041 00000000 0x0 0x0
0xffffb300000240f8 0041 00000000 0x0 0x0
0xffffb30000024170 0041 00000000 0x0 0x0
0xffffb300000241e8 0041 00000000 0x0 0x0
0xffffb30000024260 0041 00000000 0x0 0x0
0xffffb300000242d8 0041 00000000 0x0 0x0
0xffffb30000024350 0041 00000000 0x0 0x0
0xffffb300000243c8 0041 00000000 0x0 0x0
0xffffb30000024440 0041 00000000 0x0 0x0
0xffffb300000244b8 0041 00000000 0x0 0x0
0xffffb30000024530 0041 00000000 0x0 0x0
0xffffb300000245a8 0041 00000000 0x0 0x0
0xffffb30000024620 0041 00000000 0x0 0x0
0xffffb30000024698 0041 00000000 0x0 0x0
0xffffb30000024710 0041 00000000 0x0 0x0
0xffffb30000024788 0041 00000000 0x0 0x0
0xffffb30000024800 0041 00000000 0x0 0x0
0xffffb30000024878 0041 00000000 0x0 0x0
0xffffb300000248f0 0041 00000000 0x0 0x0
0xffffb30000024968 0041 00000000 0x0 0x0
0xffffb300000249e0 0041 00000000 0x0 0x0
0xffffb30000024a58 0041 00000000 0x0 0x0
0xffffb30000024ad0 0041 00000000 0x0 0x0
0xffffb30000024b48 0041 00000000 0x0 0x0
0xffffb30000024bc0 0041 00000000 0x0 0x0
0xffffb30000024c38 0041 00000000 0x0 0x0
0xffffb30000024cb0 0041 00000000 0x0 0x0
0xffffb30000024d28 0041 00000000 0x0 0x0
0xffffb30000024da0 0041 00000000 0x0 0x0
0xffffb30000024e18 0041 00000000 0x0 0x0
0xffffb30000024e90 0041 00000000 0x0 0x0
0xffffb30000024f08 0041 00000000 0x0 0x0
0xffffb30000024f80 0041 00000000 0x0 0x0
0xffffb30000024ff8 0041 00000000 0x0 0x0
0xffffb30000025070 0041 00000000 0x0 0x0
0xffffb300000250e8 0041 00000000 0x0 0x0
0xffffb30000025160 0041 00000000 0x0 0x0
0xffffb300000251d8 0041 00000000 0x0 0x0
0xffffb30000025250 0041 00000000 0x0 0x0
0xffffb300000252c8 0041 00000000 0x0 0x0
0xffffb30000025340 0041 00000000 0x0 0x0
0xffffb300000253b8 0041 00000000 0x0 0x0
0xffffb30000025430 0041 00000000 0x0 0x0
0xffffb300000254a8 0041 00000000 0x0 0x0
0xffffb30000025520 0041 00000000 0x0 0x0
0xffffb30000025598 0041 00000000 0x0 0x0
0xffffb30000025610 0041 00000000 0x0 0x0
0xffffb30000025688 0041 00000000 0x0 0x0
0xffffb30000025700 0041 00000000 0x0 0x0
0xffffb30000025778 0041 00000000 0x0 0x0
0xffffb300000257f0 0041 00000000 0x0 0x0
0xffffb30000025868 0041 00000000 0x0 0x0
0xffffb300000258e0 0041 00000000 0x0 0x0
0xffffb30000025958 0041 00000000 0x0 0x0
0xffffb300000259d0 0041 00000000 0x0 0x0
0xffffb30000025a48 0041 00000000 0x0 0x0
0xffffb30000025ac0 0041 00000000 0x0 0x0
0xffffb30000025b38 0041 00000000 0x0 0x0
0xffffb30000025bb0 0041 00000000 0x0 0x0
0xffffb30000025c28 0041 00000000 0x0 0x0
0xffffb30000025ca0 0041 00000000 0x0 0x0
0xffffb30000025d18 0041 00000000 0x0 0x0
0xffffb30000025d90 0041 00000000 0x0 0x0
0xffffb30000025e08 0041 00000000 0x0 0x0
0xffffb30000025e80 0041 00000000 0x0 0x0
0xffffb30000025ef8 0041 00000000 0x0 0x0
0xffffb30000025f70 0041 00000000 0x0 0x0
0xffffb30000025fe8 0041 00000000 0x0 0x0
0xffffb30000026060 0041 00000000 0x0 0x0
0xffffb300000260d8 0041 00000000 0x0 0x0
0xffffb30000026150 0041 00000000 0x0 0x0
0xffffb300000261c8 0041 00000000 0x0 0x0
0xffffb30000026240 0041 00000000 0x0 0x0
0xffffb300000262b8 0041 00000000 0x0 0x0
0xffffb30000026330 0041 00000000 0x0 0x0
0xffffb300000263a8 0041 00000000 0x0 0x0
0xffffb30000026420 0041 00000000 0x0 0x0
0xffffb30000026498 0041 00000000 0x0 0x0
0xffffb30000026510 0041 00000000 0x0 0x0
0xffffb30000026588 0041 00000000 0x0 0x0
0xffffb30000026600 0041 00000000 0x0 0x0
0xffffb30000026678 0041 00000000 0x0 0x0
0xffffb300000266f0 0041 00000000 0x0 0x0
0xffffb30000026768 0041 00000000 0x0 0x0
0xffffb300000267e0 0041 00000000 0x0 0x0
0xffffb30000026858 0041 00000000 0x0 0x0
0xffffb300000268d0 0041 00000000 0x0 0x0
0xffffb30000026948 0041 00000000 0x0 0x0
0xffffb300000269c0 0041 00000000 0x0 0x0
0xffffb30000026a38 0041 00000000 0x0 0x0
0xffffb30000026ab0 0041 00000000 0x0 0x0
0xffffb30000026b28 0041 00000000 0x0 0x0
0xffffb30000026ba0 0041 00000000 0x0 0x0
0xffffb30000026c18 0041 00000000 0x0 0x0
0xffffb30000026c90 0041 00000000 0x0 0x0
0xffffb30000026d08 0041 00000000 0x0 0x0
0xffffb30000026d80 0041 00000000 0x0 0x0
0xffffb30000026df8 0041 00000000 0x0 0x0
0xffffb30000026e70 0041 00000000 0x0 0x0
0xffffb30000026ee8 0041 00000000 0x0 0x0
0xffffb30000026f60 0041 00000000 0x0 0x0
0xffffb30000026fd8 0041 00000000 0x0 0x0
0xffffb30000027050 0041 00000000 0x0 0x0
0xffffb300000270c8 0041 00000000 0x0 0x0
0xffffb30000027140 0041 00000000 0x0 0x0
0xffffb300000271b8 0041 00000000 0x0 0x0
0xffffb30000027230 0041 00000000 0x0 0x0
0xffffb300000272a8 0041 00000000 0x0 0x0
0xffffb30000027320 0041 00000000 0x0 0x0
0xffffb30000027398 0041 00000000 0x0 0x0
0xffffb30000027410 0041 00000000 0x0 0x0
0xffffb30000027488 0041 00000000 0x0 0x0
0xffffb30000027500 0041 00000000 0x0 0x0
0xffffb30000027578 0041 00000000 0x0 0x0
0xffffb300000275f0 0041 00000000 0x0 0x0
0xffffb30000027668 0041 00000000 0x0 0x0
0xffffb300000276e0 0041 00000000 0x0 0x0
0xffffb30000027758 0041 00000000 0x0 0x0
0xffffb300000277d0 0041 00000000 0x0 0x0
0xffffb30000027848 0041 00000000 0x0 0x0
0xffffb300000278c0 0041 00000000 0x0 0x0
0xffffb30000027938 0041 00000000 0x0 0x0
0xffffb300000279b0 0041 00000000 0x0 0x0
0xffffb30000027a28 0041 00000000 0x0 0x0
0xffffb30000027aa0 0041 00000000 0x0 0x0
0xffffb30000027b18 0041 00000000 0x0 0x0
0xffffb30000027b90 0041 00000000 0x0 0x0
0xffffb30000027c08 0041 00000000 0x0 0x0
0xffffb30000027c80 0041 00000000 0x0 0x0
0xffffb30000027cf8 0041 00000000 0x0 0x0
0xffffb30000027d70 0041 00000000 0x0 0x0
0xffffb30000027de8 0041 00000000 0x0 0x0
0xffffb30000027e60 0041 00000000 0x0 0x0
0xffffb30000027ed8 0041 00000000 0x0 0x0
0xffffb30000027f50 0041 00000000 0x0 0x0
0xffffb30000027fc8 0041 00000000 0x0 0x0
0xffffb30000028040 0041 00000000 0x0 0x0
0xffffb300000280b8 0041 00000000 0x0 0x0
0xffffb30000028130 0041 00000000 0x0 0x0
0xffffb300000281a8 0041 00000000 0x0 0x0
0xffffb30000028220 0041 00000000 0x0 0x0
0xffffb30000028298 0041 00000000 0x0 0x0
0xffffb30000028310 0041 00000000 0x0 0x0
0xffffb30000028388 0041 00000000 0x0 0x0
0xffffb30000028400 0041 00000000 0x0 0x0
0xffffb30000028478 0041 00000000 0x0 0x0
0xffffb300000284f0 0041 00000000 0x0 0x0
0xffffb30000028568 0041 00000000 0x0 0x0
0xffffb300000285e0 0041 00000000 0x0 0x0
0xffffb30000028658 0041 00000000 0x0 0x0
0xffffb300000286d0 0041 00000000 0x0 0x0
0xffffb30000028748 0041 00000000 0x0 0x0
0xffffb300000287c0 0041 00000000 0x0 0x0
0xffffb30000028838 0041 00000000 0x0 0x0
0xffffb300000288b0 0041 00000000 0x0 0x0
0xffffb30000028928 0041 00000000 0x0 0x0
0xffffb300000289a0 0041 00000000 0x0 0x0
0xffffb30000028a18 0041 00000000 0x0 0x0
0xffffb30000028a90 0041 00000000 0x0 0x0
0xffffb30000028b08 0041 00000000 0x0 0x0
0xffffb30000028b80 0041 00000000 0x0 0x0
0xffffb30000028bf8 0041 00000000 0x0 0x0
0xffffb30000028c70 0041 00000000 0x0 0x0
0xffffb30000028ce8 0041 00000000 0x0 0x0
0xffffb30000028d60 0041 00000000 0x0 0x0
0xffffb30000028dd8 0041 00000000 0x0 0x0
0xffffb30000028e50 0041 00000000 0x0 0x0
0xffffb30000028ec8 0041 00000000 0x0 0x0
0xffffb30000028f40 0041 00000000 0x0 0x0
0xffffb30000028fb8 0041 00000000 0x0 0x0
0xffffb30000029030 0041 00000000 0x0 0x0
0xffffb300000290a8 0041 00000000 0x0 0x0
0xffffb30000029120 0041 00000000 0x0 0x0
0xffffb30000029198 0041 00000000 0x0 0x0
0xffffb30000029210 0041 00000000 0x0 0x0
0xffffb30000029288 0041 00000000 0x0 0x0
0xffffb30000029300 0041 00000000 0x0 0x0
0xffffb30000029378 0041 00000000 0x0 0x0
0xffffb300000293f0 0041 00000000 0x0 0x0
0xffffb30000029468 0041 00000000 0x0 0x0
0xffffb300000294e0 0041 00000000 0x0 0x0
0xffffb30000029558 0041 00000000 0x0 0x0
0xffffb300000295d0 0041 00000000 0x0

[Dmitry Vyukov]

/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\

+Alex, Evgenii for potential msan instrumentation bug

Ooops. NetBSD uses normal clang msan instrumentation, right? So this
is a generic problem in msan that affects linux kernel and all of
user-space too.

[Maxime Villard]

Weird false positive caused by LLVM reordering. "Fixed" by moving a basic
block.

#syz invalid

[Maxime Villard]

Yes.

[Evgenii Stepanov]

Could you provide a reproducer? Preprocessed source + compilation flags.

[Dmitry Vyukov]

I've tried to extract a reproducer, but full netbsd build fails for
me. Here is what I did:

git checkout 162c6ffc
cp $SYZKALLER/dashboard/config/netbsd-kmsan.config
sys/arch/amd64/conf/GENERIC_SYZKALLER
./build.sh -m amd64 -U -u -j72 -V MKCTF=no -V MKLLVM=yes -V MKGCC=no
-V HAVE_LLVM=yes tools
./build.sh -m amd64 -U -u -j72 -V MKCTF=no -V MKLLVM=yes -V MKGCC=no
-V HAVE_LLVM=yes kernel=GENERIC_SYZKALLER

/netbsd/src/obj/tooldir.Linux-5.2.17-1rodete3-amd64-x86_64/bin/nbgenassym:
line 197: /usr/local/google/home/dvyukov/src/netbsd/src/../tools/bin/nbawk:
No such file or directory
*** Failed target: assym.h

So I built this single file with some hackery:

ln -s sys/arch/amd64/include machine
ln -s sys/arch/amd64/include amd64
ln -s sys/arch/x86/include x86
clang sys/kern/vfs_syscalls.c -O2 -fsanitize=memory -g -c -Isys -I.
-Isys/sys -Isys/arch/amd64 -I common/include/ -I
sys/compat/linux/common/ -I include/ -nostdinc -D_KERNEL
-D__BSD_VISIBLE=1 -w

But now I am not sure if this still reproduces the problem or not...

Here is preprocessed source:
https://gist.githubusercontent.com/dvyukov/f086fafffaf19c29010b99274b1dfb09/raw/5de909f6c635c08d1729929bb5582fe7f43598c0/vfs_syscalls.c

and here is disasm of the function:
https://gist.githubusercontent.com/dvyukov/ef780712c88e0baf9ba1e2e3fc231479/raw/6eac9c324f4253ccefcb058f08ff76927b1cc735/vfs_syscalls.o


Maxime, could you assess if the code still contains the bug please? Is
it the same you saw in your real objdump?
Or could you extract the actual source/flags from the netbsd build
system somehow?

[Maxime Villard]

Le 27/02/2020 à 11:01, Dmitry Vyukov a écrit :
> I've tried to extract a reproducer, but full netbsd build fails for
> me. Here is what I did:
>
> git checkout 162c6ffc
> cp $SYZKALLER/dashboard/config/netbsd-kmsan.config
> sys/arch/amd64/conf/GENERIC_SYZKALLER
> ./build.sh -m amd64 -U -u -j72 -V MKCTF=no -V MKLLVM=yes -V MKGCC=no
> -V HAVE_LLVM=yes tools
> ./build.sh -m amd64 -U -u -j72 -V MKCTF=no -V MKLLVM=yes -V MKGCC=no
> -V HAVE_LLVM=yes kernel=GENERIC_SYZKALLER

Maybe a problem with Ubuntu, on Fedora it works as-is.

> /netbsd/src/obj/tooldir.Linux-5.2.17-1rodete3-amd64-x86_64/bin/nbgenassym:
> line 197: /usr/local/google/home/dvyukov/src/netbsd/src/../tools/bin/nbawk:
> No such file or directory
> *** Failed target: assym.h
>
> So I built this single file with some hackery:
>
> ln -s sys/arch/amd64/include machine
> ln -s sys/arch/amd64/include amd64
> ln -s sys/arch/x86/include x86
> clang sys/kern/vfs_syscalls.c -O2 -fsanitize=memory -g -c -Isys -I.
> -Isys/sys -Isys/arch/amd64 -I common/include/ -I
> sys/compat/linux/common/ -I include/ -nostdinc -D_KERNEL
> -D__BSD_VISIBLE=1 -w
>
> But now I am not sure if this still reproduces the problem or not...
>
> Here is preprocessed source:
> https://gist.githubusercontent.com/dvyukov/f086fafffaf19c29010b99274b1dfb09/raw/5de909f6c635c08d1729929bb5582fe7f43598c0/vfs_syscalls.c
>
> and here is disasm of the function:
> https://gist.githubusercontent.com/dvyukov/ef780712c88e0baf9ba1e2e3fc231479/raw/6eac9c324f4253ccefcb058f08ff76927b1cc735/vfs_syscalls.o
>
>
> Maxime, could you assess if the code still contains the bug please? Is
> it the same you saw in your real objdump?

I don't remember, I noticed it four months ago. The test in
/usr/tests/lib/libc/sys/t_mknod
was triggering the bug 100% reliably.

I've reverted my fix locally and rebuilt. Fails as before. I've extracted
vfs_syscalls.o and disassembled it quickly with ghidra:

https://m00nbsd.net/dvyukov/

I slightly retyped the output. You can see in the screenshots that the
decompiled C code is:

if (vp == NULL) {
vattr_null(&vattr);
... 'vattr' is initialized so we don't care ...
} else {
check if 'vattr.va_rdev' is initialized
...
}
...

Which differs from the semantic of the original code:

if (vp == NULL) {
vattr_null(&vattr);
... 'vattr' is initialized so we don't care ...
} else {
error = EEXIST;
}
if (error == 0 && optype == VOP_MKNOD_DESCOFFSET &&
vattr.va_rdev == VNOVAL)
error = EINVAL;
// shouldn't check whether 'vattr.va_rdev' is initialized,
// because the 'error==0' condition is false

For some reason it looks like the MSan instrumentation decides to check
'vattr.va_rdev' in the else{} even though the read is not supposed to
happen.

Maxime

[Evgenii Stepanov]

Maxime, if you have the build at hand, could you extract the compiler command line used to produce the "bad" vfs_syscalls.o, and the preprocessed source for it? I can take a look at it from the LLVM side, hopefully some time next week.

[Maxime Villard]

Sorry for the delay. Command:
https://m00nbsd.net/dvyukov/cmd.txt
Preprocessed source:
https://m00nbsd.net/dvyukov/preprocessed.txt

Maxime

Le 27/02/2020 à 22:31, 'Evgenii Stepanov' via syzkaller-netbsd-bugs a écrit :
> Maxime, if you have the build at hand, could you extract the compiler command line used to produce the "bad" vfs_syscalls.o, and the preprocessed source for it? I can take a look at it from the LLVM side, hopefully some time next week.
>

> --
> You received this message because you are subscribed to the Google Groups "syzkaller-netbsd-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-netbsd...@googlegroups.com <mailto:syzkaller-netbsd...@googlegroups.com>.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-netbsd-bugs/CAFKCwrh-meTNLRSv0iW_iFS8jptz6ATfV0Ktetf8UU5HqosGJg%40mail.gmail.com <https://groups.google.com/d/msgid/syzkaller-netbsd-bugs/CAFKCwrh-meTNLRSv0iW_iFS8jptz6ATfV0Ktetf8UU5HqosGJg%40mail.gmail.com?utm_medium=email&utm_source=footer>.

[Alexander Potapenko]

Attached is the LLVM IR file corresponding to this source.

--
Alexander Potapenko
Software Engineer

Google Germany GmbH
Erika-Mann-Straße, 33
80636 München

Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg

[Evgenii Stepanov]

Thanks.

I've reduced and filed

https://bugs.llvm.org/show_bug.cgi?id=45220

Not sure what to do with it yet, will take another look later.