ASan: Unauthorized Access in callout_hardclock

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit: abe4f82692e7 Looks like this debug library disappeared wit..
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1207afa7280000
kernel config: https://syzkaller.appspot.com/x/.config?x=fab579639ba4bf0a
dashboard link: https://syzkaller.appspot.com/bug?extid=a9e3a375f2ffee1cc42a
compiler: g++ (Debian 10.2.1-6) 10.2.1 20210110

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1e5cadbb580a/disk-abe4f826.raw.xz
netbsd.gdb: https://storage.googleapis.com/syzbot-assets/756f2fa58097/netbsd-abe4f826.gdb.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a9e3a3...@syzkaller.appspotmail.com

[ 770.0175621] panic: ASan: Unauthorized Access In 0xffffffff81b9f833: Addr 0xffffb880128da2f8 [8 bytes, write, PoolUseAfterFree]

[ 770.0175621] cpu0: Begin traceback...
[ 770.0175621] vpanic() at netbsd:vpanic+0x282 sys/kern/subr_prf.c:292
[ 770.0175621] panic() at netbsd:panic+0x9e sys/kern/subr_prf.c:1060
[ 770.0175621] kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:169 [inline]
[ 770.0175621] kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:201
[ 770.0175621] __asan_store8() at netbsd:__asan_store8+0xaf kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:371 [inline]
[ 770.0175621] __asan_store8() at netbsd:__asan_store8+0xaf kasan_shadow_check sys/kern/subr_asan.c:421 [inline]
[ 770.0175621] __asan_store8() at netbsd:__asan_store8+0xaf sys/kern/subr_asan.c:1208
[ 770.0175621] callout_hardclock() at netbsd:callout_hardclock+0xf7 sys/kern/kern_timeout.c:789
[ 770.0175621] hardclock() at netbsd:hardclock+0x18d sys/kern/kern_clock.c:301
[ 770.0175621] Xresume_lapic_ltimer() at netbsd:Xresume_lapic_ltimer+0x1e
[ 770.0175621] --- interrupt ---
[ 770.0175621] Xspllower() at netbsd:Xspllower+0xe
[ 770.0175621] mutex_enter() at netbsd:mutex_enter+0x50c sys/kern/kern_mutex.c:702
[ 770.0175621] pool_put() at netbsd:pool_put+0x77 pool_put_quarantine sys/kern/subr_pool.c:3105 [inline]
[ 770.0175621] pool_put() at netbsd:pool_put+0x77 sys/kern/subr_pool.c:1364
[ 770.0175621] uvm_unmap_detach() at netbsd:uvm_unmap_detach+0x16e sys/uvm/uvm_map.c:2441
[ 770.0175621] uvm_unmap1() at netbsd:uvm_unmap1+0xe7 sys/uvm/uvm_map.c:4831
[ 770.0175621] uvmspace_exec() at netbsd:uvmspace_exec+0x1ff sys/uvm/uvm_map.c:4273
[ 770.0175621] execve_runproc() at netbsd:execve_runproc+0xc21 sys/kern/kern_exec.c:1253
[ 770.0175621] execve1() at netbsd:execve1+0x104 sys/kern/kern_exec.c:1485
[ 770.0175621] sys_execve() at netbsd:sys_execve+0x5f sys/kern/kern_exec.c:608
[ 770.0175621] syscall() at netbsd:syscall+0x25a sy_call sys/sys/syscallvar.h:65 [inline]
[ 770.0175621] syscall() at netbsd:syscall+0x25a sy_invoke sys/sys/syscallvar.h:94 [inline]
[ 770.0175621] syscall() at netbsd:syscall+0x25a sys/arch/x86/x86/syscall.c:138
[ 770.0175621] --- syscall (number 59) ---
[ 770.0175621] netbsd:syscall+0x25a:
[ 770.0175621] cpu0: End traceback...
[ 770.0175621] fatal breakpoint trap in supervisor mode
[ 770.0175621] trap type 1 code 0 rip 0xffffffff8023241d cs 0x8 rflags 0x246 cr2 0xc0004aa2c0 ilevel 0x8 rsp 0xffffb8824a1991a8
[ 770.0175621] curlwp 0xffffb88012c572c0 pid 3410.3410 lowest kstack 0xffffb8824a1922c0
Stopped in pid 3410.3410 (syz-fuzzer) at netbsd:breakpoint+0x5: leave
?
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:69
vpanic() at netbsd:vpanic+0x282 sys/kern/subr_prf.c:292
panic() at netbsd:panic+0x9e sys/kern/subr_prf.c:1060
kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:169 [inline]
kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:201
__asan_store8() at netbsd:__asan_store8+0xaf kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:371 [inline]
__asan_store8() at netbsd:__asan_store8+0xaf kasan_shadow_check sys/kern/subr_asan.c:421 [inline]
__asan_store8() at netbsd:__asan_store8+0xaf sys/kern/subr_asan.c:1208
callout_hardclock() at netbsd:callout_hardclock+0xf7 sys/kern/kern_timeout.c:789
hardclock() at netbsd:hardclock+0x18d sys/kern/kern_clock.c:301
Xresume_lapic_ltimer() at netbsd:Xresume_lapic_ltimer+0x1e
--- interrupt ---
Xspllower() at netbsd:Xspllower+0xe
mutex_enter() at netbsd:mutex_enter+0x50c sys/kern/kern_mutex.c:702
pool_put() at netbsd:pool_put+0x77 pool_put_quarantine sys/kern/subr_pool.c:3105 [inline]
pool_put() at netbsd:pool_put+0x77 sys/kern/subr_pool.c:1364
uvm_unmap_detach() at netbsd:uvm_unmap_detach+0x16e sys/uvm/uvm_map.c:2441
uvm_unmap1() at netbsd:uvm_unmap1+0xe7 sys/uvm/uvm_map.c:4831
uvmspace_exec() at netbsd:uvmspace_exec+0x1ff sys/uvm/uvm_map.c:4273
execve_runproc() at netbsd:execve_runproc+0xc21 sys/kern/kern_exec.c:1253
execve1() at netbsd:execve1+0x104 sys/kern/kern_exec.c:1485
sys_execve() at netbsd:sys_execve+0x5f sys/kern/kern_exec.c:608
syscall() at netbsd:syscall+0x25a sy_call sys/sys/syscallvar.h:65 [inline]
syscall() at netbsd:syscall+0x25a sy_invoke sys/sys/syscallvar.h:94 [inline]
syscall() at netbsd:syscall+0x25a sys/arch/x86/x86/syscall.c:138
--- syscall (number 59) ---
netbsd:syscall+0x25a:
Panic string: ASan: Unauthorized Access In 0xffffffff81b9f833: Addr 0xffffb880128da2f8 [8 bytes, write, PoolUseAfterFree]

PID LID S CPU FLAGS STRUCT LWP * NAME WAIT
3410 >3410 7 0 0 ffffb88012c572c0 syz-fuzzer
2881 2881 3 0 180 ffffb8801347c100 init nanoslp
3892 2711 3 1 1100000 ffffb88014015580 syz-executor.2 tstile
3892 3892 2 1 11000040 ffffb88013dff240 syz-executor.2
1845 4320 3 1 1100000 ffffb88012c21680 syz-executor.2 tstile
1845 1845 2 1 11000040 ffffb88012d14640 syz-executor.2
2370 2370 3 0 1c0 ffffb88012c0ca80 syz-executor.1 pipe_rd
3888 3537 3 1 1100000 ffffb88012d1f240 syz-executor.2 tstile
3888 3888 2 1 11000040 ffffb88012c79300 syz-executor.2
2887 2887 3 1 1c0 ffffb88012bc75c0 syz-executor.5 pipe_rd
1665 3105 3 0 1100000 ffffb88013fe80c0 syz-executor.2 tstile
1665 1665 2 1 11000040 ffffb88012b77100 syz-executor.2
1612 3327 3 0 1100000 ffffb88012b93580 syz-executor.2 tstile
1612 1612 2 1 11000040 ffffb88012db5080 syz-executor.2
3273 1471 3 1 1100000 ffffb880134b4a00 syz-executor.2 tstile
3273 3273 2 1 11000040 ffffb88013cf1a40 syz-executor.2
1428 1428 3 1 1c0 ffffb88014036a40 syz-executor.4 pipe_rd
2750 1872 2 1 1000040 ffffb8801407c680 syz-executor.2
2750 2999 3 1 1100000 ffffb88012bc7a00 syz-executor.2 tstile
1170 2080 3 0 1100000 ffffb8801402a5c0 syz-executor.2 tstile
1170 1170 2 1 11000040 ffffb880140361c0 syz-executor.2
1018 1012 3 0 1100000 ffffb88012d14200 syz-executor.2 tstile
1018 1018 2 1 11000040 ffffb880133ec6c0 syz-executor.2
1188 908 3 0 1100000 ffffb88013472500 syz-executor.2 tstile
1188 1455 3 0 1100000 ffffb880134720c0 syz-executor.2 tstile
1188 1188 2 1 11000040 ffffb88012bf1a40 syz-executor.2
1620 553 2 1 1000040 ffffb88013dff680 syz-executor.2
1620 1747 3 0 1100000 ffffb88012ce2580 syz-executor.2 tstile
1600 1600 3 0 180 ffffb88012c57700 syz-executor.0 parked
665 665 3 0 180 ffffb88013444300 syz-executor.0 parked
2284 2284 3 0 180 ffffb88013fe8940 syz-executor.1 parked
1978 1978 3 0 180 ffffb88012c0c200 syz-executor.3 parked
1971 1971 3 0 180 ffffb88013ed3b40 syz-executor.1 parked
393 393 3 1 180 ffffb88012aa14c0 syz-executor.3 parked
1998 1998 3 0 180 ffffb88013452780 syz-executor.2 parked
1900 1900 3 1 180 ffffb880126e7740 syz-executor.2 parked
1697 1697 3 1 180 ffffb8801347c980 syz-executor.2 parked
1751 1751 3 1 180 ffffb880133cb200 syz-executor.2 parked
991 991 3 0 1c0 ffffb88013ddd640 syz-executor.3 pipe_rd
1242 1242 3 0 1c0 ffffb88012ad1500 syz-executor.0 pipe_rd
1236 1073 3 0 180 ffffb88013efd740 syz-fuzzer parked
1236 1245 3 1 180 ffffb88013e3d6c0 syz-fuzzer parked
1236 1384 3 0 180 ffffb88013e3d280 syz-fuzzer wait
1236 941 3 1 1c0 ffffb88013dffac0 syz-fuzzer wait
1236 1246 3 0 180 ffffb88013ddda80 syz-fuzzer wait
1236 1241 3 0 180 ffffb88013cf1600 syz-fuzzer wait
1236 829 3 1 1c0 ffffb88013cf11c0 syz-fuzzer wait
1236 1243 3 1 180 ffffb880133ecb00 syz-fuzzer parked
1236 449 2 1 140 ffffb880133ec280 syz-fuzzer
1236 1223 3 0 1c0 ffffb880133cba80 syz-fuzzer pipe_rd
1236 949 3 1 180 ffffb880133d5ac0 syz-fuzzer parked
1236 1081 2 1 140 ffffb880133d5680 syz-fuzzer
1236 1236 3 1 180 ffffb880133a5a00 syz-fuzzer parked
1238 1238 3 1 180 ffffb88012ad1940 sshd select
1224 1224 3 0 180 ffffb880126ea780 getty nanoslp
1216 1216 3 0 180 ffffb880126ea340 getty nanoslp
1107 1107 3 0 180 ffffb880134b45c0 getty nanoslp
1105 1105 3 0 180 ffffb880133b9600 sshd select
978 978 3 0 180 ffffb88012d8e040 powerd kqueue
699 699 3 1 180 ffffb88013452bc0 syslogd kqueue
559 559 3 0 180 ffffb88012c79740 dhcpcd poll
746 746 3 0 180 ffffb88012cd6100 dhcpcd poll
745 745 3 0 180 ffffb88012c95bc0 dhcpcd poll
604 604 3 0 180 ffffb88012c95780 dhcpcd poll
487 487 3 0 180 ffffb88012dd10c0 dhcpcd poll
292 292 3 1 180 ffffb88012db5900 dhcpcd poll
485 485 3 1 180 ffffb88012db54c0 dhcpcd poll
1 1 3 0 180 ffffb88012877180 init wait
0 2446 5 1 200 ffffb88012b77540 (zombie)
0 1969 3 1 200 ffffb88012c95340 ktrace ktrwait
0 2027 3 0 200 ffffb88012d31280 ktrace ktrwait
0 392 3 0 200 ffffb880126eabc0 ktrace ktrwait
0 1460 3 1 200 ffffb880133d5240 ktrace ktrwait
0 674 3 0 200 ffffb880129a16c0 physiod physiod
0 196 3 0 200 ffffb880129a3700 pooldrain pooldrain
0 > 195 7 1 240 ffffb880129a32c0 ioflush
0 194 3 1 200 ffffb880129a1b00 pgdaemon pgdaemon
0 169 3 0 200 ffffb88012961ac0 usb7 usbevt
0 172 3 0 200 ffffb88012961680 usb6 usbevt
0 170 3 0 200 ffffb88012961240 usb5 usbevt
0 168 3 0 200 ffffb88012915a80 usb4 usbevt
0 166 3 0 200 ffffb88012915640 usb3 usbevt
0 165 3 1 240 ffffb88012915200 usb2 tstile
0 31 3 0 200 ffffb880128d9a40 usb1 usbevt
0 63 3 0 200 ffffb880128d9600 usb0 usbevt
0 126 3 1 200 ffffb880128d91c0 usbtask-dr usbtsk
0 125 3 1 200 ffffb88012877a00 usbtask-hc usbtsk
0 124 3 0 200 ffffb88010d76b00 swwreboot swwreboot
0 123 3 0 200 ffffb880128775c0 npfgc0 npfgcw
0 122 3 1 200 ffffb8801286a9c0 rt_free rt_free
0 121 3 1 200 ffffb8801286a580 unpgc unpgc
0 120 3 0 200 ffffb8801286a140 key_timehandler key_timehandler
0 119 3 1 200 ffffb8801271b980 icmp6_wqinput/1 icmp6_wqinput
0 118 3 0 200 ffffb8801271b540 icmp6_wqinput/0 icmp6_wqinput
0 117 3 0 200 ffffb8801271b100 nd6_timer nd6_timer
0 116 3 1 200 ffffb88012713940 carp6_wqinput/1 carp6_wqinput
0 115 3 0 200 ffffb88012713500 carp6_wqinput/0 carp6_wqinput
0 114 3 1 200 ffffb880127130c0 carp_wqinput/1 carp_wqinput
0 113 3 0 200 ffffb88012703900 carp_wqinput/0 carp_wqinput
0 112 3 1 200 ffffb880127034c0 icmp_wqinput/1 icmp_wqinput
0 111 3 0 200 ffffb88012703080 icmp_wqinput/0 icmp_wqinput
0 110 3 0 200 ffffb880126eb8c0 rt_timer rt_timer
0 109 3 0 200 ffffb880126e7b80 vmem_rehash vmem_rehash
0 100 3 0 200 ffffb880126e7300 entbutler entropy
0 99 3 0 200 ffffb880120bcb40 viomb balloon
0 98 3 1 200 ffffb880120bc700 vioif0_txrx/1 vioif0_txrx
0 97 3 0 200 ffffb880120bc2c0 vioif0_txrx/0 vioif0_txrx
0 30 3 0 200 ffffb88010d766c0 scsibus0 sccomp
0 29 3 0 200 ffffb88010d76280 pms0 pmsreset
0 28 3 1 200 ffffb88010cbcac0 xcall/1 xcall
0 27 1 1 200 ffffb88010cbc680 softser/1
0 26 1 1 200 ffffb88010cbc240 softclk/1
0 25 1 1 200 ffffb88010cb9a80 softbio/1
0 24 1 1 200 ffffb88010cb9640 softnet/1
0 23 1 1 201 ffffb88010cb9200 idle/1
0 22 3 0 200 ffffb8800fb56a40 lnxsyswq lnxsyswq
0 21 3 0 200 ffffb8800fb56600 lnxubdwq lnxubdwq
0 20 3 0 200 ffffb8800fb561c0 lnxpwrwq lnxpwrwq
0 19 3 0 200 ffffb8800fb55a00 lnxlngwq lnxlngwq
0 18 3 0 200 ffffb8800fb555c0 lnxhipwq lnxhipwq
0 17 3 0 200 ffffb8800fb55180 lnxrcugc lnxrcugc
0 16 3 0 200 ffffb8800fb4e9c0 sysmon smtaskq
0 15 3 0 200 ffffb8800fb4e580 pmfsuspend pmfsuspend
0 14 3 0 200 ffffb8800fb4e140 pmfevent pmfevent
0 13 3 0 200 ffffb8800fb49980 sopendfree sopendfr
0 12 3 0 200 ffffb8800fb49540 ifwdog ifwdog
0 11 3 0 200 ffffb8800fb49100 iflnkst iflnkst
0 10 3 0 200 ffffb8800fb3c940 nfssilly nfssilly
0 9 3 0 200 ffffb8800fb3c500 vdrain vdrain
0 8 3 1 200 ffffb8800fb3c0c0 modunload mod_unld
0 7 3 0 200 ffffb8800fb33900 xcall/0 xcall
0 6 1 0 200 ffffb8800fb334c0 softser/0
0 5 1 0 200 ffffb8800fb33080 softclk/0
0 4 1 0 200 ffffb8800fb318c0 softbio/0
0 3 1 0 200 ffffb8800fb31480 softnet/0
0 2 1 0 201 ffffb8800fb31040 idle/0
0 0 3 0 200 ffffffff8334b900 swapper uvm
[Locks tracked through LWPs]

****** LWP 3410.3410 (syz-fuzzer) @ 0xffffb88012c572c0, l_stat=7

*** Locks held:

* Lock 0 (initialized at netbsd:fork1+0x392 sys/kern/kern_fork.c:366)
lock address : ffffb8801349e790
type : sleep/adaptive
initialized : netbsd:fork1+0x392
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffb88012c572c0 last held: 0xffffb88012c572c0
last locked* : netbsd:execve_loadvm+0x308
unlocked : 0
owner/count : 0xffffb88012c572c0 flags : 0x0000000000000004
Turnstile: no active turnstile for this lock.

* Lock 1 (initialized at netbsd:pool_init+0xa66 sys/kern/subr_pool.c:981)
lock address : netbsd:uvm_map_entry_cache+0xb0
type : sleep/adaptive
initialized : netbsd:pool_init+0xa66
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffb88012c572c0 last held: 0xffffb88012c572c0
last locked* : netbsd:pool_put+0x77
unlocked : netbsd:pool_put+0x18d
owner field : 0xffffb88012c572c0 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 3892.2711 (syz-executor.2) @ 0xffffb88014015580, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0xe1 sys/dev/usb/vhci.c:1280)
lock address : ffffb880126af4c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0xe1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 12
relevant cpu : 1 last held: 1
relevant lwp : 0xffffb88014015580 last held: 0xffffb88012915200
last locked* : netbsd:usbd_transfer+0x23e
unlocked : netbsd:usbd_setup_pipe_flags+0xc8
owner field : 0xffffb88012915200 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 12 waiting writers: 0xffffb88012ce2580 0xffffb88013472500 0xffffb880134720c0 0xffffb88012d14200 0xffffb8801402a5c0 0xffffb88012bc7a00 0xffffb880134b4a00 0xffffb88012b93580 0xffffb88013fe80c0 0xffffb88012d1f240 0xffffb88012c21680 0xffffb88014015580

****** LWP 1845.4320 (syz-executor.2) @ 0xffffb88012c21680, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0xe1 sys/dev/usb/vhci.c:1280)
lock address : ffffb880126af4c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0xe1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 12
relevant cpu : 1 last held: 1
relevant lwp : 0xffffb88012c21680 last held: 0xffffb88012915200
last locked* : netbsd:usbd_transfer+0x23e
unlocked : netbsd:usbd_setup_pipe_flags+0xc8
owner field : 0xffffb88012915200 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 12 waiting writers: 0xffffb88012ce2580 0xffffb88013472500 0xffffb880134720c0 0xffffb88012d14200 0xffffb8801402a5c0 0xffffb88012bc7a00 0xffffb880134b4a00 0xffffb88012b93580 0xffffb88013fe80c0 0xffffb88012d1f240 0xffffb88012c21680 0xffffb88014015580

****** LWP 3888.3537 (syz-executor.2) @ 0xffffb88012d1f240, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0xe1 sys/dev/usb/vhci.c:1280)
lock address : ffffb880126af4c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0xe1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 12
relevant cpu : 1 last held: 1
relevant lwp : 0xffffb88012d1f240 last held: 0xffffb88012915200
last locked* : netbsd:usbd_transfer+0x23e
unlocked : netbsd:usbd_setup_pipe_flags+0xc8
owner field : 0xffffb88012915200 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 12 waiting writers: 0xffffb88012ce2580 0xffffb88013472500 0xffffb880134720c0 0xffffb88012d14200 0xffffb8801402a5c0 0xffffb88012bc7a00 0xffffb880134b4a00 0xffffb88012b93580 0xffffb88013fe80c0 0xffffb88012d1f240 0xffffb88012c21680 0xffffb88014015580

****** LWP 1665.3105 (syz-executor.2) @ 0xffffb88013fe80c0, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0xe1 sys/dev/usb/vhci.c:1280)
lock address : ffffb880126af4c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0xe1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 12
relevant cpu : 0 last held: 1
relevant lwp : 0xffffb88013fe80c0 last held: 0xffffb88012915200
last locked* : netbsd:usbd_transfer+0x23e
unlocked : netbsd:usbd_setup_pipe_flags+0xc8
owner field : 0xffffb88012915200 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 12 waiting writers: 0xffffb88012ce2580 0xffffb88013472500 0xffffb880134720c0 0xffffb88012d14200 0xffffb8801402a5c0 0xffffb88012bc7a00 0xffffb880134b4a00 0xffffb88012b93580 0xffffb88013fe80c0 0xffffb88012d1f240 0xffffb88012c21680 0xffffb88014015580

****** LWP 1612.3327 (syz-executor.2) @ 0xffffb88012b93580, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0xe1 sys/dev/usb/vhci.c:1280)
lock address : ffffb880126af4c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0xe1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 12
relevant cpu : 0 last held: 1
relevant lwp : 0xffffb88012b93580 last held: 0xffffb88012915200
last locked* : netbsd:usbd_transfer+0x23e
unlocked : netbsd:usbd_setup_pipe_flags+0xc8
owner field : 0xffffb88012915200 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 12 waiting writers: 0xffffb88012ce2580 0xffffb88013472500 0xffffb880134720c0 0xffffb88012d14200 0xffffb8801402a5c0 0xffffb88012bc7a00 0xffffb880134b4a00 0xffffb88012b93580 0xffffb88013fe80c0 0xffffb88012d1f240 0xffffb88012c21680 0xffffb88014015580

****** LWP 3273.1471 (syz-executor.2) @ 0xffffb880134b4a00, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0xe1 sys/dev/usb/vhci.c:1280)
lock address : ffffb880126af4c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0xe1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 12
relevant cpu : 1 last held: 1
relevant lwp : 0xffffb880134b4a00 last held: 0xffffb88012915200
last locked* : netbsd:usbd_transfer+0x23e
unlocked : netbsd:usbd_setup_pipe_flags+0xc8
owner field : 0xffffb88012915200 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 12 waiting writers: 0xffffb88012ce2580 0xffffb88013472500 0xffffb880134720c0 0xffffb88012d14200 0xffffb8801402a5c0 0xffffb88012bc7a00 0xffffb880134b4a00 0xffffb88012b93580 0xffffb88013fe80c0 0xffffb88012d1f240 0xffffb88012c21680 0xffffb88014015580

****** LWP 2750.2999 (syz-executor.2) @ 0xffffb88012bc7a00, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0xe1 sys/dev/usb/vhci.c:1280)
lock address : ffffb880126af4c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0xe1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 12
relevant cpu : 1 last held: 1
relevant lwp : 0xffffb88012bc7a00 last held: 0xffffb88012915200
last locked* : netbsd:usbd_transfer+0x23e
unlocked : netbsd:usbd_setup_pipe_flags+0xc8
owner field : 0xffffb88012915200 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 12 waiting writers: 0xffffb88012ce2580 0xffffb88013472500 0xffffb880134720c0 0xffffb88012d14200 0xffffb8801402a5c0 0xffffb88012bc7a00 0xffffb880134b4a00 0xffffb88012b93580 0xffffb88013fe80c0 0xffffb88012d1f240 0xffffb88012c21680 0xffffb88014015580

****** LWP 1170.2080 (syz-executor.2) @ 0xffffb8801402a5c0, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0xe1 sys/dev/usb/vhci.c:1280)
lock address : ffffb880126af4c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0xe1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 12
relevant cpu : 0 last held: 1
relevant lwp : 0xffffb8801402a5c0 last held: 0xffffb88012915200
last locked* : netbsd:usbd_transfer+0x23e
unlocked : netbsd:usbd_setup_pipe_flags+0xc8
owner field : 0xffffb88012915200 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 12 waiting writers: 0xffffb88012ce2580 0xffffb88013472500 0xffffb880134720c0 0xffffb88012d14200 0xffffb8801402a5c0 0xffffb88012bc7a00 0xffffb880134b4a00 0xffffb88012b93580 0xffffb88013fe80c0 0xffffb88012d1f240 0xffffb88012c21680 0xffffb88014015580

****** LWP 1018.1012 (syz-executor.2) @ 0xffffb88012d14200, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0xe1 sys/dev/usb/vhci.c:1280)
lock address : ffffb880126af4c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0xe1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 12
relevant cpu : 0 last held: 1
relevant lwp : 0xffffb88012d14200 last held: 0xffffb88012915200
last locked* : netbsd:usbd_transfer+0x23e
unlocked : netbsd:usbd_setup_pipe_flags+0xc8
owner field : 0xffffb88012915200 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 12 waiting writers: 0xffffb88012ce2580 0xffffb88013472500 0xffffb880134720c0 0xffffb88012d14200 0xffffb8801402a5c0 0xffffb88012bc7a00 0xffffb880134b4a00 0xffffb88012b93580 0xffffb88013fe80c0 0xffffb88012d1f240 0xffffb88012c21680 0xffffb88014015580

****** LWP 1188.908 (syz-executor.2) @ 0xffffb88013472500, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0xe1 sys/dev/usb/vhci.c:1280)
lock address : ffffb880126af4c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0xe1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 12
relevant cpu : 0 last held: 1
relevant lwp : 0xffffb88013472500 last held: 0xffffb88012915200
last locked* : netbsd:usbd_transfer+0x23e
unlocked : netbsd:usbd_setup_pipe_flags+0xc8
owner field : 0xffffb88012915200 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 12 waiting writers: 0xffffb88012ce2580 0xffffb88013472500 0xffffb880134720c0 0xffffb88012d14200 0xffffb8801402a5c0 0xffffb88012bc7a00 0xffffb880134b4a00 0xffffb88012b93580 0xffffb88013fe80c0 0xffffb88012d1f240 0xffffb88012c21680 0xffffb88014015580

****** LWP 1188.1455 (syz-executor.2) @ 0xffffb880134720c0, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0xe1 sys/dev/usb/vhci.c:1280)
lock address : ffffb880126af4c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0xe1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 12
relevant cpu : 0 last held: 1
relevant lwp : 0xffffb880134720c0 last held: 0xffffb88012915200
last locked* : netbsd:usbd_transfer+0x23e
unlocked : netbsd:usbd_setup_pipe_flags+0xc8
owner field : 0xffffb88012915200 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 12 waiting writers: 0xffffb88012ce2580 0xffffb88013472500 0xffffb880134720c0 0xffffb88012d14200 0xffffb8801402a5c0 0xffffb88012bc7a00 0xffffb880134b4a00 0xffffb88012b93580 0xffffb88013fe80c0 0xffffb88012d1f240 0xffffb88012c21680 0xffffb88014015580

****** LWP 1620.1747 (syz-executor.2) @ 0xffffb88012ce2580, l_stat=3

*** Locks held:

* Lock 0 (initialized at netbsd:vhci_attach+0x129 sys/dev/usb/vhci.c:1283)
lock address : ffffb880126af6f0
type : sleep/adaptive
initialized : netbsd:vhci_attach+0x129
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 1
relevant cpu : 0 last held: 0
relevant lwp : 0xffffb88012ce2580 last held: 0xffffb88012ce2580
last locked* : netbsd:vhci_usb_detach+0x115
unlocked : netbsd:vhci_fd_read+0x475
owner field : 0xffffb88012ce2580 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 1 waiting writers: 0xffffb88012915200

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0xe1 sys/dev/usb/vhci.c:1280)
lock address : ffffb880126af4c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0xe1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 12
relevant cpu : 0 last held: 1
relevant lwp : 0xffffb88012ce2580 last held: 0xffffb88012915200
last locked* : netbsd:usbd_transfer+0x23e
unlocked : netbsd:usbd_setup_pipe_flags+0xc8
owner field : 0xffffb88012915200 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 12 waiting writers: 0xffffb88012ce2580 0xffffb88013472500 0xffffb880134720c0 0xffffb88012d14200 0xffffb8801402a5c0 0xffffb88012bc7a00 0xffffb880134b4a00 0xffffb88012b93580 0xffffb88013fe80c0 0xffffb88012d1f240 0xffffb88012c21680 0xffffb88014015580

****** LWP 746.746 (dhcpcd) @ 0xffffb88012cd6100, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffb88012cd6100 last held: 000000000000000000
last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 745.745 (dhcpcd) @ 0xffffb88012c95bc0, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffb88012c95bc0 last held: 000000000000000000
last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 292.292 (dhcpcd) @ 0xffffb88012db5900, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0
relevant lwp : 0xffffb88012db5900 last held: 000000000000000000
last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 485.485 (dhcpcd) @ 0xffffb88012db54c0, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0
relevant lwp : 0xffffb88012db54c0 last held: 000000000000000000
last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.165 (usb2) @ 0xffffb88012915200, l_stat=3

*** Locks held:

* Lock 0 (initialized at netbsd:vhci_attach+0xe1 sys/dev/usb/vhci.c:1280)
lock address : ffffb880126af4c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0xe1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 12
relevant cpu : 1 last held: 1
relevant lwp : 0xffffb88012915200 last held: 0xffffb88012915200
last locked* : netbsd:usbd_transfer+0x23e
unlocked : netbsd:usbd_setup_pipe_flags+0xc8
owner field : 0xffffb88012915200 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 12 waiting writers: 0xffffb88012ce2580 0xffffb88013472500 0xffffb880134720c0 0xffffb88012d14200 0xffffb8801402a5c0 0xffffb88012bc7a00 0xffffb880134b4a00 0xffffb88012b93580 0xffffb88013fe80c0 0xffffb88012d1f240 0xffffb88012c21680 0xffffb88014015580

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0x129 sys/dev/usb/vhci.c:1283)
lock address : ffffb880126af6f0
type : sleep/adaptive
initialized : netbsd:vhci_attach+0x129
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 1
relevant cpu : 1 last held: 0
relevant lwp : 0xffffb88012915200 last held: 0xffffb88012ce2580
last locked* : netbsd:vhci_usb_detach+0x115
unlocked : netbsd:vhci_fd_read+0x475
owner field : 0xffffb88012ce2580 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 1 waiting writers: 0xffffb88012915200

****** LWP 0.11 (iflnkst) @ 0xffffb8800fb49100, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffb8800fb49100 last held: 000000000000000000
last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.5 (softclk/0) @ 0xffffb8800fb33080, l_stat=1

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffb8800fb33080 last held: 000000000000000000
last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.0 (swapper) @ 0xffffffff8334b900, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffffff8334b900 last held: 000000000000000000
last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

[Locks tracked through CPUs]

******* Locks held on cpu0:

* Lock 0 (initialized at netbsd:callout_startup+0x43 sys/kern/kern_timeout.c:280)
lock address : ffffb8800f67d040
type : spin
initialized : netbsd:callout_startup+0x43
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffb88012c572c0 last held: 0xffffb88012c572c0
last locked* : netbsd:callout_hardclock+0x42
unlocked : netbsd:callout_hardclock+0x28b
owner field : 0x0000000000010700 wait/spin: 0/1

* Lock 1 (initialized at netbsd:kprintf_init+0x61 sys/kern/subr_prf.c:156)
lock address : netbsd:kprintf_mtx
type : spin
initialized : netbsd:kprintf_init+0x61
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffb88012c572c0 last held: 0xffffb88012c572c0
last locked* : netbsd:kprintf_lock+0x33
unlocked : netbsd:kprintf_unlock+0x53
owner field : 0x0000000000000800 wait/spin: 0/1

******* Locks held on cpu1:

* Lock 0 (initialized at netbsd:sleeptab_init+0x85 sys/kern/kern_sleepq.c:84)
lock address : netbsd:sleepq_locks+0xdc0
type : spin
initialized : netbsd:sleeptab_init+0x85
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 1
relevant lwp : 0xffffb880129a32c0 last held: 0xffffb880133ec6c0
last locked* : netbsd:cv_enter+0x168
unlocked : netbsd:mi_switch+0x7ac
owner field : 0x0000000000000700 wait/spin: 0/1

PAGE FLAG PQ UOBJECT UANON
0xffffb88000017180 0041 00000000 0x0 0x0
0xffffb88000017200 0041 00000000 0x0 0x0
0xffffb88000017280 0041 00000000 0x0 0x0
0xffffb88000017300 0041 00000000 0x0 0x0
0xffffb88000017380 0041 00000000 0x0 0x0
0xffffb88000017400 0041 00000000 0x0 0x0
0xffffb88000017480 0041 00000000 0x0 0x0
0xffffb88000017500 0041 00000000 0x0 0x0
0xffffb88000017580 0041 00000000 0x0 0x0
0xffffb88000017600 0041 00000000 0x0 0x0
0xffffb88000017680 0041 00000000 0x0 0x0
0xffffb88000017700 0041 00000000 0x0 0x0
0xffffb88000017780 0041 00000000 0x0 0x0
0xffffb88000017800 0041 00000000 0x0 0x0
0xffffb88000017880 0041 00000000 0x0 0x0
0xffffb88000017900 0041 00000000 0x0 0x0
0xffffb88000017980 0041 00000000 0x0 0x0
0xffffb88000017a00 0041 00000000 0x0 0x0
0xffffb88000017a80 0041 00000000 0x0 0x0
0xffffb88000017b00 0041 00000000 0x0 0x0
0xffffb88000017b80 0041 00000000 0x0 0x0
0xffffb88000017c00 0041 00000000 0x0 0x0
0xffffb88000017c80 0041 00000000 0x0 0x0
0xffffb88000017d00 0041 00000000 0x0 0x0
0xffffb88000017d80 0041 00000000 0x0 0x0
0xffffb88000017e00 0041 00000000 0x0 0x0
0xffffb88000017e80 0041 00000000 0x0 0x0
0xffffb88000017f00 0041 00000000 0x0 0x0
0xffffb88000017f80 0041 00000000 0x0 0x0
0xffffb88000018000 0041 00000000 0x0 0x0
0xffffb88000018080 0041 00000000 0x0 0x0
0xffffb88000018100 0041 00000000 0x0 0x0
0xffffb88000018180 0041 00000000 0x0 0x0
0xffffb88000018200 0041 00000000 0x0 0x0
0xffffb88000018280 0041 00000000 0x0 0x0
0xffffb88000018300 0041 00000000 0x0 0x0
0xffffb88000018380 0041 00000000 0x0 0x0
0xffffb88000018400 0041 00000000 0x0 0x0
0xffffb88000018480 0041 00000000 0x0 0x0
0xffffb88000018500 0041 00000000 0x0 0x0
0xffffb88000018580 0041 00000000 0x0 0x0
0xffffb88000018600 0041 00000000 0x0 0x0
0xffffb88000018680 0041 00000000 0x0 0x0
0xffffb88000018700 0041 00000000 0x0 0x0
0xffffb88000018780 0041 00000000 0x0 0x0
0xffffb88000018800 0041 00000000 0x0 0x0
0xffffb88000018880 0041 00000000 0x0 0x0
0xffffb88000018900 0041 00000000 0x0 0x0
0xffffb88000018980 0041 00000000 0x0 0x0
0xffffb88000018a00 0041 00000000 0x0 0x0
0xffffb88000018a80 0041 00000000 0x0 0x0
0xffffb88000018b00 0041 00000000 0x0 0x0
0xffffb88000018b80 0041 00000000 0x0 0x0
0xffffb88000018c00 0041 00000000 0x0 0x0
0xffffb88000018c80 0041 00000000 0x0 0x0
0xffffb88000018d00 0041 00000000 0x0 0x0
0xffffb88000018d80 0041 00000000 0x0 0x0
0xffffb88000018e00 0041 00000000 0x0 0x0
0xffffb88000018e80 0041 00000000 0x0 0x0
0xffffb88000018f00 0041 00000000 0x0 0x0
0xffffb88000018f80 0041 00000000 0x0 0x0
0xffffb88000019000 0041 00000000 0x0 0x0
0xffffb88000019080 0041 00000000 0x0 0x0
0xffffb88000019100 0041 00000000 0x0 0x0
0xffffb88000019180 0041 00000000 0x0 0x0
0xffffb88000019200 0041 00000000 0x0 0x0
0xffffb88000019280 0041 00000000 0x0 0x0
0xffffb88000019300 0041 00000000 0x0 0x0
0xffffb88000019380 0041 00000000 0x0 0x0
0xffffb88000019400 0041 00000000 0x0 0x0
0xffffb88000019480 0041 00000000 0x0 0x0
0xffffb88000019500 0041 00000000 0x0 0x0
0xffffb88000019580 0041 00000000 0x0 0x0
0xffffb88000019600 0041 00000000 0x0 0x0
0xffffb88000019680 0041 00000000 0x0 0x0
0xffffb88000019700 0041 00000000 0x0 0x0
0xffffb88000019780 0041 00000000 0x0 0x0
0xffffb88000019800 0041 00000000 0x0 0x0
0xffffb88000019880 0041 00000000 0x0 0x0
0xffffb88000019900 0041 00000000 0x0 0x0
0xffffb88000019980 0041 00000000 0x0 0x0
0xffffb88000019a00 0041 00000000 0x0 0x0
0xffffb88000019a80 0041 00000000 0x0 0x0
0xffffb88000019b00 0041 00000000 0x0 0x0
0xffffb88000019b80 0041 00000000 0x0 0x0
0xffffb88000019c00 0041 00000000 0x0 0x0
0xffffb88000019c80 0041 00000000 0x0 0x0
0xffffb88000019d00 0041 00000000 0x0 0x0
0xffffb88000019d80 0041 00000000 0x0 0x0
0xffffb88000019e00 0041 00000000 0x0 0x0
0xffffb88000019e80 0041 00000000 0x0 0x0
0xffffb88000019f00 0041 00000000 0x0 0x0
0xffffb88000019f80 0041 00000000 0x0 0x0
0xffffb8800001a000 0041 00000000 0x0 0x0
0xffffb8800001a080 0041 00000000 0x0 0x0
0xffffb8800001a100 0041 00000000 0x0 0x0
0xffffb8800001a180 0041 00000000 0x0 0x0
0xffffb8800001a200 0041 00000000 0x0 0x0
0xffffb8800001a280 0041 00000000 0x0 0x0
0xffffb8800001a300 0041 00000000 0x0 0x0
0xffffb8800001a380 0041 00000000 0x0 0x0
0xffffb8800001a400 0041 00000000 0x0 0x0
0xffffb8800001a480 0041 00000000 0x0 0x0
0xffffb8800001a500 0041 00000000 0x0 0x0
0xffffb8800001a580 0041 00000000 0x0 0x0
0xffffb8800001a600 0041 00000000 0x0 0x0
0xffffb8800001a680 0041 00000000 0x0 0x0
0xffffb8800001a700 0041 00000000 0x0 0x0
0xffffb8800001a780 0041 00000000 0x0 0x0
0xffffb8800001a800 0041 00000000 0x0 0x0
0xffffb8800001a880 0041 00000000 0x0 0x0
0xffffb8800001a900 0041 00000000 0x0 0x0
0xffffb8800001a980 0041 00000000 0x0 0x0
0xffffb8800001aa00 0041 00000000 0x0 0x0
0xffffb8800001aa80 0041 00000000 0x0 0x0
0xffffb8800001ab00 0041 00000000 0x0 0x0
0xffffb8800001ab80 0041 00000000 0x0 0x0
0xffffb8800001ac00 0041 00000000 0x0 0x0
0xffffb8800001ac80 0041 00000000 0x0 0x0
0xffffb8800001ad00 0041 00000000 0x0 0x0
0xffffb8800001ad80 0041 00000000 0x0 0x0
0xffffb8800001ae00 0041 00000000 0x0 0x0
0xffffb8800001ae80 0041 00000000 0x0 0x0
0xffffb8800001af00 0041 00000000 0x0 0x0
0xffffb8800001af80 0041 00000000 0x0 0x0
0xffffb8800001b000 0041 00000000 0x0 0x0
0xffffb8800001b080 0041 00000000 0x0 0x0
0xffffb8800001b100 0041 00000000 0x0 0x0
0xffffb8800001b180 0041 00000000 0x0 0x0
0xffffb8800001b200 0041 00000000 0x0 0x0
0xffffb8800001b280 0041 00000000 0x0 0x0
0xffffb8800001b300 0041 00000000 0x0 0x0
0xffffb8800001b380 0041 00000000 0x0 0x0
0xffffb8800001b400 0041 00000000 0x0 0x0
0xffffb8800001b480 0041 00000000 0x0 0x0
0xffffb8800001b500 0041 00000000 0x0 0x0
0xffffb8800001b580 0041 00000000 0x0 0x0
0xffffb8800001b600 0041 00000000 0x0 0x0
0xffffb8800001b680 0041 00000000 0x0 0x0
0xffffb8800001b700 0041 00000000 0x0 0x0
0xffffb8800001b780 0041 00000000 0x0 0x0
0xffffb8800001b800 0041 00000000 0x0 0x0
0xffffb8800001b880 0041 00000000 0x0 0x0
0xffffb8800001b900 0041 00000000 0x0 0x0
0xffffb8800001b980 0041 00000000 0x0 0x0
0xffffb8800001ba00 0041 00000000 0x0 0x0
0xffffb8800001ba80 0041 00000000 0x0 0x0
0xffffb8800001bb00 0041 00000000 0x0 0x0
0xffffb8800001bb80 0001 00000000 0x0 0x0
0xffffb8800001bc00 0001 00000000 0x0 0x0
0xffffb8800001bc80 0001 00000000 0x0 0x0
0xffffb8800001bd00 0001 00000000 0x0 0x0
0xffffb8800001bd80 0001 00000000 0x0 0x0
0xffffb8800001be00 0001 00000000 0x0 0x0
0xffffb8800001be80 0001 00000000 0x0 0x0
0xffffb8800001bf00 0001 00000000 0x0 0x0
0xffffb8800001bf80 0001 00000000 0x0 0x0
0xffffb8800001c000 0001 00000000 0x0 0x0
0xffffb8800001c080 0001 00000000 0x0 0x0
0xffffb8800001c100 0001 00000000 0x0 0x0
0xffffb8800001c180 0001 00000000 0x0 0x0
0xffffb8800001c200 0001 00000000 0x0 0x0
0xffffb8800001c280 0001 00000000 0x0 0x0
0xffffb8800001c300 0001 00000000 0x0 0x0
0xffffb8800001c380 0001 00000000 0x0 0x0
0xffffb8800001c400 0001 00000000 0x0 0x0
0xffffb8800001c480 0001 00000000 0x0 0x0
0xffffb8800001c500 0001 00000000 0x0 0x0
0xffffb8800001c580 0001 00000000 0x0 0x0
0xffffb8800001c600 0001 00000000 0x0 0x0
0xffffb8800001c680 0001 00000000 0x0 0x0
0xffffb8800001c700 0001 00000000 0x0 0x0
0xffffb8800001c780 0001 00000000 0x0 0x0
0xffffb8800001c800 0001 00000000 0x0 0x0
0xffffb8800001c880 0001 00000000 0x0 0x0
0xffffb8800001c900 0001 00000000 0x0 0x0
0xffffb8800001c980 0001 00000000 0x0 0x0
0xffffb8800001ca00 0001 00000000 0x0 0x0
0xffffb8800001ca80 0001 00000000 0x0 0x0
0xffffb8800001cb00 0001 00000000 0x0 0x0
0xffffb8800001cb80 0001 00000000 0x0 0x0
0xffffb8800001cc00 0001 00000000 0x0 0x0
0xffffb8800001cc80 0001 00000000 0x0 0x0
0xffffb8800001cd00 0001 00000000 0x0 0x0
0xffffb8800001cd80 0001 00000000 0x0 0x0
0xffffb8800001ce00 0001 00000000 0x0 0x0
0xffffb8800001ce80 0001 00000000 0x0 0x0
0xffffb8800001cf00 0001 00000000 0x0 0x0
0xffffb8800001cf80 0001 00000000 0x0 0x0
0xffffb8800001d000 0001 00000000 0x0 0x0
0xffffb8800001d080 0001 00000000 0x0 0x0
0xffffb8800001d100 0001 00000000 0x0 0x0
0xffffb8800001d180 0001 00000000 0x0 0x0
0xffffb8800001d200 0001 00000000 0x0 0x0
0xffffb8800001d280 0001 00000000 0x0 0x0
0xffffb8800001d300 0001 00000000 0x0 0x0
0xffffb8800001d380 0001 00000000 0x0 0x0
0xffffb8800001d400 0001 00000000 0x0 0x0
0xffffb8800001d480 0001 00000000 0x0 0x0
0xffffb8800001d500 0001 00000000 0x0 0x0
0xffffb8800001d580 0001 00000000 0x0 0x0
0xffffb8800001d600 0001 00000000 0x0 0x0
0xffffb8800001d680 0001 00000000 0x0 0x0
0xffffb8800001d700 0001 00000000 0x0 0x0
0xffffb8800001d780 0001 00000000 0x0 0x0
0xffffb8800001d800 0001 00000000 0x0 0x0
0xffffb8800001d880 0001 00000000 0x0 0x0
0xffffb8800001d900 0001 00000000 0x0 0x0
0xffffb8800001d980 0001 00000000 0x0 0x0
0xffffb8800001da00 0001 00000000 0x0 0x0
0xffffb8800001da80 0001 00000000 0x0 0x0
0xffffb8800001db00 0001 00000000 0x0 0x0
0xffffb8800001db80 0001 00000000 0x0 0x0
0xffffb8800001dc00 0001 00000000 0x0 0x0
0xffffb8800001dc80 0001 00000000 0x0 0x0
0xffffb8800001dd00 0001 00000000 0x0 0x0
0xffffb8800001dd80 0001 00000000 0x0 0x0
0xffffb8800001de00 0001 00000000 0x0 0x0
0xffffb8800001de80 0001 00000000 0x0 0x0
0xffffb8800001df00 0001 00000000 0x0 0x0
0xffffb8800001df80 0001 00000000 0x0 0x0
0xffffb8800001e000 0001 00000000 0x0 0x0
0xffffb8800001e080 0001 00000000 0x0 0x0
0xffffb8800001e100 0001 00000000 0x0 0x0
0xffffb8800001e180 0001 00000000 0x0 0x0
0xffffb8800001e200 0001 00000000 0x0 0x0
0xffffb8800001e280 0001 00000000 0x0 0x0
0xffffb8800001e300 0001 00000000 0x0 0x0
0xffffb8800001e380 0001 00000000 0x0 0x0
0xffffb8800001e400 0001 00000000 0x0 0x0
0xffffb8800001e480 0001 00000000 0x0 0x0
0xffffb8800001e500 0001 00000000 0x0 0x0
0xffffb8800001e580 0001 00000000 0x0 0x0
0xffffb8800001e600 0001 00000000 0x0 0x0
0xffffb8800001e680 0001 00000000 0x0 0x0
0xffffb8800001e700 0001 00000000 0x0 0x0
0xffffb8800001e780 0001 00000000 0x0 0x0
0xffffb8800001e800 0001 00000000 0x0 0x0
0xffffb8800001e880 0001 00000000 0x0 0x0
0xffffb8800001e900 0001 00000000 0x0 0x0
0xffffb8800001e980 0001 00000000 0x0 0x0
0xffffb8800001ea00 0001 00000000 0x0 0x0
0xffffb8800001ea80 0001 00000000 0x0 0x0
0xffffb8800001eb00 0001 00000000 0x0 0x0
0xffffb8800001eb80 0001 00000000 0x0 0x0
0xffffb8800001ec00 0001 00000000 0x0 0x0
0xffffb8800001ec80 0001 00000000 0x0 0x0
0xffffb8800001ed00 0001 00000000 0x0 0x0
0xffffb8800001ed80 0001 00000000 0x0 0x0
0xffffb8800001ee00 0001 00000000 0x0 0x0
0xffffb8800001ee80 0001 00000000 0x0 0x0
0xffffb8800001ef00 0001 00000000 0x0 0x0
0xffffb8800001ef80 0001 00000000 0x0 0x0
0xffffb8800001f000 0001 00000000 0x0 0x0
0xffffb8800001f080 0001 00000000 0x0 0x0
0xffffb8800001f100 0001 00000000 0x0 0x0
0xffffb8800001f180 0001 00000000 0x0 0x0
0xffffb8800001f200 0001 00000000 0x0 0x0
0xffffb8800001f280 0001 00000000 0x0 0x0
0xffffb8800001f300 0001 00000000 0x0 0x0
0xffffb8800001f380 0001 00000000 0x0 0x0
0xffffb8800001f400 0001 00000000 0x0 0x0
0xffffb8800001f480 0001 00000000 0x0 0x0
0xffffb8800001f500 0001 00000000 0x0 0x0
0xffffb8800001f580 0001 00000000 0x0 0x0
0xffffb8800001f600 0001 00000000 0x0 0x0
0xffffb8800001f680 0001 00000000 0x0 0x0
0xffffb8800001f700 0001 00000000 0x0 0x0
0xffffb8800001f780 0001 00000000 0x0 0x0
0xffffb8800001f800 0001 00000000 0x0 0x0
0xffffb8800001f880 0001 00000000 0x0 0x0
0xffffb8800001f900 0001 00000000 0x0 0x0
0xffffb8800001f980 0001 00000000 0x0 0x0
0xffffb8800001fa00 0001 00000000 0x0 0x0
0xffffb8800001fa80 0001 00000000 0x0 0x0
0xffffb8800001fb00 0001 00000000 0x0 0x0
0xffffb8800001fb80 0001 00000000 0x0 0x0
0xffffb8800001fc00 0001 00000000 0x0 0x0
0xffffb8800001fc80 0001 00000000 0x0 0x0
0xffffb8800001fd00 0001 00000000 0x0 0x0
0xffffb8800001fd80 0001 00000000 0x0 0x0
0xffffb8800001fe00 0001 00000000 0x0 0x0
0xffffb8800001fe80 0001 00000000 0x0 0x0
0xffffb8800001ff00 0001 00000000 0x0 0x0
0xffffb8800001ff80 0001 00000000 0x0 0x0
0xffffb88000020000 0001 00000000 0x0 0x0
0xffffb88000020080 0001 00000000 0x0 0x0
0xffffb88000020100 0001 00000000 0x0 0x0
0xffffb88000020180 0001 00000000 0x0 0x0
0xffffb88000020200 0001 00000000 0x0 0x0
0xffffb88000020280 0001 00000000 0x0 0x0
0xffffb88000020300 0001 00000000 0x0 0x0
0xffffb88000020380 0001 00000000 0x0 0x0
0xffffb88000020400 0001 00000000 0x0 0x0
0xffffb88000020480 0001 00000000 0x0 0x0
0xffffb88000020500 0001 00000000 0x0 0x0
0xffffb88000020580 0001 00000000 0x0 0x0
0xffffb88000020600 0001 00000000 0x0 0x0
0xffffb88000020680 0001 00000000 0x0 0x0
0xffffb88000020700 0001 00000000 0x0 0x0
0xffffb88000020780 0001 00000000 0x0 0x0
0xffffb88000020800 0001 00000000 0x0 0x0
0xffffb88000020880 0001 00000000 0x0 0x0
0xffffb88000020900 0001 00000000 0x0 0x0
0xffffb88000020980 0001 00000000 0x0 0x0
0xffffb88000020a00 0001 00000000 0x0 0x0
0xffffb88000020a80 0001 00000000 0x0 0x0
0xffffb88000020b00 0001 00000000 0x0 0x0
0xffffb88000020b80 0001 00000000 0x0 0x0
0xffffb88000020c00 0001 00000000 0x0 0x0
0xffffb88000020c80 0001 00000000 0x0 0x0
0xffffb88000020d00 0001 00000000 0x0 0x0
0xffffb88000020d80 0001 00000000 0x0 0x0
0xffffb88000020e00 0001 00000000 0x0 0x0
0xffffb88000020e80 0001 00000000 0x0 0x0
0xffffb88000020f00 0001 00000000 0x0 0x0
0xffffb88000020f80 0001 00000000 0x0 0x0
0xffffb88000021000 0001 00000000 0x0 0x0
0xffffb88000021080 0001 00000000 0x0 0x0
0xffffb88000021100 0001 00000000 0x0 0x0
0xffffb88000021180 0001 00000000 0x0 0x0
0xffffb88000021200 0001 00000000 0x0 0x0
0xffffb88000021280 0001 00000000 0x0 0x0
0xffffb88000021300 0001 00000000 0x0 0x0
0xffffb88000021380 0001 00000000 0x0 0x0
0xffffb88000021400 0001 00000000 0x0 0x0
0xffffb88000021480 0001 00000000 0x0 0x0
0xffffb88000021500 0001 00000000 0x0 0x0
0xffffb88000021580 0001 00000000 0x0 0x0
0xffffb88000021600 0001 00000000 0x0 0x0
0xffffb88000021680 0001 00000000 0x0 0x0
0xffffb88000021700 0001 00000000 0x0 0x0
0xffffb88000021780 0001 00000000 0x0 0x0
0xffffb88000021800 0001 00000000 0x0 0x0
0xffffb88000021880 0001 00000000 0x0 0x0
0xffffb88000021900 0001 00000000 0x0 0x0
0xffffb88000021980 0001 00000000 0x0 0x0
0xffffb88000021a00 0001 00000000 0x0 0x0
0xffffb88000021a80 0001 00000000 0x0 0x0
0xffffb88000021b00 0001 00000000 0x0 0x0
0xffffb88000021b80 0001 00000000 0x0 0x0
0xffffb88000021c00 0001 00000000 0x0 0x0
0xffffb88000021c80 0001 00000000 0x0 0x0
0xffffb88000021d00 0001 00000000 0x0 0x0
0xffffb88000021d80 0001 00000000 0x0 0x0
0xffffb88000021e00 0001 00000000 0x0 0x0
0xffffb88000021e80 0001 00000000 0x0 0x0
0xffffb88000021f00 0001 00000000 0x0 0x0
0xffffb88000021f80 0001 00000000 0x0 0x0
0xffffb88000022000 0001 00000000 0x0 0x0
0xffffb88000022080 0001 00000000 0x0 0x0
0xffffb88000022100 0001 00000000 0x0 0x0
0xffffb88000022180 0001 00000000 0x0 0x0
0xffffb88000022200 0001 00000000 0x0 0x0
0xffffb88000022280 0001 00000000 0x0 0x0
0xffffb88000022300 0001 00000000 0x0 0x0
0xffffb88000022380 0001 00000000 0x0 0x0
0xffffb88000022400 0001 00000000 0x0 0x0
0xffffb88000022480 0001 00000000 0x0 0x0
0xffffb88000022500 0001 00000000 0x0 0x0
0xffffb88000022580 0001 00000000 0x0 0x0
0xffffb88000022600 0001 00000000 0x0 0x0
0xffffb88000022680 0001 00000000 0x0 0x0
0xffffb88000022700 0001 00000000 0x0 0x0
0xffffb88000022780 0001 00000000 0x0 0x0
0xffffb88000022800 0001 00000000 0x0 0x0
0xffffb88000022880 0001 00000000 0x0 0x0
0xffffb88000022900 0001 00000000 0x0 0x0
0xffffb88000022980 0001 00000000 0x0 0x0
0xffffb88000022a00 0001 00000000 0x0 0x0
0xffffb88000022a80 0001 00000000 0x0 0x0
0xffffb88000022b00 0001 00000000 0x0 0x0
0xffffb88000022b80 0001 00000000 0x0 0x0
0xffffb88000022c00 0001 00000000 0x0 0x0
0xffffb88000022c80 0001 00000000 0x0 0x0
0xffffb88000022d00 0001 00000000 0x0 0x0
0xffffb88000022d80 0001 00000000 0x0 0x0
0xffffb88000022e00 0001 00000000 0x0 0x0
0xffffb88000022e80 0001 00000000 0x0 0x0
0xffffb88000022f00 0001 00000000 0x0 0x0
0xffffb88000022f80 0001 00000000 0x0 0x0
0xffffb88000023000 0001 00000000 0x0 0x0
0xffffb88000023080 0001 00000000 0x0 0x0
0xffffb88000023100 0001 00000000 0x0 0x0
0xffffb88000023180 0001 00000000 0x0 0x0
0xffffb88000023200 0001 00000000 0x0 0x0
0xffffb88000023280 0001 00000000 0x0 0x0
0xffffb88000023300 0001 00000000 0x0 0x0
0xffffb88000023380 0001 00000000 0x0 0x0
0xffffb88000023400 0001 00000000 0x0 0x0
0xffffb88000023480 0001 00000000 0x0 0x0
0xffffb88000023500 0001 00000000 0x0 0x0
0xffffb88000023580 0001 00000000 0x0 0x0
0xffffb88000023600 0001 00000000 0x0 0x0
0xffffb88000023680 0001 00000000 0x0 0x0
0xffffb88000023700 0001 00000000 0x0 0x0
0xffffb88000023780 0001 00000000 0x0 0x0
0xffffb88000023800 0001 00000000 0x0 0x0
0xffffb88000023880 0001 00000000 0x0 0x0
0xffffb88000023900 0001 00000000 0x0 0x0
0xffffb88000023980 0001 00000000 0x0 0x0
0xffffb88000023a00 0001 00000000 0x0 0x0
0xffffb88000023a80 0001 00000000 0x0 0x0
0xffffb88000023b00 0001 00000000 0x0 0x0
0xffffb88000023b80 0001 00000000 0x0 0x0
0xffffb88000023c00 0001 00000000 0x0 0x0
0xffffb88000023c80 0001 00000000 0x0 0x0
0xffffb88000023d00 0001 00000000

---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

[syzbot]

syzbot has found a reproducer for the following issue on:

HEAD commit: abe4f82692e7 Looks like this debug library disappeared wit..
git tree: netbsd

console output: https://syzkaller.appspot.com/x/log.txt?x=11c18533280000

kernel config: https://syzkaller.appspot.com/x/.config?x=fab579639ba4bf0a
dashboard link: https://syzkaller.appspot.com/bug?extid=a9e3a375f2ffee1cc42a
compiler: g++ (Debian 10.2.1-6) 10.2.1 20210110

syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13fc8adb280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10053933280000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1e5cadbb580a/disk-abe4f826.raw.xz
netbsd.gdb: https://storage.googleapis.com/syzbot-assets/756f2fa58097/netbsd-abe4f826.gdb.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a9e3a3...@syzkaller.appspotmail.com

[ 58.8638151] panic: ASan: Unauthorized Access In 0xffffffff81b9f833: Addr 0xffffb4801290b2f8 [8 bytes, write, PoolUseAfterFree]

[ 58.8638151] cpu0: Begin traceback...
[ 58.8638151] vpanic() at netbsd:vpanic+0x282 sys/kern/subr_prf.c:292
[ 58.8638151] panic() at netbsd:panic+0x9e sys/kern/subr_prf.c:1060
[ 58.8638151] kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:169 [inline]
[ 58.8638151] kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:201
[ 58.8638151] __asan_store8() at netbsd:__asan_store8+0xaf kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:371 [inline]
[ 58.8638151] __asan_store8() at netbsd:__asan_store8+0xaf kasan_shadow_check sys/kern/subr_asan.c:421 [inline]
[ 58.8638151] __asan_store8() at netbsd:__asan_store8+0xaf sys/kern/subr_asan.c:1208
[ 58.8638151] callout_hardclock() at netbsd:callout_hardclock+0xf7 sys/kern/kern_timeout.c:789
[ 58.8638151] hardclock() at netbsd:hardclock+0x18d sys/kern/kern_clock.c:301
[ 58.8638151] Xresume_lapic_ltimer() at netbsd:Xresume_lapic_ltimer+0x1e
[ 58.8638151] --- interrupt ---
[ 58.8638151] x86_stihlt() at netbsd:x86_stihlt+0x6
[ 58.8638151] acpicpu_md_cstate_enter() at netbsd:acpicpu_md_cstate_enter+0xe8 sys/arch/x86/acpi/acpi_cpu_md.c:434
[ 58.8638151] acpicpu_cstate_idle() at netbsd:acpicpu_cstate_idle+0x481 acpicpu_cstate_idle_enter sys/dev/acpi/acpi_cpu_cstate.c:765 [inline]
[ 58.8638151] acpicpu_cstate_idle() at netbsd:acpicpu_cstate_idle+0x481 sys/dev/acpi/acpi_cpu_cstate.c:703
[ 58.8638151] idle_loop() at netbsd:idle_loop+0x3d5 sys/kern/kern_idle.c:85
[ 58.8638151] cpu0: End traceback...
[ 58.8638151] fatal breakpoint trap in supervisor mode
[ 58.8638151] trap type 1 code 0 rip 0xffffffff8023241d cs 0x8 rflags 0x246 cr2 0x20000180 ilevel 0x8 rsp 0xffffb4822f7b7958
[ 58.8638151] curlwp 0xffffb4800fb31040 pid 0.2 lowest kstack 0xffffb4822f7b02c0
Stopped in pid 0.2 (system) at netbsd:breakpoint+0x5: leave

?
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:69
vpanic() at netbsd:vpanic+0x282 sys/kern/subr_prf.c:292
panic() at netbsd:panic+0x9e sys/kern/subr_prf.c:1060
kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:169 [inline]
kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:201
__asan_store8() at netbsd:__asan_store8+0xaf kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:371 [inline]
__asan_store8() at netbsd:__asan_store8+0xaf kasan_shadow_check sys/kern/subr_asan.c:421 [inline]
__asan_store8() at netbsd:__asan_store8+0xaf sys/kern/subr_asan.c:1208
callout_hardclock() at netbsd:callout_hardclock+0xf7 sys/kern/kern_timeout.c:789
hardclock() at netbsd:hardclock+0x18d sys/kern/kern_clock.c:301
Xresume_lapic_ltimer() at netbsd:Xresume_lapic_ltimer+0x1e
--- interrupt ---

x86_stihlt() at netbsd:x86_stihlt+0x6
acpicpu_md_cstate_enter() at netbsd:acpicpu_md_cstate_enter+0xe8 sys/arch/x86/acpi/acpi_cpu_md.c:434
acpicpu_cstate_idle() at netbsd:acpicpu_cstate_idle+0x481 acpicpu_cstate_idle_enter sys/dev/acpi/acpi_cpu_cstate.c:765 [inline]
acpicpu_cstate_idle() at netbsd:acpicpu_cstate_idle+0x481 sys/dev/acpi/acpi_cpu_cstate.c:703
idle_loop() at netbsd:idle_loop+0x3d5 sys/kern/kern_idle.c:85
Panic string: ASan: Unauthorized Access In 0xffffffff81b9f833: Addr 0xffffb4801290b2f8 [8 bytes, write, PoolUseAfterFree]

PID LID S CPU FLAGS STRUCT LWP * NAME WAIT

1350 1350 3 0 0 ffffb48012c12640 syz-executor4206 tstile
1203 1203 3 1 0 ffffb48012c37280 syz-executor4206 tstile
1210 1210 3 0 0 ffffb48012c12a80 syz-executor4206 tstile
1206 1206 3 1 0 ffffb48012c5a2c0 syz-executor4206 tstile
332 332 3 0 180 ffffb48012c12200 syz-executor4206 at_ifinit
331 331 3 1 0 ffffb48012c27240 syz-executor4206 tstile
1245 1245 3 0 180 ffffb48013cfda40 syz-executor4206 nanoslp
829 829 3 0 180 ffffb48013cfd1c0 syz-executor4206 nanoslp
1241 1241 3 0 180 ffffb480133ebb00 syz-executor4206 nanoslp
1239 1239 3 0 180 ffffb480133c6a80 syz-executor4206 nanoslp
1223 1223 3 0 180 ffffb48012cdf140 syz-executor4206 nanoslp
449 449 3 0 180 ffffb48012a4a780 syz-executor4206 nanoslp
1128 1128 3 0 180 ffffb48012b7a540 syz-executor4206 nanoslp
1230 1230 3 1 180 ffffb48012ad2500 sshd select
813 813 3 0 180 ffffb480126eb480 getty nanoslp
1058 1058 3 1 180 ffffb480134959c0 getty nanoslp
1225 1225 3 0 180 ffffb48013358100 getty nanoslp
1216 1216 3 1 1c0 ffffb480134ae5c0 getty ttyraw
1101 1101 3 0 180 ffffb480133b6a40 sshd select
1023 1023 3 1 180 ffffb48012d47740 powerd kqueue
700 700 3 1 180 ffffb48013431b40 syslogd kqueue
746 746 3 0 180 ffffb48012c27ac0 dhcpcd poll
747 747 3 1 180 ffffb48012cc5500 dhcpcd poll
742 742 3 1 0 ffffb48012c376c0 dhcpcd tstile
602 602 3 0 180 ffffb48012c94bc0 dhcpcd poll
487 487 3 0 180 ffffb48012dc90c0 dhcpcd poll
292 292 3 0 180 ffffb48012db0900 dhcpcd poll
485 485 3 1 0 ffffb48012db04c0 dhcpcd tstile
1 1 3 0 180 ffffb48012878180 init wait
0 686 3 0 200 ffffb480129a16c0 physiod physiod
0 196 3 1 200 ffffb480129a3700 pooldrain pooldrain
0 195 3 0 200 ffffb480129a32c0 ioflush syncer
0 194 3 0 200 ffffb480129a1b00 pgdaemon pgdaemon
0 167 3 1 200 ffffb48012961ac0 usb7 usbevt
0 172 3 1 200 ffffb48012961680 usb6 usbevt
0 170 3 1 200 ffffb48012961240 usb5 usbevt
0 168 3 0 200 ffffb48012915a80 usb4 usbevt
0 166 3 0 200 ffffb48012915640 usb3 usbevt
0 165 3 0 200 ffffb48012915200 usb2 usbevt
0 31 3 0 200 ffffb480128d9a40 usb1 usbevt
0 63 3 0 200 ffffb480128d9600 usb0 usbevt
0 126 3 1 200 ffffb480128d91c0 usbtask-dr usbtsk
0 125 3 1 200 ffffb48012878a00 usbtask-hc usbtsk
0 124 3 0 200 ffffb48010d76b00 swwreboot swwreboot
0 123 3 1 200 ffffb480128785c0 npfgc0 npfgcw
0 122 3 1 200 ffffb4801286a9c0 rt_free rt_free
0 121 3 1 200 ffffb4801286a580 unpgc unpgc
0 120 3 0 200 ffffb4801286a140 key_timehandler key_timehandler
0 119 3 1 200 ffffb4801271b980 icmp6_wqinput/1 icmp6_wqinput
0 118 3 0 200 ffffb4801271b540 icmp6_wqinput/0 icmp6_wqinput
0 117 3 0 200 ffffb4801271b100 nd6_timer nd6_timer
0 116 3 1 200 ffffb48012713940 carp6_wqinput/1 carp6_wqinput
0 115 3 0 200 ffffb48012713500 carp6_wqinput/0 carp6_wqinput
0 114 3 1 200 ffffb480127130c0 carp_wqinput/1 carp_wqinput
0 113 3 0 200 ffffb48012703900 carp_wqinput/0 carp_wqinput
0 112 3 1 200 ffffb480127034c0 icmp_wqinput/1 icmp_wqinput
0 111 3 0 200 ffffb48012703080 icmp_wqinput/0 icmp_wqinput
0 110 3 0 200 ffffb480126eb8c0 rt_timer rt_timer
0 109 3 0 200 ffffb480126eb040 vmem_rehash vmem_rehash
0 100 3 1 200 ffffb480126e7300 entbutler entropy
0 99 3 1 200 ffffb480120bcb40 viomb balloon
0 98 3 1 200 ffffb480120bc700 vioif0_txrx/1 vioif0_txrx
0 97 3 0 200 ffffb480120bc2c0 vioif0_txrx/0 vioif0_txrx
0 30 3 0 200 ffffb48010d766c0 scsibus0 sccomp
0 29 3 0 200 ffffb48010d76280 pms0 pmsreset
0 28 3 1 200 ffffb48010cbcac0 xcall/1 xcall
0 27 1 1 200 ffffb48010cbc680 softser/1
0 26 1 1 200 ffffb48010cbc240 softclk/1
0 25 1 1 200 ffffb48010cb9a80 softbio/1
0 24 1 1 200 ffffb48010cb9640 softnet/1
0 > 23 1 1 201 ffffb48010cb9200 idle/1
0 22 3 0 200 ffffb4800fb56a40 lnxsyswq lnxsyswq
0 21 3 0 200 ffffb4800fb56600 lnxubdwq lnxubdwq
0 20 3 0 200 ffffb4800fb561c0 lnxpwrwq lnxpwrwq
0 19 3 0 200 ffffb4800fb55a00 lnxlngwq lnxlngwq
0 18 3 0 200 ffffb4800fb555c0 lnxhipwq lnxhipwq
0 17 3 0 200 ffffb4800fb55180 lnxrcugc lnxrcugc
0 16 3 0 200 ffffb4800fb4e9c0 sysmon smtaskq
0 15 3 0 200 ffffb4800fb4e580 pmfsuspend pmfsuspend
0 14 3 0 200 ffffb4800fb4e140 pmfevent pmfevent
0 13 3 0 200 ffffb4800fb49980 sopendfree sopendfr
0 12 3 0 200 ffffb4800fb49540 ifwdog ifwdog
0 11 3 1 200 ffffb4800fb49100 iflnkst iflnkst
0 10 3 0 200 ffffb4800fb3c940 nfssilly nfssilly
0 9 3 0 200 ffffb4800fb3c500 vdrain vdrain
0 8 3 1 200 ffffb4800fb3c0c0 modunload mod_unld
0 7 3 0 200 ffffb4800fb33900 xcall/0 xcall
0 6 1 0 200 ffffb4800fb334c0 softser/0
0 5 1 0 200 ffffb4800fb33080 softclk/0
0 4 1 0 200 ffffb4800fb318c0 softbio/0
0 3 1 0 200 ffffb4800fb31480 softnet/0
0 > 2 1 0 201 ffffb4800fb31040 idle/0

0 0 3 0 200 ffffffff8334b900 swapper uvm
[Locks tracked through LWPs]

****** LWP 1350.1350 (syz-executor4206) @ 0xffffb48012c12640, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xffffb48012c12640 last held: 000000000000000000

last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 1203.1203 (syz-executor4206) @ 0xffffb48012c37280, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0

relevant lwp : 0xffffb48012c37280 last held: 000000000000000000

last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 1210.1210 (syz-executor4206) @ 0xffffb48012c12a80, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xffffb48012c12a80 last held: 000000000000000000

last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 1206.1206 (syz-executor4206) @ 0xffffb48012c5a2c0, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0

relevant lwp : 0xffffb48012c5a2c0 last held: 000000000000000000

last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 332.332 (syz-executor4206) @ 0xffffb48012c12200, l_stat=3

*** Locks held:

* Lock 0 (initialized at netbsd:if_initialize+0x284 sys/net/if.c:762)
lock address : ffffb4800f67d800
type : sleep/adaptive
initialized : netbsd:if_initialize+0x284

shared holds : 0 exclusive: 1

shares wanted: 0 exclusive: 7

relevant cpu : 0 last held: 0

relevant lwp : 0xffffb48012c12200 last held: 0xffffb48012c12200
last locked* : netbsd:doifioctl+0x5ec
unlocked : netbsd:doifioctl+0x6f5
owner field : 0xffffb48012c12200 wait/spin: 1/0

Turnstile:
=> 0 waiting readers:

=> 7 waiting writers: 0xffffb48012c27240 0xffffb48012db04c0 0xffffb48012c12a80 0xffffb48012c376c0 0xffffb48012c37280 0xffffb48012c5a2c0 0xffffb48012c12640

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xffffb48012c12200 last held: 000000000000000000

last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 331.331 (syz-executor4206) @ 0xffffb48012c27240, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0

relevant lwp : 0xffffb48012c27240 last held: 000000000000000000

last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 747.747 (dhcpcd) @ 0xffffb48012cc5500, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0

relevant lwp : 0xffffb48012cc5500 last held: 000000000000000000

last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 742.742 (dhcpcd) @ 0xffffb48012c376c0, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0

relevant lwp : 0xffffb48012c376c0 last held: 000000000000000000

last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 292.292 (dhcpcd) @ 0xffffb48012db0900, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xffffb48012db0900 last held: 000000000000000000

last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 485.485 (dhcpcd) @ 0xffffb48012db04c0, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0

relevant lwp : 0xffffb48012db04c0 last held: 000000000000000000

last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.11 (iflnkst) @ 0xffffb4800fb49100, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0

relevant lwp : 0xffffb4800fb49100 last held: 000000000000000000

last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.5 (softclk/0) @ 0xffffb4800fb33080, l_stat=1

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xffffb4800fb33080 last held: 000000000000000000

last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.0 (swapper) @ 0xffffffff8334b900, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffffff8334b900 last held: 000000000000000000
last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

[Locks tracked through CPUs]

******* Locks held on cpu0:

* Lock 0 (initialized at netbsd:callout_startup+0x43 sys/kern/kern_timeout.c:280)

lock address : ffffb4800f67d040

type : spin
initialized : netbsd:callout_startup+0x43
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xffffb4800fb31040 last held: 0xffffb4800fb31040
last locked* : netbsd:callout_hardclock+0x42
unlocked : netbsd:sleepq_block+0x1f8

owner field : 0x0000000000010700 wait/spin: 0/1

* Lock 1 (initialized at netbsd:kprintf_init+0x61 sys/kern/subr_prf.c:156)
lock address : netbsd:kprintf_mtx
type : spin
initialized : netbsd:kprintf_init+0x61
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xffffb4800fb31040 last held: 0xffffb4800fb31040

last locked* : netbsd:kprintf_lock+0x33
unlocked : netbsd:kprintf_unlock+0x53
owner field : 0x0000000000000800 wait/spin: 0/1

PAGE FLAG PQ UOBJECT UANON

0xffffb48000017180 0041 00000000 0x0 0x0
0xffffb48000017200 0041 00000000 0x0 0x0
0xffffb48000017280 0041 00000000 0x0 0x0
0xffffb48000017300 0041 00000000 0x0 0x0
0xffffb48000017380 0041 00000000 0x0 0x0
0xffffb48000017400 0041 00000000 0x0 0x0
0xffffb48000017480 0041 00000000 0x0 0x0
0xffffb48000017500 0041 00000000 0x0 0x0
0xffffb48000017580 0041 00000000 0x0 0x0
0xffffb48000017600 0041 00000000 0x0 0x0
0xffffb48000017680 0041 00000000 0x0 0x0
0xffffb48000017700 0041 00000000 0x0 0x0
0xffffb48000017780 0041 00000000 0x0 0x0
0xffffb48000017800 0041 00000000 0x0 0x0
0xffffb48000017880 0041 00000000 0x0 0x0
0xffffb48000017900 0041 00000000 0x0 0x0
0xffffb48000017980 0041 00000000 0x0 0x0
0xffffb48000017a00 0041 00000000 0x0 0x0
0xffffb48000017a80 0041 00000000 0x0 0x0
0xffffb48000017b00 0041 00000000 0x0 0x0
0xffffb48000017b80 0041 00000000 0x0 0x0
0xffffb48000017c00 0041 00000000 0x0 0x0
0xffffb48000017c80 0041 00000000 0x0 0x0
0xffffb48000017d00 0041 00000000 0x0 0x0
0xffffb48000017d80 0041 00000000 0x0 0x0
0xffffb48000017e00 0041 00000000 0x0 0x0
0xffffb48000017e80 0041 00000000 0x0 0x0
0xffffb48000017f00 0041 00000000 0x0 0x0
0xffffb48000017f80 0041 00000000 0x0 0x0
0xffffb48000018000 0041 00000000 0x0 0x0
0xffffb48000018080 0041 00000000 0x0 0x0
0xffffb48000018100 0041 00000000 0x0 0x0
0xffffb48000018180 0041 00000000 0x0 0x0
0xffffb48000018200 0041 00000000 0x0 0x0
0xffffb48000018280 0041 00000000 0x0 0x0
0xffffb48000018300 0041 00000000 0x0 0x0
0xffffb48000018380 0041 00000000 0x0 0x0
0xffffb48000018400 0041 00000000 0x0 0x0
0xffffb48000018480 0041 00000000 0x0 0x0
0xffffb48000018500 0041 00000000 0x0 0x0
0xffffb48000018580 0041 00000000 0x0 0x0
0xffffb48000018600 0041 00000000 0x0 0x0
0xffffb48000018680 0041 00000000 0x0 0x0
0xffffb48000018700 0041 00000000 0x0 0x0
0xffffb48000018780 0041 00000000 0x0 0x0
0xffffb48000018800 0041 00000000 0x0 0x0
0xffffb48000018880 0041 00000000 0x0 0x0
0xffffb48000018900 0041 00000000 0x0 0x0
0xffffb48000018980 0041 00000000 0x0 0x0
0xffffb48000018a00 0041 00000000 0x0 0x0
0xffffb48000018a80 0041 00000000 0x0 0x0
0xffffb48000018b00 0041 00000000 0x0 0x0
0xffffb48000018b80 0041 00000000 0x0 0x0
0xffffb48000018c00 0041 00000000 0x0 0x0
0xffffb48000018c80 0041 00000000 0x0 0x0
0xffffb48000018d00 0041 00000000 0x0 0x0
0xffffb48000018d80 0041 00000000 0x0 0x0
0xffffb48000018e00 0041 00000000 0x0 0x0
0xffffb48000018e80 0041 00000000 0x0 0x0
0xffffb48000018f00 0041 00000000 0x0 0x0
0xffffb48000018f80 0041 00000000 0x0 0x0
0xffffb48000019000 0041 00000000 0x0 0x0
0xffffb48000019080 0041 00000000 0x0 0x0
0xffffb48000019100 0041 00000000 0x0 0x0
0xffffb48000019180 0041 00000000 0x0 0x0
0xffffb48000019200 0041 00000000 0x0 0x0
0xffffb48000019280 0041 00000000 0x0 0x0
0xffffb48000019300 0041 00000000 0x0 0x0
0xffffb48000019380 0041 00000000 0x0 0x0
0xffffb48000019400 0041 00000000 0x0 0x0
0xffffb48000019480 0041 00000000 0x0 0x0
0xffffb48000019500 0041 00000000 0x0 0x0
0xffffb48000019580 0041 00000000 0x0 0x0
0xffffb48000019600 0041 00000000 0x0 0x0
0xffffb48000019680 0041 00000000 0x0 0x0
0xffffb48000019700 0041 00000000 0x0 0x0
0xffffb48000019780 0041 00000000 0x0 0x0
0xffffb48000019800 0041 00000000 0x0 0x0
0xffffb48000019880 0041 00000000 0x0 0x0
0xffffb48000019900 0041 00000000 0x0 0x0
0xffffb48000019980 0041 00000000 0x0 0x0
0xffffb48000019a00 0041 00000000 0x0 0x0
0xffffb48000019a80 0041 00000000 0x0 0x0
0xffffb48000019b00 0041 00000000 0x0 0x0
0xffffb48000019b80 0041 00000000 0x0 0x0
0xffffb48000019c00 0041 00000000 0x0 0x0
0xffffb48000019c80 0041 00000000 0x0 0x0
0xffffb48000019d00 0041 00000000 0x0 0x0
0xffffb48000019d80 0041 00000000 0x0 0x0
0xffffb48000019e00 0041 00000000 0x0 0x0
0xffffb48000019e80 0041 00000000 0x0 0x0
0xffffb48000019f00 0041 00000000 0x0 0x0
0xffffb48000019f80 0041 00000000 0x0 0x0
0xffffb4800001a000 0041 00000000 0x0 0x0
0xffffb4800001a080 0041 00000000 0x0 0x0
0xffffb4800001a100 0041 00000000 0x0 0x0
0xffffb4800001a180 0041 00000000 0x0 0x0
0xffffb4800001a200 0041 00000000 0x0 0x0
0xffffb4800001a280 0041 00000000 0x0 0x0
0xffffb4800001a300 0041 00000000 0x0 0x0
0xffffb4800001a380 0041 00000000 0x0 0x0
0xffffb4800001a400 0041 00000000 0x0 0x0
0xffffb4800001a480 0041 00000000 0x0 0x0
0xffffb4800001a500 0041 00000000 0x0 0x0

0xffffb4800001a580 0041 00000000 0x0 0x0

0xffffb4800001a600 0041 00000000 0x0 0x0

0xffffb4800001a680 0041 00000000 0x0 0x0

0xffffb4800001a700 0041 00000000 0x0 0x0

0xffffb4800001a780 0041 00000000 0x0 0x0

0xffffb4800001a800 0041 00000000 0x0 0x0

0xffffb4800001a880 0041 00000000 0x0 0x0

0xffffb4800001a900 0041 00000000 0x0 0x0

0xffffb4800001a980 0041 00000000 0x0 0x0

0xffffb4800001aa00 0041 00000000 0x0 0x0
0xffffb4800001aa80 0041 00000000 0x0 0x0
0xffffb4800001ab00 0041 00000000 0x0 0x0
0xffffb4800001ab80 0041 00000000 0x0 0x0
0xffffb4800001ac00 0041 00000000 0x0 0x0
0xffffb4800001ac80 0041 00000000 0x0 0x0
0xffffb4800001ad00 0041 00000000 0x0 0x0
0xffffb4800001ad80 0041 00000000 0x0 0x0
0xffffb4800001ae00 0041 00000000 0x0 0x0
0xffffb4800001ae80 0041 00000000 0x0 0x0
0xffffb4800001af00 0041 00000000 0x0 0x0
0xffffb4800001af80 0041 00000000 0x0 0x0
0xffffb4800001b000 0041 00000000 0x0 0x0
0xffffb4800001b080 0041 00000000 0x0 0x0
0xffffb4800001b100 0041 00000000 0x0 0x0
0xffffb4800001b180 0041 00000000 0x0 0x0
0xffffb4800001b200 0041 00000000 0x0 0x0
0xffffb4800001b280 0041 00000000 0x0 0x0
0xffffb4800001b300 0041 00000000 0x0 0x0
0xffffb4800001b380 0041 00000000 0x0 0x0
0xffffb4800001b400 0041 00000000 0x0 0x0
0xffffb4800001b480 0041 00000000 0x0 0x0
0xffffb4800001b500 0041 00000000 0x0 0x0
0xffffb4800001b580 0041 00000000 0x0 0x0
0xffffb4800001b600 0041 00000000 0x0 0x0
0xffffb4800001b680 0041 00000000 0x0 0x0
0xffffb4800001b700 0041 00000000 0x0 0x0
0xffffb4800001b780 0041 00000000 0x0 0x0
0xffffb4800001b800 0041 00000000 0x0 0x0
0xffffb4800001b880 0041 00000000 0x0 0x0
0xffffb4800001b900 0041 00000000 0x0 0x0
0xffffb4800001b980 0041 00000000 0x0 0x0
0xffffb4800001ba00 0041 00000000 0x0 0x0
0xffffb4800001ba80 0041 00000000 0x0 0x0
0xffffb4800001bb00 0041 00000000 0x0 0x0
0xffffb4800001bb80 0001 00000000 0x0 0x0
0xffffb4800001bc00 0001 00000000 0x0 0x0
0xffffb4800001bc80 0001 00000000 0x0 0x0
0xffffb4800001bd00 0001 00000000 0x0 0x0
0xffffb4800001bd80 0001 00000000 0x0 0x0
0xffffb4800001be00 0001 00000000 0x0 0x0
0xffffb4800001be80 0001 00000000 0x0 0x0
0xffffb4800001bf00 0001 00000000 0x0 0x0
0xffffb4800001bf80 0001 00000000 0x0 0x0
0xffffb4800001c000 0001 00000000 0x0 0x0
0xffffb4800001c080 0001 00000000 0x0 0x0
0xffffb4800001c100 0001 00000000 0x0 0x0
0xffffb4800001c180 0001 00000000 0x0 0x0
0xffffb4800001c200 0001 00000000 0x0 0x0
0xffffb4800001c280 0001 00000000 0x0 0x0
0xffffb4800001c300 0001 00000000 0x0 0x0
0xffffb4800001c380 0001 00000000 0x0 0x0
0xffffb4800001c400 0001 00000000 0x0 0x0
0xffffb4800001c480 0001 00000000 0x0 0x0
0xffffb4800001c500 0001 00000000 0x0 0x0
0xffffb4800001c580 0001 00000000 0x0 0x0
0xffffb4800001c600 0001 00000000 0x0 0x0
0xffffb4800001c680 0001 00000000 0x0 0x0
0xffffb4800001c700 0001 00000000 0x0 0x0
0xffffb4800001c780 0001 00000000 0x0 0x0
0xffffb4800001c800 0001 00000000 0x0 0x0
0xffffb4800001c880 0001 00000000 0x0 0x0
0xffffb4800001c900 0001 00000000 0x0 0x0
0xffffb4800001c980 0001 00000000 0x0 0x0
0xffffb4800001ca00 0001 00000000 0x0 0x0
0xffffb4800001ca80 0001 00000000 0x0 0x0
0xffffb4800001cb00 0001 00000000 0x0 0x0
0xffffb4800001cb80 0001 00000000 0x0 0x0
0xffffb4800001cc00 0001 00000000 0x0 0x0
0xffffb4800001cc80 0001 00000000 0x0 0x0
0xffffb4800001cd00 0001 00000000 0x0 0x0
0xffffb4800001cd80 0001 00000000 0x0 0x0
0xffffb4800001ce00 0001 00000000 0x0 0x0
0xffffb4800001ce80 0001 00000000 0x0 0x0
0xffffb4800001cf00 0001 00000000 0x0 0x0
0xffffb4800001cf80 0001 00000000 0x0 0x0
0xffffb4800001d000 0001 00000000 0x0 0x0
0xffffb4800001d080 0001 00000000 0x0 0x0
0xffffb4800001d100 0001 00000000 0x0 0x0
0xffffb4800001d180 0001 00000000 0x0 0x0
0xffffb4800001d200 0001 00000000 0x0 0x0
0xffffb4800001d280 0001 00000000 0x0 0x0
0xffffb4800001d300 0001 00000000 0x0 0x0
0xffffb4800001d380 0001 00000000 0x0 0x0
0xffffb4800001d400 0001 00000000 0x0 0x0
0xffffb4800001d480 0001 00000000 0x0 0x0
0xffffb4800001d500 0001 00000000 0x0 0x0
0xffffb4800001d580 0001 00000000 0x0 0x0
0xffffb4800001d600 0001 00000000 0x0 0x0
0xffffb4800001d680 0001 00000000 0x0 0x0
0xffffb4800001d700 0001 00000000 0x0 0x0
0xffffb4800001d780 0001 00000000 0x0 0x0
0xffffb4800001d800 0001 00000000 0x0 0x0
0xffffb4800001d880 0001 00000000 0x0 0x0
0xffffb4800001d900 0001 00000000 0x0 0x0
0xffffb4800001d980 0001 00000000 0x0 0x0
0xffffb4800001da00 0001 00000000 0x0 0x0
0xffffb4800001da80 0001 00000000 0x0 0x0
0xffffb4800001db00 0001 00000000 0x0 0x0
0xffffb4800001db80 0001 00000000 0x0 0x0
0xffffb4800001dc00 0001 00000000 0x0 0x0
0xffffb4800001dc80 0001 00000000 0x0 0x0
0xffffb4800001dd00 0001 00000000 0x0 0x0
0xffffb4800001dd80 0001 00000000 0x0 0x0
0xffffb4800001de00 0001 00000000 0x0 0x0
0xffffb4800001de80 0001 00000000 0x0 0x0
0xffffb4800001df00 0001 00000000 0x0 0x0
0xffffb4800001df80 0001 00000000 0x0 0x0
0xffffb4800001e000 0001 00000000 0x0 0x0
0xffffb4800001e080 0001 00000000 0x0 0x0
0xffffb4800001e100 0001 00000000 0x0 0x0
0xffffb4800001e180 0001 00000000 0x0 0x0
0xffffb4800001e200 0001 00000000 0x0 0x0
0xffffb4800001e280 0001 00000000 0x0 0x0
0xffffb4800001e300 0001 00000000 0x0 0x0
0xffffb4800001e380 0001 00000000 0x0 0x0
0xffffb4800001e400 0001 00000000 0x0 0x0
0xffffb4800001e480 0001 00000000 0x0 0x0
0xffffb4800001e500 0001 00000000 0x0 0x0
0xffffb4800001e580 0001 00000000 0x0 0x0
0xffffb4800001e600 0001 00000000 0x0 0x0
0xffffb4800001e680 0001 00000000 0x0 0x0
0xffffb4800001e700 0001 00000000 0x0 0x0
0xffffb4800001e780 0001 00000000 0x0 0x0
0xffffb4800001e800 0001 00000000 0x0 0x0
0xffffb4800001e880 0001 00000000 0x0 0x0
0xffffb4800001e900 0001 00000000 0x0 0x0
0xffffb4800001e980 0001 00000000 0x0 0x0
0xffffb4800001ea00 0001 00000000 0x0 0x0
0xffffb4800001ea80 0001 00000000 0x0 0x0
0xffffb4800001eb00 0001 00000000 0x0 0x0
0xffffb4800001eb80 0001 00000000 0x0 0x0
0xffffb4800001ec00 0001 00000000 0x0 0x0
0xffffb4800001ec80 0001 00000000 0x0 0x0
0xffffb4800001ed00 0001 00000000 0x0 0x0
0xffffb4800001ed80 0001 00000000 0x0 0x0
0xffffb4800001ee00 0001 00000000 0x0 0x0
0xffffb4800001ee80 0001 00000000 0x0 0x0
0xffffb4800001ef00 0001 00000000 0x0 0x0
0xffffb4800001ef80 0001 00000000 0x0 0x0
0xffffb4800001f000 0001 00000000 0x0 0x0
0xffffb4800001f080 0001 00000000 0x0 0x0
0xffffb4800001f100 0001 00000000 0x0 0x0
0xffffb4800001f180 0001 00000000 0x0 0x0
0xffffb4800001f200 0001 00000000 0x0 0x0
0xffffb4800001f280 0001 00000000 0x0 0x0
0xffffb4800001f300 0001 00000000 0x0 0x0
0xffffb4800001f380 0001 00000000 0x0 0x0
0xffffb4800001f400 0001 00000000 0x0 0x0
0xffffb4800001f480 0001 00000000 0x0 0x0
0xffffb4800001f500 0001 00000000 0x0 0x0
0xffffb4800001f580 0001 00000000 0x0 0x0
0xffffb4800001f600 0001 00000000 0x0 0x0
0xffffb4800001f680 0001 00000000 0x0 0x0
0xffffb4800001f700 0001 00000000 0x0 0x0
0xffffb4800001f780 0001 00000000 0x0 0x0
0xffffb4800001f800 0001 00000000 0x0 0x0
0xffffb4800001f880 0001 00000000 0x0 0x0
0xffffb4800001f900 0001 00000000 0x0 0x0
0xffffb4800001f980 0001 00000000 0x0 0x0
0xffffb4800001fa00 0001 00000000 0x0 0x0
0xffffb4800001fa80 0001 00000000 0x0 0x0
0xffffb4800001fb00 0001 00000000 0x0 0x0
0xffffb4800001fb80 0001 00000000 0x0 0x0
0xffffb4800001fc00 0001 00000000 0x0 0x0
0xffffb4800001fc80 0001 00000000 0x0 0x0
0xffffb4800001fd00 0001 00000000 0x0 0x0
0xffffb4800001fd80 0001 00000000 0x0 0x0
0xffffb4800001fe00 0001 00000000 0x0 0x0
0xffffb4800001fe80 0001 00000000 0x0 0x0
0xffffb4800001ff00 0001 00000000 0x0 0x0
0xffffb4800001ff80 0001 00000000 0x0 0x0
0xffffb48000020000 0001 00000000 0x0 0x0
0xffffb48000020080 0001 00000000 0x0 0x0
0xffffb48000020100 0001 00000000 0x0 0x0
0xffffb48000020180 0001 00000000 0x0 0x0
0xffffb48000020200 0001 00000000 0x0 0x0
0xffffb48000020280 0001 00000000 0x0 0x0
0xffffb48000020300 0001 00000000 0x0 0x0
0xffffb48000020380 0001 00000000 0x0 0x0
0xffffb48000020400 0001 00000000 0x0 0x0
0xffffb48000020480 0001 00000000 0x0 0x0
0xffffb48000020500 0001 00000000 0x0 0x0
0xffffb48000020580 0001 00000000 0x0 0x0
0xffffb48000020600 0001 00000000 0x0 0x0
0xffffb48000020680 0001 00000000 0x0 0x0
0xffffb48000020700 0001 00000000 0x0 0x0
0xffffb48000020780 0001 00000000 0x0 0x0
0xffffb48000020800 0001 00000000 0x0 0x0
0xffffb48000020880 0001 00000000 0x0 0x0
0xffffb48000020900 0001 00000000 0x0 0x0
0xffffb48000020980 0001 00000000 0x0 0x0
0xffffb48000020a00 0001 00000000 0x0 0x0
0xffffb48000020a80 0001 00000000 0x0 0x0
0xffffb48000020b00 0001 00000000 0x0 0x0
0xffffb48000020b80 0001 00000000 0x0 0x0
0xffffb48000020c00 0001 00000000 0x0 0x0
0xffffb48000020c80 0001 00000000 0x0 0x0
0xffffb48000020d00 0001 00000000 0x0 0x0
0xffffb48000020d80 0001 00000000 0x0 0x0
0xffffb48000020e00 0001 00000000 0x0 0x0
0xffffb48000020e80 0001 00000000 0x0 0x0
0xffffb48000020f00 0001 00000000 0x0 0x0
0xffffb48000020f80 0001 00000000 0x0 0x0
0xffffb48000021000 0001 00000000 0x0 0x0
0xffffb48000021080 0001 00000000 0x0 0x0
0xffffb48000021100 0001 00000000 0x0 0x0
0xffffb48000021180 0001 00000000 0x0 0x0
0xffffb48000021200 0001 00000000 0x0 0x0
0xffffb48000021280 0001 00000000 0x0 0x0
0xffffb48000021300 0001 00000000 0x0 0x0
0xffffb48000021380 0001 00000000 0x0 0x0
0xffffb48000021400 0001 00000000 0x0 0x0
0xffffb48000021480 0001 00000000 0x0 0x0
0xffffb48000021500 0001 00000000 0x0 0x0
0xffffb48000021580 0001 00000000 0x0 0x0
0xffffb48000021600 0001 00000000 0x0 0x0
0xffffb48000021680 0001 00000000 0x0 0x0
0xffffb48000021700 0001 00000000 0x0 0x0
0xffffb48000021780 0001 00000000 0x0 0x0
0xffffb48000021800 0001 00000000 0x0 0x0
0xffffb48000021880 0001 00000000 0x0 0x0
0xffffb48000021900 0001 00000000 0x0 0x0
0xffffb48000021980 0001 00000000 0x0 0x0
0xffffb48000021a00 0001 00000000 0x0 0x0
0xffffb48000021a80 0001 00000000 0x0 0x0
0xffffb48000021b00 0001 00000000 0x0 0x0
0xffffb48000021b80 0001 00000000 0x0 0x0
0xffffb48000021c00 0001 00000000 0x0 0x0
0xffffb48000021c80 0001 00000000 0x0 0x0
0xffffb48000021d00 0001 00000000 0x0 0x0
0xffffb48000021d80 0001 00000000 0x0 0x0
0xffffb48000021e00 0001 00000000 0x0 0x0
0xffffb48000021e80 0001 00000000 0x0 0x0
0xffffb48000021f00 0001 00000000 0x0 0x0
0xffffb48000021f80 0001 00000000 0x0 0x0
0xffffb48000022000 0001 00000000 0x0 0x0
0xffffb48000022080 0001 00000000 0x0 0x0
0xffffb48000022100 0001 00000000 0x0 0x0
0xffffb48000022180 0001 00000000 0x0 0x0
0xffffb48000022200 0001 00000000 0x0 0x0
0xffffb48000022280 0001 00000000 0x0 0x0
0xffffb48000022300 0001 00000000 0x0 0x0
0xffffb48000022380 0001 00000000 0x0 0x0
0xffffb48000022400 0001 00000000 0x0 0x0
0xffffb48000022480 0001 00000000 0x0 0x0
0xffffb48000022500 0001 00000000 0x0 0x0
0xffffb48000022580 0001 00000000 0x0 0x0
0xffffb48000022600 0001 00000000 0x0 0x0
0xffffb48000022680 0001 00000000 0x0 0x0
0xffffb48000022700 0001 00000000 0x0 0x0
0xffffb48000022780 0001 00000000 0x0 0x0
0xffffb48000022800 0001 00000000 0x0 0x0
0xffffb48000022880 0001 00000000 0x0 0x0
0xffffb48000022900 0001 00000000 0x0 0x0
0xffffb48000022980 0001 00000000 0x0 0x0
0xffffb48000022a00 0001 00000000 0x0 0x0
0xffffb48000022a80 0001 00000000 0x0 0x0
0xffffb48000022b00 0001 00000000 0x0 0x0
0xffffb48000022b80 0001 00000000 0x0 0x0
0xffffb48000022c00 0001 00000000 0x0 0x0
0xffffb48000022c80 0001 00000000 0x0 0x0
0xffffb48000022d00 0001 00000000 0x0 0x0
0xffffb48000022d80 0001 00000000 0x0 0x0
0xffffb48000022e00 0001 00000000 0x0 0x0
0xffffb48000022e80 0001 00000000 0x0 0x0
0xffffb48000022f00 0001 00000000 0x0 0x0
0xffffb48000022f80 0001 00000000 0x0 0x0
0xffffb48000023000 0001 00000000 0x0 0x0
0xffffb48000023080 0001 00000000 0x0 0x0
0xffffb48000023100 0001 00000000 0x0 0x0
0xffffb48000023180 0001 00000000 0x0 0x0
0xffffb48000023200 0001 00000000 0x0 0x0
0xffffb48000023280 0001 00000000 0x0 0x0
0xffffb48000023300 0001 00000000 0x0 0x0
0xffffb48000023380 0001 00000000 0x0 0x0
0xffffb48000023400 0001 00000000 0x0 0x0
0xffffb48000023480 0001 00000000 0x0 0x0
0xffffb48000023500 0001 00000000 0x0 0x0
0xffffb48000023580 0001 00000000 0x0 0x0
0xffffb48000023600 0001 00000000 0x0 0x0
0xffffb48000023680 0001 00000000 0x0 0x0
0xffffb48000023700 0001 00000000 0x0 0x0
0xffffb48000023780 0001 00000000 0x0 0x0
0xffffb48000023800 0001 00000000 0x0 0x0
0xffffb48000023880 0001 00000000 0x0 0x0
0xffffb48000023900 0001 00000000 0x0 0x0
0xffffb48000023980 0001 00000000 0x0 0x0
0xffffb48000023a00 0001 00000000 0x0 0x0
0xffffb48000023a80 0001 00000000 0x0 0x0
0xffffb48000023b00 0001 00000000 0x0 0x0
0xffffb48000023b80 0001 00000000 0x0 0x0
0xffffb48000023c00 0001 00000000 0x0 0x0
0xffffb48000023c80 0001 00000000 0x0 0x0
0xffffb48000023d00 0001 00000000 0x0 0x0
0xffffb48000023d80 0001 00000000 0x0 0x0
0xffffb48000023e00 0001 00000000 0x0 0x0
0xffffb48000023e80 0001 00000000 0x0 0x0
0xffffb48000023f00 0001 00000000 0x0 0x0
0xffffb48000023f80 0001 00000000 0x0 0x0
0xffffb48000024000 0001 00000000 0x0 0x0
0xffffb48000024080 0001 00000000 0x0 0x0
0xffffb48000024100 0001 00000000 0x0 0x0
0xffffb48000024180 0001 00000000 0x0 0x0
0xffffb48000024200 0001 00000000 0x0 0x0
0xffffb48000024280 0001 00000000 0x0 0x0
0xffffb48000024300 0001 00000000 0x0 0x0
0xffffb48000024380 0001 00000000 0x0 0x0
0xffffb48000024400 0001 00000000 0x0 0x0
0xffffb48000024480 0001 00000000 0x0 0x0
0xffffb48000024500 0001 00000000 0x0 0x0
0xffffb48000024580 0001 00000000 0x0 0x0
0xffffb48000024600 0001 00000000 0x0 0x0
0xffffb48000024680 0001 00000000 0x0 0x0
0xffffb48000024700 0001 00000000 0x0 0x0
0xffffb48000024780 0001 00000000 0x0 0x0
0xffffb48000024800 0001 00000000 0x0 0x0
0xffffb48000024880 0001 00000000 0x0 0x0
0xffffb48000024900 0001 00000000 0x0 0x0
0xffffb48000024980 0001 00000000 0x0 0x0
0xffffb48000024a00 0001 00000000 0x0 0x0
0xffffb48000024a80 0001 00000000 0x0 0x0
0xffffb48000024b00 0001 00000000 0x0 0x0
0xffffb48000024b80 0001 00000000 0x0 0x0
0xffffb48000024c00 0001 00000000 0x0 0x0
0xffffb48000024c80 0001 00000000 0x0 0x0
0xffffb48000024d00 0001 00000000 0x0 0x0
0xffffb48000024d80 0001 00000000 0x0 0x0
0xffffb48000024e00 0001 00000000 0x0 0x0
0xffffb48000024e80 0001 00000000 0x0 0x0
0xffffb48000024f00 0001 00000000 0x0 0x0
0xffffb48000024f80 0001 00000000 0x0 0x0
0xffffb48000025000 0001 00000000 0x0 0x0
0xffffb48000025080 0001 00000000 0x0 0x0
0xffffb48000025100 0001 00000000 0x0 0x0
0xffffb48000025180 0001 00000000 0x0 0x0
0xffffb48000025200 0001 00000000 0x0 0x0
0xffffb48000025280 0001 00000000 0x0 0x0
0xffffb48000025300 0001 00000000 0x0 0x0
0xffffb48000025380 0001 00000000 0x0 0x0
0xffffb48000025400 0001 00000000 0x0 0x0
0xffffb48000025480 0001 00000000 0x0 0x0
0xffffb48000025500 0001 00000000 0x0 0x0
0xffffb48000025580 0001 00000000 0x0 0x0
0xffffb48000025600 0001 00000000 0x0 0x0
0xffffb48000025680 0001 00000000 0x0 0x0
0xffffb48000025700 0001 00000000 0x0 0x0
0xffffb48000025780 0001 00000000 0x0 0x0
0xffffb48000025800 0001 00000000 0x0 0x0
0xffffb48000025880 0001 00000000 0x0 0x0
0xffffb48000025900 0001 00000000 0x0 0x0
0xffffb48000025980 0001 00000000 0x0 0x0
0xffffb48000025a00 0001 00000000 0x0 0x0
0xffffb48000025a80 0001 00000000 0x0 0x0
0xffffb48000025b00 0001 00000000 0x0 0x0
0xffffb48000025b80 0001 00000000 0x0 0x0
0xffffb48000025c00 0001 00000000 0x0 0x0
0xffffb48000025c80 0001 00000000 0x0 0x0
0xffffb48000025d00 0001 00000000 0x0 0x0
0xffffb48000025d80 0001 00000000 0x0 0x0
0xffffb48000025e00 0001 00000000 0x0 0x0
0xffffb48000025e80 0001 00000000 0x0 0x0
0xffffb48000025f00 0001 00000000 0x0 0x0
0xffffb48000025f80 0001 00000000 0x0 0x0
0xffffb48000026000 0001 00000000 0x0 0x0
0xffffb48000026080 0001 00000000 0x0 0x0
0xffffb48000026100 0001 00000000 0x0 0x0
0xffffb48000026180 0001 00000000 0x0 0x0
0xffffb48000026200 0001 00000000 0x0 0x0
0xffffb48000026280 0001 00000000 0x0 0x0
0xffffb48000026300 0001 00000000 0x0 0x0
0xffffb48000026380 0001 00000000 0x0 0x0
0xffffb48000026400 0001 00000000 0x0 0x0
0xffffb48000026480 0001 00000000 0x0 0x0
0xffffb48000026500 0001 00000000 0x0 0x0
0xffffb48000026580 0001 00000000 0x0 0x0
0xffffb48000026600 0001 00000000 0x0 0x0
0xffffb48000026680 0001 00000000 0x0 0x0
0xffffb48000026700 0001 00000000 0x0 0x0
0xffffb48000026780 0001 00000000 0x0 0x0
0xffffb48000026800 0001 00000000 0x0 0x0
0xffffb48000026880 0001 00000000 0x0 0x0
0xffffb48000026900 0001 00000000 0x0 0x0
0xffffb48000026980 0001 00000000 0x0 0x0
0xffffb48000026a00


---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.