ASan: Unauthorized Access in wsmouse_do_ioctl

0 views

Skip to first unread message

syzbot

unread,

Jan 3, 2022, 5:15:19 PM1/3/22

to syzkaller-...@googlegroups.com

Hello,

syzbot found the following issue on:

HEAD commit: 0cc1faa26220 lint: do not output "Lint pass2:"
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1220401bb00000
kernel config: https://syzkaller.appspot.com/x/.config?x=fab579639ba4bf0a
dashboard link: https://syzkaller.appspot.com/bug?extid=2b378c9f950fcd2a1419
compiler: g++ (Debian 10.2.1-6) 10.2.1 20210110

Unfortunately, I don't have any reproducer for this issue yet.

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2b378c...@syzkaller.appspotmail.com

[ 125.1110336] panic: ASan: Unauthorized Access In 0xffffffff81827d68: Addr 0xffff9d001334f330 [8 bytes, read, PoolUseAfterFree]

[ 125.1256183] cpu0: Begin traceback...
[ 125.1310231] vpanic() at netbsd:vpanic+0x258 sys/kern/subr_prf.c:290
[ 125.1610254] panic() at netbsd:panic+0x9e sys/kern/subr_prf.c:1221
[ 125.1910276] kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:168 [inline]
[ 125.1910276] kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:200
[ 125.2210256] __asan_load8() at netbsd:__asan_load8+0xac kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:370 [inline]
[ 125.2210256] __asan_load8() at netbsd:__asan_load8+0xac kasan_shadow_check sys/kern/subr_asan.c:420 [inline]
[ 125.2210256] __asan_load8() at netbsd:__asan_load8+0xac sys/kern/subr_asan.c:1207
[ 125.2410248] wsmouse_do_ioctl() at netbsd:wsmouse_do_ioctl+0x135 sys/dev/wscons/wsmouse.c:860
[ 125.2710281] wsmouseioctl() at netbsd:wsmouseioctl+0x7f wsmousedoioctl sys/dev/wscons/wsmouse.c:820 [inline]
[ 125.2710281] wsmouseioctl() at netbsd:wsmouseioctl+0x7f sys/dev/wscons/wsmouse.c:807
[ 125.3010291] cdev_ioctl() at netbsd:cdev_ioctl+0x147 sys/kern/subr_devsw.c:935
[ 125.3210270] spec_ioctl() at netbsd:spec_ioctl+0x20f sys/miscfs/specfs/spec_vnops.c:934
[ 125.3410257] VOP_IOCTL() at netbsd:VOP_IOCTL+0x132 sys/kern/vnode_if.c:883
[ 125.3710281] vn_ioctl() at netbsd:vn_ioctl+0x1b9 sys/kern/vfs_vnops.c:865
[ 125.4010262] sys_ioctl() at netbsd:sys_ioctl+0x8f5 sys/kern/sys_generic.c:673
[ 125.4210256] sys___syscall() at netbsd:sys___syscall+0xff sy_call sys/sys/syscallvar.h:65 [inline]
[ 125.4210256] sys___syscall() at netbsd:sys___syscall+0xff sys/kern/sys_syscall.c:77
[ 125.4510268] syscall() at netbsd:syscall+0x25a sy_call sys/sys/syscallvar.h:65 [inline]
[ 125.4510268] syscall() at netbsd:syscall+0x25a sy_invoke sys/sys/syscallvar.h:94 [inline]
[ 125.4510268] syscall() at netbsd:syscall+0x25a sys/arch/x86/x86/syscall.c:138
[ 125.4612638] --- syscall (number 198) ---
[ 125.4710256] netbsd:syscall+0x25a:
[ 125.4710256] cpu0: End traceback...
[ 125.4710256] fatal breakpoint trap in supervisor mode
[ 125.4813114] trap type 1 code 0 rip 0xffffffff80220a2d cs 0x8 rflags 0x282 cr2 0x7ced61800000 ilevel 0 rsp 0xffff9d01a6f407b0
[ 125.4943066] curlwp 0xffff9d0012c4abc0 pid 12630.12463 lowest kstack 0xffff9d01a6f392c0
Stopped in pid 12630.12463 (syz-executor.4) at netbsd:breakpoint+0x5: leave
?
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:69
vpanic() at netbsd:vpanic+0x258 sys/kern/subr_prf.c:290
panic() at netbsd:panic+0x9e sys/kern/subr_prf.c:1221
kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:168 [inline]
kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:200
__asan_load8() at netbsd:__asan_load8+0xac kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:370 [inline]
__asan_load8() at netbsd:__asan_load8+0xac kasan_shadow_check sys/kern/subr_asan.c:420 [inline]
__asan_load8() at netbsd:__asan_load8+0xac sys/kern/subr_asan.c:1207
wsmouse_do_ioctl() at netbsd:wsmouse_do_ioctl+0x135 sys/dev/wscons/wsmouse.c:860
wsmouseioctl() at netbsd:wsmouseioctl+0x7f wsmousedoioctl sys/dev/wscons/wsmouse.c:820 [inline]
wsmouseioctl() at netbsd:wsmouseioctl+0x7f sys/dev/wscons/wsmouse.c:807
cdev_ioctl() at netbsd:cdev_ioctl+0x147 sys/kern/subr_devsw.c:935
spec_ioctl() at netbsd:spec_ioctl+0x20f sys/miscfs/specfs/spec_vnops.c:934
VOP_IOCTL() at netbsd:VOP_IOCTL+0x132 sys/kern/vnode_if.c:883
vn_ioctl() at netbsd:vn_ioctl+0x1b9 sys/kern/vfs_vnops.c:865
sys_ioctl() at netbsd:sys_ioctl+0x8f5 sys/kern/sys_generic.c:673
sys___syscall() at netbsd:sys___syscall+0xff sy_call sys/sys/syscallvar.h:65 [inline]
sys___syscall() at netbsd:sys___syscall+0xff sys/kern/sys_syscall.c:77
syscall() at netbsd:syscall+0x25a sy_call sys/sys/syscallvar.h:65 [inline]
syscall() at netbsd:syscall+0x25a sy_invoke sys/sys/syscallvar.h:94 [inline]
syscall() at netbsd:syscall+0x25a sys/arch/x86/x86/syscall.c:138
--- syscall (number 198) ---
netbsd:syscall+0x25a:
Panic string: ASan: Unauthorized Access In 0xffffffff81827d68: Addr 0xffff9d001334f330 [8 bytes, read, PoolUseAfterFree]

PID LID S CPU FLAGS STRUCT LWP * NAME WAIT
12587 12844 2 0 0 ffff9d00133070c0 syz-executor.2
12587 12245 3 0 180 ffff9d0013435940 syz-executor.2 parked
12587 12587 2 1 10000000 ffff9d0014065500 syz-executor.2
12125 12125 2 0 0 ffff9d0013e15ac0 syz-executor.5
12630>12463 7 0 100 ffff9d0012c4abc0 syz-executor.4
12630 12630 2 0 10000000 ffff9d0012cc0600 syz-executor.4
12462 13009 3 1 0 ffff9d0012c4a780 syz-executor.1 lwpwait
12462 12210 2 0 100000 ffff9d0013f55bc0 syz-executor.1
8156 8156 3 1 180 ffff9d0012ccc200 syz-executor.5 parked
1191 1191 3 1 180 ffff9d0013e15240 syz-executor.5 nanoslp
1130 1130 3 1 180 ffff9d0013db9a80 syz-executor.4 nanoslp
1151 1151 2 1 140 ffff9d0013db9640 syz-executor.3
1194 1194 2 0 140 ffff9d0013ca0a40 syz-executor.2
1220 1220 3 1 180 ffff9d0013ca0600 syz-executor.1 nanoslp
1193 1193 2 0 40 ffff9d0012a90900 syz-executor.0
1113 951 2 0 140 ffff9d0013db9200 syz-fuzzer
1113 421 3 0 1c0 ffff9d0013ca01c0 syz-fuzzer parked
1113 972 3 1 180 ffff9d0013464580 syz-fuzzer parked
1113 1223 3 1 180 ffff9d0013464140 syz-fuzzer parked
1113 1222 3 0 180 ffff9d0013c21a00 syz-fuzzer kqueue
1113 1001 3 0 180 ffff9d0013c215c0 syz-fuzzer parked
1113 1086 3 0 1c0 ffff9d00133a7680 syz-fuzzer parked
1113 1054 3 1 180 ffff9d00133a7240 syz-fuzzer nanoslp
1113 1113 3 0 180 ffff9d0012a52480 syz-fuzzer parked
1084 >1084 7 1 100 ffff9d0013366180 sshd
1069 1069 3 0 180 ffff9d00133b8b00 getty nanoslp
1126 1126 3 0 180 ffff9d00133b8280 getty nanoslp
1115 1115 3 1 180 ffff9d0013381a40 getty nanoslp
699 699 3 0 1c0 ffff9d001267cbc0 getty ttyraw
1093 1093 3 1 180 ffff9d0013381600 sshd select
953 953 3 1 180 ffff9d0012cf9700 powerd kqueue
689 689 3 1 180 ffff9d00133a7ac0 syslogd kqueue
600 600 3 0 180 ffff9d0012be8ac0 dhcpcd poll
739 739 3 0 180 ffff9d0012c72900 dhcpcd poll
464 464 3 0 180 ffff9d0012be8680 dhcpcd poll
587 587 3 1 180 ffff9d0012c3c300 dhcpcd poll
289 289 3 0 180 ffff9d0012d82080 dhcpcd poll
288 288 3 1 180 ffff9d0012d6b8c0 dhcpcd poll
351 351 3 0 180 ffff9d0012d6b480 dhcpcd poll
1 1 3 0 180 ffff9d00127f49c0 init wait
0 10834 5 1 200 ffff9d0013355580 (zombie)
0 968 3 0 200 ffff9d001295fac0 physiod physiod
0 194 3 0 200 ffff9d0012979b00 pooldrain pooldrain
0 193 3 0 200 ffff9d00129796c0 ioflush syncer
0 192 3 1 200 ffff9d0012979280 pgdaemon pgdaemon
0 168 3 1 200 ffff9d001295f240 usb7 usbevt
0 166 3 0 200 ffff9d0012916a80 usb6 usbevt
0 164 3 1 200 ffff9d0012916640 usb5 usbevt
0 163 3 0 200 ffff9d0012916200 usb4 usbevt
0 31 3 1 200 ffff9d00128c8a40 usb3 usbevt
0 63 3 0 200 ffff9d00128c8600 usb2 usbevt
0 126 3 1 200 ffff9d00128c81c0 usb1 usbevt
0 125 3 0 200 ffff9d0012859a00 usb0 usbevt
0 124 3 1 200 ffff9d00128595c0 usbtask-dr usbtsk
0 123 3 0 200 ffff9d00120b36c0 usbtask-hc usbtsk
0 122 3 0 200 ffff9d0012859180 npfgc0 npfgcw
0 121 3 1 200 ffff9d00127f4580 rt_free rt_free
0 120 3 1 200 ffff9d00127f4140 unpgc unpgc
0 119 3 0 200 ffff9d00127ee980 key_timehandler key_timehandler
0 118 3 1 200 ffff9d00127ee540 icmp6_wqinput/1 icmp6_wqinput
0 117 3 0 200 ffff9d00127ee100 icmp6_wqinput/0 icmp6_wqinput
0 116 3 0 200 ffff9d00127e3940 nd6_timer nd6_timer
0 115 3 1 200 ffff9d00127e3500 carp6_wqinput/1 carp6_wqinput
0 114 3 0 200 ffff9d00127e30c0 carp6_wqinput/0 carp6_wqinput
0 113 3 1 200 ffff9d00127d4900 carp_wqinput/1 carp_wqinput
0 112 3 0 200 ffff9d00127d44c0 carp_wqinput/0 carp_wqinput
0 111 3 1 200 ffff9d00127d4080 icmp_wqinput/1 icmp_wqinput
0 110 3 0 200 ffff9d00127c48c0 icmp_wqinput/0 icmp_wqinput
0 109 3 0 200 ffff9d00127c4480 rt_timer rt_timer
0 108 3 1 200 ffff9d00127c4040 vmem_rehash vmem_rehash
0 107 3 1 200 ffff9d001267c780 entbutler entropy
0 98 3 1 200 ffff9d00120b7700 viomb balloon
0 97 3 1 200 ffff9d00120b72c0 vioif0_txrx/1 vioif0_txrx
0 96 3 0 200 ffff9d00120b3b00 vioif0_txrx/0 vioif0_txrx
0 29 3 0 200 ffff9d00120b3280 scsibus0 sccomp
0 28 3 0 200 ffff9d0010cb9ac0 pms0 pmsreset
0 27 3 1 200 ffff9d0010cb9680 xcall/1 xcall
0 26 1 1 200 ffff9d0010cb9240 softser/1
0 25 1 1 200 ffff9d0010cb8a80 softclk/1
0 24 1 1 200 ffff9d0010cb8640 softbio/1
0 23 1 1 200 ffff9d0010cb8200 softnet/1
0 22 1 1 201 ffff9d000fb55a40 idle/1
0 21 3 0 200 ffff9d000fb55600 lnxsyswq lnxsyswq
0 20 3 0 200 ffff9d000fb551c0 lnxubdwq lnxubdwq
0 19 3 0 200 ffff9d000fb53a00 lnxpwrwq lnxpwrwq
0 18 3 0 200 ffff9d000fb535c0 lnxlngwq lnxlngwq
0 17 3 0 200 ffff9d000fb53180 lnxhipwq lnxhipwq
0 16 3 0 200 ffff9d000fb4b9c0 lnxrcugc lnxrcugc
0 15 3 0 200 ffff9d000fb4b580 sysmon smtaskq
0 14 3 0 200 ffff9d000fb4b140 pmfsuspend pmfsuspend
0 13 3 0 200 ffff9d000fb47980 pmfevent pmfevent
0 12 3 0 200 ffff9d000fb47540 sopendfree sopendfr
0 11 3 1 200 ffff9d000fb47100 iflnkst iflnkst
0 10 3 0 200 ffff9d000fb3c940 nfssilly nfssilly
0 9 3 0 200 ffff9d000fb3c500 vdrain vdrain
0 8 3 1 200 ffff9d000fb3c0c0 modunload mod_unld
0 7 3 0 200 ffff9d000fb32900 xcall/0 xcall
0 6 1 0 200 ffff9d000fb324c0 softser/0
0 5 3 0 200 ffff9d000fb32080 softclk/0 tstile
0 4 1 0 200 ffff9d000fb308c0 softbio/0
0 3 1 0 200 ffff9d000fb30480 softnet/0
0 2 1 0 201 ffff9d000fb30040 idle/0
0 0 3 0 200 ffffffff8334ef00 swapper uvm
[Locks tracked through LWPs]

****** LWP 12587.12844 (syz-executor.2) @ 0xffff9d00133070c0, l_stat=2

*** Locks held:

* Lock 0 (initialized at filedesc_ctor)
lock address : 0xffff9d0012c40b00 type : sleep/adaptive
initialized : 0xffffffff81af054c
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffff9d00133070c0 last held: 0xffff9d00133070c0
last locked* : 0xffffffff81af3477 unlocked : 0xffffffff81af3aa0
owner field : 0xffff9d00133070c0 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 12125.12125 (syz-executor.5) @ 0xffff9d0013e15ac0, l_stat=2

*** Locks held:

* Lock 0 (initialized at pmap_ctor)
lock address : 0xffff9d0012d68b80 type : sleep/adaptive
initialized : 0xffffffff8092cde9
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffff9d0013e15ac0 last held: 0xffff9d0013e15ac0
last locked* : 0xffffffff8092ec1c unlocked : 0xffffffff8092ccb1
owner field : 0xffff9d0013e15ac0 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 1151.1151 (syz-executor.3) @ 0xffff9d0013db9640, l_stat=2

*** Locks held:

* Lock 0 (initialized at amap_ctor)
lock address : 0xffff9d0013b90d40 type : sleep/adaptive
initialized : 0xffffffff81a77b1b
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 1
relevant lwp : 0xffff9d0013db9640 last held: 0xffff9d0013db9640
last locked* : 0xffffffff81a88654 unlocked : 0xffffffff81a86096
owner/count : 0xffff9d0013db9640 flags : 0x0000000000000004
Turnstile: no active turnstile for this lock.

*** Locks wanted:

* Lock 0 (initialized at pmap_ctor)
lock address : 0xffff9d0012cdad80 type : sleep/adaptive
initialized : 0xffffffff8092cde9
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 1
relevant cpu : 1 last held: 1
relevant lwp : 0xffff9d0013db9640 last held: 000000000000000000
last locked : 0xffffffff8092ca4a unlocked*: 0xffffffff8092ccb1
owner field : 0xffff9d0013db9640 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 1084.1084 (sshd) @ 0xffff9d0013366180, l_stat=7

*** Locks held:

* Lock 0 (initialized at soinit)
lock address : 0xffff9d000f67d080 type : sleep/adaptive
initialized : 0xffffffff81c5e765
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 1
relevant lwp : 0xffff9d0013366180 last held: 0xffff9d0013366180
last locked* : 0xffffffff81c5d65f unlocked : 0xffffffff81c5d6fe
owner field : 0xffff9d0013366180 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 1 waiting writers: 0xffff9d000fb32080

*** Locks wanted:

* Lock 0 (initialized at main)
lock address : 0xffffffff834633c0 type : spin
initialized : 0xffffffff81f258c4
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 1
relevant cpu : 1 last held: 0
relevant lwp : 0xffff9d0013366180 last held: 0xffff9d0012c4abc0
last locked* : 0xffffffff81bbafd4 unlocked : 0xffffffff8158f72f
curcpu holds : 1 wanted by: 000000000000000000

****** LWP 739.739 (dhcpcd) @ 0xffff9d0012c72900, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff834634c0 type : sleep/adaptive
initialized : 0xffffffff81b34931
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffff9d0012c72900 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 464.464 (dhcpcd) @ 0xffff9d0012be8680, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff834634c0 type : sleep/adaptive
initialized : 0xffffffff81b34931
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffff9d0012be8680 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 288.288 (dhcpcd) @ 0xffff9d0012d6b8c0, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff834634c0 type : sleep/adaptive
initialized : 0xffffffff81b34931
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0
relevant lwp : 0xffff9d0012d6b8c0 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 351.351 (dhcpcd) @ 0xffff9d0012d6b480, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff834634c0 type : sleep/adaptive
initialized : 0xffffffff81b34931
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffff9d0012d6b480 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.11 (iflnkst) @ 0xffff9d000fb47100, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff834634c0 type : sleep/adaptive
initialized : 0xffffffff81b34931
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0
relevant lwp : 0xffff9d000fb47100 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.5 (softclk/0) @ 0xffff9d000fb32080, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff834634c0 type : sleep/adaptive
initialized : 0xffffffff81b34931
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffff9d000fb32080 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.0 (swapper) @ 0xffffffff8334ef00, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff834634c0 type : sleep/adaptive
initialized : 0xffffffff81b34931
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffffff8334ef00 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

[Locks tracked through CPUs]

******* Locks held on cpu0:

* Lock 0 (initialized at main)
lock address : 0xffffffff834633c0 type : spin
initialized : 0xffffffff81f258c4
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 1
relevant cpu : 0 last held: 0
relevant lwp : 0xffff9d0012c4abc0 last held: 0xffff9d0012c4abc0
last locked* : 0xffffffff81bbafd4 unlocked : 0xffffffff8158f72f
curcpu holds : 1 wanted by: 000000000000000000

PAGE FLAG PQ UOBJECT UANON
0xffff9d0000017180 0041 00000000 0x0 0x0
0xffff9d0000017200 0041 00000000 0x0 0x0
0xffff9d0000017280 0041 00000000 0x0 0x0
0xffff9d0000017300 0041 00000000 0x0 0x0
0xffff9d0000017380 0041 00000000 0x0 0x0
0xffff9d0000017400 0041 00000000 0x0 0x0
0xffff9d0000017480 0041 00000000 0x0 0x0
0xffff9d0000017500 0041 00000000 0x0 0x0
0xffff9d0000017580 0041 00000000 0x0 0x0
0xffff9d0000017600 0041 00000000 0x0 0x0
0xffff9d0000017680 0041 00000000 0x0 0x0
0xffff9d0000017700 0041 00000000 0x0 0x0
0xffff9d0000017780 0041 00000000 0x0 0x0
0xffff9d0000017800 0041 00000000 0x0 0x0
0xffff9d0000017880 0041 00000000 0x0 0x0
0xffff9d0000017900 0041 00000000 0x0 0x0
0xffff9d0000017980 0041 00000000 0x0 0x0
0xffff9d0000017a00 0041 00000000 0x0 0x0
0xffff9d0000017a80 0041 00000000 0x0 0x0
0xffff9d0000017b00 0041 00000000 0x0 0x0
0xffff9d0000017b80 0041 00000000 0x0 0x0
0xffff9d0000017c00 0041 00000000 0x0 0x0
0xffff9d0000017c80 0041 00000000 0x0 0x0
0xffff9d0000017d00 0041 00000000 0x0 0x0
0xffff9d0000017d80 0041 00000000 0x0 0x0
0xffff9d0000017e00 0041 00000000 0x0 0x0
0xffff9d0000017e80 0041 00000000 0x0 0x0
0xffff9d0000017f00 0041 00000000 0x0 0x0
0xffff9d0000017f80 0041 00000000 0x0 0x0
0xffff9d0000018000 0041 00000000 0x0 0x0
0xffff9d0000018080 0041 00000000 0x0 0x0
0xffff9d0000018100 0041 00000000 0x0 0x0
0xffff9d0000018180 0041 00000000 0x0 0x0
0xffff9d0000018200 0041 00000000 0x0 0x0
0xffff9d0000018280 0041 00000000 0x0 0x0
0xffff9d0000018300 0041 00000000 0x0 0x0
0xffff9d0000018380 0041 00000000 0x0 0x0
0xffff9d0000018400 0041 00000000 0x0 0x0
0xffff9d0000018480 0041 00000000 0x0 0x0
0xffff9d0000018500 0041 00000000 0x0 0x0
0xffff9d0000018580 0041 00000000 0x0 0x0
0xffff9d0000018600 0041 00000000 0x0 0x0
0xffff9d0000018680 0041 00000000 0x0 0x0
0xffff9d0000018700 0041 00000000 0x0 0x0
0xffff9d0000018780 0041 00000000 0x0 0x0
0xffff9d0000018800 0041 00000000 0x0 0x0
0xffff9d0000018880 0041 00000000 0x0 0x0
0xffff9d0000018900 0041 00000000 0x0 0x0
0xffff9d0000018980 0041 00000000 0x0 0x0
0xffff9d0000018a00 0041 00000000 0x0 0x0
0xffff9d0000018a80 0041 00000000 0x0 0x0
0xffff9d0000018b00 0041 00000000 0x0 0x0
0xffff9d0000018b80 0041 00000000 0x0 0x0
0xffff9d0000018c00 0041 00000000 0x0 0x0
0xffff9d0000018c80 0041 00000000 0x0 0x0
0xffff9d0000018d00 0041 00000000 0x0 0x0
0xffff9d0000018d80 0041 00000000 0x0 0x0
0xffff9d0000018e00 0041 00000000 0x0 0x0
0xffff9d0000018e80 0041 00000000 0x0 0x0
0xffff9d0000018f00 0041 00000000 0x0 0x0
0xffff9d0000018f80 0041 00000000 0x0 0x0
0xffff9d0000019000 0041 00000000 0x0 0x0
0xffff9d0000019080 0041 00000000 0x0 0x0
0xffff9d0000019100 0041 00000000 0x0 0x0
0xffff9d0000019180 0041 00000000 0x0 0x0
0xffff9d0000019200 0041 00000000 0x0 0x0
0xffff9d0000019280 0041 00000000 0x0 0x0
0xffff9d0000019300 0041 00000000 0x0 0x0
0xffff9d0000019380 0041 00000000 0x0 0x0
0xffff9d0000019400 0041 00000000 0x0 0x0
0xffff9d0000019480 0041 00000000 0x0 0x0
0xffff9d0000019500 0041 00000000 0x0 0x0
0xffff9d0000019580 0041 00000000 0x0 0x0
0xffff9d0000019600 0041 00000000 0x0 0x0
0xffff9d0000019680 0041 00000000 0x0 0x0
0xffff9d0000019700 0041 00000000 0x0 0x0
0xffff9d0000019780 0041 00000000 0x0 0x0
0xffff9d0000019800 0041 00000000 0x0 0x0
0xffff9d0000019880 0041 00000000 0x0 0x0
0xffff9d0000019900 0041 00000000 0x0 0x0
0xffff9d0000019980 0041 00000000 0x0 0x0
0xffff9d0000019a00 0041 00000000 0x0 0x0
0xffff9d0000019a80 0041 00000000 0x0 0x0
0xffff9d0000019b00 0041 00000000 0x0 0x0
0xffff9d0000019b80 0041 00000000 0x0 0x0
0xffff9d0000019c00 0041 00000000 0x0 0x0
0xffff9d0000019c80 0041 00000000 0x0 0x0
0xffff9d0000019d00 0041 00000000 0x0 0x0
0xffff9d0000019d80 0041 00000000 0x0 0x0
0xffff9d0000019e00 0041 00000000 0x0 0x0
0xffff9d0000019e80 0041 00000000 0x0 0x0
0xffff9d0000019f00 0041 00000000 0x0 0x0
0xffff9d0000019f80 0041 00000000 0x0 0x0
0xffff9d000001a000 0041 00000000 0x0 0x0
0xffff9d000001a080 0041 00000000 0x0 0x0
0xffff9d000001a100 0041 00000000 0x0 0x0
0xffff9d000001a180 0041 00000000 0x0 0x0
0xffff9d000001a200 0041 00000000 0x0 0x0
0xffff9d000001a280 0041 00000000 0x0 0x0
0xffff9d000001a300 0041 00000000 0x0 0x0
0xffff9d000001a380 0041 00000000 0x0 0x0
0xffff9d000001a400 0041 00000000 0x0 0x0
0xffff9d000001a480 0041 00000000 0x0 0x0
0xffff9d000001a500 0041 00000000 0x0 0x0
0xffff9d000001a580 0041 00000000 0x0 0x0
0xffff9d000001a600 0041 00000000 0x0 0x0
0xffff9d000001a680 0041 00000000 0x0 0x0
0xffff9d000001a700 0041 00000000 0x0 0x0
0xffff9d000001a780 0041 00000000 0x0 0x0
0xffff9d000001a800 0041 00000000 0x0 0x0
0xffff9d000001a880 0041 00000000 0x0 0x0
0xffff9d000001a900 0041 00000000 0x0 0x0
0xffff9d000001a980 0041 00000000 0x0 0x0
0xffff9d000001aa00 0041 00000000 0x0 0x0
0xffff9d000001aa80 0041 00000000 0x0 0x0
0xffff9d000001ab00 0041 00000000 0x0 0x0
0xffff9d000001ab80 0041 00000000 0x0 0x0
0xffff9d000001ac00 0041 00000000 0x0 0x0
0xffff9d000001ac80 0041 00000000 0x0 0x0
0xffff9d000001ad00 0041 00000000 0x0 0x0
0xffff9d000001ad80 0041 00000000 0x0 0x0
0xffff9d000001ae00 0041 00000000 0x0 0x0
0xffff9d000001ae80 0041 00000000 0x0 0x0
0xffff9d000001af00 0041 00000000 0x0 0x0
0xffff9d000001af80 0041 00000000 0x0 0x0
0xffff9d000001b000 0041 00000000 0x0 0x0
0xffff9d000001b080 0041 00000000 0x0 0x0
0xffff9d000001b100 0041 00000000 0x0 0x0
0xffff9d000001b180 0041 00000000 0x0 0x0
0xffff9d000001b200 0041 00000000 0x0 0x0
0xffff9d000001b280 0041 00000000 0x0 0x0
0xffff9d000001b300 0041 00000000 0x0 0x0
0xffff9d000001b380 0041 00000000 0x0 0x0
0xffff9d000001b400 0041 00000000 0x0 0x0
0xffff9d000001b480 0041 00000000 0x0 0x0
0xffff9d000001b500 0041 00000000 0x0 0x0
0xffff9d000001b580 0041 00000000 0x0 0x0
0xffff9d000001b600 0041 00000000 0x0 0x0
0xffff9d000001b680 0041 00000000 0x0 0x0
0xffff9d000001b700 0041 00000000 0x0 0x0
0xffff9d000001b780 0041 00000000 0x0 0x0
0xffff9d000001b800 0041 00000000 0x0 0x0
0xffff9d000001b880 0041 00000000 0x0 0x0
0xffff9d000001b900 0041 00000000 0x0 0x0
0xffff9d000001b980 0041 00000000 0x0 0x0
0xffff9d000001ba00 0041 00000000 0x0 0x0
0xffff9d000001ba80 0041 00000000 0x0 0x0
0xffff9d000001bb00 0001 00000000 0x0 0x0
0xffff9d000001bb80 0001 00000000 0x0 0x0
0xffff9d000001bc00 0001 00000000 0x0 0x0
0xffff9d000001bc80 0001 00000000 0x0 0x0
0xffff9d000001bd00 0001 00000000 0x0 0x0
0xffff9d000001bd80 0001 00000000 0x0 0x0
0xffff9d000001be00 0001 00000000 0x0 0x0
0xffff9d000001be80 0001 00000000 0x0 0x0
0xffff9d000001bf00 0001 00000000 0x0 0x0
0xffff9d000001bf80 0001 00000000 0x0 0x0
0xffff9d000001c000 0001 00000000 0x0 0x0
0xffff9d000001c080 0001 00000000 0x0 0x0
0xffff9d000001c100 0001 00000000 0x0 0x0
0xffff9d000001c180 0001 00000000 0x0 0x0
0xffff9d000001c200 0001 00000000 0x0 0x0
0xffff9d000001c280 0001 00000000 0x0 0x0
0xffff9d000001c300 0001 00000000 0x0 0x0
0xffff9d000001c380 0001 00000000 0x0 0x0
0xffff9d000001c400 0001 00000000 0x0 0x0
0xffff9d000001c480 0001 00000000 0x0 0x0
0xffff9d000001c500 0001 00000000 0x0 0x0
0xffff9d000001c580 0001 00000000 0x0 0x0
0xffff9d000001c600 0001 00000000 0x0 0x0
0xffff9d000001c680 0001 00000000 0x0 0x0
0xffff9d000001c700 0001 00000000 0x0 0x0
0xffff9d000001c780 0001 00000000 0x0 0x0
0xffff9d000001c800 0001 00000000 0x0 0x0
0xffff9d000001c880 0001 00000000 0x0 0x0
0xffff9d000001c900 0001 00000000 0x0 0x0
0xffff9d000001c980 0001 00000000 0x0 0x0
0xffff9d000001ca00 0001 00000000 0x0 0x0
0xffff9d000001ca80 0001 00000000 0x0 0x0
0xffff9d000001cb00 0001 00000000 0x0 0x0
0xffff9d000001cb80 0001 00000000 0x0 0x0
0xffff9d000001cc00 0001 00000000 0x0 0x0
0xffff9d000001cc80 0001 00000000 0x0 0x0
0xffff9d000001cd00 0001 00000000 0x0 0x0
0xffff9d000001cd80 0001 00000000 0x0 0x0
0xffff9d000001ce00 0001 00000000 0x0 0x0
0xffff9d000001ce80 0001 00000000 0x0 0x0
0xffff9d000001cf00 0001 00000000 0x0 0x0
0xffff9d000001cf80 0001 00000000 0x0 0x0
0xffff9d000001d000 0001 00000000 0x0 0x0
0xffff9d000001d080 0001 00000000 0x0 0x0
0xffff9d000001d100 0001 00000000 0x0 0x0
0xffff9d000001d180 0001 00000000 0x0 0x0
0xffff9d000001d200 0001 00000000 0x0 0x0
0xffff9d000001d280 0001 00000000 0x0 0x0
0xffff9d000001d300 0001 00000000 0x0 0x0
0xffff9d000001d380 0001 00000000 0x0 0x0
0xffff9d000001d400 0001 00000000 0x0 0x0
0xffff9d000001d480 0001 00000000 0x0 0x0
0xffff9d000001d500 0001 00000000 0x0 0x0
0xffff9d000001d580 0001 00000000 0x0 0x0
0xffff9d000001d600 0001 00000000 0x0 0x0
0xffff9d000001d680 0001 00000000 0x0 0x0
0xffff9d000001d700 0001 00000000 0x0 0x0
0xffff9d000001d780 0001 00000000 0x0 0x0
0xffff9d000001d800 0001 00000000 0x0 0x0
0xffff9d000001d880 0001 00000000 0x0 0x0
0xffff9d000001d900 0001 00000000 0x0 0x0
0xffff9d000001d980 0001 00000000 0x0 0x0
0xffff9d000001da00 0001 00000000 0x0 0x0
0xffff9d000001da80 0001 00000000 0x0 0x0
0xffff9d000001db00 0001 00000000 0x0 0x0
0xffff9d000001db80 0001 00000000 0x0 0x0
0xffff9d000001dc00 0001 00000000 0x0 0x0
0xffff9d000001dc80 0001 00000000 0x0 0x0
0xffff9d000001dd00 0001 00000000 0x0 0x0
0xffff9d000001dd80 0001 00000000 0x0 0x0
0xffff9d000001de00 0001 00000000 0x0 0x0
0xffff9d000001de80 0001 00000000 0x0 0x0
0xffff9d000001df00 0001 00000000 0x0 0x0
0xffff9d000001df80 0001 00000000 0x0 0x0
0xffff9d000001e000 0001 00000000 0x0 0x0
0xffff9d000001e080 0001 00000000 0x0 0x0
0xffff9d000001e100 0001 00000000 0x0 0x0
0xffff9d000001e180 0001 00000000 0x0 0x0
0xffff9d000001e200 0001 00000000 0x0 0x0
0xffff9d000001e280 0001 00000000 0x0 0x0
0xffff9d000001e300 0001 00000000 0x0 0x0
0xffff9d000001e380 0001 00000000 0x0 0x0
0xffff9d000001e400 0001 00000000 0x0 0x0
0xffff9d000001e480 0001 00000000 0x0 0x0
0xffff9d000001e500 0001 00000000 0x0 0x0
0xffff9d000001e580 0001 00000000 0x0 0x0
0xffff9d000001e600 0001 00000000 0x0 0x0
0xffff9d000001e680 0001 00000000 0x0 0x0
0xffff9d000001e700 0001 00000000 0x0 0x0
0xffff9d000001e780 0001 00000000 0x0 0x0
0xffff9d000001e800 0001 00000000 0x0 0x0
0xffff9d000001e880 0001 00000000 0x0 0x0
0xffff9d000001e900 0001 00000000 0x0 0x0
0xffff9d000001e980 0001 00000000 0x0 0x0
0xffff9d000001ea00 0001 00000000 0x0 0x0
0xffff9d000001ea80 0001 00000000 0x0 0x0
0xffff9d000001eb00 0001 00000000 0x0 0x0
0xffff9d000001eb80 0001 00000000 0x0 0x0
0xffff9d000001ec00 0001 00000000 0x0 0x0
0xffff9d000001ec80 0001 00000000 0x0 0x0
0xffff9d000001ed00 0001 00000000 0x0 0x0
0xffff9d000001ed80 0001 00000000 0x0 0x0
0xffff9d000001ee00 0001 00000000 0x0 0x0
0xffff9d000001ee80 0001 00000000 0x0 0x0
0xffff9d000001ef00 0001 00000000 0x0 0x0
0xffff9d000001ef80 0001 00000000 0x0 0x0
0xffff9d000001f000 0001 00000000 0x0 0x0
0xffff9d000001f080 0001 00000000 0x0 0x0
0xffff9d000001f100 0001 00000000 0x0 0x0
0xffff9d000001f180 0001 00000000 0x0 0x0
0xffff9d000001f200 0001 00000000 0x0 0x0
0xffff9d000001f280 0001 00000000 0x0 0x0
0xffff9d000001f300 0001 00000000 0x0 0x0
0xffff9d000001f380 0001 00000000 0x0 0x0
0xffff9d000001f400 0001 00000000 0x0 0x0
0xffff9d000001f480 0001 00000000 0x0 0x0
0xffff9d000001f500 0001 00000000 0x0 0x0
0xffff9d000001f580 0001 00000000 0x0 0x0
0xffff9d000001f600 0001 00000000 0x0 0x0
0xffff9d000001f680 0001 00000000 0x0 0x0
0xffff9d000001f700 0001 00000000 0x0 0x0
0xffff9d000001f780 0001 00000000 0x0 0x0
0xffff9d000001f800 0001 00000000 0x0 0x0
0xffff9d000001f880 0001 00000000 0x0 0x0
0xffff9d000001f900 0001 00000000 0x0 0x0
0xffff9d000001f980 0001 00000000 0x0 0x0
0xffff9d000001fa00 0001 00000000 0x0 0x0
0xffff9d000001fa80 0001 00000000 0x0 0x0
0xffff9d000001fb00 0001 00000000 0x0 0x0
0xffff9d000001fb80 0001 00000000 0x0 0x0
0xffff9d000001fc00 0001 00000000 0x0 0x0
0xffff9d000001fc80 0001 00000000 0x0 0x0
0xffff9d000001fd00 0001 00000000 0x0 0x0
0xffff9d000001fd80 0001 00000000 0x0 0x0
0xffff9d000001fe00 0001 00000000 0x0 0x0
0xffff9d000001fe80 0001 00000000 0x0 0x0
0xffff9d000001ff00 0001 00000000 0x0 0x0
0xffff9d000001ff80 0001 00000000 0x0 0x0
0xffff9d0000020000 0001 00000000 0x0 0x0
0xffff9d0000020080 0001 00000000 0x0 0x0
0xffff9d0000020100 0001 00000000 0x0 0x0
0xffff9d0000020180 0001 00000000 0x0 0x0
0xffff9d0000020200 0001 00000000 0x0 0x0
0xffff9d0000020280 0001 00000000 0x0 0x0
0xffff9d0000020300 0001 00000000 0x0 0x0
0xffff9d0000020380 0001 00000000 0x0 0x0
0xffff9d0000020400 0001 00000000 0x0 0x0
0xffff9d0000020480 0001 00000000 0x0 0x0
0xffff9d0000020500 0001 00000000 0x0 0x0
0xffff9d0000020580 0001 00000000 0x0 0x0
0xffff9d0000020600 0001 00000000 0x0 0x0
0xffff9d0000020680 0001 00000000 0x0 0x0
0xffff9d0000020700 0001 00000000 0x0 0x0
0xffff9d0000020780 0001 00000000 0x0 0x0
0xffff9d0000020800 0001 00000000 0x0 0x0
0xffff9d0000020880 0001 00000000 0x0 0x0
0xffff9d0000020900 0001 00000000 0x0 0x0
0xffff9d0000020980 0001 00000000 0x0 0x0
0xffff9d0000020a00 0001 00000000 0x0 0x0
0xffff9d0000020a80 0001 00000000 0x0 0x0
0xffff9d0000020b00 0001 00000000 0x0 0x0
0xffff9d0000020b80 0001 00000000 0x0 0x0
0xffff9d0000020c00 0001 00000000 0x0 0x0
0xffff9d0000020c80 0001 00000000 0x0 0x0
0xffff9d0000020d00 0001 00000000 0x0 0x0
0xffff9d0000020d80 0001 00000000 0x0 0x0
0xffff9d0000020e00 0001 00000000 0x0 0x0
0xffff9d0000020e80 0001 00000000 0x0 0x0
0xffff9d0000020f00 0001 00000000 0x0 0x0
0xffff9d0000020f80 0001 00000000 0x0 0x0
0xffff9d0000021000 0001 00000000 0x0 0x0
0xffff9d0000021080 0001 00000000 0x0 0x0
0xffff9d0000021100 0001 00000000 0x0 0x0
0xffff9d0000021180 0001 00000000 0x0 0x0
0xffff9d0000021200 0001 00000000 0x0 0x0
0xffff9d0000021280 0001 00000000 0x0 0x0
0xffff9d0000021300 0001 00000000 0x0 0x0
0xffff9d0000021380 0001 00000000 0x0 0x0
0xffff9d0000021400 0001 00000000 0x0 0x0
0xffff9d0000021480 0001 00000000 0x0 0x0
0xffff9d0000021500 0001 00000000 0x0 0x0
0xffff9d0000021580 0001 00000000 0x0 0x0
0xffff9d0000021600 0001 00000000 0x0 0x0
0xffff9d0000021680 0001 00000000 0x0 0x0
0xffff9d0000021700 0001 00000000 0x0 0x0
0xffff9d0000021780 0001 00000000 0x0 0x0
0xffff9d0000021800 0001 00000000 0x0 0x0
0xffff9d0000021880 0001 00000000 0x0 0x0
0xffff9d0000021900 0001 00000000 0x0 0x0
0xffff9d0000021980 0001 00000000 0x0 0x0
0xffff9d0000021a00 0001 00000000 0x0 0x0
0xffff9d0000021a80 0001 00000000 0x0 0x0
0xffff9d0000021b00 0001 00000000 0x0 0x0
0xffff9d0000021b80 0001 00000000 0x0 0x0
0xffff9d0000021c00 0001 00000000 0x0 0x0
0xffff9d0000021c80 0001 00000000 0x0 0x0
0xffff9d0000021d00 0001 00000000 0x0 0x0
0xffff9d0000021d80 0001 00000000 0x0 0x0
0xffff9d0000021e00 0001 00000000 0x0 0x0
0xffff9d0000021e80 0001 00000000 0x0 0x0
0xffff9d0000021f00 0001 00000000 0x0 0x0
0xffff9d0000021f80 0001 00000000 0x0 0x0
0xffff9d0000022000 0001 00000000 0x0 0x0
0xffff9d0000022080 0001 00000000 0x0 0x0
0xffff9d0000022100 0001 00000000 0x0 0x0
0xffff9d0000022180 0001 00000000 0x0 0x0
0xffff9d0000022200 0001 00000000 0x0 0x0
0xffff9d0000022280 0001 00000000 0x0 0x0
0xffff9d0000022300 0001 00000000 0x0 0x0
0xffff9d0000022380 0001 00000000 0x0 0x0
0xffff9d0000022400 0001 00000000 0x0 0x0
0xffff9d0000022480 0001 00000000 0x0 0x0
0xffff9d0000022500 0001 00000000 0x0 0x0
0xffff9d0000022580 0001 00000000 0x0 0x0
0xffff9d0000022600 0001 00000000 0x0 0x0
0xffff9d0000022680 0001 00000000 0x0 0x0
0xffff9d0000022700 0001 00000000 0x0 0x0
0xffff9d0000022780 0001 00000000 0x0 0x0
0xffff9d0000022800 0001 00000000 0x0 0x0
0xffff9d0000022880 0001 00000000 0x0 0x0
0xffff9d0000022900 0001 00000000 0x0 0x0
0xffff9d0000022980 0001 00000000 0x0 0x0
0xffff9d0000022a00 0001 00000000 0x0 0x0
0xffff9d0000022a80 0001 00000000 0x0 0x0
0xffff9d0000022b00 0001 00000000 0x0 0x0
0xffff9d0000022b80 0001 00000000 0x0 0x0
0xffff9d0000022c00 0001 00000000 0x0 0x0
0xffff9d0000022c80 0001 00000000 0x0 0x0
0xffff9d0000022d00 0001 00000000 0x0 0x0
0xffff9d0000022d80 0001 00000000 0x0 0x0
0xffff9d0000022e00 0001 00000000 0x0 0x0
0xffff9d0000022e80 0001 00000000 0x0 0x0
0xffff9d0000022f00 0001 00000000 0x0 0x0
0xffff9d0000022f80 0001 00000000 0x0 0x0
0xffff9d0000023000 0001 00000000 0x0 0x0
0xffff9d0000023080 0001 00000000 0x0 0x0
0xffff9d0000023100 0001 00000000 0x0 0x0
0xffff9d0000023180 0001 00000000 0x0 0x0
0xffff9d0000023200 0001 00000000 0x0 0x0
0xffff9d0000023280 0001 00000000 0x0 0x0
0xffff9d0000023300 0001 00000000 0x0 0x0
0xffff9d0000023380 0001 00000000 0x0 0x0
0xffff9d0000023400 0001 00000000 0x0 0x0
0xffff9d0000023480 0001 00000000 0x0 0x0
0xffff9d0000023500 0001 00000000 0x0 0x0
0xffff9d0000023580 0001 00000000 0x0 0x0
0xffff9d0000023600 0001 00000000 0x0 0x0
0xffff9d0000023680 0001 00000000 0x0 0x0
0xffff9d0000023700 0001 00000000 0x0 0x0
0xffff9d0000023780 0001 00000000 0x0 0x0
0xffff9d0000023800 0001 00000000 0x0 0x0
0xffff9d0000023880 0001 00000000 0x0 0x0
0xffff9d0000023900 0001 00000000 0x0 0x0
0xffff9d0000023980 0001 00000000 0x0 0x0
0xffff9d0000023a00 0001 00000000 0x0 0x0
0xffff9d0000023a80 0001 00000000 0x0 0x0
0xffff9d0000023b00 0001 00000000 0x0 0x0
0xffff9d0000023b80 0001 00000000 0x0 0x0
0xffff9d0000023c00 0001 00000000 0x0 0x0
0xffff9d0000023c80 0001 00000000 0x0 0x0
0xffff9d0000023d00 0001 00000000 0x0 0x0
0xffff9d0000023d80 0001 00000000 0x0 0x0
0xffff9d0000023e00 0001 00000000 0x0 0x0
0xffff9d0000023e80 0001 00000000 0x0 0x0
0xffff9d0000023f00 0001 00000000 0x0 0x0
0xffff9d0000023f80 0001 00000000 0x0 0x0
0xffff9d0000024000 0001 00000000 0x0 0x0
0xffff9d0000024080 0001 00000000 0x0 0x0
0xffff9d0000024100 0001 00000000 0x0 0x0
0xffff9d0000024180 0001 00000000 0x0 0x0
0xffff9d0000024200 0001 00000000 0x0 0x0
0xffff9d0000024280 0001 00000000 0x0 0x0
0xffff9d0000024300 0001 00000000 0x0 0x0
0xffff9d0000024380 0001 00000000 0x0 0x0
0xffff9d0000024400 0001 00000000 0x0 0x0
0xffff9d0000024480 0001 00000000 0x0 0x0
0xffff9d0000024500 0001 00000000 0x0 0x0
0xffff9d0000024580 0001 00000000 0x0 0x0
0xffff9d0000024600 0001 00000000 0x0 0x0
0xffff9d0000024680 0001 00000000 0x0 0x0
0xffff9d0000024700 0001 00000000 0x0 0x0
0xffff9d0000024780 0001 00000000 0x0 0x0
0xffff9d0000024800 0001 00000000 0x0 0x0
0xffff9d0000024880 0001 00000000 0x0 0x0
0xffff9d0000024900 0001 00000000 0x0 0x0
0xffff9d0000024980 0001 00000000 0x0 0x0
0xffff9d0000024a00 0001 00000000 0x0 0x0
0xffff9d0000024a80 0001 00000000 0x0 0x0
0xffff9d0000024b00 0001 00000000 0x0 0x0
0xffff9d0000024b80 0001 00000000 0x0 0x0
0xffff9d0000024c00 0001 00000000 0x0 0x0
0xffff9d0000024c80 0001 00000000 0x0 0x0
0xffff9d0000024d00 0001 00000000 0x0 0x0
0xffff9d0000024d80 0001 00000000 0x0 0x0
0xffff9d0000024e00 0001 00000000 0x0 0x0
0xffff9d0000024e80 0001 00000000 0x0 0x0
0xffff9d0000024f00 0001 00000000 0x0 0x0
0xffff9d0000024f80 0001 00000000 0x0 0x0
0xffff9d0000025000 0001 00000000 0x0 0x0
0xffff9d0000025080 0001 00000000 0x0 0x0
0xffff9d0000025100 0001 00000000 0x0 0x0
0xffff9d0000025180 0001 00000000 0x0 0x0
0xffff9d0000025200 0001 00000000 0x0 0x0
0xffff9d0000025280 0001 00000000 0x0 0x0
0xffff9d0000025300 0001 00000000 0x0 0x0
0xffff9d0000025380 0001 00000000 0x0 0x0
0xffff9d0000025400 0001 00000000 0x0 0x0
0xffff9d0000025480 0001 00000000 0x0 0x0
0xffff9d0000025500 0001 00000000 0x0 0x0
0xffff9d0000025580 0001 00000000 0x0 0x0
0xffff9d0000025600 0001 00000000 0x0 0x0
0xffff9d0000025680 0001 00000000 0x0 0x0
0xffff9d0000025700 0001 00000000 0x0 0x0
0xffff9d0000025780 0001 00000000 0x0 0x0
0xffff9d0000025800 0001 00000000 0x0 0x0
0xffff9d0000025880 0001 00000000 0x0 0x0
0xffff9d0000025900 0001 00000000 0x0 0x0
0xffff9d0000025980 0001 00000000 0x0 0x0
0xffff9d0000025a00 0001 00000000 0x0 0x0
0xffff9d0000025a80 0001 00000000 0x0 0x0
0xffff9d0000025b00 0001 00000000 0x0 0x0
0xffff9d0000025b80 0001 00000000 0x0 0x0
0xffff9d0000025c00 0001 00000000 0x0 0x0
0xffff9d0000025c80 0001 00000000 0x0 0x0
0xffff9d0000025d00 0001 00000000 0x0 0x0
0xffff9d0000025d80 0001 00000000 0x0 0x0
0xffff9d0000025e00 0001 00000000 0x0 0x0
0xffff9d0000025e80 0001 00000000 0x0 0x0
0xffff9d0000025f00 0001 00000000 0x0 0x0
0xffff9d0000025f80 0001 00000000 0x0 0x0
0xffff9d0000026000 0001 00000000 0x0 0x0
0xffff9d0000026080 0001 00000000 0x0 0x0
0xffff9d0000026100 0001 00000000 0x0 0x0
0xffff9d0000026180 0001 00000000 0x0 0x0
0xffff9d0000026200 0001 00000000 0x0 0x0
0xffff9d0000026280 0001 00000000 0x0 0x0
0xffff9d0000026300 0001 00000000 0x0 0x0
0xffff9d0000026380 0001 00000000 0x0 0x0
0xffff9d0000026400 0001 00000000 0x0 0x0
0xffff9d0000026480 0001 00000000 0x0 0x0
0xffff9d0000026500 0001 00000000 0x0 0x0
0xffff9d0000026580 0001 00000000 0x0 0x0
0xffff9d0000026600 0001 00000000 0x0 0x0
0xffff9d0000026680 0001 00000000 0x0 0x0
0xffff9d0000026700 0001 00000000 0x0 0x0
0xffff9d0000026780 0001 00000000 0x0 0x0
0xffff9d0000026800 0001 00000000 0x0 0x0
0xffff9d0000026880 0001 00000000 0x0 0x0
0xffff9d0000026900 0001 00000000 0x0 0x0
0xffff9d0000026980 0001 00000000 0x0 0x0
0xffff9d0000026a00 0001 00000000 0x0 0x0
0xffff9d0000026a80 0001 00000000 0x0 0x0
0xffff9d0000026b00 0001 00000000 0x0 0x0
0xffff9d0000026b80 0001 00000000 0x0 0x0
0xffff9d0000026c00 0001 00000000 0x0 0x0
0xffff9d0000026c80 0001 00000000 0x0 0x0
0xffff9d0000026d00 0001 00000000 0x0 0x0
0xffff9d0000026d80 0001 00000000 0x0 0x0
0xffff9d0000026e00 0001 00000000 0x0 0x0
0xffff9d0000026e80 0001 00000000 0x0 0x0
0xffff9d0000026f00 0001 00000000 0x0 0x0
0xffff9d0000026f80 0001 00000000 0x0 0x0
0xffff9d0000027000 0001 00000000 0x0 0x0
0xffff9d0000027080 0001 00000000 0x0 0x0
0xffff9d0000027100 0001 00000000 0x0 0x0
0xffff9d0000027180 0001 00000000 0x0 0x0
0xffff9d0000027200 0001 00000000 0x0 0x0
0xffff9d0000027280 0001 00000000 0x0 0x0
0xffff9d0000027300 0001 00000000 0x0 0x0
0xffff9d0000027380 0001 00000000 0x0 0x0
0xffff9d0000027400 0001 00000000 0x0 0x0
0xffff9d0000027480 0001 00000000 0x0 0x0
0xffff9d0000027500 0001 00000000 0x0 0x0
0xffff9d0000027580 0001 00000000 0x0 0x0
0xffff9d0000027600 0001 00000000 0x0 0x0
0xffff9d0000027680 0001 00000000 0x0 0x0
0xffff9d0000027700 0001 00000000 0x0 0x0
0xffff9d0000027780 0001 00000000 0x0 0x0
0xffff9d0000027800 0001 00000000 0x0 0x0
0xffff9d0000027880 0001 00000000 0x0 0x0
0xffff9d0000027900 0001 00000000 0x0 0x0
0xffff9d0000027980 0001 00000000 0x0 0x0
0xffff9d0000027a00 0001 00000000 0x0 0x0
0xffff9d0000027a80 0001 00000000 0x0 0x0
0xffff9d0000027b00 0001 00000000 0x0 0x0
0xffff9d0000027b80 0001 00000000 0x0 0x0
0xffff9d0000027c00 0001 00000000 0x0 0x0
0xffff9d0000027c80 0001 00000000 0x0 0x0
0xffff9d0000027d00 0001 00000000 0x0 0x0
0xffff9d0000027d80 0001 00000000 0x0 0x0
0xffff9d0000027e00 0001 00000000 0x0 0x0
0xffff9d0000027e80 0001 00000000 0x0 0x0
0xffff9d0000027f00 0001 00000000 0x0 0x0
0xffff9d0000027f80 0001 00000000 0x0 0x0
0xffff9d0000028000 0001 00000000 0x0 0x0
0xffff9d0000028080 0001 00000000 0x0 0x0
0xffff9d0000028100 0001 00000000 0x0 0x0
0xffff9d0000028180 0001 00000000 0x0 0x0
0xffff9d0000028200 0001 00000000 0x0 0x0
0xffff9d0000028280 0001 00000000 0x0 0x0
0xffff9d0000028300 0001 00000000 0x0 0x0
0xffff9d0000028380 0001 00000000 0x0 0x0
0xffff9d0000028400 0001 00000000 0x0 0x0
0xffff9d0000028480 0001 00000000 0x0 0x0
0xffff9d0000028500 0001 00000000 0x0 0x0
0xffff9d0000028580 0001 00000000 0x0 0x0
0xffff9d0000028600 0001 00000000 0x0 0x0
0xffff9d0000028680 0001 00000000 0x0 0x0
0xffff9d0000028700 0001 00000000 0x0 0x0
0xffff9d0000028780 0001 00000000 0x0 0x0
0xffff9d0000028800 0001 00000000 0x0 0x0
0xffff9d0000028880 0001 00000000 0x0 0x0
0xffff9d0000028900 0001 00000000 0x0 0x0
0xffff9d0000028980 0001 00000000 0x0 0x0
0xffff9d0000028a00 0001 00000000 0x0 0x0
0xffff9d0000028a80 0001 00000000 0x0 0x0
0xffff9d0000028b00 0001 00000000 0x0 0x0
0xffff9d0000028b80 0001 00000000 0x0 0x0
0xffff9d0000028c00 0001 00000000 0x0 0x0
0xffff9d0000028c80 0001 00000000 0x0 0x0
0xffff9d0000028d00 0001 00000000 0x0 0x0
0xffff9d0000028d80 0001 00000000 0x0 0x0
0xffff9d0000028e00 0001 00000000 0x0 0x0
0xffff9d0000028e80 0001 00000000 0x0 0x0
0xffff9d0000028f00 0001 00000000 0x0 0x0
0xffff9d0000028f80 0001 00000000 0x0 0x0
0xffff9d0000029000 0001 00000000 0x0 0x0
0xffff9d0000029080 0001 00000000 0x0 0x0
0xffff9d0000029100 0001 00000000 0x0 0x0
0xffff9d0000029180 0001 00000000 0x0 0x0
0xffff9d0000029200 0001 00000000 0x0 0x0
0xffff9d0000029280 0001 00000000 0x0 0x0
0xffff9d0000029300 0001 00000000 0x0 0x0
0xffff9d0000029380 0001 00000000 0x0 0x0
0xffff9d0000029400 0001 00000000 0x0 0x0
0xffff9d0000029480 0001 00000000 0x0 0x0
0xffff9d0000029500 0001 00000000 0x0 0x0
0xffff9d0000029580 0001 00000000 0x0 0x0
0xffff9d0000029600 0001 00000000 0x0 0x0
0xffff9d0000029680 0001 00000000 0x0 0x0
0xffff9d0000029700 0001 00000000 0x0 0x0
0xffff9d0000029780 0001 00000000 0x0 0x0
0xffff9d0000029800 0001 00000000 0x0 0x0
0xffff9d0000029880 0001 00000000 0x0 0x0
0xffff9d0000029900 0001 00000000 0x0 0x0
0xffff9d0000029980 0001 00000000 0x0 0x0
0xffff9d0000029a00 0001 00000000 0x0 0x0
0xffff9d0000029a80 0001 00000000 0x0 0x0
0xffff9d0000029b00 0001 00000000 0x0 0x0
0xffff9d0000029b80 0001 00000000 0x0 0x0
0xffff9d0000029c00 0001 00000000 0x0 0x0
0xffff9d0000029c80 0001 00000000 0x0 0x0
0xffff9d0000029d00 0001 00000000 0x0 0x0
0xffff9d0000029d80 0001 00000000 0x0 0x0
0xffff9d0000029e00 0001 00000000 0x0 0x0
0xffff9d0000029e80 0001 00000000 0x0 0x0
0xffff9d0000029f00 0001 00000000 0x0 0x0
0xffff9d0000029f80 0001 00000000 0x0 0x0
0xffff9d000002a000 0001 00000000 0x0 0x0
0xffff9d000002a080 0001 00000000 0x0 0x0
0xffff9d000002a100 0001 00000000 0x0 0x0
0xffff9d000002a180 0001 00000000 0x0 0x0
0xffff9d000002a200 0001 00000000 0x0 0x0
0xffff9d000002a280 0001 00000000 0x0 0x0
0xffff9d000002a300 0001 00000000 0x0 0x0
0xffff9d000002a380 0001 00000000 0x0 0x0
0xffff9d000002a400 0001 00000000 0x0 0x0
0xffff9d000002a480 0001 00000000 0x0 0x0
0xffff9d000002a500 0001 00000000 0x0 0x0
0xffff9d000002a580 0001 00000000 0x0 0x0
0xffff9d000002a600 0001 00000000 0x0 0x0
0xffff9d000002a680 0001 00000000 0x0 0x0
0xffff9d000002a700 0001 00000000 0x0 0x0
0xffff9d000002a780 0001 00000000 0x0 0x0
0xffff9d000002a800 0001 00000000 0x0 0x0
0xffff9d000002a880 0001 00000000 0x0 0x0
0xffff9d000002a900 0001 00000000 0x0 0x0
0xffff9d000002a980 0001 00000000 0x0 0x0
0xffff9d000002aa00 0001 00000000 0x0 0x0
0xffff9d000002aa80 0001 00000000 0x0 0x0
0xffff9d000002ab00 0001 00000000 0x0 0x0
0xffff9d000002ab80 0001 00000000 0x0 0x0
0xffff9d000002ac00 0001 00000000 0x0

---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

syzbot

unread,

Jan 3, 2022, 5:31:26 PM1/3/22

to syzkaller-...@googlegroups.com

syzbot has found a reproducer for the following issue on:

HEAD commit: 0cc1faa26220 lint: do not output "Lint pass2:"
git tree: netbsd

console output: https://syzkaller.appspot.com/x/log.txt?x=12c2341db00000

kernel config: https://syzkaller.appspot.com/x/.config?x=fab579639ba4bf0a
dashboard link: https://syzkaller.appspot.com/bug?extid=2b378c9f950fcd2a1419
compiler: g++ (Debian 10.2.1-6) 10.2.1 20210110

syz repro: https://syzkaller.appspot.com/x/repro.syz?x=157b4d57b00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14807163b00000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2b378c...@syzkaller.appspotmail.com

[ 43.4176045] panic: ASan: Unauthorized Access In 0xffffffff81827df2: Addr 0xffff9d0012bbc830 [8 bytes, read, PoolUseAfterFree]

[ 43.4275915] cpu1: Begin traceback...
[ 43.4475951] vpanic() at netbsd:vpanic+0x258 sys/kern/subr_prf.c:290
[ 43.4775921] panic() at netbsd:panic+0x9e sys/kern/subr_prf.c:1221
[ 43.5175921] kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:168 [inline]
[ 43.5175921] kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:200
[ 43.5375928] __asan_load8() at netbsd:__asan_load8+0xac kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:370 [inline]
[ 43.5375928] __asan_load8() at netbsd:__asan_load8+0xac kasan_shadow_check sys/kern/subr_asan.c:420 [inline]
[ 43.5375928] __asan_load8() at netbsd:__asan_load8+0xac sys/kern/subr_asan.c:1207
[ 43.5675945] wsmouse_do_ioctl() at netbsd:wsmouse_do_ioctl+0x1bf sys/dev/wscons/wsmouse.c:852
[ 43.5975949] wsmouseioctl() at netbsd:wsmouseioctl+0x7f wsmousedoioctl sys/dev/wscons/wsmouse.c:820 [inline]
[ 43.5975949] wsmouseioctl() at netbsd:wsmouseioctl+0x7f sys/dev/wscons/wsmouse.c:807
[ 43.6175932] cdev_ioctl() at netbsd:cdev_ioctl+0x147 sys/kern/subr_devsw.c:935
[ 43.6375935] spec_ioctl() at netbsd:spec_ioctl+0x20f sys/miscfs/specfs/spec_vnops.c:934
[ 43.6675932] VOP_IOCTL() at netbsd:VOP_IOCTL+0x132 sys/kern/vnode_if.c:883
[ 43.6975937] vn_ioctl() at netbsd:vn_ioctl+0x1b9 sys/kern/vfs_vnops.c:865
[ 43.7175941] sys_ioctl() at netbsd:sys_ioctl+0x8f5 sys/kern/sys_generic.c:673
[ 43.7475927] sys_syscall() at netbsd:sys_syscall+0xff sy_call sys/sys/syscallvar.h:65 [inline]
[ 43.7475927] sys_syscall() at netbsd:sys_syscall+0xff sys/kern/sys_syscall.c:77
[ 43.7675941] syscall() at netbsd:syscall+0x25a sy_call sys/sys/syscallvar.h:65 [inline]
[ 43.7675941] syscall() at netbsd:syscall+0x25a sy_invoke sys/sys/syscallvar.h:94 [inline]
[ 43.7675941] syscall() at netbsd:syscall+0x25a sys/arch/x86/x86/syscall.c:138
[ 43.7775930] --- syscall (number 0) ---
[ 43.7875936] netbsd:syscall+0x25a:
[ 43.7875936] cpu1: End traceback...
[ 43.7975928] fatal breakpoint trap in supervisor mode
[ 43.7975928] trap type 1 code 0 rip 0xffffffff80220a2d cs 0x8 rflags 0x282 cr2 0x79f4b123ed30 ilevel 0 rsp 0xffff9d019db327b0
[ 43.8075903] curlwp 0xffff9d0012bee240 pid 1767.1767 lowest kstack 0xffff9d019db2b2c0
Stopped in pid 1767.1767 (syz-executor7865) at netbsd:breakpoint+0x5: leave

?
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:69
vpanic() at netbsd:vpanic+0x258 sys/kern/subr_prf.c:290
panic() at netbsd:panic+0x9e sys/kern/subr_prf.c:1221
kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:168 [inline]
kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:200
__asan_load8() at netbsd:__asan_load8+0xac kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:370 [inline]
__asan_load8() at netbsd:__asan_load8+0xac kasan_shadow_check sys/kern/subr_asan.c:420 [inline]
__asan_load8() at netbsd:__asan_load8+0xac sys/kern/subr_asan.c:1207

wsmouse_do_ioctl() at netbsd:wsmouse_do_ioctl+0x1bf sys/dev/wscons/wsmouse.c:852

wsmouseioctl() at netbsd:wsmouseioctl+0x7f wsmousedoioctl sys/dev/wscons/wsmouse.c:820 [inline]
wsmouseioctl() at netbsd:wsmouseioctl+0x7f sys/dev/wscons/wsmouse.c:807
cdev_ioctl() at netbsd:cdev_ioctl+0x147 sys/kern/subr_devsw.c:935
spec_ioctl() at netbsd:spec_ioctl+0x20f sys/miscfs/specfs/spec_vnops.c:934
VOP_IOCTL() at netbsd:VOP_IOCTL+0x132 sys/kern/vnode_if.c:883
vn_ioctl() at netbsd:vn_ioctl+0x1b9 sys/kern/vfs_vnops.c:865
sys_ioctl() at netbsd:sys_ioctl+0x8f5 sys/kern/sys_generic.c:673

sys_syscall() at netbsd:sys_syscall+0xff sy_call sys/sys/syscallvar.h:65 [inline]
sys_syscall() at netbsd:sys_syscall+0xff sys/kern/sys_syscall.c:77

syscall() at netbsd:syscall+0x25a sy_call sys/sys/syscallvar.h:65 [inline]
syscall() at netbsd:syscall+0x25a sy_invoke sys/sys/syscallvar.h:94 [inline]
syscall() at netbsd:syscall+0x25a sys/arch/x86/x86/syscall.c:138

--- syscall (number 0) ---
netbsd:syscall+0x25a:
Panic string: ASan: Unauthorized Access In 0xffffffff81827df2: Addr 0xffff9d0012bbc830 [8 bytes, read, PoolUseAfterFree]

PID LID S CPU FLAGS STRUCT LWP * NAME WAIT

1743 1743 2 0 0 ffff9d0012c67480 syz-executor7865
1366 1366 2 1 0 ffff9d0012c3eb80 syz-executor7865
1767 >1767 7 1 0 ffff9d0012bee240 syz-executor7865
1619 1619 2 1 0 ffff9d001332c980 syz-executor7865
1594 1594 2 1 0 ffff9d0013cd4640 syz-executor7865
1621 1621 2 0 0 ffff9d0012b36940 syz-executor7865
1220 1220 2 0 140 ffff9d0013c97a00 syz-executor7865
421 421 2 0 140 ffff9d0013c975c0 syz-executor7865
1224 1224 2 1 140 ffff9d0013c97180 syz-executor7865
1223 1223 2 0 40 ffff9d0013465580 syz-executor7865
1193 1193 2 0 140 ffff9d0013465140 syz-executor7865
1222 1222 2 0 140 ffff9d00133b7b00 syz-executor7865
1221 1221 3 0 180 ffff9d0012b360c0 syz-executor7865 nanoslp
1078 1078 3 1 180 ffff9d0013364a00 sshd select
1070 1070 3 0 180 ffff9d00133b7280 getty nanoslp
1073 1073 3 0 180 ffff9d001338da80 getty nanoslp
1074 1074 3 1 180 ffff9d001338d640 getty nanoslp
1252 1252 3 0 1c0 ffff9d001267cbc0 getty ttyraw
926 926 3 1 180 ffff9d001337f600 sshd select
941 941 3 0 180 ffff9d0012ce16c0 powerd kqueue
687 687 3 0 180 ffff9d00133a3ac0 syslogd kqueue
739 739 3 0 180 ffff9d0012beeac0 dhcpcd poll
546 546 3 0 180 ffff9d0012c744c0 dhcpcd poll
600 600 3 0 180 ffff9d0012bee680 dhcpcd poll
587 587 3 1 180 ffff9d0012c3e300 dhcpcd poll
289 289 3 0 180 ffff9d0012d73080 dhcpcd poll
288 288 3 0 180 ffff9d0012d588c0 dhcpcd poll
351 351 3 0 180 ffff9d0012d58480 dhcpcd poll
1 1 3 0 180 ffff9d00128349c0 init wait
0 938 3 0 200 ffff9d001295fac0 physiod physiod

0 194 3 0 200 ffff9d0012979b00 pooldrain pooldrain
0 193 3 0 200 ffff9d00129796c0 ioflush syncer
0 192 3 1 200 ffff9d0012979280 pgdaemon pgdaemon
0 168 3 1 200 ffff9d001295f240 usb7 usbevt

0 166 3 1 200 ffff9d0012916a80 usb6 usbevt

0 164 3 1 200 ffff9d0012916640 usb5 usbevt

0 163 3 1 200 ffff9d0012916200 usb4 usbevt

0 31 3 1 200 ffff9d00128c8a40 usb3 usbevt

0 63 3 1 200 ffff9d00128c8600 usb2 usbevt

0 126 3 1 200 ffff9d00128c81c0 usb1 usbevt

0 125 3 1 200 ffff9d00128a7a00 usb0 usbevt
0 124 3 1 200 ffff9d00128a75c0 usbtask-dr usbtsk
0 123 3 1 200 ffff9d00128a7180 usbtask-hc usbtsk
0 122 3 0 200 ffff9d00120b36c0 npfgc0 npfgcw
0 121 3 1 200 ffff9d0012834580 rt_free rt_free
0 120 3 1 200 ffff9d0012834140 unpgc unpgc
0 119 3 0 200 ffff9d001282e980 key_timehandler key_timehandler
0 118 3 1 200 ffff9d001282e540 icmp6_wqinput/1 icmp6_wqinput
0 117 3 0 200 ffff9d001282e100 icmp6_wqinput/0 icmp6_wqinput
0 116 3 0 200 ffff9d0012822940 nd6_timer nd6_timer
0 115 3 1 200 ffff9d0012822500 carp6_wqinput/1 carp6_wqinput
0 114 3 0 200 ffff9d00128220c0 carp6_wqinput/0 carp6_wqinput
0 113 3 1 200 ffff9d0012814900 carp_wqinput/1 carp_wqinput
0 112 3 0 200 ffff9d00128144c0 carp_wqinput/0 carp_wqinput
0 111 3 1 200 ffff9d0012814080 icmp_wqinput/1 icmp_wqinput
0 110 3 0 200 ffff9d00128048c0 icmp_wqinput/0 icmp_wqinput
0 109 3 0 200 ffff9d0012804480 rt_timer rt_timer
0 108 3 0 200 ffff9d0012804040 vmem_rehash vmem_rehash
0 107 3 0 200 ffff9d001267c780 entbutler entropy

0 98 3 1 200 ffff9d00120b7700 viomb balloon
0 97 3 1 200 ffff9d00120b72c0 vioif0_txrx/1 vioif0_txrx
0 96 3 0 200 ffff9d00120b3b00 vioif0_txrx/0 vioif0_txrx
0 29 3 0 200 ffff9d00120b3280 scsibus0 sccomp
0 28 3 0 200 ffff9d0010cb9ac0 pms0 pmsreset
0 27 3 1 200 ffff9d0010cb9680 xcall/1 xcall
0 26 1 1 200 ffff9d0010cb9240 softser/1
0 25 1 1 200 ffff9d0010cb8a80 softclk/1
0 24 1 1 200 ffff9d0010cb8640 softbio/1
0 23 1 1 200 ffff9d0010cb8200 softnet/1
0 22 1 1 201 ffff9d000fb55a40 idle/1
0 21 3 0 200 ffff9d000fb55600 lnxsyswq lnxsyswq
0 20 3 0 200 ffff9d000fb551c0 lnxubdwq lnxubdwq
0 19 3 0 200 ffff9d000fb53a00 lnxpwrwq lnxpwrwq
0 18 3 0 200 ffff9d000fb535c0 lnxlngwq lnxlngwq
0 17 3 0 200 ffff9d000fb53180 lnxhipwq lnxhipwq
0 16 3 0 200 ffff9d000fb4b9c0 lnxrcugc lnxrcugc
0 15 3 0 200 ffff9d000fb4b580 sysmon smtaskq
0 14 3 0 200 ffff9d000fb4b140 pmfsuspend pmfsuspend
0 13 3 0 200 ffff9d000fb47980 pmfevent pmfevent
0 12 3 0 200 ffff9d000fb47540 sopendfree sopendfr

0 11 3 0 200 ffff9d000fb47100 iflnkst iflnkst
0 10 3 1 200 ffff9d000fb3c940 nfssilly nfssilly

0 9 3 0 200 ffff9d000fb3c500 vdrain vdrain
0 8 3 1 200 ffff9d000fb3c0c0 modunload mod_unld
0 7 3 0 200 ffff9d000fb32900 xcall/0 xcall
0 6 1 0 200 ffff9d000fb324c0 softser/0

0 > 5 7 0 200 ffff9d000fb32080 softclk/0

0 4 1 0 200 ffff9d000fb308c0 softbio/0
0 3 1 0 200 ffff9d000fb30480 softnet/0
0 2 1 0 201 ffff9d000fb30040 idle/0

0 > 0 7 0 240 ffffffff8334ef00 swapper
[Locks tracked through LWPs]

****** LWP 1366.1366 (syz-executor7865) @ 0xffff9d0012c3eb80, l_stat=2

*** Locks held:

* Lock 0 (initialized at pmap_ctor)

lock address : 0xffff9d0012c09980 type : sleep/adaptive

initialized : 0xffffffff8092cde9
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0

relevant cpu : 1 last held: 1

relevant lwp : 0xffff9d0012c3eb80 last held: 0xffff9d0012c3eb80

last locked* : 0xffffffff8092ec1c unlocked : 0xffffffff8092ccb1

owner field : 0xffff9d0012c3eb80 wait/spin: 0/0

Turnstile: no active turnstile for this lock.

*** Locks wanted:

* Lock 0 (initialized at pmap_ctor)

lock address : 0xffff9d0012c09988 type : sleep/adaptive
initialized : 0xffffffff8092cdf5

shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 1
relevant cpu : 1 last held: 1

relevant lwp : 0xffff9d0012c3eb80 last held: 000000000000000000
last locked : 0xffffffff8092fbf0 unlocked*: 0xffffffff8092fcfe
owner/count : 000000000000000000 flags : 000000000000000000

Turnstile: no active turnstile for this lock.

****** LWP 1619.1619 (syz-executor7865) @ 0xffff9d001332c980, l_stat=2

*** Locks held:

* Lock 0 (initialized at pmap_ctor)

lock address : 0xffff9d0012bdd780 type : sleep/adaptive

initialized : 0xffffffff8092cde9
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0

relevant cpu : 1 last held: 1

relevant lwp : 0xffff9d001332c980 last held: 0xffff9d001332c980

last locked* : 0xffffffff8092ec1c unlocked : 0xffffffff8092ccb1

owner field : 0xffff9d001332c980 wait/spin: 0/0

Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 1594.1594 (syz-executor7865) @ 0xffff9d0013cd4640, l_stat=2

*** Locks held:

* Lock 0 (initialized at pmap_ctor)

lock address : 0xffff9d0012bdd380 type : sleep/adaptive

initialized : 0xffffffff8092cde9
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0

relevant cpu : 1 last held: 1

relevant lwp : 0xffff9d0013cd4640 last held: 0xffff9d0013cd4640
last locked* : 0xffffffff8092ca4a unlocked : 0xffffffff8092f630
owner field : 0xffff9d0013cd4640 wait/spin: 0/0

Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 1223.1223 (syz-executor7865) @ 0xffff9d0013465580, l_stat=2

*** Locks held:

* Lock 0 (initialized at amap_ctor)

lock address : 0xffff9d0013c28e40 type : sleep/adaptive

initialized : 0xffffffff81a77b1b
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0

relevant cpu : 0 last held: 0

relevant lwp : 0xffff9d0013465580 last held: 0xffff9d0013465580

last locked* : 0xffffffff81a88654 unlocked : 0xffffffff81a86096

owner/count : 000000000000000000 flags : 000000000000000000

Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 546.546 (dhcpcd) @ 0xffff9d0012c744c0, l_stat=3

relevant lwp : 0xffff9d0012c744c0 last held: 000000000000000000

last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 600.600 (dhcpcd) @ 0xffff9d0012bee680, l_stat=3

relevant lwp : 0xffff9d0012bee680 last held: 000000000000000000

last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 288.288 (dhcpcd) @ 0xffff9d0012d588c0, l_stat=3

relevant lwp : 0xffff9d0012d588c0 last held: 000000000000000000

last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 351.351 (dhcpcd) @ 0xffff9d0012d58480, l_stat=3

relevant lwp : 0xffff9d0012d58480 last held: 000000000000000000

last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.11 (iflnkst) @ 0xffff9d000fb47100, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff834634c0 type : sleep/adaptive
initialized : 0xffffffff81b34931
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0

relevant cpu : 0 last held: 0

relevant lwp : 0xffff9d000fb47100 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.5 (softclk/0) @ 0xffff9d000fb32080, l_stat=7

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff834634c0 type : sleep/adaptive
initialized : 0xffffffff81b34931
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffff9d000fb32080 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.0 (swapper) @ 0xffffffff8334ef00, l_stat=7

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff834634c0 type : sleep/adaptive
initialized : 0xffffffff81b34931
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffffff8334ef00 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

[Locks tracked through CPUs]

******* Locks held on cpu1:

* Lock 0 (initialized at main)
lock address : 0xffffffff834633c0 type : spin
initialized : 0xffffffff81f258c4
shared holds : 0 exclusive: 1

shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 1

relevant lwp : 0xffff9d0012bee240 last held: 0xffff9d0012bee240
last locked* : 0xffffffff81bbafd4 unlocked : 0xffffffff81bbaaaa

0xffff9d000002ac00 0001 00000000 0x0 0x0

0xffff9d000002ac80 0001 00000000 0x0 0x0
0xffff9d000002ad00 0001 00000000 0x0 0x0
0xffff9d000002ad80 0001 00000000 0x0 0x0
0xffff9d000002ae00 0001 00000000 0x0 0x0
0xffff9d000002ae80 0001 00000000 0x0 0x0
0xffff9d000002af00 0001 00000000 0x0 0x0
0xffff9d000002af80 0001 00000000 0x0 0x0

0xffff9d000002b000 0001 00000000 0x0 0x0
0xffff9d000002b080 0001 00000000 0x0 0x0

Reply all

Reply to author

Forward

0 new messages