assert failed: uvm_page_locked_p(pg) (2)

11 views
Skip to first unread message

syzbot

unread,
Jul 12, 2019, 11:42:06 PM7/12/19
to syzkaller-...@googlegroups.com
Hello,

syzbot found the following crash on:

HEAD commit: 9c2c94ba Provide and use PV_ISKENTER_P. NFCI.
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14e36c84600000
dashboard link: https://syzkaller.appspot.com/bug?extid=847d7ffda52780fd4327

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+847d7f...@syzkaller.appspotmail.com

[ 261.8322210] panic: kernel diagnostic assertion "uvm_page_locked_p(pg)"
failed: file "/syzkaller/managers/netbsd/kernel/sys/arch/x86/x86/pmap.c",
line 3511
[ 261.8510234] cpu0: Begin traceback...
[ 261.8991132] vpanic() at netbsd:vpanic+0x267 sys/kern/subr_prf.c:336
[ 262.0218083] _GLOBAL__sub_D_65535_0_cpu_configure() at
netbsd:_GLOBAL__sub_D_65535_0_cpu_configure
[ 262.1333501] pmap_remove_pte() at netbsd:pmap_remove_pte+0x4da
sys/arch/x86/x86/pmap.c:3511
[ 262.2448928] pmap_remove() at netbsd:pmap_remove+0x445 pmap_remove_ptes
sys/arch/x86/x86/pmap.c:3417 [inline]
[ 262.2448928] pmap_remove() at netbsd:pmap_remove+0x445
sys/arch/x86/x86/pmap.c:3616
[ 262.3564377] uvm_unmap_remove() at netbsd:uvm_unmap_remove+0x5da
sys/uvm/uvm_map.c:2296
[ 262.4679804] uvmspace_free() at netbsd:uvmspace_free+0x238
sys/uvm/uvm_map.c:4283
[ 262.5795231] uvm_proc_exit() at netbsd:uvm_proc_exit+0xc4
sys/uvm/uvm_glue.c:444
[ 262.6910668] exit1() at netbsd:exit1+0x3af sys/kern/kern_exit.c:332
[ 262.8026104] sys_exit() at netbsd:sys_exit+0x77 sys/kern/kern_exit.c:179
[ 262.9141553] syscall() at netbsd:syscall+0x3ac sy_call
sys/sys/syscallvar.h:65 [inline]
[ 262.9141553] syscall() at netbsd:syscall+0x3ac sy_invoke
sys/sys/syscallvar.h:94 [inline]
[ 262.9141553] syscall() at netbsd:syscall+0x3ac
sys/arch/x86/x86/syscall.c:138
[ 262.9476215] --- syscall (number 1) ---
[ 262.9922328] 766e7a399a6a:
[ 262.9922328] cpu0: End traceback...
[ 263.0046098] fatal breakpoint trap in supervisor mode
[ 263.0046098] trap type 1 code 0 rip 0xffffffff8021cd1d cs 0x8 rflags
0x246 cr2 0x70db7b43ae78 ilevel 0 rsp 0xffff96817bf4f6b0
[ 263.0225443] curlwp 0xffff96801393ca20 pid 1726.1 lowest kstack
0xffff96817bf482c0
Stopped in pid 1726.1 (syz-executor.0) at netbsd:breakpoint+0x5:
leave
?
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0xf9 sys/ddb/db_panic.c:67
vpanic() at netbsd:vpanic+0x267 sys/kern/subr_prf.c:336
_GLOBAL__sub_D_65535_0_cpu_configure() at
netbsd:_GLOBAL__sub_D_65535_0_cpu_configure
pmap_remove_pte() at netbsd:pmap_remove_pte+0x4da
sys/arch/x86/x86/pmap.c:3511
pmap_remove() at netbsd:pmap_remove+0x445 pmap_remove_ptes
sys/arch/x86/x86/pmap.c:3417 [inline]
pmap_remove() at netbsd:pmap_remove+0x445 sys/arch/x86/x86/pmap.c:3616
uvm_unmap_remove() at netbsd:uvm_unmap_remove+0x5da sys/uvm/uvm_map.c:2296
uvmspace_free() at netbsd:uvmspace_free+0x238 sys/uvm/uvm_map.c:4283
uvm_proc_exit() at netbsd:uvm_proc_exit+0xc4 sys/uvm/uvm_glue.c:444
exit1() at netbsd:exit1+0x3af sys/kern/kern_exit.c:332
sys_exit() at netbsd:sys_exit+0x77 sys/kern/kern_exit.c:179
syscall() at netbsd:syscall+0x3ac sy_call sys/sys/syscallvar.h:65 [inline]
syscall() at netbsd:syscall+0x3ac sy_invoke sys/sys/syscallvar.h:94 [inline]
syscall() at netbsd:syscall+0x3ac sys/arch/x86/x86/syscall.c:138
--- syscall (number 1) ---
766e7a399a6a:
ds 0
es 0
fs f408
gs 38fa
rdi ffff96800d935458
rsi ffff96801393cd08
rbp ffff96817bf4f6b0
rbx ffffffff82610040 cpu_info_primary
rdx 2
rcx ffffffff80cda45b db_panic+0xe5
rax 0
r8 4
r9 ffffffff82891e23 db_onpanic+0x3
r10 1ffffffff05123c4
r11 10
r12 ffff96816d8b2000
r13 ffffffff81a22480 platform_private_nodes+0x140
r14 ffff96817bf4f740
r15 ffff96816d8a0058
rip ffffffff8021cd1d breakpoint+0x5
cs 8
rflags 246
rsp ffff96817bf4f6b0
ss 10
netbsd:breakpoint+0x5: leave
PID LID S CPU FLAGS STRUCT LWP * NAME WAIT
1487 1 3 1 80 ffff96801393c1a0 syz-executor.0 parked
2047 1 3 0 80 ffff968013c81760 syz-executor.0 parked
1432 1 2 0 0 ffff968013c23b20 syz-executor.5
1101 4 3 1 80 ffff9680138e90e0 syz-executor.3 parked
1101 3 3 1 80 ffff968013c1c6c0 syz-executor.3 netio
1101 2 3 0 80 ffff9680139991e0 syz-executor.3 parked
1101 1 2 0 10000000 ffff968013bb0ac0 syz-executor.3
1448 5 3 1 80 ffff968013c332e0 syz-executor.1 parked
1448 4 2 0 0 ffff9680138fd9a0 syz-executor.1
1448 3 2 0 0 ffff96801388f4c0 syz-executor.1
1448 2 3 1 80 ffff9680138754a0 syz-executor.1 select
1448 1 2 1 10000000 ffff9680138ef540 syz-executor.1
1726 > 1 7 0 10000000 ffff96801393ca20 syz-executor.0
1648 4 2 0 0 ffff968013c232a0 syz-executor.2
1648 3 3 0 80 ffff968013c33b60 syz-executor.2 parked
1648 2 3 0 80 ffff96801390e9e0 syz-executor.2 parked
1648 1 2 0 0 ffff968013c81ba0 syz-executor.2
1842 4 3 0 80 ffff968013bceae0 syz-executor.4 parked
1842 3 2 0 0 ffff968013c33720 syz-executor.4
1842 2 2 0 0 ffff968013bce6a0 syz-executor.4
1842 1 2 0 10000000 ffff968013999620 syz-executor.4
1306 1 3 0 80 ffff9680138cb500 syz-executor.1 parked
1014 1 3 1 80 ffff968011fb3ae0 syz-executor.1 parked
1155 1 3 1 80 ffff96801390b580 syz-executor.5 parked
1390 1 3 1 80 ffff968013c1c280 syz-executor.5 parked
1222 1 3 1 80 ffff968013bae220 syz-executor.3 parked
481 1 3 0 80 ffff968013baeaa0 syz-executor.3 parked
712 1 3 1 80 ffff968013bae660 syz-executor.3 parked
322 1 3 1 80 ffff968013bb0680 syz-executor.0 parked
893 1 3 1 80 ffff9680138ef100 syz-executor.0 parked
990 1 3 1 80 ffff9680139a3a80 syz-executor.4 parked
889 1 3 0 80 ffff96801390b140 syz-executor.4 parked
1141 1 3 1 80 ffff9680138e9520 syz-executor.5 parked
522 1 3 0 80 ffff96801391e5c0 syz-executor.5 parked
1004 1 3 1 80 ffff968013999a60 syz-executor.2 parked
676 1 3 1 80 ffff96801393d600 syz-executor.2 parked
352 1 3 1 80 ffff968013875060 syz-executor.0 parked
1183 1 3 0 80 ffff96801393c5e0 syz-executor.0 parked
265 1 3 0 80 ffff9680138fd560 syz-executor.0 parked
162 1 3 0 80 ffff96801391ea00 syz-executor.1 parked
998 1 3 0 80 ffff96801390e5a0 syz-executor.1 parked
1061 1 3 1 80 ffff96801391e180 syz-executor.1 parked
827 1 3 0 80 ffff9680138fd120 syz-executor.2 parked
901 1 3 0 80 ffff96801393d1c0 syz-executor.2 parked
563 1 2 1 0 ffff968013820480 syz-executor.5
599 1 2 1 0 ffff968013820040 syz-executor.2
45 1 2 1 0 ffff9680137efbc0 syz-executor.4
436 1 2 1 0 ffff9680137ef780 syz-executor.3
537 1 2 1 0 ffff9680137ef340 syz-executor.1
41 1 2 1 0 ffff9680136c4ba0 syz-executor.0
459 11 3 0 80 ffff9680136c4320 syz-fuzzer parked
459 10 3 0 80 ffff9680136c4760 syz-fuzzer parked
459 9 3 1 80 ffff96801317b300 syz-fuzzer parked
459 8 3 0 80 ffff968011fb36a0 syz-fuzzer parked
459 7 3 1 80 ffff96801317bb80 syz-fuzzer kqueue
459 6 3 1 80 ffff96801317b740 syz-fuzzer parked
459 5 3 1 80 ffff9680120ca720 syz-fuzzer parked
459 4 3 0 80 ffff968012046b00 syz-fuzzer parked
459 3 3 0 80 ffff968011f59200 syz-fuzzer parked
459 2 3 0 80 ffff9680120a4700 syz-fuzzer parked
459 1 2 0 0 ffff968011f71ac0 syz-fuzzer
590 1 3 1 80 ffff9680120a4b40 sshd select
419 1 3 1 80 ffff9680120466c0 getty nanoslp
508 1 3 0 80 ffff968011f71680 getty nanoslp
592 1 3 1 80 ffff968011fb3260 getty nanoslp
570 1 3 1 80 ffff968011f71240 getty ttyraw
561 1 3 1 80 ffff968012086b20 cron nanoslp
551 1 3 1 80 ffff968012046280 inetd kqueue
495 1 3 0 80 ffff9680120cab60 sshd select
440 1 3 1 80 ffff9680120866e0 powerd kqueue
324 1 3 1 80 ffff9680120a42c0 syslogd kqueue
214 1 3 1 80 ffff9680120ca2e0 dhcpcd kqueue
234 1 3 0 80 ffff9680120862a0 dhcpcd kqueue
1 1 3 1 80 ffff968011f21a60 init wait
0 58 3 1 204 ffff968011f59640 physiod physiod
0 57 3 0 204 ffff968011f5c220 pooldrain pooldrain
0 56 3 0 204 ffff968011f5caa0 aiodoned aiodoned
0 55 2 1 200 ffff968011f5c660 ioflush
0 54 3 0 200 ffff968011f59a80 pgdaemon pgdaemon
0 51 2 1 200 ffff96800f6ea9c0 npfgc-0
0 50 3 0 204 ffff968011f21620 rt_free rt_free
0 49 3 0 204 ffff968011f211e0 unpgc unpgc
0 48 2 0 200 ffff968011f1aa40 key_timehandler
0 47 3 1 204 ffff968011f1a600 icmp6_wqinput/1
icmp6_wqinput
0 46 3 0 204 ffff968011f1a1c0 icmp6_wqinput/0
icmp6_wqinput
0 45 2 0 200 ffff968011dbaa20 nd6_timer
0 44 3 1 204 ffff968011db8160 carp6_wqinput/1
carp6_wqinput
0 43 3 0 204 ffff968011db85a0 carp6_wqinput/0
carp6_wqinput
0 42 3 1 204 ffff968011db89e0 carp_wqinput/1
carp_wqinput
0 41 3 0 204 ffff968011db9180 carp_wqinput/0
carp_wqinput
0 40 3 1 204 ffff968011db95c0 icmp_wqinput/1
icmp_wqinput
0 39 3 0 204 ffff968011db9a00 icmp_wqinput/0
icmp_wqinput
0 38 3 1 204 ffff968011dba1a0 rt_timer rt_timer
0 37 3 0 204 ffff968011dba5e0 vmem_rehash vmem_rehash
0 27 3 0 204 ffff96800f6ea580 scsibus0 sccomp
0 26 3 0 200 ffff96800f6ea140 pms0 pmsreset
0 25 3 1 204 ffff96800f6b39a0 xcall/1 xcall
0 24 1 1 200 ffff96800f6b3560 softser/1
0 23 1 1 200 ffff96800f6b3120 softclk/1
0 22 1 1 200 ffff96800f6b0980 softbio/1
0 21 1 1 200 ffff96800f6b0540 softnet/1
0 20 1 1 201 ffff96800f6b0100 idle/1
0 19 3 0 204 ffff96800de68960 lnxpwrwq lnxpwrwq
0 18 3 0 204 ffff96800de68520 lnxlngwq lnxlngwq
0 17 3 0 204 ffff96800de680e0 lnxsyswq lnxsyswq
0 16 3 0 204 ffff96800de62940 lnxrcugc lnxrcugc
0 15 3 0 204 ffff96800de62500 sysmon smtaskq
0 14 3 0 204 ffff96800de620c0 pmfsuspend pmfsuspend
0 13 3 1 204 ffff96800de58920 pmfevent pmfevent
0 12 3 0 204 ffff96800de584e0 sopendfree sopendfr
0 11 3 0 204 ffff96800de580a0 nfssilly nfssilly
0 10 2 1 200 ffff96800de4e900 cachegc
0 9 3 0 204 ffff96800de4e4c0 vdrain vdrain
0 8 3 0 200 ffff96800de4e080 modunload mod_unld
0 7 3 0 204 ffff96800de3f8e0 xcall/0 xcall
0 6 1 0 200 ffff96800de3f4a0 softser/0
0 5 1 0 200 ffff96800de3f060 softclk/0
0 4 1 0 200 ffff96800de3a8c0 softbio/0
0 3 1 0 200 ffff96800de3a480 softnet/0
0 2 1 0 201 ffff96800de3a040 idle/0
0 > 1 7 1 200 ffffffff82959000 swapper
[Locks tracked through LWPs]
Locks held by an LWP (syz-executor.0):
Lock 0 (initialized at amap_alloc)
lock address : 0xffff9680136bcb40 type : sleep/adaptive
initialized : 0xffffffff81097a22
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
current cpu : 0 last held: 1
current lwp : 0xffff96801393ca20 last held: 0xffff96801393c1a0
last locked* : 0xffffffff810a7319 unlocked : 0xffffffff810a51ef
owner field : 000000000000000000 wait/spin: 0/0

Turnstile chain at 0xffffffff82b70880.
=> No active turnstile for this lock.
Lock 1 (initialized at pmap_create)
lock address : 0xffff968013c26350 type : sleep/adaptive
initialized : 0xffffffff8026f857
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
current cpu : 0 last held: 1
current lwp : 0xffff96801393ca20 last held: 0xffff96801393c1a0
last locked* : 0xffffffff802720f2 unlocked : 0xffffffff80271b4f
owner field : 000000000000000000 wait/spin: 0/0

Turnstile chain at 0xffffffff82b708a0.
=> No active turnstile for this lock.

Locks held by an LWP (syz-executor.5):
Lock 0 (initialized at amap_alloc)
lock address : 0xffff968012fc8e00 type : sleep/adaptive
initialized : 0xffffffff81097a22
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
current cpu : 0 last held: 0
current lwp : 0xffff96801393ca20 last held: 0xffff968013c23b20
last locked* : 0xffffffff810a7319 unlocked : 000000000000000000
owner field : 0xffff968013c23b20 wait/spin: 0/0

Turnstile chain at 0xffffffff82b70600.
=> No active turnstile for this lock.

Locks held by an LWP (syz-executor.0):
Lock 0 (initialized at fork1)
lock address : 0xffff96801317a060 type : sleep/adaptive
initialized : 0xffffffff81116129
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
current cpu : 0 last held: 0
current lwp : 0xffff96801393ca20 last held: 0xffff96801393ca20
last locked* : 0xffffffff811125ad unlocked : 000000000000000000
owner/count : 0xffff96801393ca20 flags : 0x0000000000000004

Turnstile chain at 0xffffffff82b706c0.
=> No active turnstile for this lock.
Lock 1 (initialized at amap_copy)
lock address : 0xffff968013c4e540 type : sleep/adaptive
initialized : 0xffffffff8109b33f
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
current cpu : 0 last held: 0
current lwp : 0xffff96801393ca20 last held: 0xffff96801393ca20
last locked* : 0xffffffff810b8471 unlocked : 0xffffffff810a57d7
owner field : 0xffff96801393ca20 wait/spin: 0/0

Turnstile chain at 0xffffffff82b70880.
=> No active turnstile for this lock.
Lock 2 (initialized at pmap_create)
lock address : 0xffff968013c4b910 type : sleep/adaptive
initialized : 0xffffffff8026f857
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
current cpu : 0 last held: 0
current lwp : 0xffff96801393ca20 last held: 0xffff96801393ca20
last locked* : 0xffffffff802720f2 unlocked : 0xffffffff80271b0c
owner field : 0xffff96801393ca20 wait/spin: 0/0

Turnstile chain at 0xffffffff82b70820.
=> No active turnstile for this lock.

Locks held by an LWP (syz-executor.2):
Lock 0 (initialized at uvm_obj_init)
lock address : 0xffff96801380dbc0 type : sleep/adaptive
initialized : 0xffffffff810c3b33
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
current cpu : 0 last held: 0
current lwp : 0xffff96801393ca20 last held: 0xffff968013c81ba0
last locked* : 0xffffffff810a89bb unlocked : 0xffffffff810a57b8
owner field : 0xffff968013c81ba0 wait/spin: 0/0

Turnstile chain at 0xffffffff82b70980.
=> No active turnstile for this lock.

Locks held by an LWP (syz-executor.4):
Lock 0 (initialized at filedesc_ctor)
lock address : 0xffff96801394eac0 type : sleep/adaptive
initialized : 0xffffffff810fc1f5
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
current cpu : 0 last held: 0
current lwp : 0xffff96801393ca20 last held: 0xffff968013bce6a0
last locked* : 0xffffffff810fd703 unlocked : 0xffffffff810fdb8e
owner field : 0xffff968013bce6a0 wait/spin: 0/0

Turnstile chain at 0xffffffff82b70780.
=> No active turnstile for this lock.


[Locks tracked through CPUs]

PAGE FLAG PQ UOBJECT UANON
0xffff968000014180 0048 0000 0x0 0x0
0xffff9680000141f8 0048 0000 0x0 0x0
0xffff968000014270 0048 0000 0x0 0x0
0xffff9680000142e8 0048 0000 0x0 0x0
0xffff968000014360 0048 0000 0x0 0x0
0xffff9680000143d8 0040 0000 0x0 0x0
0xffff968000014450 0048 0000 0x0 0x0
0xffff9680000144c8 0048 0000 0x0 0x0
0xffff968000014540 0040 0000 0x0 0x0
0xffff9680000145b8 0040 0000 0x0 0x0
0xffff968000014630 0040 0000 0x0 0x0
0xffff9680000146a8 0040 0000 0x0 0x0
0xffff968000014720 0040 0000 0x0 0x0
0xffff968000014798 0048 0000 0x0 0x0
0xffff968000014810 0048 0000 0x0 0x0
0xffff968000014888 0040 0000 0x0 0x0
0xffff968000014900 0048 0000 0x0 0x0
0xffff968000014978 0048 0000 0x0 0x0
0xffff9680000149f0 0048 0000 0x0 0x0
0xffff968000014a68 0048 0000 0x0 0x0
0xffff968000014ae0 0048 0000 0x0 0x0
0xffff968000014b58 0048 0000 0x0 0x0
0xffff968000014bd0 0040 0000 0x0 0x0
0xffff968000014c48 0048 0000 0x0 0x0
0xffff968000014cc0 0048 0000 0x0 0x0
0xffff968000014d38 0048 0000 0x0 0x0
0xffff968000014db0 0048 0000 0x0 0x0
0xffff968000014e28 0048 0000 0x0 0x0
0xffff968000014ea0 0048 0000 0x0 0x0
0xffff968000014f18 0040 0000 0x0 0x0
0xffff968000014f90 0048 0000 0x0 0x0
0xffff968000015008 0048 0000 0x0 0x0
0xffff968000015080 0048 0000 0x0 0x0
0xffff9680000150f8 0048 0000 0x0 0x0
0xffff968000015170 0048 0000 0x0 0x0
0xffff9680000151e8 0048 0000 0x0 0x0
0xffff968000015260 0048 0000 0x0 0x0
0xffff9680000152d8 0048 0000 0x0 0x0
0xffff968000015350 0048 0000 0x0 0x0
0xffff9680000153c8 0048 0000 0x0 0x0
0xffff968000015440 0048 0000 0x0 0x0
0xffff9680000154b8 0048 0000 0x0 0x0
0xffff968000015530 0048 0000 0x0 0x0
0xffff9680000155a8 0048 0000 0x0 0x0
0xffff968000015620 0048 0000 0x0 0x0
0xffff968000015698 0048 0000 0x0 0x0
0xffff968000015710 0048 0000 0x0 0x0
0xffff968000015788 0048 0000 0x0 0x0
0xffff968000015800 0048 0000 0x0 0x0
0xffff968000015878 0048 0000 0x0 0x0
0xffff9680000158f0 0048 0000 0x0 0x0
0xffff968000015968 0048 0000 0x0 0x0
0xffff9680000159e0 0048 0000 0x0 0x0
0xffff968000015a58 0048 0000 0x0 0x0
0xffff968000015ad0 0048 0000 0x0 0x0
0xffff968000015b48 0048 0000 0x0 0x0
0xffff968000015bc0 0048 0000 0x0 0x0
0xffff968000015c38 0048 0000 0x0 0x0
0xffff968000015cb0 0048 0000 0x0 0x0
0xffff968000015d28 0041 0000 0x0 0x0
0xffff968000015da0 0041 0000 0x0 0x0
0xffff968000015e18 0048 0000 0x0 0x0
0xffff968000015e90 0048 0000 0x0 0x0
0xffff968000015f08 0048 0000 0x0 0x0
0xffff968000015f80 0048 0000 0x0 0x0
0xffff968000015ff8 0048 0000 0x0 0x0
0xffff968000016070 0040 0000 0x0 0x0
0xffff9680000160e8 0041 0000 0x0 0x0
0xffff968000016160 0041 0000 0x0 0x0
0xffff9680000161d8 0048 0000 0x0 0x0
0xffff968000016250 0048 0000 0x0 0x0
0xffff9680000162c8 0048 0000 0x0 0x0
0xffff968000016340 0048 0000 0x0 0x0
0xffff9680000163b8 0048 0000 0x0 0x0
0xffff968000016430 0041 0000 0x0 0x0
0xffff9680000164a8 0048 0000 0x0 0x0
0xffff968000016520 0048 0000 0x0 0x0
0xffff968000016598 0041 0000 0x0 0x0
0xffff968000016610 0040 0000 0x0 0x0
0xffff968000016688 0048 0000 0x0 0x0
0xffff968000016700 0040 0000 0x0 0x0
0xffff968000016778 0040 0000 0x0 0x0
0xffff9680000167f0 0041 0000 0x0 0x0
0xffff968000016868 0048 0000 0x0 0x0
0xffff9680000168e0 0048 0000 0x0 0x0
0xffff968000016958 0041 0000 0x0 0x0
0xffff9680000169d0 0041 0000 0x0 0x0
0xffff968000016a48 0040 0000 0x0 0x0
0xffff968000016ac0 0041 0000 0x0 0x0
0xffff968000016b38 0041 0000 0x0 0x0
0xffff968000016bb0 0048 0000 0x0 0x0
0xffff968000016c28 0048 0000 0x0 0x0
0xffff968000016ca0 0048 0000 0x0 0x0
0xffff968000016d18 0048 0000 0x0 0x0
0xffff968000016d90 0041 0000 0x0 0x0
0xffff968000016e08 0041 0000 0x0 0x0
0xffff968000016e80 0041 0000 0x0 0x0
0xffff968000016ef8 0041 0000 0x0 0x0
0xffff968000016f70 0048 0000 0x0 0x0
0xffff968000016fe8 0048 0000 0x0 0x0
0xffff968000017060 0048 0000 0x0 0x0
0xffff9680000170d8 0048 0000 0x0 0x0
0xffff968000017150 0048 0000 0x0 0x0
0xffff9680000171c8 0041 0000 0x0 0x0
0xffff968000017240 0048 0000 0x0 0x0
0xffff9680000172b8 0048 0000 0x0 0x0
0xffff968000017330 0048 0000 0x0 0x0
0xffff9680000173a8 0048 0000 0x0 0x0
0xffff968000017420 0048 0000 0x0 0x0
0xffff968000017498 0048 0000 0x0 0x0
0xffff968000017510 0048 0000 0x0 0x0
0xffff968000017588 0048 0000 0x0 0x0
0xffff968000017600 0048 0000 0x0 0x0
0xffff968000017678 0048 0000 0x0 0x0
0xffff9680000176f0 0048 0000 0x0 0x0
0xffff968000017768 0048 0000 0x0 0x0
0xffff9680000177e0 0048 0000 0x0 0x0
0xffff968000017858 0048 0000 0x0 0x0
0xffff9680000178d0 0048 0000 0x0 0x0
0xffff968000017948 0048 0000 0x0 0x0
0xffff9680000179c0 0048 0000 0x0 0x0
0xffff968000017a38 0048 0000 0x0 0x0
0xffff968000017ab0 0048 0000 0x0 0x0
0xffff968000017b28 0048 0000 0x0 0x0
0xffff968000017ba0 0048 0000 0x0 0x0
0xffff968000017c18 0048 0000 0x0 0x0
0xffff968000017c90 0048 0000 0x0 0x0
0xffff968000017d08 0048 0000 0x0 0x0
0xffff968000017d80 0048 0000 0x0 0x0
0xffff968000017df8 0048 0000 0x0 0x0
0xffff968000017e70 0048 0000 0x0 0x0
0xffff968000017ee8 0048 0000 0x0 0x0
0xffff968000017f60 0048 0000 0x0 0x0
0xffff968000017fd8 0048 0000 0x0 0x0
0xffff968000018050 0048 0000 0x0 0x0
0xffff9680000180c8 0048 0000 0x0 0x0
0xffff968000018140 0048 0000 0x0 0x0
0xffff9680000181b8 0048 0000 0x0 0x0
0xffff968000018230 0048 0000 0x0 0x0
0xffff9680000182a8 0048 0000 0x0 0x0
0xffff968000018320 0048 0000 0x0 0x0
0xffff968000018398 0048 0000 0x0 0x0
0xffff968000018410 0048 0000 0x0 0x0
0xffff968000018488 0048 0000 0x0 0x0
0xffff968000018500 0048 0000 0x0 0x0
0xffff968000018578 0048 0000 0x0 0x0
0xffff9680000185f0 0048 0000 0x0 0x0
0xffff968000018668 0048 0000 0x0 0x0
0xffff9680000186e0 0048 0000 0x0 0x0
0xffff968000018758 0048 0000 0x0 0x0
0xffff9680000187d0 0048 0000 0x0 0x0
0xffff968000018848 0048 0000 0x0 0x0
0xffff9680000188c0 0048 0000 0x0 0x0
0xffff968000018938 0048 0000 0x0 0x0
0xffff9680000189b0 0048 0000 0x0 0x0
0xffff968000018a28 0048 0000 0x0 0x0
0xffff968000018aa0 0048 0000 0x0 0x0
0xffff968000018b18 0048 0000 0x0 0x0
0xffff968000018b90 0048 0000 0x0 0x0
0xffff968000018c08 0048 0000 0x0 0x0
0xffff968000018c80 0048 0000 0x0 0x0
0xffff968000018cf8 0048 0000 0x0 0x0
0xffff968000018d70 0048 0000 0x0 0x0
0xffff968000018de8 0048 0000 0x0 0x0
0xffff968000018e60 0048 0000 0x0 0x0
0xffff968000018ed8 0048 0000 0x0 0x0
0xffff968000018f50 0048 0000 0x0 0x0
0xffff968000018fc8 0048 0000 0x0 0x0
0xffff968000019040 0048 0000 0x0 0x0
0xffff9680000190b8 0048 0000 0x0 0x0
0xffff968000019130 0048 0000 0x0 0x0
0xffff9680000191a8 0048 0000 0x0 0x0
0xffff968000019220 0048 0000 0x0 0x0
0xffff968000019298 0048 0000 0x0 0x0
0xffff968000019310 0048 0000 0x0 0x0
0xffff968000019388 0048 0000 0x0 0x0
0xffff968000019400 0048 0000 0x0 0x0
0xffff968000019478 0048 0000 0x0 0x0
0xffff9680000194f0 0048 0000 0x0 0x0
0xffff968000019568 0048 0000 0x0 0x0
0xffff9680000195e0 0048 0000 0x0 0x0
0xffff968000019658 0048 0000 0x0 0x0
0xffff9680000196d0 0048 0000 0x0 0x0
0xffff968000019748 0048 0000 0x0 0x0
0xffff9680000197c0 0048 0000 0x0 0x0
0xffff968000019838 0008 0000 0x0 0x0
0xffff9680000198b0 0008 0000 0x0 0x0
0xffff968000019928 0008 0000 0x0 0x0
0xffff9680000199a0 0008 0000 0x0 0x0
0xffff968000019a18 0008 0000 0x0 0x0
0xffff968000019a90 0008 0000 0x0 0x0
0xffff968000019b08 0008 0000 0x0 0x0
0xffff968000019b80 0008 0000 0x0 0x0
0xffff968000019bf8 0008 0000 0x0 0x0
0xffff968000019c70 0008 0000 0x0 0x0
0xffff968000019ce8 0008 0000 0x0 0x0
0xffff968000019d60 0008 0000 0x0 0x0
0xffff968000019dd8 0008 0000 0x0 0x0
0xffff968000019e50 0008 0000 0x0 0x0
0xffff968000019ec8 0008 0000 0x0 0x0
0xffff968000019f40 0008 0000 0x0 0x0
0xffff968000019fb8 0008 0000 0x0 0x0
0xffff96800001a030 0008 0000 0x0 0x0
0xffff96800001a0a8 0008 0000 0x0 0x0
0xffff96800001a120 0008 0000 0x0 0x0
0xffff96800001a198 0008 0000 0x0 0x0
0xffff96800001a210 0008 0000 0x0 0x0
0xffff96800001a288 0008 0000 0x0 0x0
0xffff96800001a300 0008 0000 0x0 0x0
0xffff96800001a378 0008 0000 0x0 0x0
0xffff96800001a3f0 0008 0000 0x0 0x0
0xffff96800001a468 0008 0000 0x0 0x0
0xffff96800001a4e0 0008 0000 0x0 0x0
0xffff96800001a558 0008 0000 0x0 0x0
0xffff96800001a5d0 0008 0000 0x0 0x0
0xffff96800001a648 0008 0000 0x0 0x0
0xffff96800001a6c0 0008 0000 0x0 0x0
0xffff96800001a738 0008 0000 0x0 0x0
0xffff96800001a7b0 0008 0000 0x0 0x0
0xffff96800001a828 0008 0000 0x0 0x0
0xffff96800001a8a0 0008 0000 0x0 0x0
0xffff96800001a918 0008 0000 0x0 0x0
0xffff96800001a990 0008 0000 0x0 0x0
0xffff96800001aa08 0008 0000 0x0 0x0
0xffff96800001aa80 0008 0000 0x0 0x0
0xffff96800001aaf8 0008 0000 0x0 0x0
0xffff96800001ab70 0008 0000 0x0 0x0
0xffff96800001abe8 0008 0000 0x0 0x0
0xffff96800001ac60 0008 0000 0x0 0x0
0xffff96800001acd8 0008 0000 0x0 0x0
0xffff96800001ad50 0008 0000 0x0 0x0
0xffff96800001adc8 0008 0000 0x0 0x0
0xffff96800001ae40 0008 0000 0x0 0x0
0xffff96800001aeb8 0008 0000 0x0 0x0
0xffff96800001af30 0008 0000 0x0 0x0
0xffff96800001afa8 0008 0000 0x0 0x0
0xffff96800001b020 0008 0000 0x0 0x0
0xffff96800001b098 0008 0000 0x0 0x0
0xffff96800001b110 0008 0000 0x0 0x0
0xffff96800001b188 0048 0000 0x0 0x0
0xffff96800001b200 0048 0000 0x0 0x0
0xffff96800001b278 0048 0000 0x0 0x0
0xffff96800001b2f0 0048 0000 0x0 0x0
0xffff96800001b368 0048 0000 0x0 0x0
0xffff96800001b3e0 0048 0000 0x0 0x0
0xffff96800001b458 0048 0000 0x0 0x0
0xffff96800001b4d0 0048 0000 0x0 0x0
0xffff96800001b548 0048 0000 0x0 0x0
0xffff96800001b5c0 0048 0000 0x0 0x0
0xffff96800001b638 0048 0000 0x0 0x0
0xffff96800001b6b0 0048 0000 0x0 0x0
0xffff96800001b728 0048 0000 0x0 0x0
0xffff96800001b7a0 0048 0000 0x0 0x0
0xffff96800001b818 0048 0000 0x0 0x0
0xffff96800001b890 0048 0000 0x0 0x0
0xffff96800001b908 0048 0000 0x0 0x0
0xffff96800001b980 0048 0000 0x0 0x0
0xffff96800001b9f8 0048 0000 0x0 0x0
0xffff96800001ba70 0048 0000 0x0 0x0
0xffff96800001bae8 0048 0000 0x0 0x0
0xffff96800001bb60 0048 0000 0x0 0x0
0xffff96800001bbd8 0048 0000 0x0 0x0
0xffff96800001bc50 0048 0000 0x0 0x0
0xffff96800001bcc8 0048 0000 0x0 0x0
0xffff96800001bd40 0048 0000 0x0 0x0
0xffff96800001bdb8 0048 0000 0x0 0x0
0xffff96800001be30 0048 0000 0x0 0x0
0xffff96800001bea8 0048 0000 0x0 0x0
0xffff96800001bf20 0048 0000 0x0 0x0
0xffff96800001bf98 0048 0000 0x0 0x0
0xffff96800001c010 0048 0000 0x0 0x0
0xffff96800001c088 0048 0000 0x0 0x0
0xffff96800001c100 0048 0000 0x0 0x0
0xffff96800001c178 0048 0000 0x0 0x0
0xffff96800001c1f0 0048 0000 0x0 0x0
0xffff96800001c268 0048 0000 0x0 0x0
0xffff96800001c2e0 0048 0000 0x0 0x0
0xffff96800001c358 0048 0000 0x0 0x0
0xffff96800001c3d0 0048 0000 0x0 0x0
0xffff96800001c448 0048 0000 0x0 0x0
0xffff96800001c4c0 0048 0000 0x0 0x0
0xffff96800001c538 0048 0000 0x0 0x0
0xffff96800001c5b0 0008 0000 0x0 0x0
0xffff96800001c628 0008 0000 0x0 0x0
0xffff96800001c6a0 0008 0000 0x0 0x0
0xffff96800001c718 0008 0000 0x0 0x0
0xffff96800001c790 0008 0000 0x0 0x0
0xffff96800001c808 0008 0000 0x0 0x0
0xffff96800001c880 0008 0000 0x0 0x0
0xffff96800001c8f8 0008 0000 0x0 0x0
0xffff96800001c970 0008 0000 0x0 0x0
0xffff96800001c9e8 0008 0000 0x0 0x0
0xffff96800001ca60 0008 0000 0x0 0x0
0xffff96800001cad8 0008 0000 0x0 0x0
0xffff96800001cb50 0008 0000 0x0 0x0
0xffff96800001cbc8 0008 0000 0x0 0x0
0xffff96800001cc40 0008 0000 0x0 0x0
0xffff96800001ccb8 0008 0000 0x0 0x0
0xffff96800001cd30 0008 0000 0x0 0x0
0xffff96800001cda8 0008 0000 0x0 0x0
0xffff96800001ce20 0008 0000 0x0 0x0
0xffff96800001ce98 0008 0000 0x0 0x0
0xffff96800001cf10 0008 0000 0x0 0x0
0xffff96800001cf88 0008 0000 0x0 0x0
0xffff96800001d000 0008 0000 0x0 0x0
0xffff96800001d078 0008 0000 0x0 0x0
0xffff96800001d0f0 0008 0000 0x0 0x0
0xffff96800001d168 0008 0000 0x0 0x0
0xffff96800001d1e0 0008 0000 0x0 0x0
0xffff96800001d258 0008 0000 0x0 0x0
0xffff96800001d2d0 0008 0000 0x0 0x0
0xffff96800001d348 0008 0000 0x0 0x0
0xffff96800001d3c0 0008 0000 0x0 0x0
0xffff96800001d438 0008 0000 0x0 0x0
0xffff96800001d4b0 0008 0000 0x0 0x0
0xffff96800001d528 0008 0000 0x0 0x0
0xffff96800001d5a0 0008 0000 0x0 0x0
0xffff96800001d618 0008 0000 0x0 0x0
0xffff96800001d690 0008 0000 0x0 0x0
0xffff96800001d708 0008 0000 0x0 0x0
0xffff96800001d780 0008 0000 0x0 0x0
0xffff96800001d7f8 0008 0000 0x0 0x0
0xffff96800001d870 0008 0000 0x0 0x0
0xffff96800001d8e8 0008 0000 0x0 0x0
0xffff96800001d960 0008 0000 0x0 0x0
0xffff96800001d9d8 0008 0000 0x0 0x0
0xffff96800001da50 0008 0000 0x0 0x0
0xffff96800001dac8 0008 0000 0x0 0x0
0xffff96800001db40 0008 0000 0x0 0x0
0xffff96800001dbb8 0008 0000 0x0 0x0
0xffff96800001dc30 0008 0000 0x0 0x0
0xffff96800001dca8 0008 0000 0x0 0x0
0xffff96800001dd20 0008 0000 0x0 0x0
0xffff96800001dd98 0008 0000 0x0 0x0
0xffff96800001de10 0008 0000 0x0 0x0
0xffff96800001de88 0008 0000 0x0 0x0
0xffff96800001df00 0048 0000 0x0 0x0
0xffff96800001df78 0048 0000 0x0 0x0
0xffff96800001dff0 0048 0000 0x0 0x0
0xffff96800001e068 0048 0000 0x0 0x0
0xffff96800001e0e0 0048 0000 0x0 0x0
0xffff96800001e158 0048 0000 0x0 0x0
0xffff96800001e1d0 0048 0000 0x0 0x0
0xffff96800001e248 0048 0000 0x0 0x0
0xffff96800001e2c0 0048 0000 0x0 0x0
0xffff96800001e338 0048 0000 0x0 0x0
0xffff96800001e3b0 0048 0000 0x0 0x0
0xffff96800001e428 0048 0000 0x0 0x0
0xffff96800001e4a0 0048 0000 0x0 0x0
0xffff96800001e518 0048 0000 0x0 0x0
0xffff96800001e590 0048 0000 0x0 0x0
0xffff96800001e608 0048 0000 0x0 0x0
0xffff96800001e680 0048 0000 0x0 0x0
0xffff96800001e6f8 0048 0000 0x0 0x0
0xffff96800001e770 0048 0000 0x0 0x0
0xffff96800001e7e8 0048 0000 0x0 0x0
0xffff96800001e860 0048 0000 0x0 0x0
0xffff96800001e8d8 0048 0000 0x0 0x0
0xffff96800001e950 0048 0000 0x0 0x0
0xffff96800001e9c8 0048 0000 0x0 0x0
0xffff96800001ea40 0048 0000 0x0 0x0
0xffff96800001eab8 0048 0000 0x0 0x0
0xffff96800001eb30 0048 0000 0x0 0x0
0xffff96800001eba8 0048 0000 0x0 0x0
0xffff96800001ec20 0040 0000 0x0 0x0
0xffff96800001ec98 0048 0000 0x0 0x0
0xffff96800001ed10 0048 0000 0x0 0x0
0xffff96800001ed88 0048 0000 0x0 0x0
0xffff96800001ee00 0048 0000 0x0 0x0
0xffff96800001ee78 0048 0000 0x0 0x0
0xffff96800001eef0 0048 0000 0x0 0x0
0xffff96800001ef68 0040 0000 0x0 0x0
0xffff96800001efe0 0040 0000 0x0 0x0
0xffff96800001f058 0048 0000 0x0 0x0
0xffff96800001f0d0 0040 0000 0x0 0x0
0xffff96800001f148 0040 0000 0x0 0x0
0xffff96800001f1c0 0048 0000 0x0 0x0
0xffff96800001f238 0048 0000 0x0 0x0
0xffff96800001f2b0 0048 0000 0x0 0x0
0xffff96800001f328 0008 0000 0x0 0x0
0xffff96800001f3a0 0008 0000 0x0 0x0
0xffff96800001f418 0008 0000 0x0 0x0
0xffff96800001f490 0008 0000 0x0 0x0
0xffff96800001f508 0008 0000 0x0 0x0
0xffff96800001f580 0008 0000 0x0 0x0
0xffff96800001f5f8 0008 0000 0x0 0x0
0xffff96800001f670 0008 0000 0x0 0x0
0xffff96800001f6e8 0008 0000 0x0 0x0
0xffff96800001f760 0008 0000 0x0 0x0
0xffff96800001f7d8 0008 0000 0x0 0x0
0xffff96800001f850 0008 0000 0x0 0x0
0xffff96800001f8c8 0008 0000 0x0 0x0
0xffff96800001f940 0008 0000 0x0 0x0
0xffff96800001f9b8 0008 0000 0x0 0x0
0xffff96800001fa30 0008 0000 0x0 0x0
0xffff96800001faa8 0008 0000 0x0 0x0
0xffff96800001fb20 0008 0000 0x0 0x0
0xffff96800001fb98 0008 0000 0x0 0x0
0xffff96800001fc10 0008 0000 0x0 0x0
0xffff96800001fc88 0008 0000 0x0 0x0
0xffff96800001fd00 0008 0000 0x0 0x0
0xffff96800001fd78 0008 0000 0x0 0x0
0xffff96800001fdf0 0008 0000 0x0 0x0
0xffff96800001fe68 0008 0000 0x0 0x0
0xffff96800001fee0 0008 0000 0x0 0x0
0xffff96800001ff58 0008 0000 0x0 0x0
0xffff96800001ffd0 0008 0000 0x0 0x0
0xffff968000020048 0008 0000 0x0 0x0
0xffff9680000200c0 0008 0000 0x0 0x0
0xffff968000020138 0008 0000 0x0 0x0
0xffff9680000201b0 0008 0000 0x0 0x0
0xffff968000020228 0008 0000 0x0 0x0
0xffff9680000202a0 0008 0000 0x0 0x0
0xffff968000020318 0008 0000 0x0 0x0
0xffff968000020390 0008 0000 0x0 0x0
0xffff968000020408 0008 0000 0x0 0x0
0xffff968000020480 0008 0000 0x0 0x0
0xffff9680000204f8 0008 0000 0x0 0x0
0xffff968000020570 0008 0000 0x0 0x0
0xffff9680000205e8 0008 0000 0x0 0x0
0xffff968000020660 0008 0000 0x0 0x0
0xffff9680000206d8 0008 0000 0x0 0x0
0xffff968000020750 0008 0000 0x0 0x0
0xffff9680000207c8 0008 0000 0x0 0x0
0xffff968000020840 0008 0000 0x0 0x0
0xffff9680000208b8 0008 0000 0x0 0x0
0xffff968000020930 0008 0000 0x0 0x0
0xffff9680000209a8 0008 0000 0x0 0x0
0xffff968000020a20 0008 0000 0x0 0x0
0xffff968000020a98 0008 0000 0x0 0x0
0xffff968000020b10 0008 0000 0x0 0x0
0xffff968000020b88 0008 0000 0x0 0x0
0xffff968000020c00 0008 0000 0x0 0x0
0xffff968000020c78 0040 0000 0x0 0x0
0xffff968000020cf0 0040 0000 0x0 0x0
0xffff968000020d68 0040 0000 0x0 0x0
0xffff968000020de0 0040 0000 0x0 0x0
0xffff968000020e58 0040 0000 0x0 0x0
0xffff968000020ed0 0040 0000 0x0 0x0
0xffff968000020f48 0040 0000 0x0 0x0
0xffff968000020fc0 0040 0000 0x0 0x0
0xffff968000021038 0040 0000 0x0 0x0
0xffff9680000210b0 0040 0000 0x0 0x0
0xffff968000021128 0040 0000 0x0 0x0
0xffff9680000211a0 0040 0000 0x0 0x0
0xffff968000021218 0040 0000 0x0 0x0
0xffff968000021290 0040 0000 0x0 0x0
0xffff968000021308 0040 0000 0x0 0x0
0xffff968000021380 0040 0000 0x0 0x0
0xffff9680000213f8 0040 0000 0x0 0x0
0xffff968000021470 0040 0000 0x0 0x0
0xffff9680000214e8 0040 0000 0x0 0x0
0xffff968000021560 0040 0000 0x0 0x0
0xffff9680000215d8 0040 0000 0x0 0x0
0xffff968000021650 0040 0000 0x0 0x0
0xffff9680000216c8 0040 0000 0x0 0x0
0xffff968000021740 0040 0000 0x0 0x0
0xffff9680000217b8 0040 0000 0x0 0x0
0xffff968000021830 0040 0000 0x0 0x0
0xffff9680000218a8 0040 0000 0x0 0x0
0xffff968000021920 0040 0000 0x0 0x0
0xffff968000021998 0040 0000 0x0 0x0
0xffff968000021a10 0040 0000 0x0 0x0
0xffff968000021a88 0040 0000 0x0 0x0
0xffff968000021b00 0040 0000 0x0 0x0
0xffff968000021b78 0040 0000 0x0 0x0
0xffff968000021bf0 0040 0000 0x0 0x0
0xffff968000021c68 0040 0000 0x0 0x0
0xffff968000021ce0 0040 0000 0x0 0x0
0xffff968000021d58 0040 0000 0x0 0x0
0xffff968000021dd0 0040 0000 0x0 0x0
0xffff968000021e48 0040 0000 0x0 0x0
0xffff968000021ec0 0040 0000 0x0 0x0
0xffff968000021f38 0040 0000 0x0 0x0
0xffff968000021fb0 0040 0000 0x0 0x0
0xffff968000022028 0040 0000 0x0 0x0
0xffff9680000220a0 0040 0000 0x0 0x0
0xffff968000022118 0040 0000 0x0 0x0
0xffff968000022190 0040 0000 0x0 0x0
0xffff968000022208 0040 0000 0x0 0x0
0xffff968000022280 0040 0000 0x0 0x0
0xffff9680000222f8 0040 0000 0x0 0x0
0xffff968000022370 0040 0000 0x0 0x0
0xffff9680000223e8 0040 0000 0x0 0x0
0xffff968000022460 0048 0000 0x0 0x0
0xffff9680000224d8 0040 0000 0x0 0x0
0xffff968000022550 0040 0000 0x0 0x0
0xffff9680000225c8 0040 0000 0x0 0x0
0xffff968000022640 0040 0000 0x0 0x0
0xffff9680000226b8 0040 0000 0x0 0x0
0xffff968000022730 0040 0000 0x0 0x0
0xffff9680000227a8 0048 0000 0x0 0x0
0xffff968000022820 0048 0000 0x0 0x0
0xffff968000022898 0040 0000 0x0 0x0
0xffff968000022910 0040 0000 0x0 0x0
0xffff968000022988 0048 0000 0x0 0x0
0xffff968000022a00 0040 0000 0x0 0x0
0xffff968000022a78 0048 0000 0x0 0x0
0xffff968000022af0 0048 0000 0x0 0x0
0xffff968000022b68 0048 0000 0x0 0x0
0xffff968000022be0 0048 0000 0x0 0x0
0xffff968000022c58 0048 0000 0x0 0x0
0xffff968000022cd0 0048 0000 0x0 0x0
0xffff968000022d48 0048 0000 0x0 0x0
0xffff968000022dc0 0048 0000 0x0 0x0
0xffff968000022e38 0048 0000 0x0 0x0
0xffff968000022eb0 0048 0000 0x0 0x0
0xffff968000022f28 0048 0000 0x0 0x0
0xffff968000022fa0 0048 0000 0x0 0x0
0xffff968000023018 0048 0000 0x0 0x0
0xffff968000023090 0048 0000 0x0 0x0
0xffff968000023108 0048 0000 0x0 0x0
0xffff968000023180 0048 0000 0x0 0x0
0xffff9680000231f8 0048 0000 0x0 0x0
0xffff968000023270 0048 0000 0x0 0x0
0xffff9680000232e8 0048 0000 0x0 0x0
0xffff968000023360 0048 0000 0x0 0x0
0xffff9680000233d8 0048 0000 0x0 0x0
0xffff968000023450 0048 0000 0x0 0x0
0xffff9680000234c8 0048 0000 0x0 0x0
0xffff968000023540 0048 0000 0x0 0x0
0xffff9680000235b8 0048 0000 0x0 0x0
0xffff968000023630 0048 0000 0x0 0x0
0xffff9680000236a8 0048 0000 0x0 0x0
0xffff968000023720 0048 0000 0x0 0x0
0xffff968000023798 0048 0000 0x0 0x0
0xffff968000023810 0048 0000 0x0 0x0
0xffff968000023888 0048 0000 0x0 0x0
0xffff968000023900 0048 0000 0x0 0x0
0xffff968000023978 0048 0000 0x0 0x0
0xffff9680000239f0 0048 0000 0x0 0x0
0xffff968000023a68 0048 0000 0x0 0x0
0xffff968000023ae0 0048 0000 0x0 0x0
0xffff968000023b58 0048 0000 0x0 0x0
0xffff968000023bd0 0048 0000 0x0 0x0
0xffff968000023c48 0048 0000 0x0 0x0
0xffff968000023cc0 0048 0000 0x0 0x0
0xffff968000023d38 0048 0000 0x0 0x0
0xffff968000023db0 0048 0000 0x0 0x0
0xffff968000023e28 0048 0000 0x0 0x0
0xffff968000023ea0 0048 0000 0x0 0x0
0xffff968000023f18 0048 0000 0x0 0x0
0xffff968000023f90 0048 0000 0x0 0x0
0xffff968000024008 0048 0000 0x0 0x0
0xffff968000024080 0048 0000 0x0 0x0
0xffff9680000240f8 0048 0000 0x0 0x0
0xffff968000024170 0048 0000 0x0 0x0
0xffff9680000241e8 0048 0000 0x0 0x0
0xffff968000024260 0048 0000 0x0 0x0
0xffff9680000242d8 0048 0000 0x0 0x0
0xffff968000024350 0048 0000 0x0 0x0
0xffff9680000243c8 0008 0000 0x0 0x0
0xffff968000024440 0008 0000 0x0 0x0
0xffff9680000244b8 0008 0000 0x0 0x0
0xffff968000024530 0008 0000 0x0 0x0
0xffff9680000245a8 0008 0000 0x0 0x0
0xffff968000024620 0008 0000 0x0 0x0
0xffff968000024698 0008 0000 0x0 0x0
0xffff968000024710 0008 0000 0x0 0x0
0xffff968000024788 0008 0000 0x0 0x0
0xffff968000024800 0008 0000 0x0 0x0
0xffff968000024878 0008 0000 0x0 0x0
0xffff9680000248f0 0008 0000 0x0 0x0
0xffff968000024968 0008 0000 0x0 0x0
0xffff9680000249e0 0008 0000 0x0 0x0
0xffff968000024a58 0008 0000 0x0 0x0
0xffff968000024ad0 0008 0000 0x0 0x0
0xffff968000024b48 0008 0000 0x0 0x0
0xffff968000024bc0 0008 0000 0x0 0x0
0xffff968000024c38 0008 0000 0x0 0x0
0xffff968000024cb0 0008 0000 0x0 0x0
0xffff968000024d28 0008 0000 0x0 0x0
0xffff968000024da0 0008 0000 0x0 0x0
0xffff968000024e18 0008 0000 0x0 0x0
0xffff968000024e90 0008 0000 0x0 0x0
0xffff968000024f08 0008 0000 0x0 0x0
0xffff968000024f80 0008 0000 0x0 0x0
0xffff968000024ff8 0008 0000 0x0 0x0
0xffff968000025070 0008 0000 0x0 0x0
0xffff9680000250e8 0008 0000 0x0 0x0
0xffff968000025160 0008 0000 0x0 0x0
0xffff9680000251d8 0008 0000 0x0 0x0
0xffff968000025250 0008 0000 0x0 0x0
0xffff9680000252c8 0008 0000 0x0 0x0
0xffff968000025340 0008 0000 0x0 0x0
0xffff9680000253b8 0008 0000 0x0 0x0
0xffff968000025430 0008 0000 0x0 0x0
0xffff9680000254a8 0008 0000 0x0 0x0
0xffff968000025520 0008 0000 0x0 0x0
0xffff968000025598 0008 0000 0x0 0x0
0xffff968000025610 0008 0000 0x0 0x0
0xffff968000025688 0008 0000 0x0 0x0
0xffff968000025700 0008 0000 0x0 0x0
0xffff968000025778 0008 0000 0x0 0x0
0xffff9680000257f0 0008 0000 0x0 0x0
0xffff968000025868 0008 0000 0x0 0x0
0xffff9680000258e0 0008 0000 0x0 0x0
0xffff968000025958 0008 0000 0x0 0x0
0xffff9680000259d0 0008 0000 0x0 0x0
0xffff968000025a48 0008 0000 0x0 0x0
0xffff968000025ac0 0008 0000 0x0 0x0
0xffff968000025b38 0008 0000 0x0 0x0
0xffff968000025bb0 0008 0000 0x0 0x0
0xffff968000025c28 0008 0000 0x0 0x0
0xffff968000025ca0 0008 0000 0x0 0x0
0xffff968000025d18 0008 0000 0x0 0x0
0xffff968000025d90 0008 0000 0x0 0x0
0xffff968000025e08 0008 0000 0x0 0x0
0xffff968000025e80 0008 0000 0x0 0x0
0xffff968000025ef8 0008 0000 0x0 0x0
0xffff968000025f70 0008 0000 0x0 0x0
0xffff968000025fe8 0008 0000 0x0 0x0
0xffff968000026060 0008 0000 0x0 0x0
0xffff9680000260d8 0008 0000 0x0 0x0
0xffff968000026150 0008 0000 0x0 0x0
0xffff9680000261c8 0008 0000 0x0 0x0
0xffff968000026240 0008 0000 0x0 0x0
0xffff9680000262b8 0008 0000 0x0 0x0
0xffff968000026330 0008 0000 0x0 0x0
0xffff9680000263a8 0008 0000 0x0 0x0
0xffff968000026420 0008 0000 0x0 0x0
0xffff968000026498 0008 0000 0x0 0x0
0xffff968000026510 0008 0000 0x0 0x0
0xffff968000026588 0008 0000 0x0 0x0
0xffff968000026600 0008 0000 0x0 0x0
0xffff968000026678 0008 0000 0x0 0x0
0xffff9680000266f0 0008 0000 0x0 0x0
0xffff968000026768 0008 0000 0x0 0x0
0xffff9680000267e0 0008 0000 0x0 0x0
0xffff968000026858 0008 0000 0x0 0x0
0xffff9680000268d0 0008 0000 0x0 0x0
0xffff968000026948 0008 0000 0x0 0x0
0xffff9680000269c0 0008 0000 0x0 0x0
0xffff968000026a38 0008 0000 0x0 0x0
0xffff968000026ab0 0008 0000 0x0 0x0
0xffff968000026b28 0008 0000 0x0 0x0
0xffff968000026ba0 0008 0000 0x0 0x0
0xffff968000026c18 0008 0000 0x0 0x0
0xffff968000026c90 0008 0000 0x0 0x0
0xffff968000026d08 0008 0000 0x0 0x0
0xffff968000026d80 0008 0000 0x0 0x0
0xffff968000026df8 0008 0000 0x0 0x0
0xffff968000026e70 0008 0000 0x0 0x0
0xffff968000026ee8 0008 0000 0x0 0x0
0xffff968000026f60 0008 0000 0x0 0x0
0xffff968000026fd8 0008 0000 0x0 0x0
0xffff968000027050 0008 0000 0x0 0x0
0xffff9680000270c8 0008 0000 0x0 0x0
0xffff968000027140 0008 0000 0x0 0x0
0xffff9680000271b8 0008 0000 0x0 0x0
0xffff968000027230 0008 0000 0x0 0x0
0xffff9680000272a8 0008 0000 0x0 0x0
0xffff968000027320 0008 0000 0x0 0x0
0xffff968000027398 0008 0000 0x0 0x0
0xffff968000027410 0008 0000 0x0 0x0
0xffff968000027488 0008 0000 0x0 0x0
0xffff968000027500 0008 0000 0x0 0x0
0xffff968000027578 0008 0000 0x0 0x0
0xffff9680000275f0 0008 0000 0x0 0x0
0xffff968000027668 0008 0000 0x0 0x0
0xffff9680000276e0 0008 0000 0x0 0x0
0xffff968000027758 0008 0000 0x0 0x0
0xffff9680000277d0 0008 0000 0x0 0x0
0xffff968000027848 0008 0000 0x0 0x0
0xffff9680000278c0 0008 0000 0x0 0x0
0xffff968000027938 0008 0000 0x0 0x0
0xffff9680000279b0 0008 0000 0x0 0x0
0xffff968000027a28 0008 0000 0x0 0x0
0xffff968000027aa0 0008 0000 0x0 0x0
0xffff968000027b18 0008 0000 0x0 0x0
0xffff968000027b90 0008 0000 0x0 0x0
0xffff968000027c08 0008 0000 0x0 0x0
0xffff968000027c80 0008 0000 0x0 0x0
0xffff968000027cf8 0008 0000 0x0 0x0
0xffff968000027d70 0008 0000 0x0 0x0
0xffff968000027de8 0008 0000 0x0 0x0
0xffff968000027e60 0008 0000 0x0 0x0
0xffff968000027ed8 0008 0000 0x0 0x0
0xffff968000027f50 0008 0000 0x0 0x0
0xffff968000027fc8 0008 0000 0x0 0x0
0xffff968000028040 0008 0000 0x0 0x0
0xffff9680000280b8 0008 0000 0x0 0x0
0xffff968000028130 0008 0000 0x0 0x0
0xffff9680000281a8 0008 0000 0x0 0x0
0xffff968000028220 0008 0000 0x0 0x0
0xffff968000028298 0008 0000 0x0 0x0
0xffff968000028310 0008 0000 0x0 0x0
0xffff968000028388 0008 0000 0x0 0x0
0xffff968000028400 0008 0000 0x0 0x0
0xffff968000028478 0008 0000 0x0 0x0
0xffff9680000284f0 0008 0000 0x0 0x0
0xffff968000028568 0008 0000 0x0 0x0
0xffff9680000285e0 0008 0000 0x0 0x0
0xffff968000028658 0008 0000 0x0 0x0
0xffff9680000286d0 0008 0000 0x0 0x0
0xffff968000028748 0008 0000 0x0 0x0
0xffff9680000287c0 0008 0000 0x0 0x0
0xffff968000028838 0008 0000 0x0 0x0
0xffff9680000288b0 0008 0000 0x0 0x0
0xffff968000028928 0008 0000 0x0 0x0
0xffff9680000289a0 0008 0000 0x0 0x0
0xffff968000028a18 0008 0000 0x0 0x0
0xffff968000028a90 0008 0000 0x0 0x0
0xffff968000028b08 0008 0000 0x0 0x0
0xffff968000028b80 0008 0000 0x0 0x0
0xffff968000028bf8 0008 0000 0x0 0x0
0xffff968000028c70 0008 0000 0x0 0x0
0xffff968000028ce8 0008 0000 0x0 0x0
0xffff968000028d60 0008 0000 0x0 0x0
0xffff968000028dd8 0008 0000 0x0 0x0
0xffff968000028e50 0008 0000 0x0 0x0
0xffff968000028ec8 0008 0000 0x0 0x0
0xffff968000028f40 0008 0000 0x0 0x0
0xffff968000028fb8 0008 0000 0x0 0x0
0xffff968000029030 0008 0000 0x0 0x0
0xffff9680000290a8 0008 0000 0x0 0x0
0xffff968000029120 0008 0000 0x0 0x0
0xffff968000029198 0008 0000 0x0 0x0
0xffff968000029210 0008 0000 0x0 0x0
0xffff968000029288 0008 0000 0x0 0x0
0xffff968000029300 0008 0000 0

---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

Maxime Villard

unread,
Aug 3, 2019, 11:40:36 AM8/3/19
to syzbot, syzkaller-...@googlegroups.com
Seems to be a glitch from syzbot, the issue got fixed a few hours before this
triggered, and it hasn't triggered since.

#syz dup: assert failed: uvm_page_locked_p(old_pg)

Dmitry Vyukov

unread,
Aug 8, 2019, 12:55:19 PM8/8/19
to Maxime Villard, syzbot, syzkaller-netbsd-bugs
This is weird. There are no known precedents for any other bugs/OSes
(2 orders of magnitude more than for netbsd).
Opening bogus bugs would be a very bad thing for syzbot. Are you sure
it's not fixed by a subsequent commit?... Maybe a follow up fix that's
required to fully fix the problem?
But while we have just 1 such precedent we can of course write it off
as cosmic rays :)

Kamil Rytarowski

unread,
Aug 8, 2019, 1:06:50 PM8/8/19
to Dmitry Vyukov, Maxime Villard, syzbot, syzkaller-netbsd-bugs
We have fixed a number of bugs but there is a shortage with CVS->git
translation machine for several days and problably for a week more.

signature.asc

Dmitry Vyukov

unread,
Aug 8, 2019, 1:12:57 PM8/8/19
to Kamil Rytarowski, Maxime Villard, syzbot, syzkaller-netbsd-bugs
This should not cause any problems for syzbot.
If a bug is marked as fixed by a commit, then it will wait until the
commit reaches all builds and only then mark it as closed. Only after
that new crashes with the same signature will be reported as new bugs.
This aspect is absolutely critical for linux with dozens of trees and
propagation taking months, so this part should work reliably (at least
there are no known precedents).

What could cause problems is 2 commits with the same "title". But this
wasn't the case here, right?

Maxime Villard

unread,
Aug 11, 2019, 4:11:38 AM8/11/19
to Dmitry Vyukov, syzbot, syzkaller-netbsd-bugs
What happened is that the bug got fixed, syzbot saw the "Reported-by" and
closed the report, and then shortly afterwards it re-opened the bug as
"(2)", and it triggered only once. I did look at the code and I see no
way this could have been a different bug.

My understanding is that syzbot opened "(2)" because it was still running
tests on an unpatched kernel even though it marked the original bug as
fixed.

Something along those lines. Or maybe I am wrong and "(2)" is a totally
different bug; but as I said it only triggered once right after the fix,
so it's a bit suspicious.

Dmitry Vyukov

unread,
Aug 11, 2019, 5:30:50 AM8/11/19
to Maxime Villard, syzbot, syzkaller-netbsd-bugs
On Sun, Aug 11, 2019 at 10:11 AM Maxime Villard <m...@m00nbsd.net> wrote:
>
> Le 08/08/2019 à 18:55, 'Dmitry Vyukov' via syzkaller-netbsd-bugs a écrit :
> > On Sat, Aug 3, 2019 at 5:40 PM Maxime Villard <m...@m00nbsd.net> wrote:
> >>
> >> Seems to be a glitch from syzbot, the issue got fixed a few hours before this
> >> triggered, and it hasn't triggered since.
> >>
> >> #syz dup: assert failed: uvm_page_locked_p(old_pg)
> >
> > This is weird. There are no known precedents for any other bugs/OSes
> > (2 orders of magnitude more than for netbsd).
> > Opening bogus bugs would be a very bad thing for syzbot. Are you sure
> > it's not fixed by a subsequent commit?... Maybe a follow up fix that's
> > required to fully fix the problem?
> > But while we have just 1 such precedent we can of course write it off
> > as cosmic rays :)
>
> What happened is that the bug got fixed, syzbot saw the "Reported-by" and
> closed the report, and then shortly afterwards it re-opened the bug as
> "(2)", and it triggered only once. I did look at the code and I see no
> way this could have been a different bug.
>
> My understanding is that syzbot opened "(2)" because it was still running
> tests on an unpatched kernel even though it marked the original bug as
> fixed.

I think I now see a bug in the code that can lead to exactly such
scenario. Filed https://github.com/google/syzkaller/issues/1329
Reply all
Reply to author
Forward
0 new messages