ASan: Unauthorized Access in fixjobc

[syzbot]

Hello,

syzbot found the following crash on:

HEAD commit: 9506d362 in bus_dmamap_load_pglist() try a 32-element arra..
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=118de265e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=6e4d6bd2b8e377a2
dashboard link: https://syzkaller.appspot.com/bug?extid=1760b3f0751c1f440754
compiler: g++ (Ubuntu 5.4.0-6ubuntu1~16.04.12) 5.4.0 20160609

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+1760b3...@syzkaller.appspotmail.com

[ 71.2072834] panic: ASan: Unauthorized Access In 0xffffffff81181ccd: Addr 0xffffad800f367310 [8 bytes, read, PoolUseAfterFree]

[ 71.2172899] cpu0: Begin traceback...
[ 71.2373192] vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336
[ 71.2673784] snprintf() at netbsd:snprintf
[ 71.3174736] kasan_report() at netbsd:kasan_report+0x98 kasan_code_name sys/kern/subr_asan.c:186 [inline]
[ 71.3174736] kasan_report() at netbsd:kasan_report+0x98 sys/kern/subr_asan.c:196
[ 71.3675743] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:346 [inline]
[ 71.3675743] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:360 [inline]
[ 71.3675743] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_check sys/kern/subr_asan.c:412 [inline]
[ 71.3675743] __asan_load8() at netbsd:__asan_load8+0x294 sys/kern/subr_asan.c:1182
[ 71.4076563] fixjobc() at netbsd:fixjobc+0xfb sys/kern/kern_proc.c:1196
[ 71.4477340] proc_enterpgrp() at netbsd:proc_enterpgrp+0x26b sys/kern/kern_proc.c:1016
[ 71.4777930] sys_setpgid() at netbsd:sys_setpgid+0x73 sys/kern/kern_prot.c:289
[ 71.5178742] sys___syscall() at netbsd:sys___syscall+0xf5 sy_call sys/sys/syscallvar.h:65 [inline]
[ 71.5178742] sys___syscall() at netbsd:sys___syscall+0xf5 sys/kern/sys_syscall.c:77
[ 71.5579532] syscall() at netbsd:syscall+0x57e sy_call sys/sys/syscallvar.h:65 [inline]
[ 71.5579532] syscall() at netbsd:syscall+0x57e sy_invoke sys/sys/syscallvar.h:94 [inline]
[ 71.5579532] syscall() at netbsd:syscall+0x57e sys/arch/x86/x86/syscall.c:138
[ 71.5679706] --- syscall (number 198) ---
[ 71.5880090] 75d3c7e43b9a:
[ 71.5880090] cpu0: End traceback...
[ 71.5993237] fatal breakpoint trap in supervisor mode
[ 71.5993237] trap type 1 code 0 rip 0xffffffff8021e4b5 cs 0x8 rflags 0x246 cr2 0xa30004 ilevel 0 rsp 0xffffad818a8a6b90
[ 71.6151183] curlwp 0xffffad8013d96b00 pid 77.2 lowest kstack 0xffffad818a89f2c0
Stopped in pid 77.2 (syz-executor.1) at netbsd:breakpoint+0x5: leave
?
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0xe9 sys/ddb/db_panic.c:67
vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336
snprintf() at netbsd:snprintf
kasan_report() at netbsd:kasan_report+0x98 kasan_code_name sys/kern/subr_asan.c:186 [inline]
kasan_report() at netbsd:kasan_report+0x98 sys/kern/subr_asan.c:196
__asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:346 [inline]
__asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:360 [inline]
__asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_check sys/kern/subr_asan.c:412 [inline]
__asan_load8() at netbsd:__asan_load8+0x294 sys/kern/subr_asan.c:1182
fixjobc() at netbsd:fixjobc+0xfb sys/kern/kern_proc.c:1196
proc_enterpgrp() at netbsd:proc_enterpgrp+0x26b sys/kern/kern_proc.c:1016
sys_setpgid() at netbsd:sys_setpgid+0x73 sys/kern/kern_prot.c:289
sys___syscall() at netbsd:sys___syscall+0xf5 sy_call sys/sys/syscallvar.h:65 [inline]
sys___syscall() at netbsd:sys___syscall+0xf5 sys/kern/sys_syscall.c:77
syscall() at netbsd:syscall+0x57e sy_call sys/sys/syscallvar.h:65 [inline]
syscall() at netbsd:syscall+0x57e sy_invoke sys/sys/syscallvar.h:94 [inline]
syscall() at netbsd:syscall+0x57e sys/arch/x86/x86/syscall.c:138
--- syscall (number 198) ---
75d3c7e43b9a:
ds ffff
es 2d9d
fs 6b70
gs e608
rdi ffffad800d92d488
rsi ffffad8013d96db8
rbp ffffad818a8a6b90
rbx ffffffff82810480 cpu_info_primary
rdx 3ffff
rcx ffffad8181657000
rax ffffad801314ef08
r8 4
r9 1ffffffff0554b78
r10 ffffffff82aa5bc3 db_onpanic+0x3
r11 10
r12 ffffad816d8a4000
r13 ffffffff8243ede0 ostype+0x4e0e0
r14 ffffad818a8a6c20
r15 ffffad816d893068
rip ffffffff8021e4b5 breakpoint+0x5
cs 8
rflags 246
rsp ffffad818a8a6b90
ss 10
netbsd:breakpoint+0x5: leave
PID LID S CPU FLAGS STRUCT LWP * NAME WAIT
316 2 1 1 0 ffffad8012c4a940 syz-executor.3
316 1 2 1 0 ffffad8012c5e140 syz-executor.3
635 3 3 1 80 ffffad8012c52540 syz-executor.1 parked
762 2 3 0 80 ffffad8012c67a00 syz-executor.1 parked
697 3 1 1 0 ffffad8012c4a500 syz-executor.5
697 2 2 1 0 ffffad8012c721c0 syz-executor.5
697 1 3 1 40000 ffffad8012c52980 syz-executor.5 tstile
600 2 2 0 40000 ffffad8013ddf300 syz-executor.4
529 2 3 0 40080 ffffad8012c2f900 syz-executor.4 parked
529 1 2 0 10040000 ffffad8012bd7780 syz-executor.4
756 2 3 1 40080 ffffad8012bd7340 syz-executor.1 parked
595 1 2 0 40000 ffffad801218a9c0 syz-executor.2
496 2 3 0 40080 ffffad80133bab80 syz-executor.3 parked
590 3 3 1 40080 ffffad8013d966c0 syz-executor.3 parked
77 4 3 0 80 ffffad8012c5e9c0 syz-executor.1 parked
77 3 3 1 80 ffffad80121f41c0 syz-executor.1 parked
77 > 2 7 0 0 ffffad8013d96b00 syz-executor.1
77 1 2 0 10040000 ffffad8012078980 syz-executor.1
455 3 3 1 80 ffffad8013d88ac0 syz-executor.3 parked
96 2 3 1 80 ffffad8013d10a80 syz-executor.0 parked
518 2 3 0 80 ffffad8013d10640 syz-executor.3 parked
485 2 3 1 80 ffffad8012068500 syz-executor.0 parked
660 3 3 1 80 ffffad80121f4600 syz-executor.0 parked
34 2 3 0 80 ffffad8012016740 syz-executor.0 parked
601 1 2 0 0 ffffad8013b56940 syz-executor.4
497 1 2 0 0 ffffad8013b56500 syz-executor.2
400 1 2 0 0 ffffad8013b560c0 syz-executor.5
45 1 2 0 0 ffffad8013b2d900 syz-executor.3
563 1 2 0 0 ffffad8013b2d4c0 syz-executor.1
40 1 2 0 0 ffffad8013b2d080 syz-executor.0
533 11 3 0 80 ffffad8012b74680 syz-fuzzer parked
533 10 3 0 80 ffffad80116a16c0 syz-fuzzer kqueue
533 9 3 0 80 ffffad8013a468c0 syz-fuzzer parked
533 8 3 0 80 ffffad8013a46480 syz-fuzzer parked
533 7 3 1 80 ffffad8013411bc0 syz-fuzzer parked
533 6 3 1 80 ffffad8013411780 syz-fuzzer parked
533 5 3 1 80 ffffad8012b74240 syz-fuzzer parked
533 4 3 0 80 ffffad8012b946c0 syz-fuzzer parked
533 3 3 1 80 ffffad8012b94280 syz-fuzzer parked
533 2 3 0 80 ffffad8012bc9b80 syz-fuzzer parked
533 1 3 0 80 ffffad8011c8cb80 syz-fuzzer parked
510 1 3 1 80 ffffad8012ca42c0 sshd select
535 1 3 1 80 ffffad8012c675c0 getty nanoslp
575 1 3 1 80 ffffad8012c67180 getty nanoslp
423 1 3 0 80 ffffad8012c72a40 getty nanoslp
558 1 3 1 80 ffffad8012c72600 getty ttyraw
484 1 3 1 80 ffffad80120ed640 cron nanoslp
539 1 3 1 80 ffffad8012bc9740 inetd kqueue
431 1 3 1 80 ffffad80121e45c0 sshd select
490 1 3 0 80 ffffad801214c480 powerd kqueue
195 1 3 0 80 ffffad8012b94b00 syslogd kqueue
268 1 3 0 80 ffffad801213c340 dhcpcd kqueue
220 1 3 1 80 ffffad80120478c0 dhcpcd kqueue
1 1 3 0 80 ffffad8011e2d540 init wait
0 29 3 0 204 ffffad8011e83140 physiod physiod
0 48 3 0 204 ffffad8011e85180 pooldrain pooldrain
0 > 47 7 1 200 ffffad8011e839c0 ioflush
0 46 3 1 200 ffffad8011e83580 pgdaemon pgdaemon
0 44 3 0 200 ffffad8011e2d980 npfgc-0 npfgccv
0 43 3 0 204 ffffad8011e2d100 rt_free rt_free
0 42 3 0 204 ffffad8011e24940 unpgc unpgc
0 41 3 1 204 ffffad8011e24500 key_timehandler key_timehandler
0 40 3 1 204 ffffad8011e240c0 icmp6_wqinput/1 icmp6_wqinput
0 39 3 0 204 ffffad8011e1a900 icmp6_wqinput/0 icmp6_wqinput
0 38 3 0 204 ffffad8011e1a4c0 nd6_timer nd6_timer
0 37 3 1 204 ffffad8011e1a080 carp6_wqinput/1 carp6_wqinput
0 36 3 0 204 ffffad8011e168c0 carp6_wqinput/0 carp6_wqinput
0 35 3 1 204 ffffad8011e16480 carp_wqinput/1 carp_wqinput
0 34 3 0 204 ffffad8011e16040 carp_wqinput/0 carp_wqinput
0 33 3 1 204 ffffad8011c9bbc0 icmp_wqinput/1 icmp_wqinput
0 32 3 0 204 ffffad8011c9b780 icmp_wqinput/0 icmp_wqinput
0 31 2 0 200 ffffad8011c9b340 rt_timer
0 30 2 0 200 ffffad8011c8c300 vmem_rehash
0 28 3 0 204 ffffad800f35dac0 scsibus0 sccomp
0 27 3 0 200 ffffad800f35d680 pms0 pmsreset
0 26 3 1 204 ffffad800f35d240 xcall/1 xcall
0 25 1 1 200 ffffad800f35ca80 softser/1
0 24 1 1 200 ffffad800f35c640 softclk/1
0 23 1 1 200 ffffad800f35c200 softbio/1
0 22 1 1 200 ffffad800f26da40 softnet/1
0 21 1 1 201 ffffad800f26d600 idle/1
0 20 3 0 204 ffffad800f26d1c0 lnxpwrwq lnxpwrwq
0 19 3 0 204 ffffad800f26ba00 lnxlngwq lnxlngwq
0 18 3 0 204 ffffad800f26b5c0 lnxsyswq lnxsyswq
0 17 3 0 204 ffffad800f26b180 lnxrcugc lnxrcugc
0 16 3 0 204 ffffad800de4f9c0 sysmon smtaskq
0 15 3 0 204 ffffad800de4f580 pmfsuspend pmfsuspend
0 14 3 0 204 ffffad800de4f140 pmfevent pmfevent
0 13 3 0 204 ffffad800de40980 sopendfree sopendfr
0 12 3 0 204 ffffad800de40540 iflnkst iflnkst
0 11 3 0 204 ffffad800de40100 nfssilly nfssilly
0 10 3 0 200 ffffad800de34940 cachegc cachegc
0 9 3 0 204 ffffad800de34500 vdrain vdrain
0 8 3 0 200 ffffad800de340c0 modunload mod_unld
0 7 3 0 204 ffffad800de24900 xcall/0 xcall
0 6 1 0 200 ffffad800de244c0 softser/0
0 5 1 0 200 ffffad800de24080 softclk/0
0 4 1 0 200 ffffad800de218c0 softbio/0
0 3 1 0 200 ffffad800de21480 softnet/0
0 2 1 0 201 ffffad800de21040 idle/0
0 1 3 1 200 ffffffff82b6e280 swapper uvm
[Locks tracked through LWPs]

****** LWP 316.1 (syz-executor.3) @ 0xffffad8012c5e140, l_stat=2

*** Locks held:

* Lock 0 (initialized at uvm_obj_init)
lock address : 0xffffad800d91aec0 type : sleep/adaptive
initialized : 0xffffffff81103fb7
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 1
relevant lwp : 0xffffad8012c5e140 last held: 0xffffad8012c5e140
last locked* : 0xffffffff810e7d29 unlocked : 0xffffffff810e54d2
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 77.2 (syz-executor.1) @ 0xffffad8013d96b00, l_stat=7

*** Locks held:

* Lock 0 (initialized at procinit)
lock address : 0xffffad800d91a0c0 type : sleep/adaptive
initialized : 0xffffffff81180a73
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffad8013d96b00 last held: 0xffffad8013d96b00
last locked* : 0xffffffff81181f3f unlocked : 0xffffffff81181f21
owner field : 0xffffad8013d96b00 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 1 waiting writers: 0xffffad8012c52980

*** Locks wanted: none

****** LWP 40.1 (syz-executor.0) @ 0xffffad8013b2d080, l_stat=2

*** Locks held:

* Lock 0 (initialized at vcache_alloc)
lock address : 0xffffad8013a494c0 type : sleep/adaptive
initialized : 0xffffffff812c7df2
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffad8013b2d080 last held: 0xffffad8013b2d080
last locked* : 0xffffffff812f4c10 unlocked : 0xffffffff812f4acd
owner/count : 0xffffad8013b2d080 flags : 0x0000000000000004
Turnstile: no active turnstile for this lock.

* Lock 1 (initialized at vcache_alloc)
lock address : 0xffffad8013d87480 type : sleep/adaptive
initialized : 0xffffffff812c7df2
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffad8013b2d080 last held: 0xffffad8013b2d080
last locked* : 0xffffffff812f4c10 unlocked : 0xffffffff812f4acd
owner/count : 0xffffad8013b2d080 flags : 0x0000000000000004
Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 0.12 (iflnkst) @ 0xffffad800de40540, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff82d8da80 type : sleep/adaptive
initialized : 0xffffffff811752d2
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffad800de40540 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.5 (softclk/0) @ 0xffffad800de24080, l_stat=1

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff82d8da80 type : sleep/adaptive
initialized : 0xffffffff811752d2
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffad800de24080 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

[Locks tracked through CPUs]

PAGE FLAG PQ UOBJECT UANON
0xffffad8000014180 0041 00000000 0x0 0x0
0xffffad80000141f8 0041 00000000 0x0 0x0
0xffffad8000014270 0041 00000000 0x0 0x0
0xffffad80000142e8 0041 00000000 0x0 0x0
0xffffad8000014360 0041 00000000 0x0 0x0
0xffffad80000143d8 0041 00000000 0x0 0x0
0xffffad8000014450 0041 00000000 0x0 0x0
0xffffad80000144c8 0041 00000000 0x0 0x0
0xffffad8000014540 0041 00000000 0x0 0x0
0xffffad80000145b8 0041 00000000 0x0 0x0
0xffffad8000014630 0041 00000000 0x0 0x0
0xffffad80000146a8 0041 00000000 0x0 0x0
0xffffad8000014720 0041 00000000 0x0 0x0
0xffffad8000014798 0041 00000000 0x0 0x0
0xffffad8000014810 0041 00000000 0x0 0x0
0xffffad8000014888 0041 00000000 0x0 0x0
0xffffad8000014900 0041 00000000 0x0 0x0
0xffffad8000014978 0041 00000000 0x0 0x0
0xffffad80000149f0 0041 00000000 0x0 0x0
0xffffad8000014a68 0041 00000000 0x0 0x0
0xffffad8000014ae0 0041 00000000 0x0 0x0
0xffffad8000014b58 0041 00000000 0x0 0x0
0xffffad8000014bd0 0041 00000000 0x0 0x0
0xffffad8000014c48 0041 00000000 0x0 0x0
0xffffad8000014cc0 0041 00000000 0x0 0x0
0xffffad8000014d38 0041 00000000 0x0 0x0
0xffffad8000014db0 0041 00000000 0x0 0x0
0xffffad8000014e28 0041 00000000 0x0 0x0
0xffffad8000014ea0 0041 00000000 0x0 0x0
0xffffad8000014f18 0041 00000000 0x0 0x0
0xffffad8000014f90 0041 00000000 0x0 0x0
0xffffad8000015008 0041 00000000 0x0 0x0
0xffffad8000015080 0041 00000000 0x0 0x0
0xffffad80000150f8 0041 00000000 0x0 0x0
0xffffad8000015170 0041 00000000 0x0 0x0
0xffffad80000151e8 0041 00000000 0x0 0x0
0xffffad8000015260 0041 00000000 0x0 0x0
0xffffad80000152d8 0041 00000000 0x0 0x0
0xffffad8000015350 0041 00000000 0x0 0x0
0xffffad80000153c8 0041 00000000 0x0 0x0
0xffffad8000015440 0041 00000000 0x0 0x0
0xffffad80000154b8 0041 00000000 0x0 0x0
0xffffad8000015530 0041 00000000 0x0 0x0
0xffffad80000155a8 0041 00000000 0x0 0x0
0xffffad8000015620 0041 00000000 0x0 0x0
0xffffad8000015698 0041 00000000 0x0 0x0
0xffffad8000015710 0041 00000000 0x0 0x0
0xffffad8000015788 0041 00000000 0x0 0x0
0xffffad8000015800 0041 00000000 0x0 0x0
0xffffad8000015878 0041 00000000 0x0 0x0
0xffffad80000158f0 0041 00000000 0x0 0x0
0xffffad8000015968 0041 00000000 0x0 0x0
0xffffad80000159e0 0041 00000000 0x0 0x0
0xffffad8000015a58 0041 00000000 0x0 0x0
0xffffad8000015ad0 0041 00000000 0x0 0x0
0xffffad8000015b48 0041 00000000 0x0 0x0
0xffffad8000015bc0 0041 00000000 0x0 0x0
0xffffad8000015c38 0041 00000000 0x0 0x0
0xffffad8000015cb0 0041 00000000 0x0 0x0
0xffffad8000015d28 0041 00000000 0x0 0x0
0xffffad8000015da0 0041 00000000 0x0 0x0
0xffffad8000015e18 0041 00000000 0x0 0x0
0xffffad8000015e90 0041 00000000 0x0 0x0
0xffffad8000015f08 0041 00000000 0x0 0x0
0xffffad8000015f80 0041 00000000 0x0 0x0
0xffffad8000015ff8 0041 00000000 0x0 0x0
0xffffad8000016070 0041 00000000 0x0 0x0
0xffffad80000160e8 0041 00000000 0x0 0x0
0xffffad8000016160 0041 00000000 0x0 0x0
0xffffad80000161d8 0041 00000000 0x0 0x0
0xffffad8000016250 0041 00000000 0x0 0x0
0xffffad80000162c8 0041 00000000 0x0 0x0
0xffffad8000016340 0041 00000000 0x0 0x0
0xffffad80000163b8 0041 00000000 0x0 0x0
0xffffad8000016430 0045 00000000 0x0 0x0
0xffffad80000164a8 0041 00000000 0x0 0x0
0xffffad8000016520 0045 00000000 0x0 0x0
0xffffad8000016598 0041 00000000 0x0 0x0
0xffffad8000016610 0041 00000000 0x0 0x0
0xffffad8000016688 0041 00000000 0x0 0x0
0xffffad8000016700 0045 00000000 0x0 0x0
0xffffad8000016778 0041 00000000 0x0 0x0
0xffffad80000167f0 0045 00000000 0x0 0x0
0xffffad8000016868 0045 00000000 0x0 0x0
0xffffad80000168e0 0045 00000000 0x0 0x0
0xffffad8000016958 0045 00000000 0x0 0x0
0xffffad80000169d0 0045 00000000 0x0 0x0
0xffffad8000016a48 0045 00000000 0x0 0x0
0xffffad8000016ac0 0045 00000000 0x0 0x0
0xffffad8000016b38 0045 00000000 0x0 0x0
0xffffad8000016bb0 0041 00000000 0x0 0x0
0xffffad8000016c28 0045 00000000 0x0 0x0
0xffffad8000016ca0 0041 00000000 0x0 0x0
0xffffad8000016d18 0045 00000000 0x0 0x0
0xffffad8000016d90 0045 00000000 0x0 0x0
0xffffad8000016e08 0045 00000000 0x0 0x0
0xffffad8000016e80 0041 00000000 0x0 0x0
0xffffad8000016ef8 0045 00000000 0x0 0x0
0xffffad8000016f70 0041 00000000 0x0 0x0
0xffffad8000016fe8 0041 00000000 0x0 0x0
0xffffad8000017060 0041 00000000 0x0 0x0
0xffffad80000170d8 0041 00000000 0x0 0x0
0xffffad8000017150 0041 00000000 0x0 0x0
0xffffad80000171c8 0041 00000000 0x0 0x0
0xffffad8000017240 0041 00000000 0x0 0x0
0xffffad80000172b8 0041 00000000 0x0 0x0
0xffffad8000017330 0041 00000000 0x0 0x0
0xffffad80000173a8 0041 00000000 0x0 0x0
0xffffad8000017420 0041 00000000 0x0 0x0
0xffffad8000017498 0041 00000000 0x0 0x0
0xffffad8000017510 0041 00000000 0x0 0x0
0xffffad8000017588 0041 00000000 0x0 0x0
0xffffad8000017600 0041 00000000 0x0 0x0
0xffffad8000017678 0041 00000000 0x0 0x0
0xffffad80000176f0 0041 00000000 0x0 0x0
0xffffad8000017768 0041 00000000 0x0 0x0
0xffffad80000177e0 0041 00000000 0x0 0x0
0xffffad8000017858 0041 00000000 0x0 0x0
0xffffad80000178d0 0041 00000000 0x0 0x0
0xffffad8000017948 0041 00000000 0x0 0x0
0xffffad80000179c0 0041 00000000 0x0 0x0
0xffffad8000017a38 0041 00000000 0x0 0x0
0xffffad8000017ab0 0041 00000000 0x0 0x0
0xffffad8000017b28 0041 00000000 0x0 0x0
0xffffad8000017ba0 0041 00000000 0x0 0x0
0xffffad8000017c18 0041 00000000 0x0 0x0
0xffffad8000017c90 0041 00000000 0x0 0x0
0xffffad8000017d08 0041 00000000 0x0 0x0
0xffffad8000017d80 0041 00000000 0x0 0x0
0xffffad8000017df8 0041 00000000 0x0 0x0
0xffffad8000017e70 0041 00000000 0x0 0x0
0xffffad8000017ee8 0041 00000000 0x0 0x0
0xffffad8000017f60 0041 00000000 0x0 0x0
0xffffad8000017fd8 0041 00000000 0x0 0x0
0xffffad8000018050 0041 00000000 0x0 0x0
0xffffad80000180c8 0041 00000000 0x0 0x0
0xffffad8000018140 0041 00000000 0x0 0x0
0xffffad80000181b8 0041 00000000 0x0 0x0
0xffffad8000018230 0041 00000000 0x0 0x0
0xffffad80000182a8 0041 00000000 0x0 0x0
0xffffad8000018320 0041 00000000 0x0 0x0
0xffffad8000018398 0041 00000000 0x0 0x0
0xffffad8000018410 0041 00000000 0x0 0x0
0xffffad8000018488 0041 00000000 0x0 0x0
0xffffad8000018500 0041 00000000 0x0 0x0
0xffffad8000018578 0041 00000000 0x0 0x0
0xffffad80000185f0 0041 00000000 0x0 0x0
0xffffad8000018668 0041 00000000 0x0 0x0
0xffffad80000186e0 0041 00000000 0x0 0x0
0xffffad8000018758 0041 00000000 0x0 0x0
0xffffad80000187d0 0041 00000000 0x0 0x0
0xffffad8000018848 0041 00000000 0x0 0x0
0xffffad80000188c0 0041 00000000 0x0 0x0
0xffffad8000018938 0041 00000000 0x0 0x0
0xffffad80000189b0 0041 00000000 0x0 0x0
0xffffad8000018a28 0041 00000000 0x0 0x0
0xffffad8000018aa0 0041 00000000 0x0 0x0
0xffffad8000018b18 0041 00000000 0x0 0x0
0xffffad8000018b90 0041 00000000 0x0 0x0
0xffffad8000018c08 0041 00000000 0x0 0x0
0xffffad8000018c80 0041 00000000 0x0 0x0
0xffffad8000018cf8 0041 00000000 0x0 0x0
0xffffad8000018d70 0041 00000000 0x0 0x0
0xffffad8000018de8 0041 00000000 0x0 0x0
0xffffad8000018e60 0041 00000000 0x0 0x0
0xffffad8000018ed8 0041 00000000 0x0 0x0
0xffffad8000018f50 0041 00000000 0x0 0x0
0xffffad8000018fc8 0041 00000000 0x0 0x0
0xffffad8000019040 0041 00000000 0x0 0x0
0xffffad80000190b8 0041 00000000 0x0 0x0
0xffffad8000019130 0041 00000000 0x0 0x0
0xffffad80000191a8 0041 00000000 0x0 0x0
0xffffad8000019220 0041 00000000 0x0 0x0
0xffffad8000019298 0041 00000000 0x0 0x0
0xffffad8000019310 0041 00000000 0x0 0x0
0xffffad8000019388 0041 00000000 0x0 0x0
0xffffad8000019400 0041 00000000 0x0 0x0
0xffffad8000019478 0041 00000000 0x0 0x0
0xffffad80000194f0 0041 00000000 0x0 0x0
0xffffad8000019568 0041 00000000 0x0 0x0
0xffffad80000195e0 0041 00000000 0x0 0x0
0xffffad8000019658 0041 00000000 0x0 0x0
0xffffad80000196d0 0041 00000000 0x0 0x0
0xffffad8000019748 0041 00000000 0x0 0x0
0xffffad80000197c0 0041 00000000 0x0 0x0
0xffffad8000019838 0041 00000000 0x0 0x0
0xffffad80000198b0 0041 00000000 0x0 0x0
0xffffad8000019928 0041 00000000 0x0 0x0
0xffffad80000199a0 0041 00000000 0x0 0x0
0xffffad8000019a18 0041 00000000 0x0 0x0
0xffffad8000019a90 0041 00000000 0x0 0x0
0xffffad8000019b08 0041 00000000 0x0 0x0
0xffffad8000019b80 0041 00000000 0x0 0x0
0xffffad8000019bf8 0041 00000000 0x0 0x0
0xffffad8000019c70 0041 00000000 0x0 0x0
0xffffad8000019ce8 0041 00000000 0x0 0x0
0xffffad8000019d60 0041 00000000 0x0 0x0
0xffffad8000019dd8 0041 00000000 0x0 0x0
0xffffad8000019e50 0041 00000000 0x0 0x0
0xffffad8000019ec8 0041 00000000 0x0 0x0
0xffffad8000019f40 0041 00000000 0x0 0x0
0xffffad8000019fb8 0041 00000000 0x0 0x0
0xffffad800001a030 0041 00000000 0x0 0x0
0xffffad800001a0a8 0041 00000000 0x0 0x0
0xffffad800001a120 0041 00000000 0x0 0x0
0xffffad800001a198 0041 00000000 0x0 0x0
0xffffad800001a210 0041 00000000 0x0 0x0
0xffffad800001a288 0041 00000000 0x0 0x0
0xffffad800001a300 0041 00000000 0x0 0x0
0xffffad800001a378 0041 00000000 0x0 0x0
0xffffad800001a3f0 0001 00000000 0x0 0x0
0xffffad800001a468 0001 00000000 0x0 0x0
0xffffad800001a4e0 0001 00000000 0x0 0x0
0xffffad800001a558 0001 00000000 0x0 0x0
0xffffad800001a5d0 0001 00000000 0x0 0x0
0xffffad800001a648 0001 00000000 0x0 0x0
0xffffad800001a6c0 0001 00000000 0x0 0x0
0xffffad800001a738 0001 00000000 0x0 0x0
0xffffad800001a7b0 0001 00000000 0x0 0x0
0xffffad800001a828 0001 00000000 0x0 0x0
0xffffad800001a8a0 0001 00000000 0x0 0x0
0xffffad800001a918 0001 00000000 0x0 0x0
0xffffad800001a990 0001 00000000 0x0 0x0
0xffffad800001aa08 0001 00000000 0x0 0x0
0xffffad800001aa80 0001 00000000 0x0 0x0
0xffffad800001aaf8 0001 00000000 0x0 0x0
0xffffad800001ab70 0001 00000000 0x0 0x0
0xffffad800001abe8 0001 00000000 0x0 0x0
0xffffad800001ac60 0001 00000000 0x0 0x0
0xffffad800001acd8 0001 00000000 0x0 0x0
0xffffad800001ad50 0001 00000000 0x0 0x0
0xffffad800001adc8 0001 00000000 0x0 0x0
0xffffad800001ae40 0001 00000000 0x0 0x0
0xffffad800001aeb8 0001 00000000 0x0 0x0
0xffffad800001af30 0001 00000000 0x0 0x0
0xffffad800001afa8 0001 00000000 0x0 0x0
0xffffad800001b020 0001 00000000 0x0 0x0
0xffffad800001b098 0001 00000000 0x0 0x0
0xffffad800001b110 0001 00000000 0x0 0x0
0xffffad800001b188 0001 00000000 0x0 0x0
0xffffad800001b200 0001 00000000 0x0 0x0
0xffffad800001b278 0001 00000000 0x0 0x0
0xffffad800001b2f0 0001 00000000 0x0 0x0
0xffffad800001b368 0001 00000000 0x0 0x0
0xffffad800001b3e0 0001 00000000 0x0 0x0
0xffffad800001b458 0001 00000000 0x0 0x0
0xffffad800001b4d0 0001 00000000 0x0 0x0
0xffffad800001b548 0001 00000000 0x0 0x0
0xffffad800001b5c0 0001 00000000 0x0 0x0
0xffffad800001b638 0001 00000000 0x0 0x0
0xffffad800001b6b0 0001 00000000 0x0 0x0
0xffffad800001b728 0001 00000000 0x0 0x0
0xffffad800001b7a0 0001 00000000 0x0 0x0
0xffffad800001b818 0001 00000000 0x0 0x0
0xffffad800001b890 0001 00000000 0x0 0x0
0xffffad800001b908 0001 00000000 0x0 0x0
0xffffad800001b980 0001 00000000 0x0 0x0
0xffffad800001b9f8 0001 00000000 0x0 0x0
0xffffad800001ba70 0001 00000000 0x0 0x0
0xffffad800001bae8 0001 00000000 0x0 0x0
0xffffad800001bb60 0001 00000000 0x0 0x0
0xffffad800001bbd8 0001 00000000 0x0 0x0
0xffffad800001bc50 0001 00000000 0x0 0x0
0xffffad800001bcc8 0001 00000000 0x0 0x0
0xffffad800001bd40 0041 00000000 0x0 0x0
0xffffad800001bdb8 0041 00000000 0x0 0x0
0xffffad800001be30 0041 00000000 0x0 0x0
0xffffad800001bea8 0041 00000000 0x0 0x0
0xffffad800001bf20 0041 00000000 0x0 0x0
0xffffad800001bf98 0041 00000000 0x0 0x0
0xffffad800001c010 0041 00000000 0x0 0x0
0xffffad800001c088 0041 00000000 0x0 0x0
0xffffad800001c100 0041 00000000 0x0 0x0
0xffffad800001c178 0041 00000000 0x0 0x0
0xffffad800001c1f0 0041 00000000 0x0 0x0
0xffffad800001c268 0041 00000000 0x0 0x0
0xffffad800001c2e0 0041 00000000 0x0 0x0
0xffffad800001c358 0041 00000000 0x0 0x0
0xffffad800001c3d0 0041 00000000 0x0 0x0
0xffffad800001c448 0041 00000000 0x0 0x0
0xffffad800001c4c0 0041 00000000 0x0 0x0
0xffffad800001c538 0041 00000000 0x0 0x0
0xffffad800001c5b0 0041 00000000 0x0 0x0
0xffffad800001c628 0041 00000000 0x0 0x0
0xffffad800001c6a0 0041 00000000 0x0 0x0
0xffffad800001c718 0041 00000000 0x0 0x0
0xffffad800001c790 0041 00000000 0x0 0x0
0xffffad800001c808 0041 00000000 0x0 0x0
0xffffad800001c880 0041 00000000 0x0 0x0
0xffffad800001c8f8 0041 00000000 0x0 0x0
0xffffad800001c970 0041 00000000 0x0 0x0
0xffffad800001c9e8 0041 00000000 0x0 0x0
0xffffad800001ca60 0041 00000000 0x0 0x0
0xffffad800001cad8 0041 00000000 0x0 0x0
0xffffad800001cb50 0041 00000000 0x0 0x0
0xffffad800001cbc8 0041 00000000 0x0 0x0
0xffffad800001cc40 0041 00000000 0x0 0x0
0xffffad800001ccb8 0041 00000000 0x0 0x0
0xffffad800001cd30 0041 00000000 0x0 0x0
0xffffad800001cda8 0041 00000000 0x0 0x0
0xffffad800001ce20 0041 00000000 0x0 0x0
0xffffad800001ce98 0041 00000000 0x0 0x0
0xffffad800001cf10 0041 00000000 0x0 0x0
0xffffad800001cf88 0041 00000000 0x0 0x0
0xffffad800001d000 0041 00000000 0x0 0x0
0xffffad800001d078 0041 00000000 0x0 0x0
0xffffad800001d0f0 0041 00000000 0x0 0x0
0xffffad800001d168 0041 00000000 0x0 0x0
0xffffad800001d1e0 0041 00000000 0x0 0x0
0xffffad800001d258 0041 00000000 0x0 0x0
0xffffad800001d2d0 0041 00000000 0x0 0x0
0xffffad800001d348 0041 00000000 0x0 0x0
0xffffad800001d3c0 0001 00000000 0x0 0x0
0xffffad800001d438 0001 00000000 0x0 0x0
0xffffad800001d4b0 0001 00000000 0x0 0x0
0xffffad800001d528 0001 00000000 0x0 0x0
0xffffad800001d5a0 0001 00000000 0x0 0x0
0xffffad800001d618 0001 00000000 0x0 0x0
0xffffad800001d690 0001 00000000 0x0 0x0
0xffffad800001d708 0001 00000000 0x0 0x0
0xffffad800001d780 0001 00000000 0x0 0x0
0xffffad800001d7f8 0001 00000000 0x0 0x0
0xffffad800001d870 0001 00000000 0x0 0x0
0xffffad800001d8e8 0001 00000000 0x0 0x0
0xffffad800001d960 0001 00000000 0x0 0x0
0xffffad800001d9d8 0001 00000000 0x0 0x0
0xffffad800001da50 0001 00000000 0x0 0x0
0xffffad800001dac8 0001 00000000 0x0 0x0
0xffffad800001db40 0001 00000000 0x0 0x0
0xffffad800001dbb8 0001 00000000 0x0 0x0
0xffffad800001dc30 0001 00000000 0x0 0x0
0xffffad800001dca8 0001 00000000 0x0 0x0
0xffffad800001dd20 0001 00000000 0x0 0x0
0xffffad800001dd98 0001 00000000 0x0 0x0
0xffffad800001de10 0001 00000000 0x0 0x0
0xffffad800001de88 0001 00000000 0x0 0x0
0xffffad800001df00 0001 00000000 0x0 0x0
0xffffad800001df78 0001 00000000 0x0 0x0
0xffffad800001dff0 0001 00000000 0x0 0x0
0xffffad800001e068 0001 00000000 0x0 0x0
0xffffad800001e0e0 0001 00000000 0x0 0x0
0xffffad800001e158 0001 00000000 0x0 0x0
0xffffad800001e1d0 0001 00000000 0x0 0x0
0xffffad800001e248 0001 00000000 0x0 0x0
0xffffad800001e2c0 0001 00000000 0x0 0x0
0xffffad800001e338 0001 00000000 0x0 0x0
0xffffad800001e3b0 0001 00000000 0x0 0x0
0xffffad800001e428 0001 00000000 0x0 0x0
0xffffad800001e4a0 0001 00000000 0x0 0x0
0xffffad800001e518 0001 00000000 0x0 0x0
0xffffad800001e590 0001 00000000 0x0 0x0
0xffffad800001e608 0001 00000000 0x0 0x0
0xffffad800001e680 0001 00000000 0x0 0x0
0xffffad800001e6f8 0001 00000000 0x0 0x0
0xffffad800001e770 0001 00000000 0x0 0x0
0xffffad800001e7e8 0001 00000000 0x0 0x0
0xffffad800001e860 0001 00000000 0x0 0x0
0xffffad800001e8d8 0001 00000000 0x0 0x0
0xffffad800001e950 0001 00000000 0x0 0x0
0xffffad800001e9c8 0001 00000000 0x0 0x0
0xffffad800001ea40 0001 00000000 0x0 0x0
0xffffad800001eab8 0001 00000000 0x0 0x0
0xffffad800001eb30 0001 00000000 0x0 0x0
0xffffad800001eba8 0001 00000000 0x0 0x0
0xffffad800001ec20 0001 00000000 0x0 0x0
0xffffad800001ec98 0001 00000000 0x0 0x0
0xffffad800001ed10 0041 00000000 0x0 0x0
0xffffad800001ed88 0041 00000000 0x0 0x0
0xffffad800001ee00 0041 00000000 0x0 0x0
0xffffad800001ee78 0041 00000000 0x0 0x0
0xffffad800001eef0 0041 00000000 0x0 0x0
0xffffad800001ef68 0041 00000000 0x0 0x0
0xffffad800001efe0 0041 00000000 0x0 0x0
0xffffad800001f058 0041 00000000 0x0 0x0
0xffffad800001f0d0 0041 00000000 0x0 0x0
0xffffad800001f148 0041 00000000 0x0 0x0
0xffffad800001f1c0 0041 00000000 0x0 0x0
0xffffad800001f238 0041 00000000 0x0 0x0
0xffffad800001f2b0 0041 00000000 0x0 0x0
0xffffad800001f328 0041 00000000 0x0 0x0
0xffffad800001f3a0 0041 00000000 0x0 0x0
0xffffad800001f418 0041 00000000 0x0 0x0
0xffffad800001f490 0041 00000000 0x0 0x0
0xffffad800001f508 0041 00000000 0x0 0x0
0xffffad800001f580 0041 00000000 0x0 0x0
0xffffad800001f5f8 0041 00000000 0x0 0x0
0xffffad800001f670 0041 00000000 0x0 0x0
0xffffad800001f6e8 0041 00000000 0x0 0x0
0xffffad800001f760 0041 00000000 0x0 0x0
0xffffad800001f7d8 0041 00000000 0x0 0x0
0xffffad800001f850 0041 00000000 0x0 0x0
0xffffad800001f8c8 0041 00000000 0x0 0x0
0xffffad800001f940 0041 00000000 0x0 0x0
0xffffad800001f9b8 0041 00000000 0x0 0x0
0xffffad800001fa30 0041 00000000 0x0 0x0
0xffffad800001faa8 0041 00000000 0x0 0x0
0xffffad800001fb20 0041 00000000 0x0 0x0
0xffffad800001fb98 0041 00000000 0x0 0x0
0xffffad800001fc10 0041 00000000 0x0 0x0
0xffffad800001fc88 0041 00000000 0x0 0x0
0xffffad800001fd00 0041 00000000 0x0 0x0
0xffffad800001fd78 0041 00000000 0x0 0x0
0xffffad800001fdf0 0041 00000000 0x0 0x0
0xffffad800001fe68 0041 00000000 0x0 0x0
0xffffad800001fee0 0041 00000000 0x0 0x0
0xffffad800001ff58 0041 00000000 0x0 0x0
0xffffad800001ffd0 0041 00000000 0x0 0x0
0xffffad8000020048 0041 00000000 0x0 0x0
0xffffad80000200c0 0041 00000000 0x0 0x0
0xffffad8000020138 0041 00000000 0x0 0x0
0xffffad80000201b0 0041 00000000 0x0 0x0
0xffffad8000020228 0041 00000000 0x0 0x0
0xffffad80000202a0 0041 00000000 0x0 0x0
0xffffad8000020318 0041 00000000 0x0 0x0
0xffffad8000020390 0041 00000000 0x0 0x0
0xffffad8000020408 0001 00000000 0x0 0x0
0xffffad8000020480 0001 00000000 0x0 0x0
0xffffad80000204f8 0001 00000000 0x0 0x0
0xffffad8000020570 0001 00000000 0x0 0x0
0xffffad80000205e8 0001 00000000 0x0 0x0
0xffffad8000020660 0001 00000000 0x0 0x0
0xffffad80000206d8 0001 00000000 0x0 0x0
0xffffad8000020750 0001 00000000 0x0 0x0
0xffffad80000207c8 0001 00000000 0x0 0x0
0xffffad8000020840 0001 00000000 0x0 0x0
0xffffad80000208b8 0001 00000000 0x0 0x0
0xffffad8000020930 0001 00000000 0x0 0x0
0xffffad80000209a8 0001 00000000 0x0 0x0
0xffffad8000020a20 0001 00000000 0x0 0x0
0xffffad8000020a98 0001 00000000 0x0 0x0
0xffffad8000020b10 0001 00000000 0x0 0x0
0xffffad8000020b88 0001 00000000 0x0 0x0
0xffffad8000020c00 0001 00000000 0x0 0x0
0xffffad8000020c78 0001 00000000 0x0 0x0
0xffffad8000020cf0 0001 00000000 0x0 0x0
0xffffad8000020d68 0001 00000000 0x0 0x0
0xffffad8000020de0 0001 00000000 0x0 0x0
0xffffad8000020e58 0001 00000000 0x0 0x0
0xffffad8000020ed0 0001 00000000 0x0 0x0
0xffffad8000020f48 0001 00000000 0x0 0x0
0xffffad8000020fc0 0001 00000000 0x0 0x0
0xffffad8000021038 0001 00000000 0x0 0x0
0xffffad80000210b0 0001 00000000 0x0 0x0
0xffffad8000021128 0001 00000000 0x0 0x0
0xffffad80000211a0 0001 00000000 0x0 0x0
0xffffad8000021218 0001 00000000 0x0 0x0
0xffffad8000021290 0001 00000000 0x0 0x0
0xffffad8000021308 0001 00000000 0x0 0x0
0xffffad8000021380 0001 00000000 0x0 0x0
0xffffad80000213f8 0001 00000000 0x0 0x0
0xffffad8000021470 0001 00000000 0x0 0x0
0xffffad80000214e8 0001 00000000 0x0 0x0
0xffffad8000021560 0001 00000000 0x0 0x0
0xffffad80000215d8 0001 00000000 0x0 0x0
0xffffad8000021650 0001 00000000 0x0 0x0
0xffffad80000216c8 0001 00000000 0x0 0x0
0xffffad8000021740 0001 00000000 0x0 0x0
0xffffad80000217b8 0001 00000000 0x0 0x0
0xffffad8000021830 0001 00000000 0x0 0x0
0xffffad80000218a8 0001 00000000 0x0 0x0
0xffffad8000021920 0001 00000000 0x0 0x0
0xffffad8000021998 0001 00000000 0x0 0x0
0xffffad8000021a10 0001 00000000 0x0 0x0
0xffffad8000021a88 0001 00000000 0x0 0x0
0xffffad8000021b00 0001 00000000 0x0 0x0
0xffffad8000021b78 0001 00000000 0x0 0x0
0xffffad8000021bf0 0001 00000000 0x0 0x0
0xffffad8000021c68 0001 00000000 0x0 0x0
0xffffad8000021ce0 0001 00000000 0x0 0x0
0xffffad8000021d58 0041 00000000 0x0 0x0
0xffffad8000021dd0 0041 00000000 0x0 0x0
0xffffad8000021e48 0041 00000000 0x0 0x0
0xffffad8000021ec0 0041 00000000 0x0 0x0
0xffffad8000021f38 0041 00000000 0x0 0x0
0xffffad8000021fb0 0041 00000000 0x0 0x0
0xffffad8000022028 0041 00000000 0x0 0x0
0xffffad80000220a0 0041 00000000 0x0 0x0
0xffffad8000022118 0041 00000000 0x0 0x0
0xffffad8000022190 0041 00000000 0x0 0x0
0xffffad8000022208 0041 00000000 0x0 0x0
0xffffad8000022280 0041 00000000 0x0 0x0
0xffffad80000222f8 0041 00000000 0x0 0x0
0xffffad8000022370 0041 00000000 0x0 0x0
0xffffad80000223e8 0041 00000000 0x0 0x0
0xffffad8000022460 0041 00000000 0x0 0x0
0xffffad80000224d8 0041 00000000 0x0 0x0
0xffffad8000022550 0041 00000000 0x0 0x0
0xffffad80000225c8 0041 00000000 0x0 0x0
0xffffad8000022640 0041 00000000 0x0 0x0
0xffffad80000226b8 0041 00000000 0x0 0x0
0xffffad8000022730 0041 00000000 0x0 0x0
0xffffad80000227a8 0041 00000000 0x0 0x0
0xffffad8000022820 0041 00000000 0x0 0x0
0xffffad8000022898 0041 00000000 0x0 0x0
0xffffad8000022910 0041 00000000 0x0 0x0
0xffffad8000022988 0041 00000000 0x0 0x0
0xffffad8000022a00 0041 00000000 0x0 0x0
0xffffad8000022a78 0041 00000000 0x0 0x0
0xffffad8000022af0 0041 00000000 0x0 0x0
0xffffad8000022b68 0041 00000000 0x0 0x0
0xffffad8000022be0 0041 00000000 0x0 0x0
0xffffad8000022c58 0041 00000000 0x0 0x0
0xffffad8000022cd0 0041 00000000 0x0 0x0
0xffffad8000022d48 0041 00000000 0x0 0x0
0xffffad8000022dc0 0041 00000000 0x0 0x0
0xffffad8000022e38 0041 00000000 0x0 0x0
0xffffad8000022eb0 0041 00000000 0x0 0x0
0xffffad8000022f28 0041 00000000 0x0 0x0
0xffffad8000022fa0 0041 00000000 0x0 0x0
0xffffad8000023018 0041 00000000 0x0 0x0
0xffffad8000023090 0041 00000000 0x0 0x0
0xffffad8000023108 0041 00000000 0x0 0x0
0xffffad8000023180 0041 00000000 0x0 0x0
0xffffad80000231f8 0041 00000000 0x0 0x0
0xffffad8000023270 0041 00000000 0x0 0x0
0xffffad80000232e8 0041 00000000 0x0 0x0
0xffffad8000023360 0041 00000000 0x0 0x0
0xffffad80000233d8 0041 00000000 0x0 0x0
0xffffad8000023450 0041 00000000 0x0 0x0
0xffffad80000234c8 0041 00000000 0x0 0x0
0xffffad8000023540 0041 00000000 0x0 0x0
0xffffad80000235b8 0041 00000000 0x0 0x0
0xffffad8000023630 0041 00000000 0x0 0x0
0xffffad80000236a8 0041 00000000 0x0 0x0
0xffffad8000023720 0041 00000000 0x0 0x0
0xffffad8000023798 0041 00000000 0x0 0x0
0xffffad8000023810 0041 00000000 0x0 0x0
0xffffad8000023888 0041 00000000 0x0 0x0
0xffffad8000023900 0041 00000000 0x0 0x0
0xffffad8000023978 0041 00000000 0x0 0x0
0xffffad80000239f0 0041 00000000 0x0 0x0
0xffffad8000023a68 0041 00000000 0x0 0x0
0xffffad8000023ae0 0041 00000000 0x0 0x0
0xffffad8000023b58 0041 00000000 0x0 0x0
0xffffad8000023bd0 0041 00000000 0x0 0x0
0xffffad8000023c48 0041 00000000 0x0 0x0
0xffffad8000023cc0 0041 00000000 0x0 0x0
0xffffad8000023d38 0041 00000000 0x0 0x0
0xffffad8000023db0 0041 00000000 0x0 0x0
0xffffad8000023e28 0041 00000000 0x0 0x0
0xffffad8000023ea0 0041 00000000 0x0 0x0
0xffffad8000023f18 0041 00000000 0x0 0x0
0xffffad8000023f90 0041 00000000 0x0 0x0
0xffffad8000024008 0041 00000000 0x0 0x0
0xffffad8000024080 0041 00000000 0x0 0x0
0xffffad80000240f8 0041 00000000 0x0 0x0
0xffffad8000024170 0041 00000000 0x0 0x0
0xffffad80000241e8 0041 00000000 0x0 0x0
0xffffad8000024260 0041 00000000 0x0 0x0
0xffffad80000242d8 0041 00000000 0x0 0x0
0xffffad8000024350 0041 00000000 0x0 0x0
0xffffad80000243c8 0041 00000000 0x0 0x0
0xffffad8000024440 0041 00000000 0x0 0x0
0xffffad80000244b8 0041 00000000 0x0 0x0
0xffffad8000024530 0041 00000000 0x0 0x0
0xffffad80000245a8 0041 00000000 0x0 0x0
0xffffad8000024620 0041 00000000 0x0 0x0
0xffffad8000024698 0041 00000000 0x0 0x0
0xffffad8000024710 0041 00000000 0x0 0x0
0xffffad8000024788 0041 00000000 0x0 0x0
0xffffad8000024800 0041 00000000 0x0 0x0
0xffffad8000024878 0041 00000000 0x0 0x0
0xffffad80000248f0 0041 00000000 0x0 0x0
0xffffad8000024968 0041 00000000 0x0 0x0
0xffffad80000249e0 0041 00000000 0x0 0x0
0xffffad8000024a58 0041 00000000 0x0 0x0
0xffffad8000024ad0 0041 00000000 0x0 0x0
0xffffad8000024b48 0041 00000000 0x0 0x0
0xffffad8000024bc0 0041 00000000 0x0 0x0
0xffffad8000024c38 0041 00000000 0x0 0x0
0xffffad8000024cb0 0041 00000000 0x0 0x0
0xffffad8000024d28 0041 00000000 0x0 0x0
0xffffad8000024da0 0041 00000000 0x0 0x0
0xffffad8000024e18 0041 00000000 0x0 0x0
0xffffad8000024e90 0041 00000000 0x0 0x0
0xffffad8000024f08 0041 00000000 0x0 0x0
0xffffad8000024f80 0041 00000000 0x0 0x0
0xffffad8000024ff8 0041 00000000 0x0 0x0
0xffffad8000025070 0001 00000000 0x0 0x0
0xffffad80000250e8 0001 00000000 0x0 0x0
0xffffad8000025160 0001 00000000 0x0 0x0
0xffffad80000251d8 0001 00000000 0x0 0x0
0xffffad8000025250 0001 00000000 0x0 0x0
0xffffad80000252c8 0001 00000000 0x0 0x0
0xffffad8000025340 0001 00000000 0x0 0x0
0xffffad80000253b8 0001 00000000 0x0 0x0
0xffffad8000025430 0001 00000000 0x0 0x0
0xffffad80000254a8 0001 00000000 0x0 0x0
0xffffad8000025520 0001 00000000 0x0 0x0
0xffffad8000025598 0001 00000000 0x0 0x0
0xffffad8000025610 0001 00000000 0x0 0x0
0xffffad8000025688 0001 00000000 0x0 0x0
0xffffad8000025700 0001 00000000 0x0 0x0
0xffffad8000025778 0001 00000000 0x0 0x0
0xffffad80000257f0 0001 00000000 0x0 0x0
0xffffad8000025868 0001 00000000 0x0 0x0
0xffffad80000258e0 0001 00000000 0x0 0x0
0xffffad8000025958 0001 00000000 0x0 0x0
0xffffad80000259d0 0001 00000000 0x0 0x0
0xffffad8000025a48 0001 00000000 0x0 0x0
0xffffad8000025ac0 0001 00000000 0x0 0x0
0xffffad8000025b38 0001 00000000 0x0 0x0
0xffffad8000025bb0 0001 00000000 0x0 0x0
0xffffad8000025c28 0001 00000000 0x0 0x0
0xffffad8000025ca0 0001 00000000 0x0 0x0
0xffffad8000025d18 0001 00000000 0x0 0x0
0xffffad8000025d90 0001 00000000 0x0 0x0
0xffffad8000025e08 0001 00000000 0x0 0x0
0xffffad8000025e80 0001 00000000 0x0 0x0
0xffffad8000025ef8 0001 00000000 0x0 0x0
0xffffad8000025f70 0001 00000000 0x0 0x0
0xffffad8000025fe8 0001 00000000 0x0 0x0
0xffffad8000026060 0001 00000000 0x0 0x0
0xffffad80000260d8 0001 00000000 0x0 0x0
0xffffad8000026150 0001 00000000 0x0 0x0
0xffffad80000261c8 0001 00000000 0x0 0x0
0xffffad8000026240 0001 00000000 0x0 0x0
0xffffad80000262b8 0001 00000000 0x0 0x0
0xffffad8000026330 0001 00000000 0x0 0x0
0xffffad80000263a8 0001 00000000 0x0 0x0
0xffffad8000026420 0001 00000000 0x0 0x0
0xffffad8000026498 0001 00000000 0x0 0x0
0xffffad8000026510 0001 00000000 0x0 0x0
0xffffad8000026588 0001 00000000 0x0 0x0
0xffffad8000026600 0001 00000000 0x0 0x0
0xffffad8000026678 0001 00000000 0x0 0x0
0xffffad80000266f0 0001 00000000 0x0 0x0
0xffffad8000026768 0001 00000000 0x0 0x0
0xffffad80000267e0 0001 00000000 0x0 0x0
0xffffad8000026858 0001 00000000 0x0 0x0
0xffffad80000268d0 0001 00000000 0x0 0x0
0xffffad8000026948 0001 00000000 0x0 0x0
0xffffad80000269c0 0001 00000000 0x0 0x0
0xffffad8000026a38 0001 00000000 0x0 0x0
0xffffad8000026ab0 0001 00000000 0x0 0x0
0xffffad8000026b28 0001 00000000 0x0 0x0
0xffffad8000026ba0 0001 00000000 0x0 0x0
0xffffad8000026c18 0001 00000000 0x0 0x0
0xffffad8000026c90 0001 00000000 0x0 0x0
0xffffad8000026d08 0001 00000000 0x0 0x0
0xffffad8000026d80 0001 00000000 0x0 0x0
0xffffad8000026df8 0001 00000000 0x0 0x0
0xffffad8000026e70 0001 00000000 0x0 0x0
0xffffad8000026ee8 0001 00000000 0x0 0x0
0xffffad8000026f60 0001 00000000 0x0 0x0
0xffffad8000026fd8 0001 00000000 0x0 0x0
0xffffad8000027050 0001 00000000 0x0 0x0
0xffffad80000270c8 0001 00000000 0x0 0x0
0xffffad8000027140 0001 00000000 0x0 0x0
0xffffad80000271b8 0001 00000000 0x0 0x0
0xffffad8000027230 0001 00000000 0x0 0x0
0xffffad80000272a8 0001 00000000 0x0 0x0
0xffffad8000027320 0001 00000000 0x0 0x0
0xffffad8000027398 0001 00000000 0x0 0x0
0xffffad8000027410 0001 00000000 0x0 0x0
0xffffad8000027488 0001 00000000 0x0 0x0
0xffffad8000027500 0001 00000000 0x0 0x0
0xffffad8000027578 0001 00000000 0x0 0x0
0xffffad80000275f0 0001 00000000 0x0 0x0
0xffffad8000027668 0001 00000000 0x0 0x0
0xffffad80000276e0 0001 00000000 0x0 0x0
0xffffad8000027758 0001 00000000 0x0 0x0
0xffffad80000277d0 0001 00000000 0x0 0x0
0xffffad8000027848 0001 00000000 0x0 0x0
0xffffad80000278c0 0001 00000000 0x0 0x0
0xffffad8000027938 0001 00000000 0x0 0x0
0xffffad80000279b0 0001 00000000 0x0 0x0
0xffffad8000027a28 0001 00000000 0x0 0x0
0xffffad8000027aa0 0001 00000000 0x0 0x0
0xffffad8000027b18 0001 00000000 0x0 0x0
0xffffad8000027b90 0001 00000000 0x0 0x0
0xffffad8000027c08 0001 00000000 0x0 0x0
0xffffad8000027c80 0001 00000000 0x0 0x0
0xffffad8000027cf8 0001 00000000 0x0 0x0
0xffffad8000027d70 0001 00000000 0x0 0x0
0xffffad8000027de8 0001 00000000 0x0 0x0
0xffffad8000027e60 0001 00000000 0x0 0x0
0xffffad8000027ed8 0001 00000000 0x0 0x0
0xffffad8000027f50 0001 00000000 0x0 0x0
0xffffad8000027fc8 0001 00000000 0x0 0x0
0xffffad8000028040 0001 00000000 0x0 0x0
0xffffad80000280b8 0001 00000000 0x0 0x0
0xffffad8000028130 0001 00000000 0x0 0x0
0xffffad80000281a8 0001 00000000 0x0 0x0
0xffffad8000028220 0001 00000000 0x0 0x0
0xffffad8000028298 0001 00000000 0x0 0x0
0xffffad8000028310 0001 00000000 0x0 0x0
0xffffad8000028388 0001 00000000 0x0 0x0
0xffffad8000028400 0001 00000000 0x0 0x0
0xffffad8000028478 0001 00000000 0x0 0x0
0xffffad80000284f0 0001 00000000 0x0 0x0
0xffffad8000028568 0001 00000000 0x0 0x0
0xffffad80000285e0 0001 00000000 0x0 0x0
0xffffad8000028658 0001 00000000 0x0 0x0
0xffffad80000286d0 0001 00000000 0x0 0x0
0xffffad8000028748 0001 00000000 0x0 0x0
0xffffad80000287c0 0001 00000000 0x0 0x0
0xffffad8000028838 0001 00000000 0x0 0x0
0xffffad80000288b0 0001 00000000 0x0 0x0
0xffffad8000028928 0001 00000000 0x0 0x0
0xffffad80000289a0 0001 00000000 0x0 0x0
0xffffad8000028a18 0001 00000000 0x0 0x0
0xffffad8000028a90 0001 00000000 0x0 0x0
0xffffad8000028b08 0001 00000000 0x0 0x0
0xffffad8000028b80 0001 00000000 0x0 0x0
0xffffad8000028bf8 0001 00000000 0x0 0x0
0xffffad8000028c70 0001 000000

---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

[syzbot]

syzbot has found a reproducer for the following crash on:

HEAD commit: ec23c06e Fix typo
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1472d2f9e00000

kernel config: https://syzkaller.appspot.com/x/.config?x=6e4d6bd2b8e377a2
dashboard link: https://syzkaller.appspot.com/bug?extid=1760b3f0751c1f440754
compiler: g++ (Ubuntu 5.4.0-6ubuntu1~16.04.12) 5.4.0 20160609

syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13ab2e91e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12f77f29e00000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+1760b3...@syzkaller.appspotmail.com

[ 91.1787415] panic: ASan: Unauthorized Access In 0xffffffff8118bc9d: Addr 0xffff9d8013ecf550 [8 bytes, read, PoolUseAfterFree]

[ 91.1919262] cpu0: Begin traceback...
[ 91.1987573] vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336
[ 91.2288199] snprintf() at netbsd:snprintf
[ 91.2588734] kasan_report() at netbsd:kasan_report+0x98 kasan_code_name sys/kern/subr_asan.c:186 [inline]
[ 91.2588734] kasan_report() at netbsd:kasan_report+0x98 sys/kern/subr_asan.c:196
[ 91.2989484] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:346 [inline]
[ 91.2989484] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:360 [inline]
[ 91.2989484] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_check sys/kern/subr_asan.c:412 [inline]
[ 91.2989484] __asan_load8() at netbsd:__asan_load8+0x294 sys/kern/subr_asan.c:1182
[ 91.3290141] fixjobc() at netbsd:fixjobc+0xfb sys/kern/kern_proc.c:1197
[ 91.3590633] exit1() at netbsd:exit1+0x4b2 sys/kern/kern_exit.c:420
[ 91.3891230] sys_exit() at netbsd:sys_exit+0x77 sys/kern/kern_exit.c:180
[ 91.4191783] syscall() at netbsd:syscall+0x57e sy_call sys/sys/syscallvar.h:65 [inline]
[ 91.4191783] syscall() at netbsd:syscall+0x57e sy_invoke sys/sys/syscallvar.h:94 [inline]
[ 91.4191783] syscall() at netbsd:syscall+0x57e sys/arch/x86/x86/syscall.c:138
[ 91.4292003] --- syscall (number 1) ---
[ 91.4392155] 76c67c399a6a:
[ 91.4494661] cpu0: End traceback...
[ 91.4494661] fatal breakpoint trap in supervisor mode
[ 91.4494661] trap type 1 code 0 rip 0xffffffff8021e4b5 cs 0x8 rflags 0x246 cr2 0x76c67cd51ff8 ilevel 0 rsp 0xffff9d817e92fac0
[ 91.4692495] curlwp 0xffff9d80116a16c0 pid 900.1 lowest kstack 0xffff9d817e9282c0
Stopped in pid 900.1 (syz-executor4114) at netbsd:breakpoint+0x5: leave

?
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0xe9 sys/ddb/db_panic.c:67
vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336
snprintf() at netbsd:snprintf
kasan_report() at netbsd:kasan_report+0x98 kasan_code_name sys/kern/subr_asan.c:186 [inline]
kasan_report() at netbsd:kasan_report+0x98 sys/kern/subr_asan.c:196
__asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:346 [inline]
__asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:360 [inline]
__asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_check sys/kern/subr_asan.c:412 [inline]
__asan_load8() at netbsd:__asan_load8+0x294 sys/kern/subr_asan.c:1182

fixjobc() at netbsd:fixjobc+0xfb sys/kern/kern_proc.c:1197
exit1() at netbsd:exit1+0x4b2 sys/kern/kern_exit.c:420
sys_exit() at netbsd:sys_exit+0x77 sys/kern/kern_exit.c:180

syscall() at netbsd:syscall+0x57e sy_call sys/sys/syscallvar.h:65 [inline]
syscall() at netbsd:syscall+0x57e sy_invoke sys/sys/syscallvar.h:94 [inline]
syscall() at netbsd:syscall+0x57e sys/arch/x86/x86/syscall.c:138

--- syscall (number 1) ---
76c67c399a6a:
ds e6ac
es 7953
fs faa0
gs faf0
rdi ffff9d800d92d488
rsi ffff9d80116a1978
rbp ffff9d817e92fac0
rbx ffffffff82810480 cpu_info_primary
rdx 2
rcx ffffffff80d14fa1 db_panic+0xd5
rax 0
r8 4
r9 1ffffffff0554bfc
r10 ffffffff82aa5fe3 db_onpanic+0x3
r11 10
r12 ffff9d816d8a4000
r13 ffffffff82440be8 ostype+0x4e268
r14 ffff9d817e92fb50
r15 ffff9d816d893068

rip ffffffff8021e4b5 breakpoint+0x5
cs 8
rflags 246

rsp ffff9d817e92fac0

ss 10
netbsd:breakpoint+0x5: leave
PID LID S CPU FLAGS STRUCT LWP * NAME WAIT

577 2 2 1 1000000 ffff9d8011f9b700 syz-executor4114
946 3 2 1 0 ffff9d8013ef6a80 syz-executor4114
946 2 2 1 0 ffff9d8013d18600 syz-executor4114
946 1 2 0 0 ffff9d8013cc50c0 syz-executor4114
1043 1 2 1 10000000 ffff9d8012057480 syz-executor4114
1006 2 3 0 80 ffff9d8013ef6640 syz-executor4114 parked
1036 2 3 1 80 ffff9d8013ef6200 syz-executor4114 parked
804 2 3 1 80 ffff9d8013cfb180 syz-executor4114 parked
804 1 2 0 0 ffff9d8012023300 syz-executor4114
1132 2 3 1 80 ffff9d8011c8cb80 syz-executor4114 parked
956 2 2 0 0 ffff9d8013db4780 syz-executor4114
956 1 2 0 10000000 ffff9d8012cb22c0 syz-executor4114
1151 1 2 0 10000000 ffff9d8013dc4480 syz-executor4114
616 3 3 1 80 ffff9d8013eda1c0 syz-executor4114 parked
963 2 3 0 40080 ffff9d8012c98ac0 syz-executor4114 parked
900 > 1 7 0 10040000 ffff9d80116a16c0 syz-executor4114
566 2 3 0 40080 ffff9d8013ecb180 syz-executor4114 parked
883 2 3 1 40080 ffff9d8012c79a00 syz-executor4114 parked
953 2 3 0 40080 ffff9d8012bd02c0 syz-executor4114 parked
819 3 3 1 40080 ffff9d8012c514c0 syz-executor4114 parked
675 3 3 1 40080 ffff9d8012c5c0c0 syz-executor4114 parked
361 2 3 0 40080 ffff9d8012c5c500 syz-executor4114 parked
482 2 3 1 80 ffff9d8013e4e100 syz-executor4114 parked
793 2 3 0 80 ffff9d8012063900 syz-executor4114 parked
794 2 3 0 80 ffff9d8013d83b40 syz-executor4114 parked
988 2 3 1 80 ffff9d8012063080 syz-executor4114 parked
784 3 3 1 80 ffff9d80120bf180 syz-executor4114 parked
394 2 3 0 80 ffff9d801211b280 syz-executor4114 parked
647 2 3 0 80 ffff9d801212c2c0 syz-executor4114 parked
823 2 3 0 80 ffff9d8013d46680 syz-executor4114 parked
571 2 3 0 80 ffff9d8013cc5940 syz-executor4114 parked
762 2 3 0 80 ffff9d8013cc5500 syz-executor4114 parked
752 2 3 1 80 ffff9d8011f9b2c0 syz-executor4114 parked
679 3 3 0 80 ffff9d8011efc1c0 syz-executor4114 parked
555 2 3 1 80 ffff9d8013ccc540 syz-executor4114 parked
671 3 3 1 80 ffff9d8012ca6280 syz-executor4114 parked
856 2 3 1 80 ffff9d8011f2fa80 syz-executor4114 parked
533 2 3 0 80 ffff9d8013db4340 syz-executor4114 parked
843 2 3 1 80 ffff9d80135b8300 syz-executor4114 parked
130 3 3 1 80 ffff9d80121a1580 syz-executor4114 parked
595 3 3 0 80 ffff9d8012141300 syz-executor4114 parked
192 2 3 1 80 ffff9d8013d832c0 syz-executor4114 parked
760 2 3 1 80 ffff9d8011f79b00 syz-executor4114 parked
664 2 3 1 80 ffff9d8013d5eb00 syz-executor4114 parked
580 2 3 0 80 ffff9d8013d5e6c0 syz-executor4114 parked
478 2 3 1 80 ffff9d80120760c0 syz-executor4114 parked
668 2 3 0 80 ffff9d80120ffa80 syz-executor4114 parked
374 2 3 1 80 ffff9d8013d3f640 syz-executor4114 parked
592 2 3 1 80 ffff9d8012087100 syz-executor4114 parked
684 2 3 0 80 ffff9d801202e780 syz-executor4114 parked
298 2 3 1 80 ffff9d801202e340 syz-executor4114 parked
168 2 3 1 80 ffff9d8013cfba00 syz-executor4114 parked
453 2 3 0 80 ffff9d8012cb2700 syz-executor4114 parked
162 3 3 1 80 ffff9d8012ca6b00 syz-executor4114 parked
96 3 3 0 80 ffff9d8011efca40 syz-executor4114 parked
626 2 3 0 80 ffff9d80116a1280 syz-executor4114 parked
500 2 3 0 80 ffff9d8013cd69c0 syz-executor4114 parked
636 2 3 0 80 ffff9d8013cd6580 syz-executor4114 parked
484 1 2 1 0 ffff9d8013c5bbc0 syz-executor4114
483 1 3 1 0 ffff9d8013c5b340 syz-executor4114 tstile
601 1 2 1 0 ffff9d8012ba7b00 syz-executor4114
446 1 2 1 0 ffff9d8012ba76c0 syz-executor4114
607 > 1 7 1 0 ffff9d8012bdab80 syz-executor4114
45 1 3 1 0 ffff9d8012ca66c0 syz-executor4114 tstile
558 1 3 0 80 ffff9d8011efc600 syz-executor4114 nanoslp
41 1 3 1 80 ffff9d80116a1b00 sshd select
495 1 3 0 80 ffff9d8012c84a40 getty nanoslp
507 1 3 1 80 ffff9d8012c84600 getty nanoslp
381 1 3 1 80 ffff9d8012b87680 getty nanoslp
570 1 3 0 80 ffff9d8012c79180 getty ttyraw
455 1 3 0 80 ffff9d8012227a80 cron nanoslp
469 1 3 1 80 ffff9d8012c028c0 inetd kqueue
421 1 3 0 80 ffff9d80121b6a00 sshd select
491 1 3 0 80 ffff9d8012141b80 powerd kqueue
202 1 3 1 80 ffff9d8012bd0700 syslogd kqueue
278 1 3 0 80 ffff9d8012152780 dhcpcd kqueue
230 1 3 1 80 ffff9d80120578c0 dhcpcd kqueue
1 1 3 0 80 ffff9d8011e2d540 init wait
0 29 3 0 204 ffff9d8011e84140 physiod physiod
0 48 3 0 204 ffff9d8011e86180 pooldrain pooldrain
0 47 3 0 200 ffff9d8011e849c0 ioflush syncer
0 46 3 1 200 ffff9d8011e84580 pgdaemon pgdaemon
0 44 3 0 200 ffff9d8011e2d980 npfgc-0 npfgccv
0 43 3 1 204 ffff9d8011e2d100 rt_free rt_free
0 42 3 1 204 ffff9d8011e25940 unpgc unpgc
0 41 3 1 204 ffff9d8011e25500 key_timehandler key_timehandler
0 40 3 1 204 ffff9d8011e250c0 icmp6_wqinput/1 icmp6_wqinput
0 39 3 0 204 ffff9d8011e1b900 icmp6_wqinput/0 icmp6_wqinput
0 38 3 0 204 ffff9d8011e1b4c0 nd6_timer nd6_timer
0 37 3 1 204 ffff9d8011e1b080 carp6_wqinput/1 carp6_wqinput
0 36 3 0 204 ffff9d8011e168c0 carp6_wqinput/0 carp6_wqinput
0 35 3 1 204 ffff9d8011e16480 carp_wqinput/1 carp_wqinput
0 34 3 0 204 ffff9d8011e16040 carp_wqinput/0 carp_wqinput
0 33 3 1 204 ffff9d8011c9bbc0 icmp_wqinput/1 icmp_wqinput
0 32 3 0 204 ffff9d8011c9b780 icmp_wqinput/0 icmp_wqinput
0 31 3 0 204 ffff9d8011c9b340 rt_timer rt_timer
0 30 2 0 200 ffff9d8011c8c300 vmem_rehash
0 28 3 0 204 ffff9d800f35dac0 scsibus0 sccomp
0 27 3 0 200 ffff9d800f35d680 pms0 pmsreset
0 26 3 1 204 ffff9d800f35d240 xcall/1 xcall
0 25 1 1 200 ffff9d800f35ca80 softser/1
0 24 1 1 200 ffff9d800f35c640 softclk/1
0 23 1 1 200 ffff9d800f35c200 softbio/1
0 22 1 1 200 ffff9d800f26ea40 softnet/1
0 21 1 1 201 ffff9d800f26e600 idle/1
0 20 3 1 204 ffff9d800f26e1c0 lnxpwrwq lnxpwrwq
0 19 3 1 204 ffff9d800f26ca00 lnxlngwq lnxlngwq
0 18 3 0 204 ffff9d800f26c5c0 lnxsyswq lnxsyswq
0 17 3 1 204 ffff9d800f26c180 lnxrcugc lnxrcugc
0 16 3 0 204 ffff9d800de4f9c0 sysmon smtaskq
0 15 3 0 204 ffff9d800de4f580 pmfsuspend pmfsuspend
0 14 3 1 204 ffff9d800de4f140 pmfevent pmfevent
0 13 3 0 204 ffff9d800de40980 sopendfree sopendfr
0 12 3 1 204 ffff9d800de40540 iflnkst iflnkst
0 11 3 0 204 ffff9d800de40100 nfssilly nfssilly
0 10 3 0 200 ffff9d800de34940 cachegc cachegc
0 9 3 0 204 ffff9d800de34500 vdrain vdrain
0 8 3 0 200 ffff9d800de340c0 modunload mod_unld
0 7 3 0 204 ffff9d800de24900 xcall/0 xcall
0 6 1 0 200 ffff9d800de244c0 softser/0
0 5 1 0 200 ffff9d800de24080 softclk/0
0 4 1 0 200 ffff9d800de218c0 softbio/0
0 3 1 0 200 ffff9d800de21480 softnet/0
0 2 1 0 201 ffff9d800de21040 idle/0
0 1 3 1 200 ffffffff82b6efc0 swapper uvm
[Locks tracked through LWPs]

****** LWP 577.2 (syz-executor4114) @ 0xffff9d8011f9b700, l_stat=2

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)

lock address : 0xffffffff82d90240 type : sleep/adaptive
initialized : 0xffffffff8117f252

shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0

relevant cpu : 1 last held: 0
relevant lwp : 0xffff9d8011f9b700 last held: 000000000000000000

last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 1043.1 (syz-executor4114) @ 0xffff9d8012057480, l_stat=2

*** Locks held:

* Lock 0 (initialized at fork1)
lock address : 0xffff9d8011f75e90 type : sleep/adaptive
initialized : 0xffffffff81166c81

shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 1

relevant lwp : 0xffff9d8012057480 last held: 0xffff9d8012057480
last locked* : 0xffffffff811632a9 unlocked : 000000000000000000
owner/count : 0xffff9d8012057480 flags : 0x0000000000000004

Turnstile: no active turnstile for this lock.

* Lock 1 (initialized at uvm_obj_init)
lock address : 0xffff9d8011c6b540 type : sleep/adaptive
initialized : 0xffffffff8110ca30

shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 1

relevant lwp : 0xffff9d8012057480 last held: 0xffff9d8012057480
last locked* : 0xffffffff81100a0b unlocked : 0xffffffff81100a90
owner/count : 000000000000000000 flags : 000000000000000000

Turnstile: no active turnstile for this lock.

* Lock 2 (initialized at pmap_ctor)
lock address : 0xffff9d8012c69980 type : sleep/adaptive
initialized : 0xffffffff802772c1

shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 1

relevant lwp : 0xffff9d8012057480 last held: 0xffff9d8012057480
last locked* : 0xffffffff8027793e unlocked : 0xffffffff80277bd5
[ 91.4766322] Skipping crash dump on recursive panic
[ 91.4766322] panic: ASan: Unauthorized Access In 0xffffffff8117fe00: Addr 0xffff9d8012c69980 [8 bytes, read, PoolUseAfterFree]

[ 91.4766322] cpu0: Begin traceback...
[ 91.4766322] vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336
[ 91.4766322] snprintf() at netbsd:snprintf
[ 91.4766322] kasan_report() at netbsd:kasan_report+0x98 kasan_code_name sys/kern/subr_asan.c:186 [inline]
[ 91.4766322] kasan_report() at netbsd:kasan_report+0x98 sys/kern/subr_asan.c:196
[ 91.4766322] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:346 [inline]
[ 91.4766322] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:360 [inline]
[ 91.4766322] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_check sys/kern/subr_asan.c:412 [inline]
[ 91.4766322] __asan_load8() at netbsd:__asan_load8+0x294 sys/kern/subr_asan.c:1182
[ 91.4766322] mutex_dump() at netbsd:mutex_dump+0x20 sys/kern/kern_mutex.c:313
[ 91.4766322] lockdebug_dump() at netbsd:lockdebug_dump+0x28d sys/kern/subr_lockdebug.c:787
[ 91.4766322] lockdebug_show_one() at netbsd:lockdebug_show_one+0xca sys/kern/subr_lockdebug.c:864
[ 91.4766322] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x303 lockdebug_show_all_locks_lwp sys/kern/subr_lockdebug.c:900 [inline]
[ 91.4766322] lockdebug_show_all_locks() at netbsd:lockdebug_show_all_locks+0x303 sys/kern/subr_lockdebug.c:962
[ 91.4766322] db_command() at netbsd:db_command+0x2c0 sys/ddb/db_command.c:942
[ 91.4766322] db_command_loop() at netbsd:db_command_loop+0x26c db_execute_commandlist sys/ddb/db_command.c:439 [inline]
[ 91.4766322] db_command_loop() at netbsd:db_command_loop+0x26c sys/ddb/db_command.c:589
[ 91.4766322] db_trap() at netbsd:db_trap+0x219 sys/ddb/db_trap.c:94
[ 91.4766322] kdb_trap() at netbsd:kdb_trap+0x1ce sys/arch/amd64/amd64/db_interface.c:248
[ 91.4766322] trap() at netbsd:trap+0x66a sys/arch/amd64/amd64/trap.c:313
[ 91.4766322] --- trap (number 1) ---
[ 91.4766322] breakpoint() at netbsd:breakpoint+0x5
[ 91.4766322] db_panic() at netbsd:db_panic+0xe9 sys/ddb/db_panic.c:67
[ 91.4766322] vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336
[ 91.4766322] snprintf() at netbsd:snprintf
[ 91.4766322] kasan_report() at netbsd:kasan_report+0x98 kasan_code_name sys/kern/subr_asan.c:186 [inline]
[ 91.4766322] kasan_report() at netbsd:kasan_report+0x98 sys/kern/subr_asan.c:196
[ 91.4766322] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:346 [inline]
[ 91.4766322] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:360 [inline]
[ 91.4766322] __asan_load8() at netbsd:__asan_load8+0x294 kasan_shadow_check sys/kern/subr_asan.c:412 [inline]
[ 91.4766322] __asan_load8() at netbsd:__asan_load8+0x294 sys/kern/subr_asan.c:1182
[ 91.4766322] fixjobc() at netbsd:fixjobc+0xfb sys/kern/kern_proc.c:1197
[ 91.4766322] exit1() at netbsd:exit1+0x4b2 sys/kern/kern_exit.c:420
[ 91.4766322] sys_exit() at netbsd:sys_exit+0x77 sys/kern/kern_exit.c:180
[ 91.4766322] syscall() at netbsd:syscall+0x57e sy_call sys/sys/syscallvar.h:65 [inline]
[ 91.4766322] syscall() at netbsd:syscall+0x57e sy_invoke sys/sys/syscallvar.h:94 [inline]
[ 91.4766322] syscall() at netbsd:syscall+0x57e sys/arch/x86/x86/syscall.c:138
[ 91.4766322] --- syscall (number 1) ---
[ 91.4766322] 76c67c399a6a:
[ 91.4766322] cpu0: End traceback...
[ 91.4766322] fatal breakpoint trap in supervisor mode
[ 91.4766322] trap type 1 code 0 rip 0xffffffff8021e4b5 cs 0x8 rflags 0x246 cr2 0x76c67cd51ff8 ilevel 0x8 rsp 0xffff9d817e92f060
[ 91.4766322] curlwp 0xffff9d80116a16c0 pid 900.1 lowest kstack 0xffff9d817e9282c0
Stopped in pid 900.1 (syz-executor4114) at netbsd:breakpoint+0x5: leave