Re: ASan: Unauthorized Access in uiomove

0 views

Skip to first unread message

syzbot

unread,

Jul 4, 2022, 11:41:09 AM7/4/22

to rias...@netbsd.org, syzkaller-...@googlegroups.com

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

| / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | +1520576/ - \ | / - [1518792\ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | +991434/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | / - \ | ]=0x3665890
/ - \ | / - \ | / - \ | / - \ | / - \ | / - \ | Loading /var/db/entropy-file
[ 1.0000000] cpu_rng: rdrand/rdseed
[ 1.0000000] entropy: ready
[ 1.0000000] entropy: entering seed from bootloader with 256 bits of entropy
[ 1.0000000] ksyms: checking .text
[ 1.0000000] ksyms: checking .rodata.hotpatch
[ 1.0000000] ksyms: checking .rodata
[ 1.0000000] ksyms: checking .eh_frame
[ 1.0000000] ksyms: checking link_set_x86_hotpatch_descriptors
[ 1.0000000] ksyms: checking link_set_sdt_argtypes_set
[ 1.0000000] ksyms: checking link_set_sdt_probes_set
[ 1.0000000] ksyms: checking link_set_sdt_providers_set
[ 1.0000000] ksyms: checking link_set_modules
[ 1.0000000] ksyms: checking link_set_sysctl_funcs
[ 1.0000000] ksyms: checking link_set_acpi_device_calls
[ 1.0000000] ksyms: checking link_set_evcnts
[ 1.0000000] ksyms: checking link_set_linux_module_param_desc
[ 1.0000000] ksyms: checking link_set_linux_module_param_info
[ 1.0000000] ksyms: checking link_set_domains
[ 1.0000000] ksyms: checking link_set_ieee80211_funcs
[ 1.0000000] ksyms: checking link_set_ah_chips
[ 1.0000000] ksyms: checking link_set_ah_rfs
[ 1.0000000] ksyms: checking link_set_dkwedge_methods
[ 1.0000000] ksyms: checking link_set_prop_linkpools
[ 1.0000000] ksyms: checking .data
[ 1.0000000] ksyms: checking .dtors
[ 1.0000000] ksyms: checking .data.cacheline_aligned
[ 1.0000000] ksyms: checking .data.read_mostly
[ 1.0000000] ksyms: checking .bss
[ 1.0000000] ksyms: checking .note.netbsd.ident
[ 1.0000000] ksyms: checking .note.Xen
[ 1.0000000] ksyms: checking .ident
[ 1.0000000] ksyms: checking .comment
[ 1.0000000] ksyms: checking .gnu_debuglink
[ 1.0000000] ksyms: checking .symtab
[ 1.0000000] ksyms: checking .strtab
[ 1.0000000] ksyms: checking .shstrtab
[ 1.0000000] Loaded initial symtab at 0xffffffff83600af8, strtab at 0xffffffff837737c0, # entries 63283
[ 1.0000000] Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
[ 1.0000000] 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017,
[ 1.0000000] 2018, 2019, 2020, 2021, 2022
[ 1.0000000] The NetBSD Foundation, Inc. All rights reserved.
[ 1.0000000] Copyright (c) 1982, 1986, 1989, 1991, 1993
[ 1.0000000] The Regents of the University of California. All rights reserved.

[ 1.0000000] NetBSD 9.99.98 (GENERIC_SYZKALLER) #0: Mon Jul 4 15:28:49 UTC 2022
[ 1.0000000] root@ci2:/syzkaller/jobs/netbsd/kernel/sys/arch/amd64/compile/obj/GENERIC_SYZKALLER
[ 1.0000000] total memory = 8191 MB
[ 1.0000000] avail memory = 7088 MB
[ 1.0000030] mainbus0 (root)
[ 1.0000030] ACPI: RSDP 0x00000000000F2740 000014 (v00 Google)
[ 1.0000030] ACPI: RSDT 0x00000000BFFFFF90 000038 (v01 Google GOOGRSDT 00000001 GOOG 00000001)
[ 1.0000030] ACPI: FACP 0x00000000BFFFF330 0000F4 (v02 Google GOOGFACP 00000001 GOOG 00000001)
[ 1.0000030] ACPI: DSDT 0x00000000BFFFD8C0 001A64 (v01 Google GOOGDSDT 00000001 GOOG 00000001)
[ 1.0000030] ACPI: FACS 0x00000000BFFFD880 000040
[ 1.0000030] ACPI: SRAT 0x00000000BFFFFE60 0000C8 (v03 Google GOOGSRAT 00000001 GOOG 00000001)
[ 1.0000030] ACPI: APIC 0x00000000BFFFFDB0 000076 (v05 Google GOOGAPIC 00000001 GOOG 00000001)
[ 1.0000030] ACPI: SSDT 0x00000000BFFFF430 000980 (v01 Google GOOGSSDT 00000001 GOOG 00000001)
[ 1.0000030] ACPI: WAET 0x00000000BFFFFE30 000028 (v01 Google GOOGWAET 00000001 GOOG 00000001)
[ 1.0000030] ACPI: 2 ACPI AML tables successfully acquired and loaded
[ 1.0000030] ioapic0 at mainbus0 apid 0
[ 1.0000030] cpu0 at mainbus0 apid 0
[ 1.0000030] cpu0: Intel(R) Xeon(R) CPU @ 2.20GHz, id 0x406f0
[ 1.0000030] cpu0: node 0, package 0, core 0, smt 0
[ 1.0000030] cpu1 at mainbus0 apid 1
[ 1.0000030] cpu1: Intel(R) Xeon(R) CPU @ 2.20GHz, id 0x406f0
[ 1.0000030] cpu1: node 0, package 0, core 0, smt 1
[ 1.0000030] acpi0 at mainbus0: Intel ACPICA 20211217
[ 1.0000030] acpi0: fixed power button present
[ 1.0000030] acpi0: fixed sleep button present
[ 1.0049302] pckbc1 at acpi0 (KBD, PNP0303) (kbd port): io 0x60,0x64 irq 1
[ 1.0049302] pckbc2 at acpi0 (MOU, PNP0F13) (aux port): irq 12
[ 1.0049302] com0 at acpi0 (COM1, PNP0501-1): io 0x3f8-0x3ff irq 4
[ 1.0049302] com0: ns16550a, 16-byte FIFO
[ 1.0049302] com0: console
[ 1.0049302] com1 at acpi0 (COM2, PNP0501-2): io 0x2f8-0x2ff irq 3
[ 1.0049302] com1: ns16550a, 16-byte FIFO
[ 1.0049302] com2 at acpi0 (COM3, PNP0501-3): io 0x3e8-0x3ef irq 6
[ 1.0049302] com2: ns16550a, 16-byte FIFO
[ 1.0049302] com3 at acpi0 (COM4, PNP0501-4): io 0x2e8-0x2ef irq 7
[ 1.0049302] com3: ns16550a, 16-byte FIFO
[ 1.0049302] PEVT (QEMU0001) at acpi0 not configured
[ 1.0049302] ACPI: Enabled 16 GPEs in block 00 to 0F
[ 1.0049302] pckbd0 at pckbc1 (kbd slot)
[ 1.0049302] pckbc1: using irq 1 for kbd slot
[ 1.0049302] wskbd0 at pckbd0 mux 1
[ 1.0049302] pms0 at pckbc1 (aux slot)
[ 1.0049302] pckbc1: using irq 12 for aux slot
[ 1.0049302] wsmouse0 at pms0 mux 0
[ 1.0049302] pci0 at mainbus0 bus 0: configuration mode 1
[ 1.0049302] pchb0 at pci0 dev 0 function 0: Intel 82441FX (PMC) PCI and Memory Controller (rev. 0x02)
[ 1.0049302] pcib0 at pci0 dev 1 function 0: Intel 82371AB (PIIX4) PCI-ISA Bridge (rev. 0x03)
[ 1.0049302] piixpm0 at pci0 dev 1 function 3: Intel 82371AB (PIIX4) Power Management Controller (rev. 0x03)
[ 1.0049302] piixpm0: SMBus disabled
[ 1.0049302] virtio0 at pci0 dev 3 function 0
[ 1.0049302] virtio0: SCSI device (rev. 0x00)
[ 1.0049302] vioscsi0 at virtio0: features: 0
[ 1.0049302] vioscsi0: cmd_per_lun 256 qsize 8192 seg_max 64 max_target 253 max_lun 1
[ 1.0049302] virtio0: config interrupting at msix0 vec 0
[ 1.0049302] virtio0: queues interrupting at msix0 vec 1
[ 1.0049302] scsibus0 at vioscsi0: 254 targets, 2 luns per target
[ 1.0049302] virtio1 at pci0 dev 4 function 0
[ 1.0049302] virtio1: network device (rev. 0x00)
[ 1.0049302] vioif0 at virtio1: features: 0x20030020<EVENT_IDX,CTRL_VQ,STATUS,MAC>
[ 1.0049302] vioif0: Ethernet address 42:01:0a:80:00:02
[ 1.0049302] virtio1: config interrupting at msix1 vec 0
[ 1.0049302] virtio1: queues interrupting at msix1 vec 1
[ 1.0049302] genfb0 at pci0 dev 5 function 0: vendor 1ae0 product a002 (rev. 0x01)
[ 1.0049302] virtio2 at pci0 dev 6 function 0
[ 1.0049302] virtio2: memory balloon device (rev. 0x00)
[ 1.0049302] viomb0 at virtio2: features: 0x1<MUST_TELL_HOST>
[ 1.0049302] virtio2: interrupting at ioapic0 pin 10
[ 1.0049302] virtio3 at pci0 dev 7 function 0
[ 1.0049302] virtio3: entropy device (rev. 0x00)
[ 1.0049302] viornd0 at virtio3: features: 0
[ 1.0049302] virtio3: interrupting at ioapic0 pin 11
[ 1.0049302] isa0 at pcib0
[ 1.0049302] attimer0 at isa0 port 0x40-0x43
[ 1.0049302] pcppi0 at isa0 port 0x61
[ 1.0049302] spkr0 at pcppi0: PC Speaker
[ 1.0049302] wsbell at spkr0 not configured
[ 1.0049302] midi0 at pcppi0: PC speaker
[ 1.0049302] sysbeep0 at pcppi0
[ 1.0049302] attimer0: attached to pcppi0
[ 1.0049302] acpicpu0 at cpu0: ACPI CPU
[ 1.0049302] acpicpu1 at cpu1: ACPI CPU
[ 1.8108781] cpu0 has 2 core siblings: cpu1 cpu0
[ 1.8231872] cpu0 has 2 pkg siblings: cpu1 cpu0
[ 1.8231872] cpu0 has 1 1st siblings: cpu0
[ 1.8335274] cpu0 first in package: cpu0
[ 1.8335274] cpu1 has 2 core siblings: cpu0 cpu1
[ 1.8421056] cpu1 has 2 pkg siblings: cpu0 cpu1
[ 1.8421056] cpu1 has 1 1st siblings: cpu0
[ 1.8515805] cpu1 first in package: cpu0
[ 2.0079266] sd0 at scsibus0 target 1 lun 0: <Google, PersistentDisk, 1> disk fixed
[ 2.0263741] sd0: fabricating a geometry
[ 2.0263741] sd0: 2048 MB, 2048 cyl, 64 head, 32 sec, 512 bytes/sect x 4194304 sectors
[ 2.0463767] sd0: fabricating a geometry
[ 2.0563746] dk0 at sd0: "49b813d1-8009-4c4f-b3e1-2cc288366ecc", 2097085 blocks at 64, type: ffs
[ 2.0696080] dk1 at sd0: "2a5f9479-33b7-499d-8cc4-f8d9ae0937b7", 2097119 blocks at 2097152, type: swap
[ 2.0795348] sd0: async, 8-bit transfers, tagged queueing
[ 2.5563684] usb0 at vhci0: USB revision 2.0
[ 2.5764142] uhub0 at usb0: NetBSD (0x0000) VHCI root hub (0x0000), class 9/0, rev 2.00/1.00, addr 1
[ 2.9463845] usb1 at vhci1: USB revision 2.0
[ 2.9764060] uhub1 at usb1: NetBSD (0x0000) VHCI root hub (0x0000), class 9/0, rev 2.00/1.00, addr 1
[ 3.3463758] usb2 at vhci2: USB revision 2.0
[ 3.3764451] uhub2 at usb2: NetBSD (0x0000) VHCI root hub (0x0000), class 9/0, rev 2.00/1.00, addr 1
[ 3.7463759] usb3 at vhci3: USB revision 2.0
[ 3.7664136] uhub3 at usb3: NetBSD (0x0000) VHCI root hub (0x0000), class 9/0, rev 2.00/1.00, addr 1
[ 4.1363780] usb4 at vhci4: USB revision 2.0
[ 4.1564044] uhub4 at usb4: NetBSD (0x0000) VHCI root hub (0x0000), class 9/0, rev 2.00/1.00, addr 1
[ 4.5263788] usb5 at vhci5: USB revision 2.0
[ 4.5464106] uhub5 at usb5: NetBSD (0x0000) VHCI root hub (0x0000), class 9/0, rev 2.00/1.00, addr 1
[ 4.9163797] usb6 at vhci6: USB revision 2.0
[ 4.9364072] uhub6 at usb6: NetBSD (0x0000) VHCI root hub (0x0000), class 9/0, rev 2.00/1.00, addr 1
[ 5.3063858] usb7 at vhci7: USB revision 2.0
[ 5.3364145] uhub7 at usb7: NetBSD (0x0000) VHCI root hub (0x0000), class 9/0, rev 2.00/1.00, addr 1
[ 5.3964080] boot device: sd0
[ 5.3964080] root on dk0 dumps on dk1
[ 5.4063800] dump_misc_init: max_paddr = 0x240000000
[ 5.4201757] mountroot: trying lfs...
[ 5.4291911] mountroot: trying ffs...
[ 5.4864188] root file system type: ffs
[ 5.4864188] kern.module.path=/stand/amd64/9.99.98/modules
[ 5.5008695] clock: unknown CMOS layout
[ 5.5664217] init: copying out path `/sbin/init' 11
Mon Jul 4 15:32[ 6.4964163] panic: kernel diagnostic assertion "error" failed: file "/syzkaller/jobs/netbsd/kernel/sys/kern/tty.c", line 2281
:22 UTC 2022
[ 6.5149991] cpu0: Begin traceback...
[ 6.5173325] vpanic() at netbsd:vpanic+0x282
[ 6.5363851] _sub_D_65535_0() at netbsd:_sub_D_65535_0+-0x23de8
[ 6.5563869] ttwrite() at netbsd:ttwrite+0x9ea
[ 6.5763884] comwrite() at netbsd:comwrite+0xc0
[ 6.6063897] cdev_write() at netbsd:cdev_write+0x1bd
[ 6.6263854] cnwrite() at netbsd:cnwrite+0x8d
[ 6.6463867] cdev_write() at netbsd:cdev_write+0x1bd
[ 6.6663860] spec_write() at netbsd:spec_write+0x26d
[ 6.6863875] VOP_WRITE() at netbsd:VOP_WRITE+0x20b
[ 6.7063895] vn_write() at netbsd:vn_write+0x25d
[ 6.7363871] dofilewrite() at netbsd:dofilewrite+0x1cf
[ 6.7563881] sys_write() at netbsd:sys_write+0x9c
[ 6.7763861] syscall() at netbsd:syscall+0x25a
[ 6.7863865] --- syscall (number 4) ---
[ 6.7863865] netbsd:syscall+0x25a:
[ 6.7863865] cpu0: End traceback...
[ 6.7863865] fatal breakpoint trap in supervisor mode
[ 6.7966742] trap type 1 code 0 rip 0xffffffff80220a4d cs 0x8 rflags 0x282 cr2 0x7a379081e496 ilevel 0 rsp 0xffffd5819d7e8610
[ 6.7966742] curlwp 0xffffd58012a40780 pid 202.202 lowest kstack 0xffffd5819d7e12c0
Stopped in pid 202.202 (sh) at netbsd:breakpoint+0x5: leave
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0x105
vpanic() at netbsd:vpanic+0x282
_sub_D_65535_0() at netbsd:_sub_D_65535_0+-0x23de8
ttwrite() at netbsd:ttwrite+0x9ea
comwrite() at netbsd:comwrite+0xc0
cdev_write() at netbsd:cdev_write+0x1bd
cnwrite() at netbsd:cnwrite+0x8d
cdev_write() at netbsd:cdev_write+0x1bd
spec_write() at netbsd:spec_write+0x26d
VOP_WRITE() at netbsd:VOP_WRITE+0x20b
vn_write() at netbsd:vn_write+0x25d
dofilewrite() at netbsd:dofilewrite+0x1cf
sys_write() at netbsd:sys_write+0x9c
syscall() at netbsd:syscall+0x25a
--- syscall (number 4) ---
netbsd:syscall+0x25a:
ds 0
es 0
fs 85d0
gs eb06
rdi 5
--db_more--

syzkaller build log:
go env (err=<nil>)
GO111MODULE="auto"
GOARCH="amd64"
GOBIN=""
GOCACHE="/syzkaller/.cache/go-build"
GOENV="/syzkaller/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/syzkaller/jobs/netbsd/gopath/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/syzkaller/jobs/netbsd/gopath"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.17"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/syzkaller/jobs/netbsd/gopath/src/github.com/google/syzkaller/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build2139974712=/tmp/go-build -gno-record-gcc-switches"

git status (err=<nil>)
HEAD detached at a7dab6385
nothing to commit, working tree clean

go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
bin/syz-sysgen
touch .descriptions
GOOS=netbsd GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=a7dab6385c1d95547a88e22577fb56fbcd5c37eb -X 'github.com/google/syzkaller/prog.gitRevisionDate=20220205-085958'" "-tags=syz_target syz_os_netbsd syz_arch_amd64 " -o ./bin/netbsd_amd64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer
GOOS=netbsd GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=a7dab6385c1d95547a88e22577fb56fbcd5c37eb -X 'github.com/google/syzkaller/prog.gitRevisionDate=20220205-085958'" "-tags=syz_target syz_os_netbsd syz_arch_amd64 " -o ./bin/netbsd_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
GOOS=netbsd GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=a7dab6385c1d95547a88e22577fb56fbcd5c37eb -X 'github.com/google/syzkaller/prog.gitRevisionDate=20220205-085958'" "-tags=syz_target syz_os_netbsd syz_arch_amd64 " -o ./bin/netbsd_amd64/syz-stress github.com/google/syzkaller/tools/syz-stress
mkdir -p ./bin/netbsd_amd64
/syzkaller/shared/netbsd/tools/bin/x86_64--netbsd-g++ -o ./bin/netbsd_amd64/syz-executor executor/executor.cc \
-m64 --sysroot /syzkaller/shared/netbsd/dest/ -O2 -pthread -Wall -Werror -Wparentheses -Wframe-larger-than=16384 -fpermissive -w -DGOOS_netbsd=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"a7dab6385c1d95547a88e22577fb56fbcd5c37eb\"

Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=14cdf858080000

Tested on:

commit: 330a6f8f lint: do not treat message IDs as arithmetic ..
git tree: https://github.com/NetBSD/src trunk
kernel config: https://syzkaller.appspot.com/x/.config?x=fab579639ba4bf0a
dashboard link: https://syzkaller.appspot.com/bug?extid=e0f56178d0add0d8be20
compiler: g++ (Debian 10.2.1-6) 10.2.1 20210110
patch: https://syzkaller.appspot.com/x/patch.diff?x=1633cf04080000

syzbot

unread,

Jul 4, 2022, 12:30:17 PM7/4/22

to rias...@netbsd.org, syzkaller-...@googlegroups.com

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
assert failed: uio->uio_iovcnt > NUM

� syz-execprog [ �b '� � �> � � syz-executor.3 [ �b -� � o�2 q � syz-execprog [ �b J� � � syz-executor.3 [ �b Y� � � syz-execprog [ �b f� � �> � 8 � syz-executor.3 [ �b ~� � 0 � syz-executor.3 [ �b �� p�� syz-executor.3 [ �b ɢ � � syz-executor.3 [ �b � � syz-execprog [ �b �� syz-execprog [ �b � � � syz-execprog [ �b *� � �� syz-execprog [ �b �� C syz-executor.0 [ �b z� A �� C syz-executor.0 [ �b � A C C syz-executor.0 [ �b *� A 8 C syz-executor.0 [ �b Q� � 0 � syz-executor.1 [ �b �� 0�Q�} 8 � syz-executor.1 [ �b � � 0 p6z� P6z� H6z� � syz-executor.1 [ �b )� [ 63.6660082] panic: kernel diagnostic assertion "uio->uio_iovcnt > 1" failed: file "/syzkaller/jobs/netbsd/kernel/sys/kern/subr_copy.c", line 119
[ 63.6794516] cpu0: Begin traceback...
� 8 � syz-executor.1 [ �b R� [ 63.6859940] vpanic() at � 0 �6z� �6z� netbsd:vpanic+0x282
�6z� � syz-executor.1 [ �b x� � � syz-executor.1 [ �b �� 1 � syz-executor.1 [ �b �� [ 63.7159962] _sub_D_65535_0() at 1 syz-executor.1 netbsd:_sub_D_65535_0 [ �b � +-0x23de8
� �6z� � syz-executor.1 [ 63.7359960] uiomove() at netbsd:uiomove+0x35f sys/kern/subr_copy.c:120
[ 63.7659964] ttwrite() at netbsd:ttwrite+0x534 sys/kern/tty.c:2205
[ 63.7859988] comwrite() at netbsd:comwrite+0xc0 sys/dev/ic/com.c:1260
[ 63.8059987] cdev_write() at netbsd:cdev_write+0x1bd sys/kern/subr_devsw.c:1207
[ 63.8359997] spec_write() at netbsd:spec_write+0x26d sys/miscfs/specfs/spec_vnops.c:1189
[ 63.8559976] VOP_WRITE() at netbsd:VOP_WRITE+0x20b sys/kern/vnode_if.c:824
[ 63.8860005] vn_write() at netbsd:vn_write+0x25d sys/kern/vfs_vnops.c:693
[ 63.9159985] ktrwrite() at netbsd:ktrwrite+0x47f sys/kern/kern_ktrace.c:1341
[ 63.9359982] ktrace_thread() at netbsd:ktrace_thread+0xfe sys/kern/kern_ktrace.c:1411
[ 63.9479222] cpu0: End traceback...
[ 63.9582195] fatal breakpoint trap in supervisor mode
[ 63.9582195] trap type 1 code 0 rip 0xffffffff80220a4d cs 0x8 rflags 0x282 cr2 0x7d69115ee710 ilevel 0 rsp 0xffff9d019d767280
[ 63.9757244] curlwp 0xffff9d0013d592c0 pid 0.1241 lowest kstack 0xffff9d019d7602c0
Stopped in pid 0.1241 (system) at netbsd:breakpoint+0x5: leave
?
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:69
vpanic() at netbsd:vpanic+0x282 sys/kern/subr_prf.c:293
_sub_D_65535_0() at netbsd:_sub_D_65535_0+-0x23de8
uiomove() at netbsd:uiomove+0x35f sys/kern/subr_copy.c:120
ttwrite() at netbsd:ttwrite+0x534 sys/kern/tty.c:2205
comwrite() at netbsd:comwrite+0xc0 sys/dev/ic/com.c:1260
cdev_write() at netbsd:cdev_write+0x1bd sys/kern/subr_devsw.c:1207
spec_write() at netbsd:spec_write+0x26d sys/miscfs/specfs/spec_vnops.c:1189
VOP_WRITE() at netbsd:VOP_WRITE+0x20b sys/kern/vnode_if.c:824
vn_write() at netbsd:vn_write+0x25d sys/kern/vfs_vnops.c:693
ktrwrite() at netbsd:ktrwrite+0x47f sys/kern/kern_ktrace.c:1341
ktrace_thread() at netbsd:ktrace_thread+0xfe sys/kern/kern_ktrace.c:1411
Panic string: kernel diagnostic assertion "uio->uio_iovcnt > 1" failed: file "/syzkaller/jobs/netbsd/kernel/sys/kern/subr_copy.c", line 119
PID LID S CPU FLAGS STRUCT LWP * NAME WAIT
1320 1323 3 0 0 ffff9d0013d95300 syz-executor.2 ktrsync
1320 1320 3 0 10000000 ffff9d0012d48bc0 syz-executor.2 ktrsync
1207 1207 3 0 0 ffff9d0013d35280 syz-executor.5 ktrsync
1198 1198 3 0 40000 ffff9d0013d1c680 syz-executor.2 ktrsync
1204 1204 3 1 40000 ffff9d0013cf6a80 syz-executor.1 ktrsync
334 334 3 1 40000 ffff9d0013cf6200 syz-executor.4 ktrsync
1236 1236 3 0 0 ffff9d0012b5c980 syz-executor.3 ktrsync
329 329 3 0 0 ffff9d0012b5c540 syz-executor.0 ktrsync
1239 330 3 1 180 ffff9d0012b5c100 syz-execprog parked
1239 1196 3 0 180 ffff9d0012b7c9c0 syz-execprog parked
1239 1202 3 0 180 ffff9d0012b7c580 syz-execprog parked
1239 1199 3 1 180 ffff9d0013375a00 syz-execprog parked
1239 1200 3 0 180 ffff9d0012b7c140 syz-execprog parked
1239 1387 3 0 180 ffff9d0012b42940 syz-execprog parked
1239 1380 3 0 180 ffff9d0012b42500 syz-execprog kqueue
1239 1186 3 1 180 ffff9d0012a06b80 syz-execprog parked
1239 1239 3 1 40180 ffff9d0012bfe6c0 syz-execprog parked
1237 1237 3 1 180 ffff9d0012bc4600 sshd select
1069 1069 3 0 180 ffff9d00126cb040 getty nanoslp
1126 1126 3 1 180 ffff9d0012c9f540 getty nanoslp
1115 1115 3 1 180 ffff9d0013473580 getty nanoslp
699 699 3 0 1c0 ffff9d0013473140 getty ttyraw
844 844 3 1 180 ffff9d001338e600 sshd select
873 873 3 1 180 ffff9d0012cf66c0 powerd kqueue
689 689 3 1 180 ffff9d00133c9b00 syslogd kqueue
600 600 3 1 180 ffff9d0012bf0ac0 dhcpcd poll
547 547 3 0 180 ffff9d0012c82900 dhcpcd poll
464 464 3 0 180 ffff9d0012bf0680 dhcpcd poll
587 587 3 1 180 ffff9d0012c45300 dhcpcd poll
289 289 3 0 180 ffff9d0012d8e080 dhcpcd poll
288 288 3 0 180 ffff9d0012d758c0 dhcpcd poll
351 351 3 1 180 ffff9d0012d75480 dhcpcd poll
1 1 3 0 180 ffff9d00126fd9c0 init wait
0 1279 2 0 240 ffff9d0013d59b40 ktrace
0 1233 2 0 240 ffff9d0013d59700 ktrace
0 >1241 7 0 240 ffff9d0013d592c0 ktrace
0 968 3 0 200 ffff9d0012974ac0 physiod physiod
0 194 3 0 200 ffff9d001298bb00 pooldrain pooldrain
0 193 3 0 200 ffff9d001298b6c0 ioflush syncer
0 192 3 1 200 ffff9d001298b280 pgdaemon pgdaemon
0 169 3 1 200 ffff9d0012974240 usb7 usbevt
0 167 3 1 200 ffff9d001292ea80 usb6 usbevt
0 165 3 1 200 ffff9d001292e640 usb5 usbevt
0 164 3 1 200 ffff9d001292e200 usb4 usbevt
0 31 3 0 200 ffff9d00128e0a40 usb3 usbevt
0 63 2 0 240 ffff9d00128e0600 usb2
0 126 3 0 200 ffff9d00128e01c0 usb1 usbevt
0 125 3 1 200 ffff9d0012870a00 usb0 usbevt
0 124 3 0 200 ffff9d00128705c0 usbtask-dr usbtsk
0 123 3 0 200 ffff9d00120b66c0 usbtask-hc usbtsk
0 122 3 1 200 ffff9d0012870180 npfgc0 npfgcw
0 121 3 0 200 ffff9d00126fd580 rt_free rt_free
0 120 3 0 200 ffff9d00126fd140 unpgc unpgc
0 119 2 0 200 ffff9d00126f6980 key_timehandler
0 118 3 1 200 ffff9d00126f6540 icmp6_wqinput/1 icmp6_wqinput
0 117 3 0 200 ffff9d00126f6100 icmp6_wqinput/0 icmp6_wqinput
0 116 2 0 200 ffff9d00126ed940 nd6_timer
0 115 3 1 200 ffff9d00126ed500 carp6_wqinput/1 carp6_wqinput
0 114 3 0 200 ffff9d00126ed0c0 carp6_wqinput/0 carp6_wqinput
0 113 3 1 200 ffff9d00126de900 carp_wqinput/1 carp_wqinput
0 112 3 0 200 ffff9d00126de4c0 carp_wqinput/0 carp_wqinput
0 111 3 1 200 ffff9d00126de080 icmp_wqinput/1 icmp_wqinput
0 110 3 0 200 ffff9d00126cb8c0 icmp_wqinput/0 icmp_wqinput
0 109 2 0 200 ffff9d00126cb480 rt_timer
0 108 3 0 200 ffff9d00126cabc0 vmem_rehash vmem_rehash
0 99 3 0 200 ffff9d00120bbb40 entbutler entropy
0 98 3 1 200 ffff9d00120bb700 viomb balloon
0 97 3 1 200 ffff9d00120bb2c0 vioif0_txrx/1 vioif0_txrx
0 96 3 0 200 ffff9d00120b6b00 vioif0_txrx/0 vioif0_txrx
0 29 3 0 200 ffff9d00120b6280 scsibus0 sccomp
0 28 3 0 200 ffff9d0010cbaac0 pms0 pmsreset
0 27 3 1 200 ffff9d0010cba680 xcall/1 xcall
0 26 1 1 200 ffff9d0010cba240 softser/1
0 > 25 7 1 200 ffff9d0010cb9a80 softclk/1
0 24 1 1 200 ffff9d0010cb9640 softbio/1
0 23 1 1 200 ffff9d0010cb9200 softnet/1
0 > 22 1 1 201 ffff9d000fb55a40 idle/1
0 21 3 0 200 ffff9d000fb55600 lnxsyswq lnxsyswq
0 20 3 0 200 ffff9d000fb551c0 lnxubdwq lnxubdwq
0 19 3 0 200 ffff9d000fb54a00 lnxpwrwq lnxpwrwq
0 18 3 0 200 ffff9d000fb545c0 lnxlngwq lnxlngwq
0 17 3 0 200 ffff9d000fb54180 lnxhipwq lnxhipwq
0 16 3 0 200 ffff9d000fb4b9c0 lnxrcugc lnxrcugc
0 15 3 0 200 ffff9d000fb4b580 sysmon smtaskq
0 14 3 0 200 ffff9d000fb4b140 pmfsuspend pmfsuspend
0 13 3 0 200 ffff9d000fb48980 pmfevent pmfevent
0 12 3 0 200 ffff9d000fb48540 sopendfree sopendfr
0 11 3 1 200 ffff9d000fb48100 iflnkst iflnkst
0 10 3 0 200 ffff9d000fb3c940 nfssilly nfssilly
0 9 3 0 200 ffff9d000fb3c500 vdrain vdrain
0 8 3 0 200 ffff9d000fb3c0c0 modunload mod_unld
0 7 3 0 200 ffff9d000fb33900 xcall/0 xcall
0 6 1 0 200 ffff9d000fb334c0 softser/0
0 5 3 0 200 ffff9d000fb33080 softclk/0 tstile
0 4 1 0 200 ffff9d000fb318c0 softbio/0
0 3 1 0 200 ffff9d000fb31480 softnet/0
0 2 1 0 201 ffff9d000fb31040 idle/0
0 0 3 0 200 ffffffff833413c0 swapper uvm
[Locks tracked through LWPs]

****** LWP 547.547 (dhcpcd) @ 0xffff9d0012c82900, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff83480280 type : sleep/adaptive
initialized : 0xffffffff81b12311
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffff9d0012c82900 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 464.464 (dhcpcd) @ 0xffff9d0012bf0680, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff83480280 type : sleep/adaptive
initialized : 0xffffffff81b12311
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffff9d0012bf0680 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 288.288 (dhcpcd) @ 0xffff9d0012d758c0, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff83480280 type : sleep/adaptive
initialized : 0xffffffff81b12311
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffff9d0012d758c0 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 351.351 (dhcpcd) @ 0xffff9d0012d75480, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff83480280 type : sleep/adaptive
initialized : 0xffffffff81b12311
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0
relevant lwp : 0xffff9d0012d75480 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.11 (iflnkst) @ 0xffff9d000fb48100, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff83480280 type : sleep/adaptive
initialized : 0xffffffff81b12311
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0
relevant lwp : 0xffff9d000fb48100 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.5 (softclk/0) @ 0xffff9d000fb33080, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff83480280 type : sleep/adaptive
initialized : 0xffffffff81b12311
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffff9d000fb33080 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.0 (swapper) @ 0xffffffff833413c0, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff83480280 type : sleep/adaptive
initialized : 0xffffffff81b12311
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffffff833413c0 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

[Locks tracked through CPUs]

******* Locks held on cpu0:

* Lock 0 (initialized at main)
lock address : 0xffffffff83480180 type : spin
initialized : 0xffffffff81f641ce
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffff9d0013d592c0 last held: 0xffff9d0013d592c0
last locked* : 0xffffffff81b9eca2 unlocked : 0xffffffff81b9ecce
curcpu holds : 1 wanted by: 000000000000000000

* Lock 1 (initialized at kprintf_init)
lock address : 0xffffffff8358aea0 type : spin
initialized : 0xffffffff81bc4585
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffff9d0013d592c0 last held: 0xffff9d0013d592c0
last locked* : 0xffffffff81bc45f6 unlocked : 0xffffffff81bc4654
owner field : 0x0000000000000800 wait/spin: 0/1

PAGE FLAG PQ UOBJECT UANON
0xffff9d0000017180 0041 00000000 0x0 0x0
0xffff9d0000017200 0041 00000000 0x0 0x0
0xffff9d0000017280 0041 00000000 0x0 0x0
0xffff9d0000017300 0041 00000000 0x0 0x0
0xffff9d0000017380 0041 00000000 0x0 0x0
0xffff9d0000017400 0041 00000000 0x0 0x0
0xffff9d0000017480 0041 00000000 0x0 0x0
0xffff9d0000017500 0041 00000000 0x0 0x0
0xffff9d0000017580 0041 00000000 0x0 0x0
0xffff9d0000017600 0041 00000000 0x0 0x0
0xffff9d0000017680 0041 00000000 0x0 0x0
0xffff9d0000017700 0041 00000000 0x0 0x0
0xffff9d0000017780 0041 00000000 0x0 0x0
0xffff9d0000017800 0041 00000000 0x0 0x0
0xffff9d0000017880 0041 00000000 0x0 0x0
0xffff9d0000017900 0041 00000000 0x0 0x0
0xffff9d0000017980 0041 00000000 0x0 0x0
0xffff9d0000017a00 0041 00000000 0x0 0x0
0xffff9d0000017a80 0041 00000000 0x0 0x0
0xffff9d0000017b00 0041 00000000 0x0 0x0
0xffff9d0000017b80 0041 00000000 0x0 0x0
0xffff9d0000017c00 0041 00000000 0x0 0x0
0xffff9d0000017c80 0041 00000000 0x0 0x0
0xffff9d0000017d00 0041 00000000 0x0 0x0
0xffff9d0000017d80 0041 00000000 0x0 0x0
0xffff9d0000017e00 0041 00000000 0x0 0x0
0xffff9d0000017e80 0041 00000000 0x0 0x0
0xffff9d0000017f00 0041 00000000 0x0 0x0
0xffff9d0000017f80 0041 00000000 0x0 0x0
0xffff9d0000018000 0041 00000000 0x0 0x0
0xffff9d0000018080 0041 00000000 0x0 0x0
0xffff9d0000018100 0041 00000000 0x0 0x0
0xffff9d0000018180 0041 00000000 0x0 0x0
0xffff9d0000018200 0041 00000000 0x0 0x0
0xffff9d0000018280 0041 00000000 0x0 0x0
0xffff9d0000018300 0041 00000000 0x0 0x0
0xffff9d0000018380 0041 00000000 0x0 0x0
0xffff9d0000018400 0041 00000000 0x0 0x0
0xffff9d0000018480 0041 00000000 0x0 0x0
0xffff9d0000018500 0041 00000000 0x0 0x0
0xffff9d0000018580 0041 00000000 0x0 0x0
0xffff9d0000018600 0041 00000000 0x0 0x0
0xffff9d0000018680 0041 00000000 0x0 0x0
0xffff9d0000018700 0041 00000000 0x0 0x0
0xffff9d0000018780 0041 00000000 0x0 0x0
0xffff9d0000018800 0041 00000000 0x0 0x0
0xffff9d0000018880 0041 00000000 0x0 0x0
0xffff9d0000018900 0041 00000000 0x0 0x0
0xffff9d0000018980 0041 00000000 0x0 0x0
0xffff9d0000018a00 0041 00000000 0x0 0x0
0xffff9d0000018a80 0041 00000000 0x0 0x0
0xffff9d0000018b00 0041 00000000 0x0 0x0
0xffff9d0000018b80 0041 00000000 0x0 0x0
0xffff9d0000018c00 0041 00000000 0x0 0x0
0xffff9d0000018c80 0041 00000000 0x0 0x0
0xffff9d0000018d00 0041 00000000 0x0 0x0
0xffff9d0000018d80 0041 00000000 0x0 0x0
0xffff9d0000018e00 0041 00000000 0x0 0x0
0xffff9d0000018e80 0041 00000000 0x0 0x0
0xffff9d0000018f00 0041 00000000 0x0 0x0
0xffff9d0000018f80 0041 00000000 0x0 0x0
0xffff9d0000019000 0041 00000000 0x0 0x0
0xffff9d0000019080 0041 00000000 0x0 0x0
0xffff9d0000019100 0041 00000000 0x0 0x0
0xffff9d0000019180 0041 00000000 0x0 0x0
0xffff9d0000019200 0041 00000000 0x0 0x0
0xffff9d0000019280 0041 00000000 0x0 0x0
0xffff9d0000019300 0041 00000000 0x0 0x0
0xffff9d0000019380 0041 00000000 0x0 0x0
0xffff9d0000019400 0041 00000000 0x0 0x0
0xffff9d0000019480 0041 00000000 0x0 0x0
0xffff9d0000019500 0041 00000000 0x0 0x0
0xffff9d0000019580 0041 00000000 0x0 0x0
0xffff9d0000019600 0041 00000000 0x0 0x0
0xffff9d0000019680 0041 00000000 0x0 0x0
0xffff9d0000019700 0041 00000000 0x0 0x0
0xffff9d0000019780 0041 00000000 0x0 0x0
0xffff9d0000019800 0041 00000000 0x0 0x0
0xffff9d0000019880 0041 00000000 0x0 0x0
0xffff9d0000019900 0041 00000000 0x0 0x0
0xffff9d0000019980 0041 00000000 0x0 0x0
0xffff9d0000019a00 0041 00000000 0x0 0x0
0xffff9d0000019a80 0041 00000000 0x0 0x0
0xffff9d0000019b00 0041 00000000 0x0 0x0
0xffff9d0000019b80 0041 00000000 0x0 0x0
0xffff9d0000019c00 0041 00000000 0x0 0x0
0xffff9d0000019c80 0041 00000000 0x0 0x0
0xffff9d0000019d00 0041 00000000 0x0 0x0
0xffff9d0000019d80 0041 00000000 0x0 0x0
0xffff9d0000019e00 0041 00000000 0x0 0x0
0xffff9d0000019e80 0041 00000000 0x0 0x0
0xffff9d0000019f00 0041 00000000 0x0 0x0
0xffff9d0000019f80 0041 00000000 0x0 0x0
0xffff9d000001a000 0041 00000000 0x0 0x0
0xffff9d000001a080 0041 00000000 0x0 0x0
0xffff9d000001a100 0041 00000000 0x0 0x0
0xffff9d000001a180 0041 00000000 0x0 0x0
0xffff9d000001a200 0041 00000000 0x0 0x0
0xffff9d000001a280 0041 00000000 0x0 0x0
0xffff9d000001a300 0041 00000000 0x0 0x0
0xffff9d000001a380 0041 00000000 0x0 0x0
0xffff9d000001a400 0041 00000000 0x0 0x0
0xffff9d000001a480 0041 00000000 0x0 0x0
0xffff9d000001a500 0041 00000000 0x0 0x0
0xffff9d000001a580 0041 00000000 0x0 0x0
0xffff9d000001a600 0041 00000000 0x0 0x0
0xffff9d000001a680 0041 00000000 0x0 0x0
0xffff9d000001a700 0041 00000000 0x0 0x0
0xffff9d000001a780 0041 00000000 0x0 0x0
0xffff9d000001a800 0041 00000000 0x0 0x0
0xffff9d000001a880 0041 00000000 0x0 0x0
0xffff9d000001a900 0041 00000000 0x0 0x0
0xffff9d000001a980 0041 00000000 0x0 0x0
0xffff9d000001aa00 0041 00000000 0x0 0x0
0xffff9d000001aa80 0041 00000000 0x0 0x0
0xffff9d000001ab00 0041 00000000 0x0 0x0
0xffff9d000001ab80 0041 00000000 0x0 0x0
0xffff9d000001ac00 0041 00000000 0x0 0x0
0xffff9d000001ac80 0041 00000000 0x0 0x0
0xffff9d000001ad00 0041 00000000 0x0 0x0
0xffff9d000001ad80 0041 00000000 0x0 0x0
0xffff9d000001ae00 0041 00000000 0x0 0x0
0xffff9d000001ae80 0041 00000000 0x0 0x0
0xffff9d000001af00 0041 00000000 0x0 0x0
0xffff9d000001af80 0041 00000000 0x0 0x0
0xffff9d000001b000 0041 00000000 0x0 0x0
0xffff9d000001b080 0041 00000000 0x0 0x0
0xffff9d000001b100 0041 00000000 0x0 0x0
0xffff9d000001b180 0041 00000000 0x0 0x0
0xffff9d000001b200 0041 00000000 0x0 0x0
0xffff9d000001b280 0041 00000000 0x0 0x0
0xffff9d000001b300 0041 00000000 0x0 0x0
0xffff9d000001b380 0041 00000000 0x0 0x0
0xffff9d000001b400 0041 00000000 0x0 0x0
0xffff9d000001b480 0041 00000000 0x0 0x0
0xffff9d000001b500 0041 00000000 0x0 0x0
0xffff9d000001b580 0041 00000000 0x0 0x0
0xffff9d000001b600 0041 00000000 0x0 0x0
0xffff9d000001b680 0041 00000000 0x0 0x0
0xffff9d000001b700 0041 00000000 0x0 0x0
0xffff9d000001b780 0041 00000000 0x0 0x0
0xffff9d000001b800 0041 00000000 0x0 0x0
0xffff9d000001b880 0041 00000000 0x0 0x0
0xffff9d000001b900 0041 00000000 0x0 0x0
0xffff9d000001b980 0041 00000000 0x0 0x0
0xffff9d000001ba00 0041 00000000 0x0 0x0
0xffff9d000001ba80 0001 00000000 0x0 0x0
0xffff9d000001bb00 0001 00000000 0x0 0x0
0xffff9d000001bb80 0001 00000000 0x0 0x0
0xffff9d000001bc00 0001 00000000 0x0 0x0
0xffff9d000001bc80 0001 00000000 0x0 0x0
0xffff9d000001bd00 0001 00000000 0x0 0x0
0xffff9d000001bd80 0001 00000000 0x0 0x0
0xffff9d000001be00 0001 00000000 0x0 0x0
0xffff9d000001be80 0001 00000000 0x0 0x0
0xffff9d000001bf00 0001 00000000 0x0 0x0
0xffff9d000001bf80 0001 00000000 0x0 0x0
0xffff9d000001c000 0001 00000000 0x0 0x0
0xffff9d000001c080 0001 00000000 0x0 0x0
0xffff9d000001c100 0001 00000000 0x0 0x0
0xffff9d000001c180 0001 00000000 0x0 0x0
0xffff9d000001c200 0001 00000000 0x0 0x0
0xffff9d000001c280 0001 00000000 0x0 0x0
0xffff9d000001c300 0001 00000000 0x0 0x0
0xffff9d000001c380 0001 00000000 0x0 0x0
0xffff9d000001c400 0001 00000000 0x0 0x0
0xffff9d000001c480 0001 00000000 0x0 0x0
0xffff9d000001c500 0001 00000000 0x0 0x0
0xffff9d000001c580 0001 00000000 0x0 0x0
0xffff9d000001c600 0001 00000000 0x0 0x0
0xffff9d000001c680 0001 00000000 0x0 0x0
0xffff9d000001c700 0001 00000000 0x0 0x0
0xffff9d000001c780 0001 00000000 0x0 0x0
0xffff9d000001c800 0001 00000000 0x0 0x0
0xffff9d000001c880 0001 00000000 0x0 0x0
0xffff9d000001c900 0001 00000000 0x0 0x0
0xffff9d000001c980 0001 00000000 0x0 0x0
0xffff9d000001ca00 0001 00000000 0x0 0x0
0xffff9d000001ca80 0001 00000000 0x0 0x0
0xffff9d000001cb00 0001 00000000 0x0 0x0
0xffff9d000001cb80 0001 00000000 0x0 0x0
0xffff9d000001cc00 0001 00000000 0x0 0x0
0xffff9d000001cc80 0001 00000000 0x0 0x0
0xffff9d000001cd00 0001 00000000 0x0 0x0
0xffff9d000001cd80 0001 00000000 0x0 0x0
0xffff9d000001ce00 0001 00000000 0x0 0x0
0xffff9d000001ce80 0001 00000000 0x0 0x0
0xffff9d000001cf00 0001 00000000 0x0 0x0
0xffff9d000001cf80 0001 00000000 0x0 0x0
0xffff9d000001d000 0001 00000000 0x0 0x0
0xffff9d000001d080 0001 00000000 0x0 0x0
0xffff9d000001d100 0001 00000000 0x0 0x0
0xffff9d000001d180 0001 00000000 0x0 0x0
0xffff9d000001d200 0001 00000000 0x0 0x0
0xffff9d000001d280 0001 00000000 0x0 0x0
0xffff9d000001d300 0001 00000000 0x0 0x0
0xffff9d000001d380 0001 00000000 0x0 0x0
0xffff9d000001d400 0001 00000000 0x0 0x0
0xffff9d000001d480 0001 00000000 0x0 0x0
0xffff9d000001d500 0001 00000000 0x0 0x0
0xffff9d000001d580 0001 00000000 0x0 0x0
0xffff9d000001d600 0001 00000000 0x0 0x0
0xffff9d000001d680 0001 00000000 0x0 0x0
0xffff9d000001d700 0001 00000000 0x0 0x0
0xffff9d000001d780 0001 00000000 0x0 0x0
0xffff9d000001d800 0001 00000000 0x0 0x0
0xffff9d000001d880 0001 00000000 0x0 0x0
0xffff9d000001d900 0001 00000000 0x0 0x0
0xffff9d000001d980 0001 00000000 0x0 0x0
0xffff9d000001da00 0001 00000000 0x0 0x0
0xffff9d000001da80 0001 00000000 0x0 0x0
0xffff9d000001db00 0001 00000000 0x0 0x0
0xffff9d000001db80 0001 00000000 0x0 0x0
0xffff9d000001dc00 0001 00000000 0x0 0x0
0xffff9d000001dc80 0001 00000000 0x0 0x0
0xffff9d000001dd00 0001 00000000 0x0 0x0
0xffff9d000001dd80 0001 00000000 0x0 0x0
0xffff9d000001de00 0001 00000000 0x0 0x0
0xffff9d000001de80 0001 00000000 0x0 0x0
0xffff9d000001df00 0001 00000000 0x0 0x0
0xffff9d000001df80 0001 00000000 0x0 0x0
0xffff9d000001e000 0001 00000000 0x0 0x0
0xffff9d000001e080 0001 00000000 0x0 0x0
0xffff9d000001e100 0001 00000000 0x0 0x0
0xffff9d000001e180 0001 00000000 0x0 0x0
0xffff9d000001e200 0001 00000000 0x0 0x0
0xffff9d000001e280 0001 00000000 0x0 0x0
0xffff9d000001e300 0001 00000000 0x0 0x0
0xffff9d000001e380 0001 00000000 0x0 0x0
0xffff9d000001e400 0001 00000000 0x0 0x0
0xffff9d000001e480 0001 00000000 0x0 0x0
0xffff9d000001e500 0001 00000000 0x0 0x0
0xffff9d000001e580 0001 00000000 0x0 0x0
0xffff9d000001e600 0001 00000000 0x0 0x0
0xffff9d000001e680 0001 00000000 0x0 0x0
0xffff9d000001e700 0001 00000000 0x0 0x0
0xffff9d000001e780 0001 00000000 0x0 0x0
0xffff9d000001e800 0001 00000000 0x0 0x0
0xffff9d000001e880 0001 00000000 0x0 0x0
0xffff9d000001e900 0001 00000000 0x0 0x0
0xffff9d000001e980 0001 00000000 0x0 0x0
0xffff9d000001ea00 0001 00000000 0x0 0x0
0xffff9d000001ea80 0001 00000000 0x0 0x0
0xffff9d000001eb00 0001 00000000 0x0 0x0
0xffff9d000001eb80 0001 00000000 0x0 0x0
0xffff9d000001ec00 0001 00000000 0x0 0x0
0xffff9d000001ec80 0001 00000000 0x0 0x0
0xffff9d000001ed00 0001 00000000 0x0 0x0
0xffff9d000001ed80 0001 00000000 0x0 0x0
0xffff9d000001ee00 0001 00000000 0x0 0x0
0xffff9d000001ee80 0001 00000000 0x0 0x0
0xffff9d000001ef00 0001 00000000 0x0 0x0
0xffff9d000001ef80 0001 00000000 0x0 0x0
0xffff9d000001f000 0001 00000000 0x0 0x0
0xffff9d000001f080 0001 00000000 0x0 0x0
0xffff9d000001f100 0001 00000000 0x0 0x0
0xffff9d000001f180 0001 00000000 0x0 0x0
0xffff9d000001f200 0001 00000000 0x0 0x0
0xffff9d000001f280 0001 00000000 0x0 0x0
0xffff9d000001f300 0001 00000000 0x0 0x0
0xffff9d000001f380 0001 00000000 0x0 0x0
0xffff9d000001f400 0001 00000000 0x0 0x0
0xffff9d000001f480 0001 00000000 0x0 0x0
0xffff9d000001f500 0001 00000000 0x0 0x0
0xffff9d000001f580 0001 00000000 0x0 0x0
0xffff9d000001f600 0001 00000000 0x0 0x0
0xffff9d000001f680 0001 00000000 0x0 0x0
0xffff9d000001f700 0001 00000000 0x0 0x0
0xffff9d000001f780 0001 00000000 0x0 0x0
0xffff9d000001f800 0001 00000000 0x0 0x0
0xffff9d000001f880 0001 00000000 0x0 0x0
0xffff9d000001f900 0001 00000000 0x0 0x0
0xffff9d000001f980 0001 00000000 0x0 0x0
0xffff9d000001fa00 0001 00000000 0x0 0x0
0xffff9d000001fa80 0001 00000000 0x0 0x0
0xffff9d000001fb00 0001 00000000 0x0 0x0
0xffff9d000001fb80 0001 00000000 0x0 0x0
0xffff9d000001fc00 0001 00000000 0x0 0x0
0xffff9d000001fc80 0001 00000000 0x0 0x0
0xffff9d000001fd00 0001 00000000 0x0 0x0
0xffff9d000001fd80 0001 00000000 0x0 0x0
0xffff9d000001fe00 0001 00000000 0x0 0x0
0xffff9d000001fe80 0001 00000000 0x0 0x0
0xffff9d000001ff00 0001 00000000 0x0 0x0
0xffff9d000001ff80 0001 00000000 0x0 0x0
0xffff9d0000020000 0001 00000000 0x0 0x0
0xffff9d0000020080 0001 00000000 0x0 0x0
0xffff9d0000020100 0001 00000000 0x0 0x0
0xffff9d0000020180 0001 00000000 0x0 0x0
0xffff9d0000020200 0001 00000000 0x0 0x0
0xffff9d0000020280 0001 00000000 0x0 0x0
0xffff9d0000020300 0001 00000000 0x0 0x0
0xffff9d0000020380 0001 00000000 0x0 0x0
0xffff9d0000020400 0001 00000000 0x0 0x0
0xffff9d0000020480 0001 00000000 0x0 0x0
0xffff9d0000020500 0001 00000000 0x0 0x0
0xffff9d0000020580 0001 00000000 0x0 0x0
0xffff9d0000020600 0001 00000000 0x0 0x0
0xffff9d0000020680 0001 00000000 0x0 0x0
0xffff9d0000020700 0001 00000000 0x0 0x0
0xffff9d0000020780 0001 00000000 0x0 0x0
0xffff9d0000020800 0001 00000000 0x0 0x0
0xffff9d0000020880 0001 00000000 0x0 0x0
0xffff9d0000020900 0001 00000000 0x0 0x0
0xffff9d0000020980 0001 00000000 0x0 0x0
0xffff9d0000020a00 0001 00000000 0x0 0x0
0xffff9d0000020a80 0001 00000000 0x0 0x0
0xffff9d0000020b00 0001 00000000 0x0 0x0
0xffff9d0000020b80 0001 00000000 0x0 0x0
0xffff9d0000020c00 0001 00000000 0x0 0x0
0xffff9d0000020c80 0001 00000000 0x0 0x0
0xffff9d0000020d00 0001 00000000 0x0 0x0
0xffff9d0000020d80 0001 00000000 0x0 0x0
0xffff9d0000020e00 0001 00000000 0x0 0x0
0xffff9d0000020e80 0001 00000000 0x0 0x0
0xffff9d0000020f00 0001 00000000 0x0 0x0
0xffff9d0000020f80 0001 00000000 0x0 0x0
0xffff9d0000021000 0001 00000000 0x0 0x0
0xffff9d0000021080 0001 00000000 0x0 0x0
0xffff9d0000021100 0001 00000000 0x0 0x0
0xffff9d0000021180 0001 00000000 0x0 0x0
0xffff9d0000021200 0001 00000000 0x0 0x0
0xffff9d0000021280 0001 00000000 0x0 0x0
0xffff9d0000021300 0001 00000000 0x0 0x0
0xffff9d0000021380 0001 00000000 0x0 0x0
0xffff9d0000021400 0001 00000000 0x0 0x0
0xffff9d0000021480 0001 00000000 0x0 0x0
0xffff9d0000021500 0001 00000000 0x0 0x0
0xffff9d0000021580 0001 00000000 0x0 0x0
0xffff9d0000021600 0001 00000000 0x0 0x0
0xffff9d0000021680 0001 00000000 0x0 0x0
0xffff9d0000021700 0001 00000000 0x0 0x0
0xffff9d0000021780 0001 00000000 0x0 0x0
0xffff9d0000021800 0001 00000000 0x0 0x0
0xffff9d0000021880 0001 00000000 0x0 0x0
0xffff9d0000021900 0001 00000000 0x0 0x0
0xffff9d0000021980 0001 00000000 0x0 0x0
0xffff9d0000021a00 0001 00000000 0x0 0x0
0xffff9d0000021a80 0001 00000000 0x0 0x0
0xffff9d0000021b00 0001 00000000 0x0 0x0
0xffff9d0000021b80 0001 00000000 0x0 0x0
0xffff9d0000021c00 0001 00000000 0x0 0x0
0xffff9d0000021c80 0001 00000000 0x0 0x0
0xffff9d0000021d00 0001 00000000 0x0 0x0
0xffff9d0000021d80 0001 00000000 0x0 0x0
0xffff9d0000021e00 0001 00000000 0x0 0x0
0xffff9d0000021e80 0001 00000000 0x0 0x0
0xffff9d0000021f00 0001 00000000 0x0 0x0
0xffff9d0000021f80 0001 00000000 0x0 0x0
0xffff9d0000022000 0001 00000000 0x0 0x0
0xffff9d0000022080 0001 00000000 0x0 0x0
0xffff9d0000022100 0001 00000000 0x0 0x0
0xffff9d0000022180 0001 00000000 0x0 0x0
0xffff9d0000022200 0001 00000000 0x0 0x0
0xffff9d0000022280 0001 00000000 0x0 0x0
0xffff9d0000022300 0001 00000000 0x0 0x0
0xffff9d0000022380 0001 00000000 0x0 0x0
0xffff9d0000022400 0001 00000000 0x0 0x0
0xffff9d0000022480 0001 00000000 0x0 0x0
0xffff9d0000022500 0001 00000000 0x0 0x0
0xffff9d0000022580 0001 00000000 0x0 0x0
0xffff9d0000022600 0001 00000000 0x0 0x0
0xffff9d0000022680 0001 00000000 0x0 0x0
0xffff9d0000022700 0001 00000000 0x0 0x0
0xffff9d0000022780 0001 00000000 0x0 0x0
0xffff9d0000022800 0001 00000000 0x0 0x0
0xffff9d0000022880 0001 00000000 0x0 0x0
0xffff9d0000022900 0001 00000000 0x0 0x0
0xffff9d0000022980 0001 00000000 0x0 0x0
0xffff9d0000022a00 0001 00000000 0x0 0x0
0xffff9d0000022a80 0001 00000000 0x0 0x0
0xffff9d0000022b00 0001 00000000 0x0 0x0
0xffff9d0000022b80 0001 00000000 0x0 0x0
0xffff9d0000022c00 0001 00000000 0x0 0x0
0xffff9d0000022c80 0001 00000000 0x0 0x0
0xffff9d0000022d00 0001 00000000 0x0 0x0
0xffff9d0000022d80 0001 00000000 0x0 0x0
0xffff9d0000022e00 0001 00000000 0x0 0x0
0xffff9d0000022e80 0001 00000000 0x0 0x0
0xffff9d0000022f00 0001 00000000 0x0 0x0
0xffff9d0000022f80 0001 00000000 0x0 0x0
0xffff9d0000023000 0001 00000000 0x0 0x0
0xffff9d0000023080 0001 00000000 0x0 0x0
0xffff9d0000023100 0001 00000000 0x0 0x0
0xffff9d0000023180 0001 00000000 0x0 0x0
0xffff9d0000023200 0001 00000000 0x0 0x0
0xffff9d0000023280 0001 00000000 0x0 0x0
0xffff9d0000023300 0001 00000000 0x0 0x0
0xffff9d0000023380 0001 00000000 0x0 0x0
0xffff9d0000023400 0001 00000000 0x0 0x0
0xffff9d0000023480 0001 00000000 0x0 0x0
0xffff9d0000023500 0001 00000000 0x0 0x0
0xffff9d0000023580 0001 00000000 0x0 0x0
0xffff9d0000023600 0001 00000000 0x0 0x0
0xffff9d0000023680 0001 00000000 0x0 0x0
0xffff9d0000023700 0001 00000000 0x0 0x0
0xffff9d0000023780 0001 00000000 0x0 0x0
0xffff9d0000023800 0001 00000000 0x0 0x0
0xffff9d0000023880 0001 00000000 0x0 0x0
0xffff9d0000023900 0001 00000000 0x0 0x0
0xffff9d0000023980 0001 00000000 0x0 0x0
0xffff9d0000023a00 0001 00000000 0x0 0x0
0xffff9d0000023a80 0001 00000000 0x0 0x0
0xffff9d0000023b00 0001 00000000 0x0 0x0
0xffff9d0000023b80 0001 00000000 0x0 0x0
0xffff9d0000023c00 0001 00000000 0x0 0x0
0xffff9d0000023c80 0001 00000000 0x0 0x0
0xffff9d0000023d00 0001 00000000 0x0 0x0
0xffff9d0000023d80 0001 00000000 0x0 0x0
0xffff9d0000023e00 0001 00000000 0x0 0x0
0xffff9d0000023e80 0001 00000000 0x0 0x0
0xffff9d0000023f00 0001 00000000 0x0 0x0
0xffff9d0000023f80 0001 00000000 0x0 0x0
0xffff9d0000024000 0001 00000000 0x0 0x0
0xffff9d0000024080 0001 00000000 0x0 0x0
0xffff9d0000024100 0001 00000000 0x0 0x0
0xffff9d0000024180 0001 00000000 0x0 0x0
0xffff9d0000024200 0001 00000000 0x0 0x0
0xffff9d0000024280 0001 00000000 0x0 0x0
0xffff9d0000024300 0001 00000000 0x0 0x0
0xffff9d0000024380 0001 00000000 0x0 0x0
0xffff9d0000024400 0001 00000000 0x0 0x0
0xffff9d0000024480 0001 00000000 0x0 0x0
0xffff9d0000024500 0001 00000000 0x0 0x0
0xffff9d0000024580 0001 00000000 0x0 0x0
0xffff9d0000024600 0001 00000000 0x0 0x0
0xffff9d0000024680 0001 00000000 0x0 0x0
0xffff9d0000024700 0001 00000000 0x0 0x0
0xffff9d0000024780 0001 00000000 0x0 0x0
0xffff9d0000024800 0001 00000000 0x0 0x0
0xffff9d0000024880 0001 00000000 0x0 0x0
0xffff9d0000024900 0001 00000000 0x0 0x0
0xffff9d0000024980 0001 00000000 0x0 0x0
0xffff9d0000024a00 0001 00000000 0x0 0x0
0xffff9d0000024a80 0001 00000000 0x0 0x0
0xffff9d0000024b00 0001 00000000 0x0 0x0
0xffff9d0000024b80 0001 00000000 0x0 0x0
0xffff9d0000024c00 0001 00000000 0x0 0x0
0xffff9d0000024c80 0001 00000000 0x0 0x0
0xffff9d0000024d00 0001 00000000 0x0 0x0
0xffff9d0000024d80 0001 00000000 0x0 0x0
0xffff9d0000024e00 0001 00000000 0x0 0x0
0xffff9d0000024e80 0001 00000000 0x0 0x0
0xffff9d0000024f00 0001 00000000 0x0 0x0
0xffff9d0000024f80 0001 00000000 0x0 0x0
0xffff9d0000025000 0001 00000000 0x0 0x0
0xffff9d0000025080 0001 00000000 0x0 0x0
0xffff9d0000025100 0001 00000000 0x0 0x0
0xffff9d0000025180 0001 00000000 0x0 0x0
0xffff9d0000025200 0001 00000000 0x0 0x0
0xffff9d0000025280 0001 00000000 0x0 0x0
0xffff9d0000025300 0001 00000000 0x0 0x0
0xffff9d0000025380 0001 00000000 0x0 0x0
0xffff9d0000025400 0001 00000000 0x0 0x0
0xffff9d0000025480 0001 00000000 0x0 0x0
0xffff9d0000025500 0001 00000000 0x0 0x0
0xffff9d0000025580 0001 00000000 0x0 0x0
0xffff9d0000025600 0001 00000000 0x0 0x0
0xffff9d0000025680 0001 00000000 0x0 0x0
0xffff9d0000025700 0001 00000000 0x0 0x0
0xffff9d0000025780 0001 00000000 0x0 0x0
0xffff9d0000025800 0001 00000000 0x0 0x0
0xffff9d0000025880 0001 00000000 0x0 0x0
0xffff9d0000025900 0001 00000000 0x0 0x0
0xffff9d0000025980 0001 00000000 0x0 0x0
0xffff9d0000025a00 0001 00000000 0x0 0x0
0xffff9d0000025a80 0001 00000000 0x0 0x0
0xffff9d0000025b00 0001 00000000 0x0 0x0
0xffff9d0000025b80 0001 00000000 0x0 0x0
0xffff9d0000025c00 0001 00000000 0x0 0x0
0xffff9d0000025c80 0001 00000000 0x0 0x0
0xffff9d0000025d00 0001 00000000 0x0 0x0
0xffff9d0000025d80 0001 00000000 0x0 0x0
0xffff9d0000025e00 0001 00000000 0x0 0x0
0xffff9d0000025e80 0001 00000000 0x0 0x0
0xffff9d0000025f00 0001 00000000 0x0 0x0
0xffff9d0000025f80 0001 00000000 0x0 0x0
0xffff9d0000026000 0001 00000000 0x0 0x0
0xffff9d0000026080 0001 00000000 0x0 0x0
0xffff9d0000026100 0001 00000000 0x0 0x0
0xffff9d0000026180 0001 00000000 0x0 0x0
0xffff9d0000026200 0001 00000000 0x0 0x0
0xffff9d0000026280 0001 00000000 0x0 0x0
0xffff9d0000026300 0001 00000000 0x0 0x0
0xffff9d0000026380 0001 00000000 0x0 0x0
0xffff9d0000026400 0001 00000000 0x0 0x0
0xffff9d0000026480 0001 00000000 0x0 0x0
0xffff9d0000026500 0001 00000000 0x0 0x0
0xffff9d0000026580 0001 00000000 0x0 0x0
0xffff9d0000026600 0001 00000000 0x0 0x0
0xffff9d0000026680 0001 00000000 0x0 0x0
0xffff9d0000026700 0001 00000000 0x0 0x0
0xffff9d0000026780 0001 00000000 0x0 0x0
0xffff9d0000026800 0001 00000000 0x0 0x0
0xffff9d0000026880 0001 00000000 0x0 0x0
0xffff9d0000026900 0001 00000000 0x0 0x0
0xffff9d0000026980 0001 00000000 0x0 0x0
0xffff9d0000026a00 0001 00000000 0x0 0x0
0xffff9d0000026a80 0001 00000000 0x0 0x0
0xffff9d0000026b00 0001 00000000 0x0 0x0
0xffff9d0000026b80 0001 00000000 0x0 0x0
0xffff9d0000026c00 0001 00000000 0x0 0x0
0xffff9d0000026c80 0001 00000000 0x0 0x0
0xffff9d0000026d00 0001 00000000 0x0 0x0
0xffff9d0000026d80 0001 00000000 0x0 0x0
0xffff9d0000026e00 0001 00000000 0x0 0x0
0xffff9d0000026e80 0001 00000000 0x0 0x0
0xffff9d0000026f00 0001 00000000 0x0 0x0
0xffff9d0000026f80 0001 00000000 0x0 0x0
0xffff9d0000027000 0001 00000000 0x0 0x0
0xffff9d0000027080 0001 00000000 0x0 0x0
0xffff9d0000027100 0001 00000000 0x0 0x0
0xffff9d0000027180 0001 00000000 0x0 0x0
0xffff9d0000027200 0001 00000000 0x0 0x0
0xffff9d0000027280 0001 00000000 0x0 0x0
0xffff9d0000027300 0001 00000000 0x0 0x0
0xffff9d0000027380 0001 00000000 0x0 0x0
0xffff9d0000027400 0001 00000000 0x0 0x0
0xffff9d0000027480 0001 00000000 0x0 0x0
0xffff9d0000027500 0001 00000000 0x0 0x0
0xffff9d0000027580 0001 00000000 0x0 0x0
0xffff9d0000027600 0001 00000000 0x0 0x0
0xffff9d0000027680 0001 00000000 0x0 0x0
0xffff9d0000027700 0001 00000000 0x0 0x0
0xffff9d0000027780 0001 00000000 0x0 0x0
0xffff9d0000027800 0001 00000000 0x0 0x0
0xffff9d0000027880 0001 00000000 0x0 0x0
0xffff9d0000027900 0001 00000000 0x0 0x0
0xffff9d0000027980 0001 00000000 0x0 0x0
0xffff9d0000027a00 0001 00000000 0x0 0x0
0xffff9d0000027a80 0001 00000000 0x0 0x0
0xffff9d0000027b00 0001 00000000 0x0 0x0
0xffff9d0000027b80 0001 00000000 0x0 0x0
0xffff9d0000027c00 0001 00000000 0x0 0x0
0xffff9d0000027c80 0001 00000000 0x0 0x0
0xffff9d0000027d00 0001 00000000 0x0 0x0
0xffff9d0000027d80 0001 00000000 0x0 0x0
0xffff9d0000027e00 0001 00000000 0x0 0x0
0xffff9d0000027e80 0001 00000000 0x0 0x0
0xffff9d0000027f00 0001 00000000 0x0 0x0
0xffff9d0000027f80 0001 00000000 0x0 0x0
0xffff9d0000028000 0001 00000000 0x0 0x0
0xffff9d0000028080 0001 00000000 0x0 0x0
0xffff9d0000028100 0001 00000000 0x0 0x0
0xffff9d0000028180 0001 00000000 0x0 0x0
0xffff9d0000028200 0001 00000000 0x0 0x0
0xffff9d0000028280 0001 00000000 0x0 0x0
0xffff9d0000028300 0001 00000000 0x0 0x0
0xffff9d0000028380 0001 00000000 0x0 0x0
0xffff9d0000028400 0001 00000000 0x0 0x0
0xffff9d0000028480 0001 00000000 0x0 0x0
0xffff9d0000028500 0001 00000000 0x0 0x0
0xffff9d0000028580 0001 00000000 0x0 0x0
0xffff9d0000028600 0001 00000000 0x0 0x0
0xffff9d0000028680 0001 00000000 0x0 0x0
0xffff9d0000028700 0001 00000000 0x0 0x0
0xffff9d0000028780 0001 00000000 0x0 0x0
0xffff9d0000028800 0001 00000000 0x0 0x0
0xffff9d0000028880 0001 00000000 0x0 0x0
0xffff9d0000028900 0001 00000000 0x0 0x0
0xffff9d0000028980 0001 00000000 0x0 0x0
0xffff9d0000028a00 0001 00000000 0x0 0x0
0xffff9d0000028a80 0001 00000000 0x0 0x0
0xffff9d0000028b00 0001 00000000 0x0 0x0
0xffff9d0000028b80 0001 00000000 0x0 0x0
0xffff9d0000028c00 0001 00000000 0x0 0x0
0xffff9d0000028c80 0001 00000000 0x0 0x0
0xffff9d0000028d00 0001 00000000 0x0 0x0
0xffff9d0000028d80 0001 00000000 0x0 0x0
0xffff9d0000028e00 0001 00000000 0x0 0x0
0xffff9d0000028e80 0001 00000000 0x0 0x0
0xffff9d0000028f00 0001 00000000 0x0 0x0
0xffff9d0000028f80 0001 00000000 0x0 0x0
0xffff9d0000029000 0001 00000000 0x0 0x0
0xffff9d0000029080 0001 00000000 0x0 0x0
0xffff9d0000029100 0001 00000000 0x0 0x0
0xffff9d0000029180 0001 00000000 0x0 0x0
0xffff9d0000029200 0001 00000000 0x0 0x0
0xffff9d0000029280 0001 00000000 0x0 0x0
0xffff9d0000029300 0001 00000000 0x0 0x0
0xffff9d0000029380 0001 00000000 0x0 0x0
0xffff9d0000029400 0001 00000000 0x0 0x0
0xffff9d0000029480 0001 00000000 0x0 0x0
0xffff9d0000029500 0001 00000000 0x0 0x0
0xffff9d0000029580 0001 00000000 0x0 0x0
0xffff9d0000029600 0001 00000000 0x0 0x0
0xffff9d0000029680 0001 00000000 0x0 0x0
0xffff9d0000029700 0001 00000000 0x0 0x0
0xffff9d0000029780 0001 00000000 0x0 0x0
0xffff9d0000029800 0001 00000000 0x0 0x0
0xffff9d0000029880 0001 00000000 0x0 0x0
0xffff9d0000029900 0001 00000000 0x0 0x0
0xffff9d0000029980 0001 00000000 0x0 0x0
0xffff9d0000029a00 0001 00000000 0x0 0x0
0xffff9d0000029a80 0001 00000000 0x0 0x0
0xffff9d0000029b00 0001 00000000 0x0 0x0
0xffff9d0000029b80 0001 00000000 0x0 0x0
0xffff9d0000029c00 0001 00000000 0x0 0x0
0xffff9d0000029c80 0001 00000000 0x0 0x0
0xffff9d0000029d00 0001 00000000 0x0 0x0
0xffff9d0000029d80 0001 00000000 0x0 0x0
0xffff9d0000029e00 0001 00000000 0x0 0x0
0xffff9d0000029e80 0001 00000000 0x0 0x0
0xffff9d0000029f00 0001 00000000 0x0 0x0
0xffff9d0000029f80 0001 00000000 0x0 0x0
0xffff9d000002a000 0001 00000000 0x0 0x0
0xffff9d000002a080 0001 00000000 0x0 0x0
0xffff9d000002a100 0001 00000000 0x0 0x0
0xffff9d000002a180 0001 00000000 0x0 0x0
0xffff9d000002a200 0001 00000000 0x0 0x0
0xffff9d000002a280 0001 00000000 0x0 0x0
0xffff9d000002a300 0001 00000000 0x0 0x0
0xffff9d000002a380 0001 00000000 0x0 0x0
0xffff9d000002a400 0001 00000000 0x0 0x0
0xffff9d000002a480 0001 00000000 0x0 0x0
0xffff9d000002a500 0001 00000000 0x0 0x0
0xffff9d000002a580 0001 00000000 0x0 0x0
0xffff9d000002a600 0001 00000000 0x0 0x0
0xffff9d000002a680 0001 00000000 0x0 0x0
0xffff9d000002a700 0001 00000000 0x0 0x0
0xffff9d000002a780 0001 00000000 0x0 0x0
0xffff9d000002a800 0001 00000000 0x0 0x0
0xffff9d000002a880 0001 00000000 0x0 0x0
0xffff9d000002a900 0001 00000000 0x0 0x0
0xffff9d000002a980 0001 00000000 0x0 0x0
0xffff9d000002aa00 0001 00000000 0x0 0x0
0xffff9d000002aa80 0001 00000000 0x0 0x0
0xffff9d000002ab00 0001 00000000 0x0 0x0
0xffff9d000002ab80 0001 00000000 0x0 0x0
0xffff9d000002ac00 0001 00000000 0x0 0x0
0xffff9d000002ac80 0001 00000000 0x0 0x0
0xffff9d000002ad00 0001 00000000 0x0 0x0
0xffff9d000002ad80 0001 00000000 0x0 0x0
0xffff9d000002ae00 0001 00000000 0x0 0x0
0xffff9d000002ae80 0001 00000000 0x0 0x0
0xffff9d000002af00 0001 00000000 0x0 0x0
0xffff9d000002af80 0001 00000000 0x0 0x0
0xffff9d000002b000 0001 00000000 0x0 0x0
0xffff9d000002b080 0001 00000000 0x0 0x0
0xffff9d000002b100 0001 00000000 0x0 0x0
0xffff9d000002b180 0001 00000000 0x0 0x0
0xffff9d000002b200 0001 00000000 0x0 0x0
0xffff9d000002b280 0001 00000000 0x0 0x0
0xffff9d000002b300 0001 00000000 0x0 0x0
0xffff9d000002b380 0001 00000000 0x0 0x0
0xffff9d000002b400 0001 00000000 0x0 0x0
0xffff9d000002b480 0001 00000000 0x0 0x0
0xffff9d000002b500 0001 00000000 0x0 0x0
0xffff9d000002b580 0001 00000000 0x0 0x0
0xffff9d000002b600 0001 00000000 0x0 0x0
0xffff9d000002b680 0001 00000000 0x0 0x0
0xffff9d000002b700 0001 00000000 0x0 0x0
0xffff9d000002b780 0001 00000000 0x0 0x0
0xffff9d000002b800 0001 00000000 0x0 0x0
0xffff9d000002b880 0001 00000000 0x0 0x0
0xffff9d000002b900 0001 00000000 0x0 0x0
0xffff9d000002b980 0001 00000000 0x0 0x0
0xffff9d000002ba00 0001 00000000 0x0 0x0
0xffff9d000002ba80 0001 00000000 0x0 0x0
0xffff9d000002bb00 0001 00000000 0x0 0x0
0xffff9d000002bb80 0001 00000000 0x0 0x0
0xffff9d000002bc00 0001 00000000 0x0 0x0
0xffff9d000002bc80 0001 00000000 0x0 0x0
0xffff9d000002bd00 0001 00000000 0x0 0x0
0xffff9d000002bd80 0001 00000000 0x0 0x0
0xffff9d000002be00 0001 00000000 0x0 0x0
0xffff9d000002be80 0001 00000000 0x0 0x0
0xffff9d000002bf00 0001 00000000 0x0 0x0
0xffff9d000002bf80 0001 00000000 0x0 0x0
0xffff9d000002c000 0001 00000000 0x0 0x0
0xffff9d000002c080 0001 00000000 0x0 0x0
0xffff9d000002c100 0001 00000000 0x0 0x0
0xffff9d000002c180 0001 00000000 0x0 0x0
0xffff9d000002c200 0001 00000000 0x0 0x0
0xffff9d000002c280 0001 00000000 0x0 0x0
0xffff9d000002c300 0001 00000000 0x0 0x0
0xffff9d000002c380 0001 00000000 0x0 0x0
0xffff9d0000

Tested on:

commit: 330a6f8f lint: do not treat message IDs as arithmetic ..
git tree: https://github.com/NetBSD/src trunk

console output: https://syzkaller.appspot.com/x/log.txt?x=13398ff4080000

kernel config: https://syzkaller.appspot.com/x/.config?x=fab579639ba4bf0a
dashboard link: https://syzkaller.appspot.com/bug?extid=e0f56178d0add0d8be20
compiler: g++ (Debian 10.2.1-6) 10.2.1 20210110

patch: https://syzkaller.appspot.com/x/patch.diff?x=155be7f4080000

syzbot

unread,

Jul 4, 2022, 1:57:09 PM7/4/22

to rias...@netbsd.org, syzkaller-...@googlegroups.com

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
assert failed: uio->uio_iovcnt > NUM

� syz-executor.2 �)�b �o � _O}�} � syz-executor.2 �)�b �o � 8 � syz-executor.2 �)�b �o � 0 � syz-executor.2 �)�b p � 0�7� � syz-executor.2 �)�b 2p � � syz-executor.3 �)�b ;p � @ �� syz-executor.2 �)�b Xp � syz-executor.3 �)�b ]p � � syz-executor.3 �)�b �p E H e��w � syz-executor.3 �)�b q E � syz-executor.3 �)�b 'q � /d��w � syz-executor.3 �)�b Bq � � syz-executor.3 �)�b �)�b �q ./file0 8 � syz-executor.3 �)�b �q � 0 �)�b � � P�� syz-executor.1 �)�b � � 8 � syz-executor.1 �)�b � � 0 �� syz-executor.1 �)�b � < � syz-executor.1 �)�b � syz-executor.1 �)�b 3 A � � syz-executor.1 �)�b B � / m�z � syz-[ 58.6616115] panic: kernel diagnostic assertion "uio->uio_iovcnt > 1" failed: file "/syzkaller/jobs/netbsd/kernel/sys/kern/subr_copy.c", line 119
[ 58.6761554] cpu0: Begin traceback...
executor.1 �)�b T A � syz-[ 58.6815637] vpanic() at executor.1 �)�b b netbsd:vpanic+0x282
� � syz-executor.1 �)�b o � P�� syz-executor.1 �)�b � [ 58.7015683] _sub_D_65535_0() at � netbsd:_sub_D_65535_0+-0x23de8
� syz-executor.1 �)�b A � � syz-executor.1 �)�b 2 A � 0 [ 58.7215652] uiomove() at netbsd:uiomove+0x35f
8 � syz-executor.1 �)�b � [ 58.7415655] ttwrite() at netbsd:ttwrite+0x534 sys/kern/tty.c:2205
[ 58.7615685] comwrite() at netbsd:comwrite+0xc0 sys/dev/ic/com.c:1260
[ 58.7815679] cdev_write() at netbsd:cdev_write+0x1bd sys/kern/subr_devsw.c:1207
[ 58.8015687] spec_write() at netbsd:spec_write+0x26d sys/miscfs/specfs/spec_vnops.c:1189
[ 58.8215674] VOP_WRITE() at netbsd:VOP_WRITE+0x20b sys/kern/vnode_if.c:824
[ 58.8415681] vn_write() at netbsd:vn_write+0x25d sys/kern/vfs_vnops.c:693
[ 58.8615703] ktrwrite() at netbsd:ktrwrite+0x4d3 sys/kern/kern_ktrace.c:1344
[ 58.8815702] ktrace_thread() at netbsd:ktrace_thread+0xfe sys/kern/kern_ktrace.c:1439
[ 58.8915665] cpu0: End traceback...
[ 58.8915665] fatal breakpoint trap in supervisor mode
[ 58.9032416] trap type 1 code 0 rip 0xffffffff80220a4d cs 0x8 rflags 0x282 cr2 0x63e060 ilevel 0 rsp 0xffff99019d767250
[ 58.9139227] curlwp 0xffff990013d45b00 pid 0.1380 lowest kstack 0xffff99019d7602c0
Stopped in pid 0.1380 (system) at netbsd:breakpoint+0x5: leave

?
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:69
vpanic() at netbsd:vpanic+0x282 sys/kern/subr_prf.c:293
_sub_D_65535_0() at netbsd:_sub_D_65535_0+-0x23de8
uiomove() at netbsd:uiomove+0x35f sys/kern/subr_copy.c:120
ttwrite() at netbsd:ttwrite+0x534 sys/kern/tty.c:2205
comwrite() at netbsd:comwrite+0xc0 sys/dev/ic/com.c:1260
cdev_write() at netbsd:cdev_write+0x1bd sys/kern/subr_devsw.c:1207
spec_write() at netbsd:spec_write+0x26d sys/miscfs/specfs/spec_vnops.c:1189
VOP_WRITE() at netbsd:VOP_WRITE+0x20b sys/kern/vnode_if.c:824
vn_write() at netbsd:vn_write+0x25d sys/kern/vfs_vnops.c:693

ktrwrite() at netbsd:ktrwrite+0x4d3 sys/kern/kern_ktrace.c:1344
ktrace_thread() at netbsd:ktrace_thread+0xfe sys/kern/kern_ktrace.c:1439

Panic string: kernel diagnostic assertion "uio->uio_iovcnt > 1" failed: file "/syzkaller/jobs/netbsd/kernel/sys/kern/subr_copy.c", line 119
PID LID S CPU FLAGS STRUCT LWP * NAME WAIT

1214 1214 3 1 0 ffff990013d92b80 syz-executor.1 ktrsync
1100 1100 2 0 10000000 ffff990013d92740 syz-executor.2
1203 1352 3 1 100000 ffff990013346540 syz-executor.4 ktrsync
1203 1203 2 0 10000040 ffff990012d44780 syz-executor.4
1210 1348 2 0 0 ffff990012bfe240 syz-executor.5
1210 1210 3 1 10000000 ffff990013d782c0 syz-executor.5 ktrsync
1213 1213 3 1 0 ffff990013d45280 syz-executor.4 ktrsync
1208 1239 3 1 100000 ffff990013d78b40 syz-executor.3 ktrsync
1208 1208 3 1 10000000 ffff990013d19ac0 syz-executor.3 lwpwait
1383 1383 3 1 0 ffff990013d19680 syz-executor.0 ktrsync
1204 1204 3 1 0 ffff990013d19240 syz-executor.5 ktrsync
323 323 3 1 0 ffff990013d00640 syz-executor.1 ktrsync
334 334 3 1 0 ffff990013d00200 syz-executor.3 ktrsync
1253 1253 2 0 140 ffff990012b67980 syz-executor.2
1126 330 3 1 1c0 ffff990012b67540 syz-execprog parked
1126 329 3 1 180 ffff990012b67100 syz-execprog parked
1126 1202 3 0 180 ffff990012b899c0 syz-execprog parked
1126 1058 3 1 180 ffff990012b89580 syz-execprog parked
1126 1200 3 1 180 ffff990012c0b6c0 syz-execprog parked
1126 1387 3 1 180 ffff990012b47940 syz-execprog kqueue
1126 1386 3 0 180 ffff990012b47500 syz-execprog parked
1126 1234 3 1 1c0 ffff990012b470c0 syz-execprog parked
1126 1233 3 0 180 ffff990012aa3080 syz-execprog parked
1126 1126 3 0 180 ffff990012bd1600 syz-execprog parked
1237 1237 3 1 180 ffff990012bd1a40 sshd select
941 941 3 1 180 ffff990013448500 getty nanoslp
815 815 3 1 180 ffff9900126cb040 getty nanoslp
1115 1115 3 1 180 ffff9900134779c0 getty nanoslp
1068 1068 3 1 1c0 ffff990013477140 getty ttyraw
1093 1093 3 1 180 ffff9900133911c0 sshd select
953 953 3 1 180 ffff990012d04700 powerd kqueue
689 689 3 0 180 ffff9900133b8ac0 syslogd kqueue
464 464 3 0 180 ffff990012bfeac0 dhcpcd poll
547 547 3 1 180 ffff990012c844c0 dhcpcd poll
600 600 3 0 180 ffff990012bfe680 dhcpcd poll
587 587 3 1 180 ffff990012c4e300 dhcpcd poll
289 289 3 0 180 ffff990012d83080 dhcpcd poll
288 288 3 0 180 ffff990012d6c8c0 dhcpcd poll
351 351 3 1 180 ffff990012d6c480 dhcpcd poll
1 1 3 0 180 ffff9900128549c0 init wait
0 1235 2 0 200 ffff990013debbc0 ktrace
0 1351 2 0 240 ffff990013deb780 ktrace
0 550 2 0 240 ffff990012bb4a00 ktrace
0 1323 2 0 240 ffff990013d92300 ktrace
0 >1380 7 0 240 ffff990013d45b00 ktrace
0 873 3 0 200 ffff990012974ac0 physiod physiod
0 194 3 1 200 ffff99001298bb00 pooldrain pooldrain
0 193 2 0 240 ffff99001298b6c0 ioflush
0 192 3 0 200 ffff99001298b280 pgdaemon pgdaemon
0 169 3 1 200 ffff990012974240 usb7 usbevt
0 167 3 1 200 ffff99001292ea80 usb6 usbevt
0 165 3 1 200 ffff99001292e640 usb5 usbevt
0 164 3 1 200 ffff99001292e200 usb4 usbevt
0 31 3 1 200 ffff9900128e0a40 usb3 usbevt
0 63 3 1 200 ffff9900128e0600 usb2 usbevt
0 126 3 1 200 ffff9900128e01c0 usb1 usbevt
0 125 3 1 200 ffff990012868a00 usb0 usbevt
0 124 3 1 200 ffff9900128685c0 usbtask-dr usbtsk
0 123 3 1 200 ffff9900120b66c0 usbtask-hc usbtsk
0 122 3 0 200 ffff990012868180 npfgc0 npfgcw
0 121 3 1 200 ffff990012854580 rt_free rt_free
0 120 3 1 200 ffff990012854140 unpgc unpgc
0 119 3 0 200 ffff9900126f9980 key_timehandler key_timehandler
0 118 3 1 200 ffff9900126f9540 icmp6_wqinput/1 icmp6_wqinput
0 117 3 0 200 ffff9900126f9100 icmp6_wqinput/0 icmp6_wqinput
0 116 3 1 200 ffff9900126ee940 nd6_timer nd6_timer
0 115 3 1 200 ffff9900126ee500 carp6_wqinput/1 carp6_wqinput
0 114 3 0 200 ffff9900126ee0c0 carp6_wqinput/0 carp6_wqinput
0 113 3 1 200 ffff9900126df900 carp_wqinput/1 carp_wqinput
0 112 3 0 200 ffff9900126df4c0 carp_wqinput/0 carp_wqinput
0 111 3 1 200 ffff9900126df080 icmp_wqinput/1 icmp_wqinput
0 110 3 0 200 ffff9900126cb8c0 icmp_wqinput/0 icmp_wqinput
0 109 3 0 200 ffff9900126cb480 rt_timer rt_timer
0 108 3 0 200 ffff9900126cabc0 vmem_rehash vmem_rehash
0 99 3 1 200 ffff9900120bbb40 entbutler entropy
0 98 3 0 200 ffff9900120bb700 viomb balloon
0 97 3 1 200 ffff9900120bb2c0 vioif0_txrx/1 vioif0_txrx
0 96 3 0 200 ffff9900120b6b00 vioif0_txrx/0 vioif0_txrx
0 29 3 0 200 ffff9900120b6280 scsibus0 sccomp
0 28 3 0 200 ffff990010cbaac0 pms0 pmsreset
0 27 3 1 200 ffff990010cba680 xcall/1 xcall
0 26 1 1 200 ffff990010cba240 softser/1
0 25 1 1 200 ffff990010cb9a80 softclk/1
0 24 1 1 200 ffff990010cb9640 softbio/1
0 23 1 1 200 ffff990010cb9200 softnet/1
0 > 22 1 1 201 ffff99000fb55a40 idle/1
0 21 3 1 200 ffff99000fb55600 lnxsyswq lnxsyswq
0 20 3 1 200 ffff99000fb551c0 lnxubdwq lnxubdwq
0 19 3 1 200 ffff99000fb54a00 lnxpwrwq lnxpwrwq
0 18 3 1 200 ffff99000fb545c0 lnxlngwq lnxlngwq
0 17 3 1 200 ffff99000fb54180 lnxhipwq lnxhipwq
0 16 3 1 200 ffff99000fb4b9c0 lnxrcugc lnxrcugc
0 15 3 0 200 ffff99000fb4b580 sysmon smtaskq
0 14 3 0 200 ffff99000fb4b140 pmfsuspend pmfsuspend
0 13 3 1 200 ffff99000fb48980 pmfevent pmfevent
0 12 3 0 200 ffff99000fb48540 sopendfree sopendfr
0 11 3 0 200 ffff99000fb48100 iflnkst iflnkst
0 10 3 0 200 ffff99000fb3c940 nfssilly nfssilly
0 9 3 0 200 ffff99000fb3c500 vdrain vdrain
0 8 3 0 200 ffff99000fb3c0c0 modunload mod_unld
0 7 3 0 200 ffff99000fb33900 xcall/0 xcall
0 6 1 0 200 ffff99000fb334c0 softser/0
0 5 1 0 200 ffff99000fb33080 softclk/0
0 4 1 0 200 ffff99000fb318c0 softbio/0
0 3 1 0 200 ffff99000fb31480 softnet/0
0 2 1 0 201 ffff99000fb31040 idle/0
0 0 2 0 240 ffffffff83341780 swapper
[Locks tracked through LWPs]

****** LWP 1214.1214 (syz-executor.1) @ 0xffff990013d92b80, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at pmap_ctor)
lock address : 0xffff990013d42780 type : sleep/adaptive
initialized : 0xffffffff80950139

shared holds : 0 exclusive: 0

shares wanted: 0 exclusive: 1
relevant cpu : 1 last held: 1
relevant lwp : 0xffff990013d92b80 last held: 000000000000000000
last locked : 0xffffffff80951f6c unlocked*: 0xffffffff80952980

owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 1100.1100 (syz-executor.2) @ 0xffff990013d92740, l_stat=2

*** Locks held:

* Lock 0 (initialized at uvm_map_setup)
lock address : 0xffffffff834fcfa8 type : sleep/adaptive
initialized : 0xffffffff81a7b472

shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xffff990013d92740 last held: 0xffff990013d92740
last locked* : 0xffffffff81a6f6c4 unlocked : 0xffffffff81a74816
owner/count : 0xffff990013d92740 flags : 0x0000000000000004

Turnstile: no active turnstile for this lock.

* Lock 1 (initialized at pmap_bootstrap)
lock address : 0xffffffff8347d8c0 type : sleep/adaptive
initialized : 0xffffffff8094bfb1

shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xffff990013d92740 last held: 0xffff990013d92740
last locked* : 0xffffffff809507c6 unlocked : 0xffffffff809519df
owner field : 0xffff990013d92740 wait/spin: 0/0

Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 1210.1210 (syz-executor.5) @ 0xffff990013d782c0, l_stat=3

*** Locks held:

* Lock 0 (initialized at pmap_ctor)
lock address : 0xffff990013d42380 type : sleep/adaptive
initialized : 0xffffffff80950139

shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0

relevant cpu : 1 last held: 1
relevant lwp : 0xffff990013d782c0 last held: 0xffff990013d782c0
last locked* : 0xffffffff80951f6c unlocked : 0xffffffff80950001

owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 547.547 (dhcpcd) @ 0xffff990012c844c0, l_stat=3