page fault in statvfs_to_statfs12_copy

1 view

Skip to first unread message

syzbot

unread,

Jun 27, 2020, 12:23:16 AM6/27/20

to syzkaller-...@googlegroups.com

Hello,

syzbot found the following crash on:

HEAD commit: 5f8d4fbd Adjust prior to enforce minimum socket length inc..
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=16402239100000
kernel config: https://syzkaller.appspot.com/x/.config?x=1420f906d33d9f1f
dashboard link: https://syzkaller.appspot.com/bug?extid=b05096f3114b2820d81c
compiler: g++ (Ubuntu 5.4.0-6ubuntu1~16.04.12) 5.4.0 20160609

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+b05096...@syzkaller.appspotmail.com

[ 48.7920773] fatal page fault in supervisor mode
[ 48.7920773] trap type 6 code 0x3 rip 0xffffffff821b0f86 cs 0x8 rflags 0x10246 cr2 0x20000000 ilevel 0 rsp 0xffff9380cb3e6e00
[ 48.8127429] curlwp 0xffff886ca94a1340 pid 1110.1248 lowest kstack 0xffff9380cb3e32c0
kernel: page fault trap, code=0
Stopped in pid 1110.1248 (syz-executor.0) at netbsd:statvfs_to_statfs12_copy+0x46: movw $0,0(%r15)
?
statvfs_to_statfs12_copy() at netbsd:statvfs_to_statfs12_copy+0x46 statvfs_to_statfs12 sys/compat/sys/mount.h:104 [inline]
statvfs_to_statfs12_copy() at netbsd:statvfs_to_statfs12_copy+0x46 sys/compat/sys/mount.h:143
do_sys_getvfsstat() at netbsd:do_sys_getvfsstat+0x11b sys/kern/vfs_syscalls.c:1349
compat_20_sys_getfsstat() at netbsd:compat_20_sys_getfsstat+0x6a sys/compat/common/vfs_syscalls_20.c:157
sys___syscall() at netbsd:sys___syscall+0x1b5 sy_call sys/sys/syscallvar.h:65 [inline]
sys___syscall() at netbsd:sys___syscall+0x1b5 sys/kern/sys_syscall.c:77
syscall() at netbsd:syscall+0x287 sy_call sys/sys/syscallvar.h:65 [inline]
syscall() at netbsd:syscall+0x287 sy_invoke sys/sys/syscallvar.h:94 [inline]
syscall() at netbsd:syscall+0x287 sys/arch/x86/x86/syscall.c:138
--- syscall (number 198) ---
netbsd:syscall+0x287:
Panic string: (null)
PID LID S CPU FLAGS STRUCT LWP * NAME WAIT
1234 582 2 1 0 ffff886ca079c740 syz-executor.5
1234 1441 2 0 0 ffff886ca8448700 syz-executor.5
1234 1234 2 1 10000000 ffff886ca079cb80 syz-executor.5
1334 1636 2 1 0 ffff886ca84482c0 syz-executor.1
1334 >1334 7 1 10000000 ffff886ca91f2040 syz-executor.1
458 458 2 0 0 ffff886ca8448b40 syz-executor.2
581 1346 3 1 80 ffff886c990a3500 syz-executor.4 socket
581 581 2 0 10000000 ffff886ca52776c0 syz-executor.4
1110 >1248 7 0 0 ffff886ca94a1340 syz-executor.0
1110 1110 2 0 10000000 ffff886ca079c300 syz-executor.0
1363 1373 3 0 80 ffff886c99d6f780 syz-executor.3 parked
1363 1364 3 1 80 ffff886c98ce5680 syz-executor.3 parked
1363 1363 2 0 10000000 ffff886c9ac9a540 syz-executor.3
1210 1210 3 0 80 ffff886c990a3940 syz-executor.5 parked
1083 1083 3 0 80 ffff886c9ac9a980 syz-executor.5 nanoslp
1092 1092 3 1 80 ffff886c9a96d140 syz-executor.4 nanoslp
1076 1076 3 1 80 ffff886c9a96d580 syz-executor.3 nanoslp
1077 1077 3 0 80 ffff886c9ad7a180 syz-executor.2 nanoslp
1075 1075 3 1 80 ffff886c9a96d9c0 syz-executor.1 nanoslp
735 735 3 1 80 ffff886c9ad7a5c0 syz-executor.0 nanoslp
1254 1073 3 1 80 ffff886c9ad5aa40 syz-fuzzer kqueue
1254 1066 3 1 80 ffff886c9919eb80 syz-fuzzer parked
1254 1250 3 1 80 ffff886c988765c0 syz-fuzzer parked
1254 1064 3 0 80 ffff886c9ad7aa00 syz-fuzzer parked
1254 1067 3 1 80 ffff886c98b01a80 syz-fuzzer parked
1254 1068 3 1 80 ffff886c98b01640 syz-fuzzer parked
1254 1116 3 0 80 ffff886c9b212240 syz-fuzzer parked
1254 1254 3 0 80 ffff886c996f9200 syz-fuzzer parked
1095 1095 3 1 80 ffff886c9b212680 sshd select
1059 1059 3 1 80 ffff886c9b212ac0 getty nanoslp
1088 1088 3 0 80 ffff886c9ad5a600 getty nanoslp
1091 1091 3 0 80 ffff886c996f9a80 getty nanoslp
1089 1089 3 0 c0 ffff886c98b01200 getty ttyraw
993 993 3 1 80 ffff886c996f9640 sshd select
725 725 3 1 80 ffff886c9ad5a1c0 powerd kqueue
734 734 3 0 80 ffff886c9919e740 syslogd kqueue
593 593 3 1 80 ffff886c9919e300 dhcpcd poll
591 591 3 1 80 ffff886c98f6b2c0 dhcpcd poll
589 589 3 0 80 ffff886c98f1e280 dhcpcd poll
430 430 3 1 80 ffff886c98ce5240 dhcpcd poll
346 346 3 1 80 ffff886c98f1eb00 dhcpcd poll
345 345 3 1 80 ffff886c98f6b700 dhcpcd poll
344 344 3 1 80 ffff886c98f6bb40 dhcpcd poll
1 1 3 0 80 ffff886c906e9500 init wait
0 846 3 0 200 ffff886c98876a00 physiod physiod
0 160 3 0 200 ffff886c988bda40 pooldrain pooldrain
0 166 3 1 200 ffff886c988bd600 ioflush syncer
0 165 3 1 200 ffff886c988bd1c0 pgdaemon pgdaemon
0 162 3 1 200 ffff886c98876180 usb7 usbevt
0 31 3 1 200 ffff886c958079c0 usb6 usbevt
0 63 3 1 200 ffff886c95807580 usb5 usbevt
0 126 3 0 200 ffff886c95807140 usb4 usbevt
0 125 3 0 200 ffff886c9277e980 usb3 usbevt
0 124 3 0 200 ffff886c9277e540 usb2 usbevt
0 123 3 0 200 ffff886c9277e100 usb1 usbevt
0 122 3 0 200 ffff886c90621700 usb0 usbevt
0 121 3 0 200 ffff886c90640740 usbtask-dr usbtsk
0 120 3 0 200 ffff886c8db24ac0 usbtask-hc usbtsk
0 119 3 1 200 ffff886c906e9940 npfgc0 npfgcw
0 118 3 1 200 ffff886c906e90c0 rt_free rt_free
0 117 3 1 200 ffff886c906c2900 unpgc unpgc
0 116 3 0 200 ffff886c906c24c0 key_timehandler key_timehandler
0 115 3 1 200 ffff886c906c2080 icmp6_wqinput/1 icmp6_wqinput
0 114 3 0 200 ffff886c906ab8c0 icmp6_wqinput/0 icmp6_wqinput
0 113 3 0 200 ffff886c906ab480 nd6_timer nd6_timer
0 112 3 1 200 ffff886c906ab040 carp6_wqinput/1 carp6_wqinput
0 111 3 0 200 ffff886c9068cbc0 carp6_wqinput/0 carp6_wqinput
0 110 3 1 200 ffff886c9068c780 carp_wqinput/1 carp_wqinput
0 109 3 0 200 ffff886c9068c340 carp_wqinput/0 carp_wqinput
0 108 3 1 200 ffff886c90640b80 icmp_wqinput/1 icmp_wqinput
0 107 3 0 200 ffff886c90621b40 icmp_wqinput/0 icmp_wqinput
0 106 3 0 200 ffff886c8ffa6b00 rt_timer rt_timer
0 105 3 1 200 ffff886c90640300 vmem_rehash vmem_rehash
0 104 3 0 200 ffff886c906212c0 entbutler entropy
0 30 3 1 200 ffff886c8ffa66c0 vioif0_txrx/1 vioif0_txrx
0 29 3 0 200 ffff886c8ffa6280 vioif0_txrx/0 vioif0_txrx
0 27 3 0 200 ffff886c8db24680 scsibus0 sccomp
0 26 3 0 200 ffff886c8db24240 pms0 pmsreset
0 25 3 1 200 ffff886c8da97a80 xcall/1 xcall
0 24 1 1 200 ffff886c8da97640 softser/1
0 23 1 1 200 ffff886c8da97200 softclk/1
0 22 1 1 200 ffff886c8da67a40 softbio/1
0 21 1 1 200 ffff886c8da67600 softnet/1
0 20 1 1 201 ffff886c8da671c0 idle/1
0 19 3 0 200 ffff886d9d980a00 lnxpwrwq lnxpwrwq
0 18 3 0 200 ffff886d9d9805c0 lnxlngwq lnxlngwq
0 17 3 0 200 ffff886d9d980180 lnxsyswq lnxsyswq
0 16 3 0 200 ffff886d9d9a79c0 lnxrcugc lnxrcugc
0 15 3 0 200 ffff886d9d9a7580 sysmon smtaskq
0 14 3 0 200 ffff886d9d9a7140 pmfsuspend pmfsuspend
0 13 3 0 200 ffff886d9d9ac980 pmfevent pmfevent
0 12 3 0 200 ffff886d9d9ac540 sopendfree sopendfr
0 11 3 0 200 ffff886d9d9ac100 iflnkst iflnkst
0 10 3 0 200 ffff886d9e9df940 nfssilly nfssilly
0 9 3 0 200 ffff886d9e9df500 vdrain vdrain
0 8 3 0 200 ffff886d9e9df0c0 modunload mod_unld
0 7 3 0 200 ffff886d9ea0a900 xcall/0 xcall
0 6 1 0 200 ffff886d9ea0a4c0 softser/0
0 5 1 0 200 ffff886d9ea0a080 softclk/0
0 4 1 0 200 ffff886d9ea3b8c0 softbio/0
0 3 1 0 200 ffff886d9ea3b480 softnet/0
0 2 1 0 201 ffff886d9ea3b040 idle/0
0 0 3 0 200 ffffffff85ae88c0 swapper uvm
[Locks tracked through LWPs]

****** LWP 1234.1441 (syz-executor.5) @ 0xffff886ca8448700, l_stat=2

*** Locks held:

* Lock 0 (initialized at filedesc_ctor)
lock address : 0xffff886c99117340 type : sleep/adaptive
initialized : 0xffffffff82f96f25
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffff886ca8448700 last held: 0xffff886ca8448700
last locked* : 0xffffffff82f9d4a0 unlocked : 0xffffffff82f9b5cd
owner field : 0xffff886ca8448700 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 1334.1334 (syz-executor.1) @ 0xffff886ca91f2040, l_stat=7

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at sched_cpuattach)
lock address : 0xffff886d9eebc340 type : spin
initialized : 0xffffffff83044ece
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 1
relevant cpu : 1 last held: 1
relevant lwp : 0xffff886ca91f2040 last held: 000000000000000000
last locked : 0xffffffff830220b6 unlocked*: 0xffffffff83179605
owner field : 0x0000000000010700 wait/spin: 0/1

****** LWP 458.458 (syz-executor.2) @ 0xffff886ca8448b40, l_stat=2

*** Locks held:

* Lock 0 (initialized at pmap_ctor)
lock address : 0xffff886c98f48380 type : sleep/adaptive
initialized : 0xffffffff80ef3330
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffff886ca8448b40 last held: 0xffff886ca8448b40
last locked* : 0xffffffff80ef2f7c unlocked : 0xffffffff80ef3086
owner field : 0xffff886ca8448b40 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 591.591 (dhcpcd) @ 0xffff886c98f6b2c0, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff85ee7480 type : sleep/adaptive
initialized : 0xffffffff8300acaf
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0
relevant lwp : 0xffff886c98f6b2c0 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 589.589 (dhcpcd) @ 0xffff886c98f1e280, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff85ee7480 type : sleep/adaptive
initialized : 0xffffffff8300acaf
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffff886c98f1e280 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 345.345 (dhcpcd) @ 0xffff886c98f6b700, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff85ee7480 type : sleep/adaptive
initialized : 0xffffffff8300acaf
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0
relevant lwp : 0xffff886c98f6b700 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 344.344 (dhcpcd) @ 0xffff886c98f6bb40, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff85ee7480 type : sleep/adaptive
initialized : 0xffffffff8300acaf
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0
relevant lwp : 0xffff886c98f6bb40 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.23 (softclk/1) @ 0xffff886c8da97200, l_stat=1

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff85ee7480 type : sleep/adaptive
initialized : 0xffffffff8300acaf
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0
relevant lwp : 0xffff886c8da97200 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.11 (iflnkst) @ 0xffff886d9d9ac100, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff85ee7480 type : sleep/adaptive
initialized : 0xffffffff8300acaf
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffff886d9d9ac100 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

[Locks tracked through CPUs]

PAGE FLAG PQ UOBJECT UANON
0xffff938000006180 0045 00000000 0x0 0x0
0xffff938000006200 0045 00000000 0x0 0x0
0xffff938000006280 0045 00000000 0x0 0x0
0xffff938000006300 0045 00000000 0x0 0x0
0xffff938000006380 0045 00000000 0x0 0x0
0xffff938000006400 0045 00000000 0x0 0x0
0xffff938000006480 0045 00000000 0x0 0x0
0xffff938000006500 0045 00000000 0x0 0x0
0xffff938000006580 0041 00000000 0x0 0x0
0xffff938000006600 0041 00000000 0x0 0x0
0xffff938000006680 0041 00000000 0x0 0x0
0xffff938000006700 0041 00000000 0x0 0x0
0xffff938000006780 0041 00000000 0x0 0x0
0xffff938000006800 0041 00000000 0x0 0x0
0xffff938000006880 0041 00000000 0x0 0x0
0xffff938000006900 0041 00000000 0x0 0x0
0xffff938000006980 0041 00000000 0x0 0x0
0xffff938000006a00 0041 00000000 0x0 0x0
0xffff938000006a80 0041 00000000 0x0 0x0
0xffff938000006b00 0041 00000000 0x0 0x0
0xffff938000006b80 0041 00000000 0x0 0x0
0xffff938000006c00 0041 00000000 0x0 0x0
0xffff938000006c80 0041 00000000 0x0 0x0
0xffff938000006d00 0041 00000000 0x0 0x0
0xffff938000006d80 0041 00000000 0x0 0x0
0xffff938000006e00 0041 00000000 0x0 0x0
0xffff938000006e80 0041 00000000 0x0 0x0
0xffff938000006f00 0041 00000000 0x0 0x0
0xffff938000006f80 0041 00000000 0x0 0x0
0xffff938000007000 0041 00000000 0x0 0x0
0xffff938000007080 0041 00000000 0x0 0x0
0xffff938000007100 0041 00000000 0x0 0x0
0xffff938000007180 0041 00000000 0x0 0x0
0xffff938000007200 0045 00000000 0x0 0x0
0xffff938000007280 0041 00000000 0x0 0x0
0xffff938000007300 0041 00000000 0x0 0x0
0xffff938000007380 0041 00000000 0x0 0x0
0xffff938000007400 0041 00000000 0x0 0x0
0xffff938000007480 0041 00000000 0x0 0x0
0xffff938000007500 0041 00000000 0x0 0x0
0xffff938000007580 0041 00000000 0x0 0x0
0xffff938000007600 0041 00000000 0x0 0x0
0xffff938000007680 0041 00000000 0x0 0x0
0xffff938000007700 0045 00000000 0x0 0x0
0xffff938000007780 0045 00000000 0x0 0x0
0xffff938000007800 0041 00000000 0x0 0x0
0xffff938000007880 0041 00000000 0x0 0x0
0xffff938000007900 0041 00000000 0x0 0x0
0xffff938000007980 0041 00000000 0x0 0x0
0xffff938000007a00 0041 00000000 0x0 0x0
0xffff938000007a80 0041 00000000 0x0 0x0
0xffff938000007b00 0041 00000000 0x0 0x0
0xffff938000007b80 0041 00000000 0x0 0x0
0xffff938000007c00 0041 00000000 0x0 0x0
0xffff938000007c80 0041 00000000 0x0 0x0
0xffff938000007d00 0041 00000000 0x0 0x0
0xffff938000007d80 0041 00000000 0x0 0x0
0xffff938000007e00 0041 00000000 0x0 0x0
0xffff938000007e80 0041 00000000 0x0 0x0
0xffff938000007f00 0041 00000000 0x0 0x0
0xffff938000007f80 0041 00000000 0x0 0x0
0xffff938000008000 0041 00000000 0x0 0x0
0xffff938000008080 0041 00000000 0x0 0x0
0xffff938000008100 0041 00000000 0x0 0x0
0xffff938000008180 0041 00000000 0x0 0x0
0xffff938000008200 0041 00000000 0x0 0x0
0xffff938000008280 0041 00000000 0x0 0x0
0xffff938000008300 0041 00000000 0x0 0x0
0xffff938000008380 0041 00000000 0x0 0x0
0xffff938000008400 0041 00000000 0x0 0x0
0xffff938000008480 0041 00000000 0x0 0x0
0xffff938000008500 0041 00000000 0x0 0x0
0xffff938000008580 0041 00000000 0x0 0x0
0xffff938000008600 0041 00000000 0x0 0x0
0xffff938000008680 0041 00000000 0x0 0x0
0xffff938000008700 0041 00000000 0x0 0x0
0xffff938000008780 0041 00000000 0x0 0x0
0xffff938000008800 0041 00000000 0x0 0x0
0xffff938000008880 0041 00000000 0x0 0x0
0xffff938000008900 0041 00000000 0x0 0x0
0xffff938000008980 0041 00000000 0x0 0x0
0xffff938000008a00 0041 00000000 0x0 0x0
0xffff938000008a80 0041 00000000 0x0 0x0
0xffff938000008b00 0041 00000000 0x0 0x0
0xffff938000008b80 0041 00000000 0x0 0x0
0xffff938000008c00 0041 00000000 0x0 0x0
0xffff938000008c80 0045 00000000 0x0 0x0
0xffff938000008d00 0041 00000000 0x0 0x0
0xffff938000008d80 0041 00000000 0x0 0x0
0xffff938000008e00 0041 00000000 0x0 0x0
0xffff938000008e80 0041 00000000 0x0 0x0
0xffff938000008f00 0045 00000000 0x0 0x0
0xffff938000008f80 0041 00000000 0x0 0x0
0xffff938000009000 0041 00000000 0x0 0x0
0xffff938000009080 0041 00000000 0x0 0x0
0xffff938000009100 0041 00000000 0x0 0x0
0xffff938000009180 0041 00000000 0x0 0x0
0xffff938000009200 0041 00000000 0x0 0x0
0xffff938000009280 0041 00000000 0x0 0x0
0xffff938000009300 0041 00000000 0x0 0x0
0xffff938000009380 0041 00000000 0x0 0x0
0xffff938000009400 0041 00000000 0x0 0x0
0xffff938000009480 0041 00000000 0x0 0x0
0xffff938000009500 0041 00000000 0x0 0x0
0xffff938000009580 0041 00000000 0x0 0x0
0xffff938000009600 0041 00000000 0x0 0x0
0xffff938000009680 0041 00000000 0x0 0x0
0xffff938000009700 0041 00000000 0x0 0x0
0xffff938000009780 0041 00000000 0x0 0x0
0xffff938000009800 0041 00000000 0x0 0x0
0xffff938000009880 0041 00000000 0x0 0x0
0xffff938000009900 0041 00000000 0x0 0x0
0xffff938000009980 0041 00000000 0x0 0x0
0xffff938000009a00 0041 00000000 0x0 0x0
0xffff938000009a80 0041 00000000 0x0 0x0
0xffff938000009b00 0041 00000000 0x0 0x0
0xffff938000009b80 0041 00000000 0x0 0x0
0xffff938000009c00 0041 00000000 0x0 0x0
0xffff938000009c80 0041 00000000 0x0 0x0
0xffff938000009d00 0041 00000000 0x0 0x0
0xffff938000009d80 0045 00000000 0x0 0x0
0xffff938000009e00 0045 00000000 0x0 0x0
0xffff938000009e80 0045 00000000 0x0 0x0
0xffff938000009f00 0041 00000000 0x0 0x0
0xffff938000009f80 0041 00000000 0x0 0x0
0xffff93800000a000 0041 00000000 0x0 0x0
0xffff93800000a080 0041 00000000 0x0 0x0
0xffff93800000a100 0045 00000000 0x0 0x0
0xffff93800000a180 0045 00000000 0x0 0x0
0xffff93800000a200 0045 00000000 0x0 0x0
0xffff93800000a280 0045 00000000 0x0 0x0
0xffff93800000a300 0041 00000000 0x0 0x0
0xffff93800000a380 0041 00000000 0x0 0x0
0xffff93800000a400 0045 00000000 0x0 0x0
0xffff93800000a480 0041 00000000 0x0 0x0
0xffff93800000a500 0045 00000000 0x0 0x0
0xffff93800000a580 0045 00000000 0x0 0x0
0xffff93800000a600 0045 00000000 0x0 0x0
0xffff93800000a680 0045 00000000 0x0 0x0
0xffff93800000a700 0045 00000000 0x0 0x0
0xffff93800000a780 0045 00000000 0x0 0x0
0xffff93800000a800 0045 00000000 0x0 0x0
0xffff93800000a880 0041 00000000 0x0 0x0
0xffff93800000a900 0045 00000000 0x0 0x0
0xffff93800000a980 0045 00000000 0x0 0x0
0xffff93800000aa00 0045 00000000 0x0 0x0
0xffff93800000aa80 0045 00000000 0x0 0x0
0xffff93800000ab00 0045 00000000 0x0 0x0
0xffff93800000ab80 0045 00000000 0x0 0x0
0xffff93800000ac00 0045 00000000 0x0 0x0
0xffff93800000ac80 0045 00000000 0x0 0x0
0xffff93800000ad00 0045 00000000 0x0 0x0
0xffff93800000ad80 0041 00000000 0x0 0x0
0xffff93800000ae00 0041 00000000 0x0 0x0
0xffff93800000ae80 0041 00000000 0x0 0x0
0xffff93800000af00 0045 00000000 0x0 0x0
0xffff93800000af80 0045 00000000 0x0 0x0
0xffff93800000b000 0045 00000000 0x0 0x0
0xffff93800000b080 0045 00000000 0x0 0x0
0xffff93800000b100 0045 00000000 0x0 0x0
0xffff93800000b180 0041 00000000 0x0 0x0
0xffff93800000b200 0041 00000000 0x0 0x0
0xffff93800000b280 0041 00000000 0x0 0x0
0xffff93800000b300 0045 00000000 0x0 0x0
0xffff93800000b380 0045 00000000 0x0 0x0
0xffff93800000b400 0045 00000000 0x0 0x0
0xffff93800000b480 0045 00000000 0x0 0x0
0xffff93800000b500 0041 00000000 0x0 0x0
0xffff93800000b580 0041 00000000 0x0 0x0
0xffff93800000b600 0041 00000000 0x0 0x0
0xffff93800000b680 0041 00000000 0x0 0x0
0xffff93800000b700 0041 00000000 0x0 0x0
0xffff93800000b780 0041 00000000 0x0 0x0
0xffff93800000b800 0041 00000000 0x0 0x0
0xffff93800000b880 0045 00000000 0x0 0x0
0xffff93800000b900 0041 00000000 0x0 0x0
0xffff93800000b980 0041 00000000 0x0 0x0
0xffff93800000ba00 0041 00000000 0x0 0x0
0xffff93800000ba80 0045 00000000 0x0 0x0
0xffff93800000bb00 0041 00000000 0x0 0x0
0xffff93800000bb80 0041 00000000 0x0 0x0
0xffff93800000bc00 0041 00000000 0x0 0x0
0xffff93800000bc80 0045 00000000 0x0 0x0
0xffff93800000bd00 0041 00000000 0x0 0x0
0xffff93800000bd80 0041 00000000 0x0 0x0
0xffff93800000be00 0041 00000000 0x0 0x0
0xffff93800000be80 0041 00000000 0x0 0x0
0xffff93800000bf00 0041 00000000 0x0 0x0
0xffff93800000bf80 0041 00000000 0x0 0x0
0xffff93800000c000 0041 00000000 0x0 0x0
0xffff93800000c080 0041 00000000 0x0 0x0
0xffff93800000c100 0041 00000000 0x0 0x0
0xffff93800000c180 0045 00000000 0x0 0x0
0xffff93800000c200 0045 00000000 0x0 0x0
0xffff93800000c280 0041 00000000 0x0 0x0
0xffff93800000c300 0045 00000000 0x0 0x0
0xffff93800000c380 0041 00000000 0x0 0x0
0xffff93800000c400 0041 00000000 0x0 0x0
0xffff93800000c480 0041 00000000 0x0 0x0
0xffff93800000c500 0041 00000000 0x0 0x0
0xffff93800000c580 0045 00000000 0x0 0x0
0xffff93800000c600 0041 00000000 0x0 0x0
0xffff93800000c680 0045 00000000 0x0 0x0
0xffff93800000c700 0041 00000000 0x0 0x0
0xffff93800000c780 0041 00000000 0x0 0x0
0xffff93800000c800 0045 00000000 0x0 0x0
0xffff93800000c880 0041 00000000 0x0 0x0
0xffff93800000c900 0045 00000000 0x0 0x0
0xffff93800000c980 0041 00000000 0x0 0x0
0xffff93800000ca00 0041 00000000 0x0 0x0
0xffff93800000ca80 0041 00000000 0x0 0x0
0xffff93800000cb00 0045 00000000 0x0 0x0
0xffff93800000cb80 0045 00000000 0x0 0x0
0xffff93800000cc00 0045 00000000 0x0 0x0
0xffff93800000cc80 0041 00000000 0x0 0x0
0xffff93800000cd00 0045 00000000 0x0 0x0
0xffff93800000cd80 0041 00000000 0x0 0x0
0xffff93800000ce00 0041 00000000 0x0 0x0
0xffff93800000ce80 0045 00000000 0x0 0x0
0xffff93800000cf00 0045 00000000 0x0 0x0
0xffff93800000cf80 0045 00000000 0x0 0x0
0xffff93800000d000 0045 00000000 0x0 0x0
0xffff93800000d080 0045 00000000 0x0 0x0
0xffff93800000d100 0041 00000000 0x0 0x0
0xffff93800000d180 0041 00000000 0x0 0x0
0xffff93800000d200 0041 00000000 0x0 0x0
0xffff93800000d280 0041 00000000 0x0 0x0
0xffff93800000d300 0045 00000000 0x0 0x0
0xffff93800000d380 0045 00000000 0x0 0x0
0xffff93800000d400 0041 00000000 0x0 0x0
0xffff93800000d480 0045 00000000 0x0 0x0
0xffff93800000d500 0041 00000000 0x0 0x0
0xffff93800000d580 0045 00000000 0x0 0x0
0xffff93800000d600 0041 00000000 0x0 0x0
0xffff93800000d680 0041 00000000 0x0 0x0
0xffff93800000d700 0041 00000000 0x0 0x0
0xffff93800000d780 0041 00000000 0x0 0x0
0xffff93800000d800 0045 00000000 0x0 0x0
0xffff93800000d880 0041 00000000 0x0 0x0
0xffff93800000d900 0041 00000000 0x0 0x0
0xffff93800000d980 0041 00000000 0x0 0x0
0xffff93800000da00 0041 00000000 0x0 0x0
0xffff93800000da80 0041 00000000 0x0 0x0
0xffff93800000db00 0041 00000000 0x0 0x0
0xffff93800000db80 0045 00000000 0x0 0x0
0xffff93800000dc00 0041 00000000 0x0 0x0
0xffff93800000dc80 0045 00000000 0x0 0x0
0xffff93800000dd00 0045 00000000 0x0 0x0
0xffff93800000dd80 0041 00000000 0x0 0x0
0xffff93800000de00 0045 00000000 0x0 0x0
0xffff93800000de80 0041 00000000 0x0 0x0
0xffff93800000df00 0041 00000000 0x0 0x0
0xffff93800000df80 0041 00000000 0x0 0x0
0xffff93800000e000 0041 00000000 0x0 0x0
0xffff93800000e080 0041 00000000 0x0 0x0
0xffff93800000e100 0041 00000000 0x0 0x0
0xffff93800000e180 0041 00000000 0x0 0x0
0xffff93800000e200 0041 00000000 0x0 0x0
0xffff93800000e280 0041 00000000 0x0 0x0
0xffff93800000e300 0041 00000000 0x0 0x0
0xffff93800000e380 0041 00000000 0x0 0x0
0xffff93800000e400 0041 00000000 0x0 0x0
0xffff93800000e480 0041 00000000 0x0 0x0
0xffff93800000e500 0041 00000000 0x0 0x0
0xffff93800000e580 0041 00000000 0x0 0x0
0xffff93800000e600 0041 00000000 0x0 0x0
0xffff93800000e680 0041 00000000 0x0 0x0
0xffff93800000e700 0041 00000000 0x0 0x0
0xffff93800000e780 0041 00000000 0x0 0x0
0xffff93800000e800 0041 00000000 0x0 0x0
0xffff93800000e880 0041 00000000 0x0 0x0
0xffff93800000e900 0041 00000000 0x0 0x0
0xffff93800000e980 0041 00000000 0x0 0x0
0xffff93800000ea00 0041 00000000 0x0 0x0
0xffff93800000ea80 0041 00000000 0x0 0x0
0xffff93800000eb00 0041 00000000 0x0 0x0
0xffff93800000eb80 0041 00000000 0x0 0x0
0xffff93800000ec00 0041 00000000 0x0 0x0
0xffff93800000ec80 0041 00000000 0x0 0x0
0xffff93800000ed00 0041 00000000 0x0 0x0
0xffff93800000ed80 0041 00000000 0x0 0x0
0xffff93800000ee00 0041 00000000 0x0 0x0
0xffff93800000ee80 0045 00000000 0x0 0x0
0xffff93800000ef00 0041 00000000 0x0 0x0
0xffff93800000ef80 0041 00000000 0x0 0x0
0xffff93800000f000 0041 00000000 0x0 0x0
0xffff93800000f080 0041 00000000 0x0 0x0
0xffff93800000f100 0045 00000000 0x0 0x0
0xffff93800000f180 0041 00000000 0x0 0x0
0xffff93800000f200 0041 00000000 0x0 0x0
0xffff93800000f280 0041 00000000 0x0 0x0
0xffff93800000f300 0041 00000000 0x0 0x0
0xffff93800000f380 0041 00000000 0x0 0x0
0xffff93800000f400 0041 00000000 0x0 0x0
0xffff93800000f480 0045 00000000 0x0 0x0
0xffff93800000f500 0041 00000000 0x0 0x0
0xffff93800000f580 0041 00000000 0x0 0x0
0xffff93800000f600 0041 00000000 0x0 0x0
0xffff93800000f680 0041 00000000 0x0 0x0
0xffff93800000f700 0041 00000000 0x0 0x0
0xffff93800000f780 0041 00000000 0x0 0x0
0xffff93800000f800 0045 00000000 0x0 0x0
0xffff93800000f880 0041 00000000 0x0 0x0
0xffff93800000f900 0041 00000000 0x0 0x0
0xffff93800000f980 0041 00000000 0x0 0x0
0xffff93800000fa00 0041 00000000 0x0 0x0
0xffff93800000fa80 0041 00000000 0x0 0x0
0xffff93800000fb00 0045 00000000 0x0 0x0
0xffff93800000fb80 0041 00000000 0x0 0x0
0xffff93800000fc00 0041 00000000 0x0 0x0
0xffff93800000fc80 0041 00000000 0x0 0x0
0xffff93800000fd00 0041 00000000 0x0 0x0
0xffff93800000fd80 0041 00000000 0x0 0x0
0xffff93800000fe00 0041 00000000 0x0 0x0
0xffff93800000fe80 0041 00000000 0x0 0x0
0xffff93800000ff00 0041 00000000 0x0 0x0
0xffff93800000ff80 0045 00000000 0x0 0x0
0xffff938000010000 0041 00000000 0x0 0x0
0xffff938000010080 0045 00000000 0x0 0x0
0xffff938000010100 0001 00000000 0x0 0x0
0xffff938000010180 0001 00000000 0x0 0x0
0xffff938000010200 0001 00000000 0x0 0x0
0xffff938000010280 0001 00000000 0x0 0x0
0xffff938000010300 0001 00000000 0x0 0x0
0xffff938000010380 0001 00000000 0x0 0x0
0xffff938000010400 0001 00000000 0x0 0x0
0xffff938000010480 0001 00000000 0x0 0x0
0xffff938000010500 0001 00000000 0x0 0x0
0xffff938000010580 0001 00000000 0x0 0x0
0xffff938000010600 0001 00000000 0x0 0x0
0xffff938000010680 0001 00000000 0x0 0x0
0xffff938000010700 0001 00000000 0x0 0x0
0xffff938000010780 0001 00000000 0x0 0x0
0xffff938000010800 0001 00000000 0x0 0x0
0xffff938000010880 0001 00000000 0x0 0x0
0xffff938000010900 0001 00000000 0x0 0x0
0xffff938000010980 0001 00000000 0x0 0x0
0xffff938000010a00 0001 00000000 0x0 0x0
0xffff938000010a80 0001 00000000 0x0 0x0
0xffff938000010b00 0001 00000000 0x0 0x0
0xffff938000010b80 0001 00000000 0x0 0x0
0xffff938000010c00 0001 00000000 0x0 0x0
0xffff938000010c80 0001 00000000 0x0 0x0
0xffff938000010d00 0001 00000000 0x0 0x0
0xffff938000010d80 0001 00000000 0x0 0x0
0xffff938000010e00 0001 00000000 0x0 0x0
0xffff938000010e80 0001 00000000 0x0 0x0
0xffff938000010f00 0001 00000000 0x0 0x0
0xffff938000010f80 0001 00000000 0x0 0x0
0xffff938000011000 0001 00000000 0x0 0x0
0xffff938000011080 0001 00000000 0x0 0x0
0xffff938000011100 0001 00000000 0x0 0x0
0xffff938000011180 0001 00000000 0x0 0x0
0xffff938000011200 0001 00000000 0x0 0x0
0xffff938000011280 0001 00000000 0x0 0x0
0xffff938000011300 0001 00000000 0x0 0x0
0xffff938000011380 0001 00000000 0x0 0x0
0xffff938000011400 0001 00000000 0x0 0x0
0xffff938000011480 0001 00000000 0x0 0x0
0xffff938000011500 0001 00000000 0x0 0x0
0xffff938000011580 0001 00000000 0x0 0x0
0xffff938000011600 0001 00000000 0x0 0x0
0xffff938000011680 0001 00000000 0x0 0x0
0xffff938000011700 0001 00000000 0x0 0x0
0xffff938000011780 0001 00000000 0x0 0x0
0xffff938000011800 0001 00000000 0x0 0x0
0xffff938000011880 0001 00000000 0x0 0x0
0xffff938000011900 0001 00000000 0x0 0x0
0xffff938000011980 0001 00000000 0x0 0x0
0xffff938000011a00 0001 00000000 0x0 0x0
0xffff938000011a80 0001 00000000 0x0 0x0
0xffff938000011b00 0001 00000000 0x0 0x0
0xffff938000011b80 0001 00000000 0x0 0x0
0xffff938000011c00 0041 00000000 0x0 0x0
0xffff938000011c80 0041 00000000 0x0 0x0
0xffff938000011d00 0041 00000000 0x0 0x0
0xffff938000011d80 0041 00000000 0x0 0x0
0xffff938000011e00 0041 00000000 0x0 0x0
0xffff938000011e80 0041 00000000 0x0 0x0
0xffff938000011f00 0041 00000000 0x0 0x0
0xffff938000011f80 0041 00000000 0x0 0x0
0xffff938000012000 0041 00000000 0x0 0x0
0xffff938000012080 0041 00000000 0x0 0x0
0xffff938000012100 0041 00000000 0x0 0x0
0xffff938000012180 0041 00000000 0x0 0x0
0xffff938000012200 0041 00000000 0x0 0x0
0xffff938000012280 0041 00000000 0x0 0x0
0xffff938000012300 0041 00000000 0x0 0x0
0xffff938000012380 0041 00000000 0x0 0x0
0xffff938000012400 0041 00000000 0x0 0x0
0xffff938000012480 0041 00000000 0x0 0x0
0xffff938000012500 0041 00000000 0x0 0x0
0xffff938000012580 0041 00000000 0x0 0x0
0xffff938000012600 0041 00000000 0x0 0x0
0xffff938000012680 0041 00000000 0x0 0x0
0xffff938000012700 0041 00000000 0x0 0x0
0xffff938000012780 0041 00000000 0x0 0x0
0xffff938000012800 0041 00000000 0x0 0x0
0xffff938000012880 0041 00000000 0x0 0x0
0xffff938000012900 0041 00000000 0x0 0x0
0xffff938000012980 0041 00000000 0x0 0x0
0xffff938000012a00 0041 00000000 0x0 0x0
0xffff938000012a80 0041 00000000 0x0 0x0
0xffff938000012b00 0041 00000000 0x0 0x0
0xffff938000012b80 0041 00000000 0x0 0x0
0xffff938000012c00 0041 00000000 0x0 0x0
0xffff938000012c80 0041 00000000 0x0 0x0
0xffff938000012d00 0041 00000000 0x0 0x0
0xffff938000012d80 0041 00000000 0x0 0x0
0xffff938000012e00 0041 00000000 0x0 0x0
0xffff938000012e80 0041 00000000 0x0 0x0
0xffff938000012f00 0041 00000000 0x0 0x0
0xffff938000012f80 0041 00000000 0x0 0x0
0xffff938000013000 0041 00000000 0x0 0x0
0xffff938000013080 0041 00000000 0x0 0x0
0xffff938000013100 0041 00000000 0x0 0x0
0xffff938000013180 0041 00000000 0x0 0x0
0xffff938000013200 0041 00000000 0x0 0x0
0xffff938000013280 0041 00000000 0x0 0x0
0xffff938000013300 0041 00000000 0x0 0x0
0xffff938000013380 0041 00000000 0x0 0x0
0xffff938000013400 0001 00000000 0x0 0x0
0xffff938000013480 0001 00000000 0x0 0x0
0xffff938000013500 0001 00000000 0x0 0x0
0xffff938000013580 0001 00000000 0x0 0x0
0xffff938000013600 0001 00000000 0x0 0x0
0xffff938000013680 0001 00000000 0x0 0x0
0xffff938000013700 0001 00000000 0x0 0x0
0xffff938000013780 0001 00000000 0x0 0x0
0xffff938000013800 0001 00000000 0x0 0x0
0xffff938000013880 0001 00000000 0x0 0x0
0xffff938000013900 0001 00000000 0x0 0x0
0xffff938000013980 0001 00000000 0x0 0x0
0xffff938000013a00 0001 00000000 0x0 0x0
0xffff938000013a80 0001 00000000 0x0 0x0
0xffff938000013b00 0001 00000000 0x0 0x0
0xffff938000013b80 0001 00000000 0x0 0x0
0xffff938000013c00 0001 00000000 0x0 0x0
0xffff938000013c80 0001 00000000 0x0 0x0
0xffff938000013d00 0001 00000000 0x0 0x0
0xffff938000013d80 0001 00000000 0x0 0x0
0xffff938000013e00 0001 00000000 0x0 0x0
0xffff938000013e80 0001 00000000 0x0 0x0
0xffff938000013f00 0001 00000000 0x0 0x0
0xffff938000013f80 0001 00000000 0x0 0x0
0xffff938000014000 0001 00000000 0x0 0x0
0xffff938000014080 0001 00000000 0x0 0x0
0xffff938000014100 0001 00000000 0x0 0x0
0xffff938000014180 0001 00000000 0x0 0x0
0xffff938000014200 0001 00000000 0x0 0x0
0xffff938000014280 0001 00000000 0x0 0x0
0xffff938000014300 0001 00000000 0x0 0x0
0xffff938000014380 0001 00000000 0x0 0x0
0xffff938000014400 0001 00000000 0x0 0x0
0xffff938000014480 0001 00000000 0x0 0x0
0xffff938000014500 0001 00000000 0x0 0x0
0xffff938000014580 0001 00000000 0x0 0x0
0xffff938000014600 0001 00000000 0x0 0x0
0xffff938000014680 0001 00000000 0x0 0x0
0xffff938000014700 0001 00000000 0x0 0x0
0xffff938000014780 0001 00000000 0x0 0x0
0xffff938000014800 0001 00000000 0x0 0x0
0xffff938000014880 0001 00000000 0x0 0x0
0xffff938000014900 0001 00000000 0x0 0x0
0xffff938000014980 0001 00000000 0x0 0x0
0xffff938000014a00 0001 00000000 0x0 0x0
0xffff938000014a80 0001 00000000 0x0 0x0
0xffff938000014b00 0001 00000000 0x0 0x0
0xffff938000014b80 0001 00000000 0x0 0x0
0xffff938000014c00 0001 00000000 0x0 0x0
0xffff938000014c80 0001 00000000 0x0 0x0
0xffff938000014d00 0001 00000000 0x0 0x0
0xffff938000014d80 0001 00000000 0x0 0x0
0xffff938000014e00 0001 00000000 0x0 0x0
0xffff938000014e80 0001 00000000 0x0 0x0
0xffff938000014f00 0041 00000000 0x0 0x0
0xffff938000014f80 0041 00000000 0x0 0x0
0xffff938000015000 0041 00000000 0x0 0x0
0xffff938000015080 0041 00000000 0x0 0x0
0xffff938000015100 0041 00000000 0x0 0x0
0xffff938000015180 0041 00000000 0x0 0x0
0xffff938000015200 0041 00000000 0x0 0x0
0xffff938000015280 0041 00000000 0x0 0x0
0xffff938000015300 0041 00000000 0x0 0x0
0xffff938000015380 0041 00000000 0x0 0x0
0xffff938000015400 0041 00000000 0x0 0x0
0xffff938000015480 0041 00000000 0x0 0x0
0xffff938000015500 0041 00000000 0x0 0x0
0xffff938000015580 0041 00000000 0x0 0x0
0xffff938000015600 0041 00000000 0x0 0x0
0xffff938000015680 0041 00000000 0x0 0x0
0xffff938000015700 0041 00000000 0x0 0x0
0xffff938000015780 0041 00000000 0x0 0x0
0xffff938000015800 0041 00000000 0x0 0x0
0xffff938000015880 0041 00000000 0x0 0x0
0xffff938000015900 0041 00000000 0x0 0x0
0xffff938000015980 0041 00000000 0x0 0x0
0xffff938000015a00 0041 00000000 0x0 0x0
0xffff938000015a80 0041 00000000 0x0 0x0
0xffff938000015b00 0041 00000000 0x0 0x0
0xffff938000015b80 0041 00000000 0x0 0x0
0xffff938000015c00 0041 00000000 0x0 0x0
0xffff938000015c80 0041 00000000 0x0 0x0
0xffff938000015d00 0041 00000000 0x0 0x0
0xffff938000015d80 0041 00000000 0x0 0x0
0xffff938000015e00 0041 00000000 0x0 0x0
0xffff938000015e80 0041 00000000 0x0 0x0
0xffff938000015f00 0041 00000000 0x0 0x0
0xffff938000015f80 0041 00000000 0x0 0x0
0xffff938000016000 0041 00000000 0x0 0x0
0xffff938000016080 0041 00000000 0x0 0x0
0xffff938000016100 0041 00000000 0x0 0x0
0xffff938000016180 0041 00000000 0x0 0x0
0xffff938000016200 0045 00000000 0x0 0x0
0xffff938000016280 0041 00000000 0x0 0x0
0xffff938000016300 0041 00000000 0x0 0x0
0xffff938000016380 0041 00000000 0x0 0x0
0xffff938000016400 0041 00000000 0x0 0x0
0xffff938000016480 0041 00000000 0x0 0x0
0xffff938000016500 0001 00000000 0x0 0x0
0xffff938000016580 0001 00000000 0x0 0x0
0xffff938000016600 0001 00000000 0x0 0x0
0xffff938000016680 0001 00000000 0x0 0x0
0xffff938000016700 0001 00000000 0x0 0x0
0xffff938000016780 0001 00000000 0x0 0x0
0xffff938000016800 0001 00000000 0x0 0x0
0xffff938000016880 0001 00000000 0x0 0x0
0xffff938000016900 0001 00000000 0x0 0x0
0xffff938000016980 0001 00000000 0x0 0x0
0xffff938000016a00 0001 00000000 0x0 0x0
0xffff938000016a80 0001 00000000 0x0 0x0
0xffff938000016b00 0001 00000000 0x0 0x0
0xffff938000016b80 0001 00000000 0x0 0x0
0xffff938000016c00 0001 00000000 0x0 0x0
0xffff938000016c80 0001 00000000 0x0 0x0
0xffff938000016d00 0001 00000000 0x0 0x0
0xffff938000016d80 0001 00000000 0x0 0x0
0xffff938000016e00 0001 00000000 0x0 0x0
0xffff938000016e80 0001 00000000 0x0 0x0
0xffff938000016f00 0001 00000000 0x0 0x0
0xffff938000016f80 0001 00000000 0x0 0x0
0xffff938000017000 0001 00000000 0x0 0x0
0xffff938000017080 0001 00000000 0x0 0x0
0xffff938000017100 0001 00000000 0x0 0x0
0xffff938000017180 0001 00000000 0x0 0x0
0xffff938000017200 0001 00000000 0x0 0x0
0xffff938000017280 0001 00000000 0x0 0x0
0xffff938000017300 0001 00000000 0x0 0x0
0xffff938000017380 0001 00000000 0x0 0x0
0xffff938000017400 0001 00000000 0x0 0x0
0xffff938000017480 0001 00000000 0x0 0x0
0xffff938000017500 0001 00000000 0x0 0x0
0xffff938000017580 0001 00000000 0x0 0x0
0xffff938000017600 0001 00000000 0x0 0x0
0xffff938000017680 0001 00000000 0x0 0x0
0xffff938000017700 0001 00000000 0x0 0x0
0xffff938000017780 0001 00000000 0x0 0x0
0xffff938000017800 0001 00000000 0x0 0x0
0xffff938000017880 0001 00000000 0x0 0x0
0xffff938000017900 0001 00000000 0x0 0x0
0xffff938000017980 0001 00000000 0x0 0x0
0xffff938000017a00 0001 00000000 0x0 0x0
0xffff938000017a80 0001 00000000 0x0 0x0
0xffff938000017b00 0001 00000000 0x0 0x0
0xffff938000017b80 0001 00000000 0x0 0x0
0xffff938000017c00 0001 00000000 0x0 0x0
0xffff938000017c80 0001 00000000 0x0 0x0
0xffff938000017d00 0001 00000000 0x0 0x0
0xffff938000017d80 0001 00000000 0x0 0x0
0xffff938000017e00 0001 00000000 0x0 0x0
0xffff938000017e80 0001 00000000 0x0 0x0
0xffff938000017f00 0001 00000000 0x0 0x0
0xffff938000017f80 0001 00000000 0x0 0x0
0xffff938000018000 0041 00000000 0x0 0x0
0xffff938000018080 0041 00000000 0x0 0x0
0xffff938000018100 0041 00000000 0x0 0x0
0xffff938000018180 0041 00000000 0x0 0x0
0xffff938000018200 0045 00000000 0x0 0x0
0xffff938000018280 0041 00000000 0x0 0x0
0xffff938000018300 0041 00000000 0x0 0x0
0xffff938000018380 0041 00000000 0x0 0x0
0xffff938000018400 0041 00000000 0x0 0x0
0xffff938000018480 0041 00000000 0x0 0x0
0xffff938000018500 0041 00000000 0x0 0x0
0xffff938000018580 0045 00000000 0x0 0x0
0xffff938000018600 0045 00000000 0x0 0x0
0xffff938000018680 0041 00000000 0x0 0x0
0xffff938000018700 0041 00000000 0x0 0x0
0xffff938000018780 0041 00000000 0x0 0x0
0xffff938000018800 0041 00000000 0x0 0x0
0xffff938000018880 0041 00000000 0x0 0x0
0xffff938000018900 0041 00000000 0x0 0x0
0xffff938000018980 0045 00000000 0x0 0x0
0xffff938000018a00 0045 00000000 0x0 0x0
0xffff938000018a80 0041 00000000 0x0 0x0
0xffff938000018b00 0041 00000000 0x0 0x0
0xffff938000018b80 0041 00000000 0x0 0x0
0xffff938000018c00 0041 00000000 0x0 0x0
0xffff938000018c80 0041 00000000 0x0 0x0
0xffff938000018d00 0041 00000000 0x0 0x0
0xffff938000018d80 0045 00000000 0x0 0x0
0xffff938000018e00 0045 00000000 0x0 0x0
0xffff938000018e80 0045 00000000 0x0 0x0
0xffff938000018f00 0041 00000000 0x0 0x0
0xffff938000018f80 0041 00000000 0x0 0x0
0xffff938000019000 0045 00000000 0x0 0x0
0xffff938000019080 0041 00000000 0x0 0x0
0xffff938000019100 0045 00000000 0x0 0x0
0xffff938000019180 0045 00000000 0x0 0x0
0xffff938000019200 0045 00000000 0x0 0x0
0xffff938000019280 0045 00000000 0x0 0x0
0xffff938000019300 0041 00000000 0x0 0x0
0xffff938000019380 0041 00000000 0x0 0x0
0xffff938000019400 0045 00000000 0x0 0x0
0xffff938000019480 0041 00000000 0x0 0x0
0xffff938000019500 0045 00000000 0x0 0x0
0xffff938000019580 0045 00000000 0x0 0x0
0xffff938000019600 0045 00000000 0x0 0x0
0xffff938000019680 0045 00000000 0x0 0x0
0xffff938000019700 0045 00000000 0x0 0x0
0xffff938000019780 0041 00000000 0x0 0x0
0xffff938000019800 0001 00000000 0x0 0x0
0xffff938000019880 0001 00000000 0x0 0x0
0xffff938000019900 0001 00000000 0x0 0x0
0xffff938000019980 0001 00000000 0x0 0x0
0xffff938000019a00 0001 00000000 0x0 0x0
0xffff938000019a80 0001 00000000 0x0 0x0
0xffff938000019b00 0001 00000000 0x0 0x0
0xffff938000019b80 0001 00000000 0x0 0x0
0xffff938000019c00 0001 00000000 0x0 0x0
0xffff938000019c80 0001 00000000 0x0 0x0
0xffff938000019d00 0001 00000000 0x0 0x0
0xffff938000019d80 0001 00000000 0x0 0x0
0xffff938000019e00 0001 00000000 0x0 0x0
0xffff938000019e80 0001 00000000 0x0 0x0
0xffff938000019f00 0001 00000000 0x0 0x0
0xffff938000019f80 0001 00000000 0x0 0x0
0xffff93800001a000 0001 00000000 0x0 0x0
0xffff93800001a080 0001 00000000 0x0 0x0
0xffff93800001a100 0001 00000000 0x0 0x0
0xffff93800001a180 0001 00000000 0x0 0x0
0xffff93800001a200 0001 00000000 0x0 0x0
0xffff93800001a280 0001 00000000 0x0 0x0
0xffff93800001a300 0001 00000000 0x0 0x0
0xffff93800001a380 0001 00000000 0x0 0x0
0xffff93800001a400 0001 00000000 0x0 0x0
0xffff93800001a480 0001 00000000 0x0 0x0
0xffff93800001a500 0001 00000000 0x0 0x0
0xffff93800001a580 0001 00000000 0x0 0x0
0xffff93800001a600 0001 00000000 0x0 0x0
0xffff93800001a680 0001 00000000 0x0 0x0
0xffff93800001a700 0001 00000000 0x0 0x0
0xffff93800001a780 0001 00000000 0x0 0x0
0xffff93800001a800 0001 00000000 0x0 0x0
0xffff93800001a880 0001 00000000 0x0 0x0
0xffff93800001a900 0001 00000000 0x0 0x0
0xffff93800001a980 0001 00000000 0x0 0x0
0xffff93800001aa00 0001 00000000 0x0 0x0
0xffff93800001aa80 0001 00000000 0x0 0x0
0xffff93800001ab00 0001 00000000 0x0 0x0
0xffff93800001ab80 0001 00000000 0x0 0x0
0xffff93800001ac00 0001 00000000 0x0 0x0
0xffff93800001ac80 0001 00000000 0x0 0x0
0xffff93800001ad00 0001 00000000 0x0 0x0
0xffff93800001ad80 0001 00000000 0x0 0x0
0xffff93800001ae00 0001 00000000 0x0 0x0
0xffff93800001ae80 0001 00000000 0x0 0x0
0xffff93800001af00 0001 00000000 0x0 0x0
0xffff93800001af80 0001 00000000 0x0 0x0
0xffff93800001b000 0001 00000000 0x0 0x0
0xffff93800001b080 0001 00000000 0x0 0x0
0xffff93800001b100 0001 00000000 0x0 0x0
0xffff93800001b180 0001 00000000 0x0 0x0
0xffff93800001b200 0001 00000000 0x0 0x0
0xffff93800001b280 0001 00000000 0x0 0x0
0xffff93800001b300 0001 00000000 0x0 0x0
0xffff93800001b380 0001 00000000 0x0 0x0
0xffff93800001b400 0001 00000000 0x0 0x0
0xffff93800001b480 0001 00000000 0x0 0x0
0xffff93800001b500 0001 00000000 0x0 0x0
0xffff93800001b580 0001 00000000 0x0 0x0
0xffff93800001b600 0001 00000000 0x0 0x0
0xffff93800001b680 0001 00000000 0x0 0x0
0xffff93800001b700 0001 00000000 0x0 0x0
0xffff93800001b780 0001 00000000 0x0 0x0
0xffff93800001b800 0001 00000000 0x0 0x0
0xffff93800001b880 0001 00000000 0x0 0x0
0xffff93800001b900 0001 00000000 0x0 0x0
0xffff93800001b980 0001 00000000 0x0 0x0
0xffff93800001ba00 0001 00000000 0x0 0x0
0xffff93800001ba80 0001 00000000 0x0 0x0
0xffff93800001bb00 0001 00000000 0x0 0x0
0xffff93800001bb80 0001 00000000 0x0 0x0
0xffff93800001bc00 0001 00000000 0x0 0x0
0xffff93800001bc80 0001 00000000 0x0 0x0
0xffff93800001bd00 0001 00000000 0x0 0x0
0xffff93800001bd80 0001 00000000 0x0 0x0
0xffff93800001be00 0001 00000000 0x0 0x0
0xffff93800001be80 0001 00000000 0x0 0x0
0xffff93800001bf00 0001 00000000 0x0 0x0
0xffff93800001bf80 0001 00000000 0x0 0x0
0xffff93800001c000 0001 00000000 0x0 0x0
0xffff93800001c080 0001 00000000 0x0 0x0
0xffff93800001c100 0001 00000000 0x0 0x0
0xffff93800001c180 0001 00000000 0x0 0x0
0xffff93800001c200 0001 00000000 0x0 0x0
0xffff93800001c280 0001 00000000 0x0 0x0
0xffff93800001c300 0001 00000000 0x0 0x0
0xffff93800001c380 0001 00000000 0x0 0x0
0xffff93800001c400 0001 00000000 0x0 0x0
0xffff93800001c480 0001 00000000 0x0 0x0
0xffff93800001c500 0001 00000000 0x0 0x0
0xffff93800001c580 0001 00000000 0x0 0x0
0xffff93800001c600 0001 00000000 0x0

---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

syzbot

unread,

Jun 27, 2020, 12:42:12 AM6/27/20

to syzkaller-...@googlegroups.com

syzbot has found a reproducer for the following crash on:

HEAD commit: 5f8d4fbd Adjust prior to enforce minimum socket length inc..
git tree: netbsd

console output: https://syzkaller.appspot.com/x/log.txt?x=1212c223100000

kernel config: https://syzkaller.appspot.com/x/.config?x=1420f906d33d9f1f
dashboard link: https://syzkaller.appspot.com/bug?extid=b05096f3114b2820d81c
compiler: g++ (Ubuntu 5.4.0-6ubuntu1~16.04.12) 5.4.0 20160609

syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10f58f4d100000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=112131d3100000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+b05096...@syzkaller.appspotmail.com

[ 41.4682631] fatal page fault in supervisor mode
[ 41.4682631] trap type 6 code 0x3 rip 0xffffffff821b0f86 cs 0x8 rflags 0x10246 cr2 0x20000000 ilevel 0 rsp 0xffffdd00bf32ce00
[ 41.4782604] prevented access to 0x20000000 (SMAP)
[ 41.4782604] curlwp 0xfffffd5046f76280 pid 1076.1081 lowest kstack 0xffffdd00bf3292c0
[ 41.4945103] in superviskoer rnmeodl:e

page fault trap, code=0
Stopped in pid 1076.1081 (syz-executor5665) at netbsd:statvfs_to_statfs12_copy+0x46: movw $0,0(%r15)

?
statvfs_to_statfs12_copy() at netbsd:statvfs_to_statfs12_copy+0x46 statvfs_to_statfs12 sys/compat/sys/mount.h:104 [inline]
statvfs_to_statfs12_copy() at netbsd:statvfs_to_statfs12_copy+0x46 sys/compat/sys/mount.h:143
do_sys_getvfsstat() at netbsd:do_sys_getvfsstat+0x11b sys/kern/vfs_syscalls.c:1349
compat_20_sys_getfsstat() at netbsd:compat_20_sys_getfsstat+0x6a sys/compat/common/vfs_syscalls_20.c:157

sys_syscall() at netbsd:sys_syscall+0x1b5 sy_call sys/sys/syscallvar.h:65 [inline]
sys_syscall() at netbsd:sys_syscall+0x1b5 sys/kern/sys_syscall.c:77

syscall() at netbsd:syscall+0x287 sy_call sys/sys/syscallvar.h:65 [inline]
syscall() at netbsd:syscall+0x287 sy_invoke sys/sys/syscallvar.h:94 [inline]
syscall() at netbsd:syscall+0x287 sys/arch/x86/x86/syscall.c:138

--- syscall (number 0) ---

netbsd:syscall+0x287:
Panic string: (null)
PID LID S CPU FLAGS STRUCT LWP * NAME WAIT

326 326 2 0 0 fffffd504434aa80 syz-executor5665
325 325 2 0 0 fffffd504620c9c0 syz-executor5665
1121 1121 2 0 0 fffffd50445e6340 syz-executor5665
1216 >1216 7 0 0 fffffd50470762c0 syz-executor5665
1071 1071 2 0 0 fffffd504498a700 syz-executor5665
1123 1123 3 0 80 fffffd50445a5240 syz-executor5665 parked
1085 1085 3 0 80 fffffd50447ab280 syz-executor5665 parked
727 727 3 0 80 fffffd50445e6bc0 syz-executor5665 parked
1074 1074 3 0 80 fffffd5044cf1740 syz-executor5665 parked
1084 1084 3 0 80 fffffd504631f0c0 syz-executor5665 parked
1091 1091 3 0 80 fffffd504620c140 syz-executor5665 parked
1109 1151 2 0 0 fffffd504566e900 syz-executor5665
1109 1082 3 0 80 fffffd5045735100 syz-executor5665 parked
1109 1109 3 0 10040080 fffffd5045735540 syz-executor5665 nanoslp
1077 1086 2 0 0 fffffd5044cf1b80 syz-executor5665
1077 1083 3 0 80 fffffd504631f940 syz-executor5665 parked
1077 1077 2 0 10040000 fffffd5044397ac0 syz-executor5665
972 1089 2 0 0 fffffd504498a2c0 syz-executor5665
972 972 2 0 10040000 fffffd5044397680 syz-executor5665
1073 1052 2 0 0 fffffd5046f76b00 syz-executor5665
1073 1072 3 0 80 fffffd5046f766c0 syz-executor5665 parked
1073 1073 2 1 10040000 fffffd5045843180 syz-executor5665
1076 >1081 7 1 0 fffffd5046f76280 syz-executor5665
1076 1076 2 1 10040000 fffffd5044397240 syz-executor5665
1066 1066 3 0 80 fffffd504636c600 syz-executor5665 nanoslp
1067 1067 3 1 80 fffffd504636c1c0 syz-executor5665 nanoslp
1068 1068 3 1 80 fffffd50445a5680 syz-executor5665 nanoslp
1254 1254 3 0 80 fffffd504441ba80 syz-executor5665 nanoslp
1064 1064 3 1 80 fffffd504434a200 syz-executor5665 nanoslp
1252 1252 3 1 80 fffffd504407e5c0 syz-executor5665 nanoslp
1250 1250 3 0 40080 fffffd504434a640 syz-executor5665 nanoslp
1117 1117 3 1 80 fffffd504636ca40 sshd select
850 850 3 1 80 fffffd5045843a00 getty nanoslp
852 852 3 1 80 fffffd504631f500 getty nanoslp
695 695 3 1 80 fffffd504441b200 getty nanoslp
1095 1095 3 0 c0 fffffd504441b640 getty ttyraw
941 941 3 1 80 fffffd504620c580 sshd select
814 814 3 1 80 fffffd50458435c0 powerd kqueue
713 713 3 0 80 fffffd50445e6780 syslogd kqueue
591 591 3 1 80 fffffd504580a8c0 dhcpcd poll
589 589 3 1 80 fffffd504580a040 dhcpcd poll
587 587 3 0 80 fffffd50447abb00 dhcpcd poll
551 551 3 1 80 fffffd504566e080 dhcpcd poll
347 347 3 0 80 fffffd5044cf1300 dhcpcd poll
346 346 3 1 80 fffffd50447ab6c0 dhcpcd poll
345 345 3 1 80 fffffd50445a5ac0 dhcpcd poll
1 1 3 1 80 fffffd503beb54c0 init wait
0 851 3 0 200 fffffd504407ea00 physiod physiod
0 166 3 0 200 fffffd50440cda40 pooldrain pooldrain
0 165 3 0 200 fffffd50440cd600 ioflush syncer
0 164 3 1 200 fffffd50440cd1c0 pgdaemon pgdaemon
0 161 3 1 200 fffffd504407e180 usb7 usbevt
0 31 3 1 200 fffffd5040ff79c0 usb6 usbevt
0 63 3 1 200 fffffd5040ff7580 usb5 usbevt
0 126 3 1 200 fffffd5040ff7140 usb4 usbevt
0 125 3 0 200 fffffd503dfa0980 usb3 usbevt
0 124 3 1 200 fffffd503dfa0540 usb2 usbevt
0 123 3 1 200 fffffd503dfa0100 usb1 usbevt
0 122 3 1 200 fffffd503cf49940 usb0 usbevt
0 121 3 1 200 fffffd503cf49500 usbtask-dr usbtsk
0 120 3 1 200 fffffd503cf490c0 usbtask-hc usbtsk
0 119 3 1 200 fffffd503beb5900 npfgc0 npfgcw
0 118 3 0 200 fffffd503beb5080 rt_free rt_free
0 117 3 0 200 fffffd503bebe8c0 unpgc unpgc
0 116 3 0 200 fffffd5039324ac0 key_timehandler key_timehandler
0 115 3 1 200 fffffd503bebe480 icmp6_wqinput/1 icmp6_wqinput
0 114 3 0 200 fffffd503bebe040 icmp6_wqinput/0 icmp6_wqinput
0 113 3 0 200 fffffd503be87bc0 nd6_timer nd6_timer
0 112 3 1 200 fffffd503be87780 carp6_wqinput/1 carp6_wqinput
0 111 3 0 200 fffffd503be212c0 carp6_wqinput/0 carp6_wqinput
0 110 3 1 200 fffffd503be40300 carp_wqinput/1 carp_wqinput
0 109 3 0 200 fffffd503b7a6b00 carp_wqinput/0 carp_wqinput
0 108 3 1 200 fffffd503be87340 icmp_wqinput/1 icmp_wqinput
0 107 3 0 200 fffffd503be40b80 icmp_wqinput/0 icmp_wqinput
0 106 3 0 200 fffffd503be21700 rt_timer rt_timer
0 105 3 1 200 fffffd503be21b40 vmem_rehash vmem_rehash
0 104 3 0 200 fffffd503be40740 entbutler entropy
0 30 3 1 200 fffffd503b7a66c0 vioif0_txrx/1 vioif0_txrx
0 29 3 0 200 fffffd503b7a6280 vioif0_txrx/0 vioif0_txrx
0 27 3 0 200 fffffd5039324680 scsibus0 sccomp
0 26 3 0 200 fffffd5039324240 pms0 pmsreset
0 25 3 1 200 fffffd5039297a80 xcall/1 xcall
0 24 1 1 200 fffffd5039297640 softser/1
0 23 1 1 200 fffffd5039297200 softclk/1
0 22 1 1 200 fffffd5039267a40 softbio/1
0 21 1 1 200 fffffd5039267600 softnet/1
0 20 1 1 201 fffffd50392671c0 idle/1
0 19 3 0 200 fffffd5149180a00 lnxpwrwq lnxpwrwq
0 18 3 0 200 fffffd51491805c0 lnxlngwq lnxlngwq
0 17 3 0 200 fffffd5149180180 lnxsyswq lnxsyswq
0 16 3 0 200 fffffd51491a79c0 lnxrcugc lnxrcugc
0 15 3 0 200 fffffd51491a7580 sysmon smtaskq
0 14 3 0 200 fffffd51491a7140 pmfsuspend pmfsuspend
0 13 3 0 200 fffffd51491ac980 pmfevent pmfevent
0 12 3 0 200 fffffd51491ac540 sopendfree sopendfr
0 11 3 0 200 fffffd51491ac100 iflnkst iflnkst
0 10 3 0 200 fffffd514a1df940 nfssilly nfssilly
0 9 3 0 200 fffffd514a1df500 vdrain vdrain
0 8 3 0 200 fffffd514a1df0c0 modunload mod_unld
0 7 3 0 200 fffffd514a20a900 xcall/0 xcall
0 6 1 0 200 fffffd514a20a4c0 softser/0
0 5 1 0 200 fffffd514a20a080 softclk/0
0 4 1 0 200 fffffd514a23b8c0 softbio/0
0 3 1 0 200 fffffd514a23b480 softnet/0
0 2 1 0 201 fffffd514a23b040 idle/0

0 0 3 0 200 ffffffff85ae88c0 swapper uvm
[Locks tracked through LWPs]

****** LWP 1071.1071 (syz-executor5665) @ 0xfffffd504498a700, l_stat=2

*** Locks held:

* Lock 0 (initialized at uvm_map_setup)
lock address : 0xfffffd5046098cc0 type : sleep/adaptive
initialized : 0xffffffff82f12485

shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xfffffd504498a700 last held: 0xfffffd504498a700
last locked* : 0xffffffff82f058c7 unlocked : 0xffffffff82ef3fee
owner/count : 0xfffffd504498a700 flags : 0x0000000000000004

Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 589.589 (dhcpcd) @ 0xfffffd504580a040, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff85ee7480 type : sleep/adaptive
initialized : 0xffffffff8300acaf
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0

relevant lwp : 0xfffffd504580a040 last held: 000000000000000000