ASan: Unauthorized Access in vcache_reclaim

5 views

Skip to first unread message

syzbot

unread,

Aug 2, 2022, 9:26:28 PM8/2/22

to syzkaller-...@googlegroups.com

Hello,

syzbot found the following issue on:

HEAD commit: 4b97c2317f82 genfb: Handle uninitialized softc in genfb_en..
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=101e243e080000
kernel config: https://syzkaller.appspot.com/x/.config?x=fab579639ba4bf0a
dashboard link: https://syzkaller.appspot.com/bug?extid=177e6808c863c4dd4584
compiler: g++ (Debian 10.2.1-6) 10.2.1 20210110

Unfortunately, I don't have any reproducer for this issue yet.

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+177e68...@syzkaller.appspotmail.com

[ 90.7776027] panic: ASan: Unauthorized Access In 0xffffffff81ca635a: Addr 0xffffd900140bd698 [8 bytes, read, PoolUseAfterFree]

[ 90.7971951] cpu0: Begin traceback...
[ 90.8075881] vpanic() at netbsd:vpanic+0x282 sys/kern/subr_prf.c:293
[ 90.8375851] panic() at netbsd:panic+0x9e sys/kern/subr_prf.c:1043
[ 90.8675873] kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:168 [inline]
[ 90.8675873] kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:200
[ 90.8875830] __asan_load8() at netbsd:__asan_load8+0xac kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:370 [inline]
[ 90.8875830] __asan_load8() at netbsd:__asan_load8+0xac kasan_shadow_check sys/kern/subr_asan.c:420 [inline]
[ 90.8875830] __asan_load8() at netbsd:__asan_load8+0xac sys/kern/subr_asan.c:1207
[ 90.9175854] vcache_reclaim() at netbsd:vcache_reclaim+0x52b sys/kern/vfs_vnode.c:1923
[ 90.9475835] vrelel() at netbsd:vrelel+0x67a sys/kern/vfs_vnode.c:985
[ 90.9775852] vrele() at netbsd:vrele+0x51 sys/kern/vfs_vnode.c:1038
[ 90.9975840] layer_remove() at netbsd:layer_remove+0xa4 sys/miscfs/genfs/layer_vnops.c:631
[ 91.0275887] VOP_REMOVE() at netbsd:VOP_REMOVE+0x27c sys/kern/vnode_if.c:1219
[ 91.0475843] do_sys_unlinkat() at netbsd:do_sys_unlinkat+0x5b5 sys/kern/vfs_syscalls.c:2916
[ 91.0775823] syscall() at netbsd:syscall+0x25a sy_call sys/sys/syscallvar.h:65 [inline]
[ 91.0775823] syscall() at netbsd:syscall+0x25a sy_invoke sys/sys/syscallvar.h:94 [inline]
[ 91.0775823] syscall() at netbsd:syscall+0x25a sys/arch/x86/x86/syscall.c:138
[ 91.0875824] --- syscall (number 10) ---
[ 91.0975820] netbsd:syscall+0x25a:
[ 91.0975820] cpu0: End traceback...
[ 91.1089160] fatal breakpoint trap in supervisor mode
[ 91.1089160] trap type 1 code 0 rip 0xffffffff80220a4d cs 0x8 rflags 0x282 cr2 0x77d55d6d7000 ilevel 0 rsp 0xffffd9019fb337e0
[ 91.1250300] curlwp 0xffffd90013444500 pid 3278.3278 lowest kstack 0xffffd9019fb2c2c0
Stopped in pid 3278.3278 (syz-executor.1) at netbsd:breakpoint+0x5: leave
?
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:69
vpanic() at netbsd:vpanic+0x282 sys/kern/subr_prf.c:293
panic() at netbsd:panic+0x9e sys/kern/subr_prf.c:1043
kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:168 [inline]
kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:200
__asan_load8() at netbsd:__asan_load8+0xac kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:370 [inline]
__asan_load8() at netbsd:__asan_load8+0xac kasan_shadow_check sys/kern/subr_asan.c:420 [inline]
__asan_load8() at netbsd:__asan_load8+0xac sys/kern/subr_asan.c:1207
vcache_reclaim() at netbsd:vcache_reclaim+0x52b sys/kern/vfs_vnode.c:1923
vrelel() at netbsd:vrelel+0x67a sys/kern/vfs_vnode.c:985
vrele() at netbsd:vrele+0x51 sys/kern/vfs_vnode.c:1038
layer_remove() at netbsd:layer_remove+0xa4 sys/miscfs/genfs/layer_vnops.c:631
VOP_REMOVE() at netbsd:VOP_REMOVE+0x27c sys/kern/vnode_if.c:1219
do_sys_unlinkat() at netbsd:do_sys_unlinkat+0x5b5 sys/kern/vfs_syscalls.c:2916
syscall() at netbsd:syscall+0x25a sy_call sys/sys/syscallvar.h:65 [inline]
syscall() at netbsd:syscall+0x25a sy_invoke sys/sys/syscallvar.h:94 [inline]
syscall() at netbsd:syscall+0x25a sys/arch/x86/x86/syscall.c:138
--- syscall (number 10) ---
netbsd:syscall+0x25a:
Panic string: ASan: Unauthorized Access In 0xffffffff81ca635a: Addr 0xffffd900140bd698 [8 bytes, read, PoolUseAfterFree]

PID LID S CPU FLAGS STRUCT LWP * NAME WAIT
3278 >3278 7 0 40 ffffd90013444500 syz-executor.1
4276 4276 3 1 180 ffffd90013ef7340 syz-executor.0 parked
2894 2894 3 0 180 ffffd90012a06b80 syz-executor.2 parked
1372 1372 3 1 180 ffffd9001333a540 syz-executor.4 parked
659 659 3 0 180 ffffd9001335e580 syz-executor.4 parked
3634 3634 3 1 180 ffffd90012ca9140 syz-executor.4 parked
1459 1459 3 1 180 ffffd90012cd5a80 syz-executor.4 parked
3882 3882 3 1 180 ffffd90013fda940 syz-executor.4 parked
1117 1117 3 0 1c0 ffffd90012aa2080 syz-executor.5 pipe_rd
392 392 3 1 180 ffffd90012c9d540 syz-executor.4 parked
3285 3285 3 0 180 ffffd90012c89940 syz-executor.3 parked
2115 2115 3 0 180 ffffd90012bb4180 syz-executor.3 parked
1192 1192 3 1 1c0 ffffd90013df8240 syz-executor.4 pipe_rd
1151 1151 3 0 1c0 ffffd90013dd5640 syz-executor.3 pipe_rd
422 422 3 1 1c0 ffffd90013cbb600 syz-executor.2 pipe_rd
1223 1223 3 0 1c0 ffffd90013373180 syz-executor.0 pipe_rd
1078 1234 3 1 1c0 ffffd90013ea52c0 syz-fuzzer wait
1078 989 3 1 180 ffffd90013df8ac0 syz-fuzzer parked
1078 1231 3 0 1c0 ffffd90013df8680 syz-fuzzer wait
1078 1130 3 0 1c0 ffffd90013dd5a80 syz-fuzzer wait
1078 1195 3 0 180 ffffd90013dd5200 syz-fuzzer wait
1078 1105 3 0 180 ffffd90013cbb1c0 syz-fuzzer wait
1078 1224 2 1 100 ffffd90013c325c0 syz-fuzzer
1078 1220 3 1 180 ffffd900133b3ac0 syz-fuzzer parked
1078 972 2 1 40 ffffd900133b3240 syz-fuzzer
1078 1113 3 1 180 ffffd9001338ea40 syz-fuzzer wait
1078 1054 3 0 180 ffffd9001339ba80 syz-fuzzer parked
1078 1086 2 0 140 ffffd9001339b640 syz-fuzzer
1078 1078 3 0 180 ffffd90012aa2900 syz-fuzzer parked
1079 >1079 7 1 100 ffffd90012a63040 sshd
1126 1126 3 0 180 ffffd90013450980 getty nanoslp
1001 1001 3 0 180 ffffd900134739c0 getty nanoslp
1252 1252 3 0 180 ffffd90013473140 getty nanoslp
1115 1115 3 1 1c0 ffffd90012c9d100 getty ttyraw
1000 1000 3 1 180 ffffd9001338e600 sshd select
949 949 3 1 180 ffffd90012d3f340 powerd kqueue
687 687 3 0 180 ffffd900133c7b00 syslogd kqueue
602 602 3 1 180 ffffd90012c1b700 dhcpcd poll
464 464 3 0 180 ffffd90012c81900 dhcpcd poll
546 546 3 1 180 ffffd90012c4db80 dhcpcd poll
589 589 3 1 180 ffffd90012c4d300 dhcpcd poll
289 289 3 1 180 ffffd90012d82080 dhcpcd poll
288 288 3 0 180 ffffd90012d6b8c0 dhcpcd poll
351 351 3 1 180 ffffd90012d6b480 dhcpcd poll
1 1 3 0 180 ffffd900128549c0 init wait
0 925 5 0 200 ffffd90013f08040 (zombie)
0 3892 3 0 200 ffffd90013424bc0 ktrace ktrwait
0 971 3 0 200 ffffd90012974ac0 physiod physiod
0 194 3 1 200 ffffd9001298bb00 pooldrain pooldrain
0 193 3 0 200 ffffd9001298b6c0 ioflush syncer
0 192 3 0 200 ffffd9001298b280 pgdaemon pgdaemon
0 169 3 1 200 ffffd90012974240 usb7 usbevt
0 167 3 1 200 ffffd9001292ea80 usb6 usbevt
0 165 3 1 200 ffffd9001292e640 usb5 usbevt
0 164 3 1 200 ffffd9001292e200 usb4 usbevt
0 31 3 0 200 ffffd900128e1a40 usb3 usbevt
0 63 3 1 200 ffffd900128e1600 usb2 usbevt
0 126 3 1 200 ffffd900128e11c0 usb1 usbevt
0 125 3 0 200 ffffd90012871a00 usb0 usbevt
0 124 3 1 200 ffffd900128715c0 usbtask-dr usbtsk
0 123 3 1 200 ffffd900120b66c0 usbtask-hc usbtsk
0 122 3 1 200 ffffd90012871180 npfgc0 npfgcw
0 121 3 1 200 ffffd90012854580 rt_free rt_free
0 120 3 1 200 ffffd90012854140 unpgc unpgc
0 119 3 0 200 ffffd900126f9980 key_timehandler key_timehandler
0 118 3 1 200 ffffd900126f9540 icmp6_wqinput/1 icmp6_wqinput
0 117 3 0 200 ffffd900126f9100 icmp6_wqinput/0 icmp6_wqinput
0 116 3 0 200 ffffd900126ef940 nd6_timer nd6_timer
0 115 3 1 200 ffffd900126ef500 carp6_wqinput/1 carp6_wqinput
0 114 3 0 200 ffffd900126ef0c0 carp6_wqinput/0 carp6_wqinput
0 113 3 1 200 ffffd900126e1900 carp_wqinput/1 carp_wqinput
0 112 3 0 200 ffffd900126e14c0 carp_wqinput/0 carp_wqinput
0 111 3 1 200 ffffd900126e1080 icmp_wqinput/1 icmp_wqinput
0 110 3 0 200 ffffd900126ca8c0 icmp_wqinput/0 icmp_wqinput
0 109 3 0 200 ffffd900126ca480 rt_timer rt_timer
0 108 3 1 200 ffffd900126c9bc0 vmem_rehash vmem_rehash
0 99 3 0 200 ffffd900120bbb40 entbutler entropy
0 98 3 1 200 ffffd900120bb700 viomb balloon
0 97 3 1 200 ffffd900120bb2c0 vioif0_txrx/1 vioif0_txrx
0 96 3 0 200 ffffd900120b6b00 vioif0_txrx/0 vioif0_txrx
0 29 3 0 200 ffffd900120b6280 scsibus0 sccomp
0 28 3 0 200 ffffd90010cbaac0 pms0 pmsreset
0 27 3 1 200 ffffd90010cba680 xcall/1 xcall
0 26 1 1 200 ffffd90010cba240 softser/1
0 25 1 1 200 ffffd90010cb9a80 softclk/1
0 24 1 1 200 ffffd90010cb9640 softbio/1
0 23 1 1 200 ffffd90010cb9200 softnet/1
0 22 1 1 201 ffffd9000fb55a40 idle/1
0 21 3 0 200 ffffd9000fb55600 lnxsyswq lnxsyswq
0 20 3 0 200 ffffd9000fb551c0 lnxubdwq lnxubdwq
0 19 3 0 200 ffffd9000fb54a00 lnxpwrwq lnxpwrwq
0 18 3 0 200 ffffd9000fb545c0 lnxlngwq lnxlngwq
0 17 3 0 200 ffffd9000fb54180 lnxhipwq lnxhipwq
0 16 3 0 200 ffffd9000fb4b9c0 lnxrcugc lnxrcugc
0 15 3 0 200 ffffd9000fb4b580 sysmon smtaskq
0 14 3 0 200 ffffd9000fb4b140 pmfsuspend pmfsuspend
0 13 3 0 200 ffffd9000fb48980 pmfevent pmfevent
0 12 3 0 200 ffffd9000fb48540 sopendfree sopendfr
0 11 3 0 200 ffffd9000fb48100 iflnkst iflnkst
0 10 3 0 200 ffffd9000fb3c940 nfssilly nfssilly
0 9 3 0 200 ffffd9000fb3c500 vdrain vdrain
0 8 3 0 200 ffffd9000fb3c0c0 modunload mod_unld
0 7 3 0 200 ffffd9000fb33900 xcall/0 xcall
0 6 1 0 200 ffffd9000fb334c0 softser/0
0 5 3 0 200 ffffd9000fb33080 softclk/0 tstile
0 4 1 0 200 ffffd9000fb318c0 softbio/0
0 3 1 0 200 ffffd9000fb31480 softnet/0
0 2 1 0 201 ffffd9000fb31040 idle/0
0 0 3 0 200 ffffffff83341600 swapper uvm
[Locks tracked through LWPs]

****** LWP 3278.3278 (syz-executor.1) @ 0xffffd90013444500, l_stat=7

*** Locks held:

* Lock 0 (initialized at vcache_alloc)
lock address : 0xffffd900140bd240 type : sleep/adaptive
initialized : 0xffffffff81ca5730
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffd90013444500 last held: 0xffffd90013444500
last locked* : 0xffffffff81cdbd06 unlocked : 0xffffffff81cdbd68
owner/count : 0xffffd90013444500 flags : 0x0000000000000004
Turnstile: no active turnstile for this lock.

* Lock 1 (initialized at vcache_alloc)
lock address : 0xffffd900133a1400 type : sleep/adaptive
initialized : 0xffffffff81ca573c
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffd90013444500 last held: 0xffffd90013444500
last locked* : 0xffffffff81ca62dd unlocked : 0xffffffff81ca5bf3
owner field : 0xffffd90013444500 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 1078.1224 (syz-fuzzer) @ 0xffffd90013c325c0, l_stat=2

*** Locks held:

* Lock 0 (initialized at amap_ctor)
lock address : 0xffffd90013cbe380 type : sleep/adaptive
initialized : 0xffffffff81a4ef0b
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 1
relevant lwp : 0xffffd90013c325c0 last held: 0xffffd90013c325c0
last locked* : 0xffffffff81a5fbe4 unlocked : 0xffffffff81a5d626
owner/count : 000000000000000000 flags : 000000000000000000
Turnstile: no active turnstile for this lock.

* Lock 1 (initialized at pmap_ctor)
lock address : 0xffffd90013335f80 type : sleep/adaptive
initialized : 0xffffffff80956139
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 1
relevant lwp : 0xffffd90013c325c0 last held: 0xffffd90013c325c0
last locked* : 0xffffffff80955d9a unlocked : 0xffffffff80956001
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 464.464 (dhcpcd) @ 0xffffd90012c81900, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff83480a80 type : sleep/adaptive
initialized : 0xffffffff81b10cb1
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffd90012c81900 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 546.546 (dhcpcd) @ 0xffffd90012c4db80, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff83480a80 type : sleep/adaptive
initialized : 0xffffffff81b10cb1
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0
relevant lwp : 0xffffd90012c4db80 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 288.288 (dhcpcd) @ 0xffffd90012d6b8c0, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff83480a80 type : sleep/adaptive
initialized : 0xffffffff81b10cb1
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffd90012d6b8c0 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 351.351 (dhcpcd) @ 0xffffd90012d6b480, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff83480a80 type : sleep/adaptive
initialized : 0xffffffff81b10cb1
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0
relevant lwp : 0xffffd90012d6b480 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.11 (iflnkst) @ 0xffffd9000fb48100, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff83480a80 type : sleep/adaptive
initialized : 0xffffffff81b10cb1
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffd9000fb48100 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.5 (softclk/0) @ 0xffffd9000fb33080, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff83480a80 type : sleep/adaptive
initialized : 0xffffffff81b10cb1
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffd9000fb33080 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.0 (swapper) @ 0xffffffff83341600, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff83480a80 type : sleep/adaptive
initialized : 0xffffffff81b10cb1
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffffff83341600 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

[Locks tracked through CPUs]

******* Locks held on cpu0:

* Lock 0 (initialized at main)
lock address : 0xffffffff83480980 type : spin
initialized : 0xffffffff81f656ae
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffd90013444500 last held: 0xffffd90013444500
last locked* : 0xffffffff81b46ef0 unlocked : 0xffffffff80942b74
curcpu holds : 1 wanted by: 000000000000000000

* Lock 1 (initialized at kprintf_init)
lock address : 0xffffffff8358bea0 type : spin
initialized : 0xffffffff81bc3115
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffd90013444500 last held: 0xffffd90013444500
last locked* : 0xffffffff81bc3186 unlocked : 0xffffffff81bc31e4
owner field : 0x0000000000000800 wait/spin: 0/1

PAGE FLAG PQ UOBJECT UANON
0xffffd90000017180 0041 00000000 0x0 0x0
0xffffd90000017200 0041 00000000 0x0 0x0
0xffffd90000017280 0041 00000000 0x0 0x0
0xffffd90000017300 0041 00000000 0x0 0x0
0xffffd90000017380 0041 00000000 0x0 0x0
0xffffd90000017400 0041 00000000 0x0 0x0
0xffffd90000017480 0041 00000000 0x0 0x0
0xffffd90000017500 0041 00000000 0x0 0x0
0xffffd90000017580 0041 00000000 0x0 0x0
0xffffd90000017600 0041 00000000 0x0 0x0
0xffffd90000017680 0041 00000000 0x0 0x0
0xffffd90000017700 0041 00000000 0x0 0x0
0xffffd90000017780 0041 00000000 0x0 0x0
0xffffd90000017800 0041 00000000 0x0 0x0
0xffffd90000017880 0041 00000000 0x0 0x0
0xffffd90000017900 0041 00000000 0x0 0x0
0xffffd90000017980 0041 00000000 0x0 0x0
0xffffd90000017a00 0041 00000000 0x0 0x0
0xffffd90000017a80 0041 00000000 0x0 0x0
0xffffd90000017b00 0041 00000000 0x0 0x0
0xffffd90000017b80 0041 00000000 0x0 0x0
0xffffd90000017c00 0041 00000000 0x0 0x0
0xffffd90000017c80 0041 00000000 0x0 0x0
0xffffd90000017d00 0041 00000000 0x0 0x0
0xffffd90000017d80 0041 00000000 0x0 0x0
0xffffd90000017e00 0041 00000000 0x0 0x0
0xffffd90000017e80 0041 00000000 0x0 0x0
0xffffd90000017f00 0041 00000000 0x0 0x0
0xffffd90000017f80 0041 00000000 0x0 0x0
0xffffd90000018000 0041 00000000 0x0 0x0
0xffffd90000018080 0041 00000000 0x0 0x0
0xffffd90000018100 0041 00000000 0x0 0x0
0xffffd90000018180 0041 00000000 0x0 0x0
0xffffd90000018200 0041 00000000 0x0 0x0
0xffffd90000018280 0041 00000000 0x0 0x0
0xffffd90000018300 0041 00000000 0x0 0x0
0xffffd90000018380 0041 00000000 0x0 0x0
0xffffd90000018400 0041 00000000 0x0 0x0
0xffffd90000018480 0041 00000000 0x0 0x0
0xffffd90000018500 0041 00000000 0x0 0x0
0xffffd90000018580 0041 00000000 0x0 0x0
0xffffd90000018600 0041 00000000 0x0 0x0
0xffffd90000018680 0041 00000000 0x0 0x0
0xffffd90000018700 0041 00000000 0x0 0x0
0xffffd90000018780 0041 00000000 0x0 0x0
0xffffd90000018800 0041 00000000 0x0 0x0
0xffffd90000018880 0041 00000000 0x0 0x0
0xffffd90000018900 0041 00000000 0x0 0x0
0xffffd90000018980 0041 00000000 0x0 0x0
0xffffd90000018a00 0041 00000000 0x0 0x0
0xffffd90000018a80 0041 00000000 0x0 0x0
0xffffd90000018b00 0041 00000000 0x0 0x0
0xffffd90000018b80 0041 00000000 0x0 0x0
0xffffd90000018c00 0041 00000000 0x0 0x0
0xffffd90000018c80 0041 00000000 0x0 0x0
0xffffd90000018d00 0041 00000000 0x0 0x0
0xffffd90000018d80 0041 00000000 0x0 0x0
0xffffd90000018e00 0041 00000000 0x0 0x0
0xffffd90000018e80 0041 00000000 0x0 0x0
0xffffd90000018f00 0041 00000000 0x0 0x0
0xffffd90000018f80 0041 00000000 0x0 0x0
0xffffd90000019000 0041 00000000 0x0 0x0
0xffffd90000019080 0041 00000000 0x0 0x0
0xffffd90000019100 0041 00000000 0x0 0x0
0xffffd90000019180 0041 00000000 0x0 0x0
0xffffd90000019200 0041 00000000 0x0 0x0
0xffffd90000019280 0041 00000000 0x0 0x0
0xffffd90000019300 0041 00000000 0x0 0x0
0xffffd90000019380 0041 00000000 0x0 0x0
0xffffd90000019400 0041 00000000 0x0 0x0
0xffffd90000019480 0041 00000000 0x0 0x0
0xffffd90000019500 0041 00000000 0x0 0x0
0xffffd90000019580 0041 00000000 0x0 0x0
0xffffd90000019600 0041 00000000 0x0 0x0
0xffffd90000019680 0041 00000000 0x0 0x0
0xffffd90000019700 0041 00000000 0x0 0x0
0xffffd90000019780 0041 00000000 0x0 0x0
0xffffd90000019800 0041 00000000 0x0 0x0
0xffffd90000019880 0041 00000000 0x0 0x0
0xffffd90000019900 0041 00000000 0x0 0x0
0xffffd90000019980 0041 00000000 0x0 0x0
0xffffd90000019a00 0041 00000000 0x0 0x0
0xffffd90000019a80 0041 00000000 0x0 0x0
0xffffd90000019b00 0041 00000000 0x0 0x0
0xffffd90000019b80 0041 00000000 0x0 0x0
0xffffd90000019c00 0041 00000000 0x0 0x0
0xffffd90000019c80 0041 00000000 0x0 0x0
0xffffd90000019d00 0041 00000000 0x0 0x0
0xffffd90000019d80 0041 00000000 0x0 0x0
0xffffd90000019e00 0041 00000000 0x0 0x0
0xffffd90000019e80 0041 00000000 0x0 0x0
0xffffd90000019f00 0041 00000000 0x0 0x0
0xffffd90000019f80 0041 00000000 0x0 0x0
0xffffd9000001a000 0041 00000000 0x0 0x0
0xffffd9000001a080 0041 00000000 0x0 0x0
0xffffd9000001a100 0041 00000000 0x0 0x0
0xffffd9000001a180 0041 00000000 0x0 0x0
0xffffd9000001a200 0041 00000000 0x0 0x0
0xffffd9000001a280 0041 00000000 0x0 0x0
0xffffd9000001a300 0041 00000000 0x0 0x0
0xffffd9000001a380 0041 00000000 0x0 0x0
0xffffd9000001a400 0041 00000000 0x0 0x0
0xffffd9000001a480 0041 00000000 0x0 0x0
0xffffd9000001a500 0041 00000000 0x0 0x0
0xffffd9000001a580 0041 00000000 0x0 0x0
0xffffd9000001a600 0041 00000000 0x0 0x0
0xffffd9000001a680 0041 00000000 0x0 0x0
0xffffd9000001a700 0041 00000000 0x0 0x0
0xffffd9000001a780 0041 00000000 0x0 0x0
0xffffd9000001a800 0041 00000000 0x0 0x0
0xffffd9000001a880 0041 00000000 0x0 0x0
0xffffd9000001a900 0041 00000000 0x0 0x0
0xffffd9000001a980 0041 00000000 0x0 0x0
0xffffd9000001aa00 0041 00000000 0x0 0x0
0xffffd9000001aa80 0041 00000000 0x0 0x0
0xffffd9000001ab00 0041 00000000 0x0 0x0
0xffffd9000001ab80 0041 00000000 0x0 0x0
0xffffd9000001ac00 0041 00000000 0x0 0x0
0xffffd9000001ac80 0041 00000000 0x0 0x0
0xffffd9000001ad00 0041 00000000 0x0 0x0
0xffffd9000001ad80 0041 00000000 0x0 0x0
0xffffd9000001ae00 0041 00000000 0x0 0x0
0xffffd9000001ae80 0041 00000000 0x0 0x0
0xffffd9000001af00 0041 00000000 0x0 0x0
0xffffd9000001af80 0041 00000000 0x0 0x0
0xffffd9000001b000 0041 00000000 0x0 0x0
0xffffd9000001b080 0041 00000000 0x0 0x0
0xffffd9000001b100 0041 00000000 0x0 0x0
0xffffd9000001b180 0041 00000000 0x0 0x0
0xffffd9000001b200 0041 00000000 0x0 0x0
0xffffd9000001b280 0041 00000000 0x0 0x0
0xffffd9000001b300 0041 00000000 0x0 0x0
0xffffd9000001b380 0041 00000000 0x0 0x0
0xffffd9000001b400 0041 00000000 0x0 0x0
0xffffd9000001b480 0041 00000000 0x0 0x0
0xffffd9000001b500 0041 00000000 0x0 0x0
0xffffd9000001b580 0041 00000000 0x0 0x0
0xffffd9000001b600 0041 00000000 0x0 0x0
0xffffd9000001b680 0041 00000000 0x0 0x0
0xffffd9000001b700 0041 00000000 0x0 0x0
0xffffd9000001b780 0041 00000000 0x0 0x0
0xffffd9000001b800 0041 00000000 0x0 0x0
0xffffd9000001b880 0041 00000000 0x0 0x0
0xffffd9000001b900 0041 00000000 0x0 0x0
0xffffd9000001b980 0041 00000000 0x0 0x0
0xffffd9000001ba00 0041 00000000 0x0 0x0
0xffffd9000001ba80 0001 00000000 0x0 0x0
0xffffd9000001bb00 0001 00000000 0x0 0x0
0xffffd9000001bb80 0001 00000000 0x0 0x0
0xffffd9000001bc00 0001 00000000 0x0 0x0
0xffffd9000001bc80 0001 00000000 0x0 0x0
0xffffd9000001bd00 0001 00000000 0x0 0x0
0xffffd9000001bd80 0001 00000000 0x0 0x0
0xffffd9000001be00 0001 00000000 0x0 0x0
0xffffd9000001be80 0001 00000000 0x0 0x0
0xffffd9000001bf00 0001 00000000 0x0 0x0
0xffffd9000001bf80 0001 00000000 0x0 0x0
0xffffd9000001c000 0001 00000000 0x0 0x0
0xffffd9000001c080 0001 00000000 0x0 0x0
0xffffd9000001c100 0001 00000000 0x0 0x0
0xffffd9000001c180 0001 00000000 0x0 0x0
0xffffd9000001c200 0001 00000000 0x0 0x0
0xffffd9000001c280 0001 00000000 0x0 0x0
0xffffd9000001c300 0001 00000000 0x0 0x0
0xffffd9000001c380 0001 00000000 0x0 0x0
0xffffd9000001c400 0001 00000000 0x0 0x0
0xffffd9000001c480 0001 00000000 0x0 0x0
0xffffd9000001c500 0001 00000000 0x0 0x0
0xffffd9000001c580 0001 00000000 0x0 0x0
0xffffd9000001c600 0001 00000000 0x0 0x0
0xffffd9000001c680 0001 00000000 0x0 0x0
0xffffd9000001c700 0001 00000000 0x0 0x0
0xffffd9000001c780 0001 00000000 0x0 0x0
0xffffd9000001c800 0001 00000000 0x0 0x0
0xffffd9000001c880 0001 00000000 0x0 0x0
0xffffd9000001c900 0001 00000000 0x0 0x0
0xffffd9000001c980 0001 00000000 0x0 0x0
0xffffd9000001ca00 0001 00000000 0x0 0x0
0xffffd9000001ca80 0001 00000000 0x0 0x0
0xffffd9000001cb00 0001 00000000 0x0 0x0
0xffffd9000001cb80 0001 00000000 0x0 0x0
0xffffd9000001cc00 0001 00000000 0x0 0x0
0xffffd9000001cc80 0001 00000000 0x0 0x0
0xffffd9000001cd00 0001 00000000 0x0 0x0
0xffffd9000001cd80 0001 00000000 0x0 0x0
0xffffd9000001ce00 0001 00000000 0x0 0x0
0xffffd9000001ce80 0001 00000000 0x0 0x0
0xffffd9000001cf00 0001 00000000 0x0 0x0
0xffffd9000001cf80 0001 00000000 0x0 0x0
0xffffd9000001d000 0001 00000000 0x0 0x0
0xffffd9000001d080 0001 00000000 0x0 0x0
0xffffd9000001d100 0001 00000000 0x0 0x0
0xffffd9000001d180 0001 00000000 0x0 0x0
0xffffd9000001d200 0001 00000000 0x0 0x0
0xffffd9000001d280 0001 00000000 0x0 0x0
0xffffd9000001d300 0001 00000000 0x0 0x0
0xffffd9000001d380 0001 00000000 0x0 0x0
0xffffd9000001d400 0001 00000000 0x0 0x0
0xffffd9000001d480 0001 00000000 0x0 0x0
0xffffd9000001d500 0001 00000000 0x0 0x0
0xffffd9000001d580 0001 00000000 0x0 0x0
0xffffd9000001d600 0001 00000000 0x0 0x0
0xffffd9000001d680 0001 00000000 0x0 0x0
0xffffd9000001d700 0001 00000000 0x0 0x0
0xffffd9000001d780 0001 00000000 0x0 0x0
0xffffd9000001d800 0001 00000000 0x0 0x0
0xffffd9000001d880 0001 00000000 0x0 0x0
0xffffd9000001d900 0001 00000000 0x0 0x0
0xffffd9000001d980 0001 00000000 0x0 0x0
0xffffd9000001da00 0001 00000000 0x0 0x0
0xffffd9000001da80 0001 00000000 0x0 0x0
0xffffd9000001db00 0001 00000000 0x0 0x0
0xffffd9000001db80 0001 00000000 0x0 0x0
0xffffd9000001dc00 0001 00000000 0x0 0x0
0xffffd9000001dc80 0001 00000000 0x0 0x0
0xffffd9000001dd00 0001 00000000 0x0 0x0
0xffffd9000001dd80 0001 00000000 0x0 0x0
0xffffd9000001de00 0001 00000000 0x0 0x0
0xffffd9000001de80 0001 00000000 0x0 0x0
0xffffd9000001df00 0001 00000000 0x0 0x0
0xffffd9000001df80 0001 00000000 0x0 0x0
0xffffd9000001e000 0001 00000000 0x0 0x0
0xffffd9000001e080 0001 00000000 0x0 0x0
0xffffd9000001e100 0001 00000000 0x0 0x0
0xffffd9000001e180 0001 00000000 0x0 0x0
0xffffd9000001e200 0001 00000000 0x0 0x0
0xffffd9000001e280 0001 00000000 0x0 0x0
0xffffd9000001e300 0001 00000000 0x0 0x0
0xffffd9000001e380 0001 00000000 0x0 0x0
0xffffd9000001e400 0001 00000000 0x0 0x0
0xffffd9000001e480 0001 00000000 0x0 0x0
0xffffd9000001e500 0001 00000000 0x0 0x0
0xffffd9000001e580 0001 00000000 0x0 0x0
0xffffd9000001e600 0001 00000000 0x0 0x0
0xffffd9000001e680 0001 00000000 0x0 0x0
0xffffd9000001e700 0001 00000000 0x0 0x0
0xffffd9000001e780 0001 00000000 0x0 0x0
0xffffd9000001e800 0001 00000000 0x0 0x0
0xffffd9000001e880 0001 00000000 0x0 0x0
0xffffd9000001e900 0001 00000000 0x0 0x0
0xffffd9000001e980 0001 00000000 0x0 0x0
0xffffd9000001ea00 0001 00000000 0x0 0x0
0xffffd9000001ea80 0001 00000000 0x0 0x0
0xffffd9000001eb00 0001 00000000 0x0 0x0
0xffffd9000001eb80 0001 00000000 0x0 0x0
0xffffd9000001ec00 0001 00000000 0x0 0x0
0xffffd9000001ec80 0001 00000000 0x0 0x0
0xffffd9000001ed00 0001 00000000 0x0 0x0
0xffffd9000001ed80 0001 00000000 0x0 0x0
0xffffd9000001ee00 0001 00000000 0x0 0x0
0xffffd9000001ee80 0001 00000000 0x0 0x0
0xffffd9000001ef00 0001 00000000 0x0 0x0
0xffffd9000001ef80 0001 00000000 0x0 0x0
0xffffd9000001f000 0001 00000000 0x0 0x0
0xffffd9000001f080 0001 00000000 0x0 0x0
0xffffd9000001f100 0001 00000000 0x0 0x0
0xffffd9000001f180 0001 00000000 0x0 0x0
0xffffd9000001f200 0001 00000000 0x0 0x0
0xffffd9000001f280 0001 00000000 0x0 0x0
0xffffd9000001f300 0001 00000000 0x0 0x0
0xffffd9000001f380 0001 00000000 0x0 0x0
0xffffd9000001f400 0001 00000000 0x0 0x0
0xffffd9000001f480 0001 00000000 0x0 0x0
0xffffd9000001f500 0001 00000000 0x0 0x0
0xffffd9000001f580 0001 00000000 0x0 0x0
0xffffd9000001f600 0001 00000000 0x0 0x0
0xffffd9000001f680 0001 00000000 0x0 0x0
0xffffd9000001f700 0001 00000000 0x0 0x0
0xffffd9000001f780 0001 00000000 0x0 0x0
0xffffd9000001f800 0001 00000000 0x0 0x0
0xffffd9000001f880 0001 00000000 0x0 0x0
0xffffd9000001f900 0001 00000000 0x0 0x0
0xffffd9000001f980 0001 00000000 0x0 0x0
0xffffd9000001fa00 0001 00000000 0x0 0x0
0xffffd9000001fa80 0001 00000000 0x0 0x0
0xffffd9000001fb00 0001 00000000 0x0 0x0
0xffffd9000001fb80 0001 00000000 0x0 0x0
0xffffd9000001fc00 0001 00000000 0x0 0x0
0xffffd9000001fc80 0001 00000000 0x0 0x0
0xffffd9000001fd00 0001 00000000 0x0 0x0
0xffffd9000001fd80 0001 00000000 0x0 0x0
0xffffd9000001fe00 0001 00000000 0x0 0x0
0xffffd9000001fe80 0001 00000000 0x0 0x0
0xffffd9000001ff00 0001 00000000 0x0 0x0
0xffffd9000001ff80 0001 00000000 0x0 0x0
0xffffd90000020000 0001 00000000 0x0 0x0
0xffffd90000020080 0001 00000000 0x0 0x0
0xffffd90000020100 0001 00000000 0x0 0x0
0xffffd90000020180 0001 00000000 0x0 0x0
0xffffd90000020200 0001 00000000 0x0 0x0
0xffffd90000020280 0001 00000000 0x0 0x0
0xffffd90000020300 0001 00000000 0x0 0x0
0xffffd90000020380 0001 00000000 0x0 0x0
0xffffd90000020400 0001 00000000 0x0 0x0
0xffffd90000020480 0001 00000000 0x0 0x0
0xffffd90000020500 0001 00000000 0x0 0x0
0xffffd90000020580 0001 00000000 0x0 0x0
0xffffd90000020600 0001 00000000 0x0 0x0
0xffffd90000020680 0001 00000000 0x0 0x0
0xffffd90000020700 0001 00000000 0x0 0x0
0xffffd90000020780 0001 00000000 0x0 0x0
0xffffd90000020800 0001 00000000 0x0 0x0
0xffffd90000020880 0001 00000000 0x0 0x0
0xffffd90000020900 0001 00000000 0x0 0x0
0xffffd90000020980 0001 00000000 0x0 0x0
0xffffd90000020a00 0001 00000000 0x0 0x0
0xffffd90000020a80 0001 00000000 0x0 0x0
0xffffd90000020b00 0001 00000000 0x0 0x0
0xffffd90000020b80 0001 00000000 0x0 0x0
0xffffd90000020c00 0001 00000000 0x0 0x0
0xffffd90000020c80 0001 00000000 0x0 0x0
0xffffd90000020d00 0001 00000000 0x0 0x0
0xffffd90000020d80 0001 00000000 0x0 0x0
0xffffd90000020e00 0001 00000000 0x0 0x0
0xffffd90000020e80 0001 00000000 0x0 0x0
0xffffd90000020f00 0001 00000000 0x0 0x0
0xffffd90000020f80 0001 00000000 0x0 0x0
0xffffd90000021000 0001 00000000 0x0 0x0
0xffffd90000021080 0001 00000000 0x0 0x0
0xffffd90000021100 0001 00000000 0x0 0x0
0xffffd90000021180 0001 00000000 0x0 0x0
0xffffd90000021200 0001 00000000 0x0 0x0
0xffffd90000021280 0001 00000000 0x0 0x0
0xffffd90000021300 0001 00000000 0x0 0x0
0xffffd90000021380 0001 00000000 0x0 0x0
0xffffd90000021400 0001 00000000 0x0 0x0
0xffffd90000021480 0001 00000000 0x0 0x0
0xffffd90000021500 0001 00000000 0x0 0x0
0xffffd90000021580 0001 00000000 0x0 0x0
0xffffd90000021600 0001 00000000 0x0 0x0
0xffffd90000021680 0001 00000000 0x0 0x0
0xffffd90000021700 0001 00000000 0x0 0x0
0xffffd90000021780 0001 00000000 0x0 0x0
0xffffd90000021800 0001 00000000 0x0 0x0
0xffffd90000021880 0001 00000000 0x0 0x0
0xffffd90000021900 0001 00000000 0x0 0x0
0xffffd90000021980 0001 00000000 0x0 0x0
0xffffd90000021a00 0001 00000000 0x0 0x0
0xffffd90000021a80 0001 00000000 0x0 0x0
0xffffd90000021b00 0001 00000000 0x0 0x0
0xffffd90000021b80 0001 00000000 0x0 0x0
0xffffd90000021c00 0001 00000000 0x0 0x0
0xffffd90000021c80 0001 00000000 0x0 0x0
0xffffd90000021d00 0001 00000000 0x0 0x0
0xffffd90000021d80 0001 00000000 0x0 0x0
0xffffd90000021e00 0001 00000000 0x0 0x0
0xffffd90000021e80 0001 00000000 0x0 0x0
0xffffd90000021f00 0001 00000000 0x0 0x0
0xffffd90000021f80 0001 00000000 0x0 0x0
0xffffd90000022000 0001 00000000 0x0 0x0
0xffffd90000022080 0001 00000000 0x0 0x0
0xffffd90000022100 0001 00000000 0x0 0x0
0xffffd90000022180 0001 00000000 0x0 0x0
0xffffd90000022200 0001 00000000 0x0 0x0
0xffffd90000022280 0001 00000000 0x0 0x0
0xffffd90000022300 0001 00000000 0x0 0x0
0xffffd90000022380 0001 00000000 0x0 0x0
0xffffd90000022400 0001 00000000 0x0 0x0
0xffffd90000022480 0001 00000000 0x0 0x0
0xffffd90000022500 0001 00000000 0x0 0x0
0xffffd90000022580 0001 00000000 0x0 0x0
0xffffd90000022600 0001 00000000 0x0 0x0
0xffffd90000022680 0001 00000000 0x0 0x0
0xffffd90000022700 0001 00000000 0x0 0x0
0xffffd90000022780 0001 00000000 0x0 0x0
0xffffd90000022800 0001 00000000 0x0 0x0
0xffffd90000022880 0001 00000000 0x0 0x0
0xffffd90000022900 0001 00000000 0x0 0x0
0xffffd90000022980 0001 00000000 0x0 0x0
0xffffd90000022a00 0001 00000000 0x0 0x0
0xffffd90000022a80 0001 00000000 0x0 0x0
0xffffd90000022b00 0001 00000000 0x0 0x0
0xffffd90000022b80 0001 00000000 0x0 0x0
0xffffd90000022c00 0001 00000000 0x0 0x0
0xffffd90000022c80 0001 00000000 0x0 0x0
0xffffd90000022d00 0001 00000000 0x0 0x0
0xffffd90000022d80 0001 00000000 0x0 0x0
0xffffd90000022e00 0001 00000000 0x0 0x0
0xffffd90000022e80 0001 00000000 0x0 0x0
0xffffd90000022f00 0001 00000000 0x0 0x0
0xffffd90000022f80 0001 00000000 0x0 0x0
0xffffd90000023000 0001 00000000 0x0 0x0
0xffffd90000023080 0001 00000000 0x0 0x0
0xffffd90000023100 0001 00000000 0x0 0x0
0xffffd90000023180 0001 00000000 0x0 0x0
0xffffd90000023200 0001 00000000 0x0 0x0
0xffffd90000023280 0001 00000000 0x0 0x0
0xffffd90000023300 0001 00000000 0x0 0x0
0xffffd90000023380 0001 00000000 0x0 0x0
0xffffd90000023400 0001 00000000 0x0 0x0
0xffffd90000023480 0001 00000000 0x0 0x0
0xffffd90000023500 0001 00000000 0x0 0x0
0xffffd90000023580 0001 00000000 0x0 0x0
0xffffd90000023600 0001 00000000 0x0 0x0
0xffffd90000023680 0001 00000000 0x0 0x0
0xffffd90000023700 0001 00000000 0x0 0x0
0xffffd90000023780 0001 00000000 0x0 0x0
0xffffd90000023800 0001 00000000 0x0 0x0
0xffffd90000023880 0001 00000000 0x0 0x0
0xffffd90000023900 0001 00000000 0x0 0x0
0xffffd90000023980 0001 00000000 0x0 0x0
0xffffd90000023a00 0001 00000000 0x0 0x0
0xffffd90000023a80 0001 00000000 0x0 0x0
0xffffd90000023b00 0001 00000000 0x0 0x0
0xffffd90000023b80 0001 00000000 0x0 0x0
0xffffd90000023c00 0001 00000000 0x0 0x0
0xffffd90000023c80 0001 00000000 0x0 0x0
0xffffd90000023d00 0001 00000000 0x0 0x0
0xffffd90000023d80 0001 00000000 0x0 0x0
0xffffd90000023e00 0001 00000000 0x0 0x0
0xffffd90000023e80 0001 00000000 0x0 0x0
0xffffd90000023f00 0001 00000000 0x0 0x0
0xffffd90000023f80 0001 00000000 0x0 0x0
0xffffd90000024000 0001 00000000 0x0 0x0
0xffffd90000024080 0001 00000000 0x0 0x0
0xffffd90000024100 0001 00000000 0x0 0x0
0xffffd90000024180 0001 00000000 0x0 0x0
0xffffd90000024200 0001 00000000 0x0 0x0
0xffffd90000024280 0001 00000000 0x0 0x0
0xffffd90000024300 0001 00000000 0x0 0x0
0xffffd90000024380 0001 00000000 0x0 0x0
0xffffd90000024400 0001 00000000 0x0 0x0
0xffffd90000024480 0001 00000000 0x0 0x0
0xffffd90000024500 0001 00000000 0x0 0x0
0xffffd90000024580 0001 00000000 0x0 0x0
0xffffd90000024600 0001 00000000 0x0 0x0
0xffffd90000024680 0001 00000000 0x0 0x0
0xffffd90000024700 0001 00000000 0x0 0x0
0xffffd90000024780 0001 00000000 0x0 0x0
0xffffd90000024800 0001 00000000 0x0 0x0
0xffffd90000024880 0001 00000000 0x0 0x0
0xffffd90000024900 0001 00000000 0x0 0x0
0xffffd90000024980 0001 00000000 0x0 0x0
0xffffd90000024a00 0001 00000000 0x0 0x0
0xffffd90000024a80 0001 00000000 0x0 0x0
0xffffd90000024b00 0001 00000000 0x0 0x0
0xffffd90000024b80 0001 00000000 0x0 0x0
0xffffd90000024c00 0001 00000000 0x0 0x0
0xffffd90000024c80 0001 00000000 0x0 0x0
0xffffd90000024d00 0001 00000000 0x0 0x0
0xffffd90000024d80 0001 00000000 0x0 0x0
0xffffd90000024e00 0001 00000000 0x0 0x0
0xffffd90000024e80 0001 00000000 0x0 0x0
0xffffd90000024f00 0001 00000000 0x0 0x0
0xffffd90000024f80 0001 00000000 0x0 0x0
0xffffd90000025000 0001 00000000 0x0 0x0
0xffffd90000025080 0001 00000000 0x0 0x0
0xffffd90000025100 0001 00000000 0x0 0x0
0xffffd90000025180 0001 00000000 0x0 0x0
0xffffd90000025200 0001 00000000 0x0 0x0
0xffffd90000025280 0001 00000000 0x0 0x0
0xffffd90000025300 0001 00000000 0x0 0x0
0xffffd90000025380 0001 00000000 0x0 0x0
0xffffd90000025400 0001 00000000 0x0 0x0
0xffffd90000025480 0001 00000000 0x0 0x0
0xffffd90000025500 0001 00000000 0x0 0x0
0xffffd90000025580 0001 00000000 0x0 0x0
0xffffd90000025600 0001 00000000 0x0 0x0
0xffffd90000025680 0001 00000000 0x0 0x0
0xffffd90000025700 0001 00000000 0x0 0x0
0xffffd90000025780 0001 00000000 0x0 0x0
0xffffd90000025800 0001 00000000 0x0 0x0
0xffffd90000025880 0001 00000000 0x0 0x0
0xffffd90000025900 0001 00000000 0x0 0x0
0xffffd90000025980 0001 00000000 0x0 0x0
0xffffd90000025a00 0001 00000000 0x0 0x0
0xffffd90000025a80 0001 00000000 0x0 0x0
0xffffd90000025b00 0001 00000000 0x0 0x0
0xffffd90000025b80 0001 00000000 0x0 0x0
0xffffd90000025c00 0001 00000000 0x0 0x0
0xffffd90000025c80 0001 00000000 0x0 0x0
0xffffd90000025d00 0001 00000000 0x0 0x0
0xffffd90000025d80 0001 00000000 0x0 0x0
0xffffd90000025e00 0001 00000000 0x0 0x0
0xffffd90000025e80 0001 00000000 0x0 0x0
0xffffd90000025f00 0001 00000000 0x0 0x0
0xffffd90000025f80 0001 00000000 0x0 0x0
0xffffd90000026000 0001 00000000 0x0 0x0
0xffffd90000026080 0001 00000000 0x0 0x0
0xffffd90000026100 0001 00000000 0x0 0x0
0xffffd90000026180 0001 00000000 0x0 0x0
0xffffd90000026200 0001 00000000 0x0 0x0
0xffffd90000026280 0001 00000000 0x0 0x0
0xffffd90000026300 0001 00000000 0x0 0x0
0xffffd90000026380 0001 00000000 0x0 0x0
0xffffd90000026400 0001 00000000 0x0 0x0
0xffffd90000026480 0001 00000000 0x0 0x0
0xffffd90000026500 0001 00000000 0x0 0x0
0xffffd90000026580 0001 00000000 0x0 0x0
0xffffd90000026600 0001 00000000 0x0 0x0
0xffffd90000026680 0001 00000000 0x0 0x0
0xffffd90000026700 0001 00000000 0x0 0x0
0xffffd90000026780 0001 00000000 0x0 0x0
0xffffd90000026800 0001 00000000 0x0 0x0
0xffffd90000026880 0001 00000000 0x0 0x0
0xffffd90000026900 0001 00000000 0x0 0x0
0xffffd90000026980 0001 00000000 0x0 0x0
0xffffd90000026a00 0001 00000000 0x0 0x0
0xffffd90000026a80 0001 00000000 0x0 0x0
0xffffd90000026b00 0001 00000000 0x0 0x0
0xffffd90000026b80 0001 00000000 0x0 0x0
0xffffd90000026c00 0001 00000000 0x0 0x0
0xffffd90000026c80 0001 00000000 0x0 0x0
0xffffd90000026d00 0001 00000000 0x0 0x0
0xffffd90000026d80 0001 00000000 0x0 0x0
0xffffd90000026e00 0001 00000000 0x0 0x0
0xffffd90000026e80 0001 00000000 0x0 0x0
0xffffd90000026f00 0001 00000000 0x0 0x0
0xffffd90000026f80 0001 00000000 0x0 0x0
0xffffd90000027000 0001 00000000 0x0 0x0
0xffffd90000027080 0001 00000000 0x0 0x0
0xffffd90000027100 0001 00000000 0x0 0x0
0xffffd90000027180 0001 00000000 0x0 0x0
0xffffd90000027200 0001 00000000 0x0 0x0
0xffffd90000027280 0001 00000000 0x0 0x0
0xffffd90000027300 0001 00000000 0x0 0x0
0xffffd90000027380 0001 00000000 0x0 0x0
0xffffd90000027400 0001 00000000 0x0 0x0
0xffffd90000027480 0001 00000000 0x0 0x0
0xffffd90000027500 0001 00000000 0x0 0x0
0xffffd90000027580 0001 00000000 0x0 0x0
0xffffd90000027600 0001 00000000 0x0 0x0
0xffffd90000027680 0001 00000000 0x0 0x0
0xffffd90000027700 0001 00000000 0x0 0x0
0xffffd90000027780 0001 00000000 0x0 0x0
0xffffd90000027800 0001 00000000 0x0 0x0
0xffffd90000027880 0001 00000000 0x0 0x0
0xffffd90000027900 0001 00000000 0x0 0x0
0xffffd90000027980 0001 00000000 0x0 0x0
0xffffd90000027a00 0001 00000000 0x0 0x0
0xffffd90000027a80 0001 00000000 0x0 0x0
0xffffd90000027b00 0001 00000000 0x0 0x0
0xffffd90000027b80 0001 00000000 0x0 0x0
0xffffd90000027c00 0001 00000000 0x0 0x0
0xffffd90000027c80 0001 00000000 0x0 0x0
0xffffd90000027d00 0001 00000000 0x0 0x0
0xffffd90000027d80 0001 00000000 0x0 0x0
0xffffd90000027e00 0001 00000000 0x0 0x0
0xffffd90000027e80 0001 00000000 0x0 0x0
0xffffd90000027f00 0001 00000000 0x0 0x0
0xffffd90000027f80 0001 00000000 0x0 0x0
0xffffd90000028000 0001 00000000 0x0 0x0
0xffffd90000028080 0001 00000000 0x0 0x0
0xffffd90000028100 0001 00000000 0x0 0x0
0xffffd90000028180 0001 00000000 0x0 0x0
0xffffd90000028200 0001 00000000 0x0 0x0
0xffffd90000028280 0001 00000000 0x0 0x0
0xffffd90000028300 0001 00000000 0x0 0x0
0xffffd90000028380 0001 00000000 0x0 0x0
0xffffd90000028400 0001 00000000 0x0 0x0
0xffffd90000028480 0001 00000000 0x0 0x0
0xffffd90000028500 0001 00000000 0x0 0x0
0xffffd90000028580 0001 00000000 0x0 0x0
0xffffd90000028600 0001 00000000 0x0 0x0
0xffffd90000028680 0001 00000000 0x0 0x0
0xffffd90000028700 0001 00000000 0x0 0x0
0xffffd90000028780 0001 00000000 0x0 0x0
0xffffd90000028800 0001 00000000 0x0 0x0
0xffffd90000028880 0001 00000000 0x0 0x0
0xffffd90000028900 0001 00000000 0x0 0x0
0xffffd90000028980 0001 00000000 0x0 0x0
0xffffd90000028a00 0001 00000000 0x0 0x0
0xffffd90000028a80 0001 00000000 0x0 0x0
0xffffd90000028b00 0001 00000000 0x0 0x0
0xffffd90000028b80 0001 00000000 0x0 0x0
0xffffd90000028c00 0001 00000000 0x0 0x0
0xffffd90000028c80 0001 00000000 0x0 0x0
0xffffd90000028d00 0001 00000000 0x0 0x0
0xffffd90000028d80 0001 00000000 0x0 0x0
0xffffd90000028e00 0001 00000000 0x0 0x0
0xffffd90000028e80 0001 00000000 0x0 0x0
0xffffd90000028f00 0001 00000000 0x0 0x0
0xffffd90000028f80 0001 00000000 0x0 0x0
0xffffd90000029000 0001 00000000 0x0 0x0
0xffffd90000029080 0001 00000000 0x0 0x0
0xffffd90000029100 0001 00000000 0x0 0x0
0xffffd90000029180 0001 00000000 0x0 0x0
0xffffd90000029200 0001 00000000 0x0 0x0
0xffffd90000029280 0001 00000000 0x0 0x0
0xffffd90000029300 0001 00000000 0x0 0x0
0xffffd90000029380 0001 00000000 0x0 0x0
0xffffd90000029400 0001 00000000 0x0 0x0
0xffffd90000029480 0001 00000000 0x0 0x0
0xffffd90000029500 0001 00000000 0x0 0x0
0xffffd90000029580 0001 00000000 0x0 0x0
0xffffd90000029600 0001 00000000 0x0 0x0
0xffffd90000029680 0001 00000000 0x0 0x0
0xffffd90000029700 0001 00000000 0x0 0x0
0xffffd90000029780 0001 00000000 0x0 0x0
0xffffd90000029800 0001 00000000 0x0 0x0
0xffffd90000029880 0001 00000000 0x0 0x0
0xffffd90000029900 0001 00000000 0x0 0x0
0xffffd90000029980 0001 00000000 0x0 0x0
0xffffd90000029a00 0001 00000000 0x0 0x0
0xffffd90000029a80 0001 00000000 0x0 0x0
0xffffd90000029b00 0001 00000000 0x0 0x0
0xffffd90000029b80 0001 00000000 0x0 0x0
0xffffd90000029c00 0001 00000000 0x0 0x0
0xffffd90000029c80 0001 00000000 0x0 0x0
0xffffd90000029d00 0001 00000000 0x0 0x0
0xffffd90000029d80 0001 00000000 0x0 0x0
0xffffd90000029e00 0001 00000000 0x0 0x0
0xffffd90000029e80 0001 00000000 0x0 0x0
0xffffd90000029f00 0001 00000000 0x0 0x0
0xffffd90000029f80 0001 00000000 0x0 0x0
0xffffd9000002a000 0001 00000000 0x0 0x0
0xffffd9000002a080 0001 00000000 0x0 0x0
0xffffd9000002a100 0001 00000000 0x0 0x0
0xffffd9000002a180 0001 00000000 0x0 0x0
0xffffd9000002a200 0001 00000000 0x0 0x0
0xffffd9000002a280 0001 00000000 0x0 0x0
0xffffd9000002a300 0001 00000000 0x0 0x0
0xffffd9000002a380 0001 00000000 0x0 0x0
0xffffd9000002a400 0001 00000000 0x0 0x0
0xffffd9000002a480 0001 00000000 0x0 0x0
0xffffd9000002a500 0001 00000000 0x0 0x0
0xffffd9000002a580 0001 00000000 0x0 0x0
0xffffd9000002a600 0001 00000000 0x0 0x0
0xffffd9000002a680 0001 00000000 0x0 0x0
0xffffd9000002a700 0001 00000000 0x0 0x0
0xffffd9000002a780 0001 00000000 0x0 0x0
0xffffd9000002a800 0001 00000000 0x0 0x0
0xffffd9000002a880 0001 00000000 0x0 0x0
0xffffd9000002a900 0001 00000000 0x0 0x0
0xffffd9000002a980 0001 00000000 0x0 0x0
0xffffd9000002aa00 0001 00000000 0x0 0x0
0xffffd9000002aa80 0001 00000000 0x0 0x0
0xffffd9000002ab00 0001 00000000 0x0 0x0
0xffffd9000002ab80 0001 00000000 0x0 0x0
0xffffd9000002ac00 0001 00000000 0x0 0x0
0xffffd9000002ac80 0001 00000000 0x0 0x0
0xffffd9000002ad00 0001 00000000 0x0 0x0
0xffffd9000002ad80 0001 00000000 0x0 0x0
0xffffd9000002ae00 0001 00000000 0x0 0x0
0xffffd9000002ae80 0001 00000000 0x0 0x0
0xffffd9000002af00 0001 00000000 0x0 0x0
0xffffd9000002af80 0001 00000000 0x0 0x0
0xffffd9000002b000 0001 00000000 0x0 0x0
0xffffd9000002b080 0001 00000000 0x0 0x0
0xffffd9000002b100 0001 00000000 0x0 0x0
0xffffd9000002b180 0001 00000000 0x0 0x0
0xffffd9000002b200 0001 00000000 0x0 0x0
0xffffd9000002b280 0001 00000000 0x0 0x0
0xffffd9000002b300 0001 00000000 0x0 0x0
0xffffd9000002b380 0001 00000000

---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

syzbot

unread,

Aug 4, 2022, 3:08:23 AM8/4/22

to syzkaller-...@googlegroups.com

syzbot has found a reproducer for the following issue on:

HEAD commit: 6160c84baeee kern/vfs_lockf.c: Fix overflow in overflow de..
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=123d62c1080000

kernel config: https://syzkaller.appspot.com/x/.config?x=fab579639ba4bf0a
dashboard link: https://syzkaller.appspot.com/bug?extid=177e6808c863c4dd4584
compiler: g++ (Debian 10.2.1-6) 10.2.1 20210110

syz repro: https://syzkaller.appspot.com/x/repro.syz?x=178e943e080000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=178f5ca2080000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+177e68...@syzkaller.appspotmail.com

[ 53.2691110] panic: ASan: Unauthorized Access In 0xffffffff81ca734a: Addr 0xffffb88013ce3b98 [8 bytes, read, PoolUseAfterFree]

[ 53.2691110] cpu1: Begin traceback...
[ 53.2790799] vpanic() at netbsd:vpanic+0x282 sys/kern/subr_prf.c:293
[ 53.3090849] panic() at netbsd:panic+0x9e sys/kern/subr_prf.c:1043
[ 53.3290839] kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:168 [inline]
[ 53.3290839] kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:200
[ 53.3590796] __asan_load8() at netbsd:__asan_load8+0xac kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:370 [inline]
[ 53.3590796] __asan_load8() at netbsd:__asan_load8+0xac kasan_shadow_check sys/kern/subr_asan.c:420 [inline]
[ 53.3590796] __asan_load8() at netbsd:__asan_load8+0xac sys/kern/subr_asan.c:1207
[ 53.3890883] vcache_reclaim() at netbsd:vcache_reclaim+0x52b sys/kern/vfs_vnode.c:1923
[ 53.4190808] vrelel() at netbsd:vrelel+0x67a sys/kern/vfs_vnode.c:985
[ 53.4390818] vrele() at netbsd:vrele+0x51 sys/kern/vfs_vnode.c:1038
[ 53.4590789] layer_rmdir() at netbsd:layer_rmdir+0xa4 sys/miscfs/genfs/layer_vnops.c:682
[ 53.4890841] VOP_RMDIR() at netbsd:VOP_RMDIR+0x252 sys/kern/vnode_if.c:1383
[ 53.5090791] do_sys_unlinkat() at netbsd:do_sys_unlinkat+0x64d sys/kern/vfs_syscalls.c:2892
[ 53.5390801] syscall() at netbsd:syscall+0x25a sy_call sys/sys/syscallvar.h:65 [inline]
[ 53.5390801] syscall() at netbsd:syscall+0x25a sy_invoke sys/sys/syscallvar.h:94 [inline]
[ 53.5390801] syscall() at netbsd:syscall+0x25a sys/arch/x86/x86/syscall.c:138
[ 53.5490791] --- syscall (number 137) ---
[ 53.5590805] netbsd:syscall+0x25a:
[ 53.5590805] cpu1: End traceback...
[ 53.5690785] fatal breakpoint trap in supervisor mode
[ 53.5690785] trap type 1 code 0 rip 0xffffffff80220a4d cs 0x8 rflags 0x286 cr2 0x7ded4b1e92a0 ilevel 0 rsp 0xffffb8824827d800
[ 53.5790752] curlwp 0xffffb88012a04740 pid 1220.1220 lowest kstack 0xffffb882482762c0
Stopped in pid 1220.1220 (syz-executor3707) at netbsd:breakpoint+0x5: leave

?
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:69
vpanic() at netbsd:vpanic+0x282 sys/kern/subr_prf.c:293
panic() at netbsd:panic+0x9e sys/kern/subr_prf.c:1043
kasan_report() at netbsd:kasan_report+0x8f kasan_code_name sys/kern/subr_asan.c:168 [inline]
kasan_report() at netbsd:kasan_report+0x8f sys/kern/subr_asan.c:200
__asan_load8() at netbsd:__asan_load8+0xac kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:370 [inline]
__asan_load8() at netbsd:__asan_load8+0xac kasan_shadow_check sys/kern/subr_asan.c:420 [inline]
__asan_load8() at netbsd:__asan_load8+0xac sys/kern/subr_asan.c:1207
vcache_reclaim() at netbsd:vcache_reclaim+0x52b sys/kern/vfs_vnode.c:1923
vrelel() at netbsd:vrelel+0x67a sys/kern/vfs_vnode.c:985
vrele() at netbsd:vrele+0x51 sys/kern/vfs_vnode.c:1038

layer_rmdir() at netbsd:layer_rmdir+0xa4 sys/miscfs/genfs/layer_vnops.c:682
VOP_RMDIR() at netbsd:VOP_RMDIR+0x252 sys/kern/vnode_if.c:1383
do_sys_unlinkat() at netbsd:do_sys_unlinkat+0x64d sys/kern/vfs_syscalls.c:2892

syscall() at netbsd:syscall+0x25a sy_call sys/sys/syscallvar.h:65 [inline]
syscall() at netbsd:syscall+0x25a sy_invoke sys/sys/syscallvar.h:94 [inline]
syscall() at netbsd:syscall+0x25a sys/arch/x86/x86/syscall.c:138

--- syscall (number 137) ---
netbsd:syscall+0x25a:
Panic string: ASan: Unauthorized Access In 0xffffffff81ca734a: Addr 0xffffb88013ce3b98 [8 bytes, read, PoolUseAfterFree]

PID LID S CPU FLAGS STRUCT LWP * NAME WAIT

1082 1082 3 0 0 ffffb88012b6c100 syz-executor3707 biowait
956 956 3 0 0 ffffb88013ce5a40 syz-executor3707 biolock
1224 >1224 7 0 0 ffffb88013ce5600 syz-executor3707
981 981 3 0 180 ffffb88013ce51c0 syz-executor3707 fstcnt
1078 1078 2 1 140 ffffb880133be680 syz-executor3707
422 422 2 1 140 ffffb880133be240 syz-executor3707
1086 1086 2 1 140 ffffb88013c39a00 syz-executor3707
1223 1223 2 1 140 ffffb88013c395c0 syz-executor3707
1222 1222 2 1 140 ffffb880134434c0 syz-executor3707
1220 >1220 7 1 40 ffffb88012a04740 syz-executor3707
972 972 3 0 180 ffffb88012aa6080 syz-executor3707 nanoslp
1054 1054 3 1 40180 ffffb88012b4c0c0 sshd select
1128 1128 3 1 180 ffffb880126ca040 getty nanoslp
1072 1072 3 1 180 ffffb8801347c9c0 getty nanoslp
1069 1069 3 1 180 ffffb8801347c140 getty nanoslp
1074 1074 3 1 1c0 ffffb88012cb3540 getty ttyraw
1067 1067 3 1 180 ffffb88013395600 sshd select
949 949 3 0 180 ffffb88012d16700 powerd kqueue
689 689 2 1 140 ffffb880133d1b00 syslogd
602 602 3 0 180 ffffb88012c3e700 dhcpcd poll
547 547 3 0 180 ffffb88012c99900 dhcpcd poll
464 464 3 0 180 ffffb88012c60b80 dhcpcd poll
589 589 3 0 180 ffffb88012c60300 dhcpcd poll
289 289 3 0 180 ffffb88012d94080 dhcpcd poll
288 288 3 0 180 ffffb88012d848c0 dhcpcd poll
351 351 3 0 180 ffffb88012d84480 dhcpcd poll
1 1 3 1 180 ffffb880128549c0 init wait
0 819 3 0 200 ffffb88012974ac0 physiod physiod
0 194 3 1 200 ffffb8801298bb00 pooldrain pooldrain
0 193 3 0 200 ffffb8801298b6c0 ioflush syncer
0 192 3 0 200 ffffb8801298b280 pgdaemon pgdaemon
0 169 3 1 200 ffffb88012974240 usb7 usbevt
0 167 3 1 200 ffffb8801292da80 usb6 usbevt
0 165 3 1 200 ffffb8801292d640 usb5 usbevt
0 164 3 1 200 ffffb8801292d200 usb4 usbevt
0 31 3 1 200 ffffb880128e1a40 usb3 usbevt
0 63 3 1 200 ffffb880128e1600 usb2 usbevt
0 126 3 1 200 ffffb880128e11c0 usb1 usbevt
0 125 3 0 200 ffffb8801286fa00 usb0 usbevt
0 124 3 1 200 ffffb8801286f5c0 usbtask-dr usbtsk
0 123 3 1 200 ffffb880120b66c0 usbtask-hc usbtsk
0 122 3 0 200 ffffb8801286f180 npfgc0 npfgcw
0 121 3 1 200 ffffb88012854580 rt_free rt_free
0 120 3 1 200 ffffb88012854140 unpgc unpgc
0 119 3 0 200 ffffb880126f9980 key_timehandler key_timehandler
0 118 3 1 200 ffffb880126f9540 icmp6_wqinput/1 icmp6_wqinput
0 117 3 0 200 ffffb880126f9100 icmp6_wqinput/0 icmp6_wqinput
0 116 3 0 200 ffffb880126ee940 nd6_timer nd6_timer
0 115 3 1 200 ffffb880126ee500 carp6_wqinput/1 carp6_wqinput
0 114 3 0 200 ffffb880126ee0c0 carp6_wqinput/0 carp6_wqinput
0 113 3 1 200 ffffb880126e0900 carp_wqinput/1 carp_wqinput
0 112 3 0 200 ffffb880126e04c0 carp_wqinput/0 carp_wqinput
0 111 3 1 200 ffffb880126e0080 icmp_wqinput/1 icmp_wqinput
0 110 3 0 200 ffffb880126ca8c0 icmp_wqinput/0 icmp_wqinput
0 109 3 0 200 ffffb880126ca480 rt_timer rt_timer
0 108 3 1 200 ffffb880126c9bc0 vmem_rehash vmem_rehash
0 99 3 0 200 ffffb880120bbb40 entbutler entropy
0 98 3 1 200 ffffb880120bb700 viomb balloon
0 97 3 1 200 ffffb880120bb2c0 vioif0_txrx/1 vioif0_txrx
0 96 3 0 200 ffffb880120b6b00 vioif0_txrx/0 vioif0_txrx
0 29 3 0 200 ffffb880120b6280 scsibus0 sccomp
0 28 3 0 200 ffffb88010cb9ac0 pms0 pmsreset
0 27 3 1 200 ffffb88010cb9680 xcall/1 xcall
0 26 1 1 200 ffffb88010cb9240 softser/1
0 25 1 1 200 ffffb88010cb8a80 softclk/1
0 24 1 1 200 ffffb88010cb8640 softbio/1
0 23 1 1 200 ffffb88010cb8200 softnet/1
0 22 1 1 201 ffffb8800fb55a40 idle/1
0 21 3 0 200 ffffb8800fb55600 lnxsyswq lnxsyswq
0 20 3 0 200 ffffb8800fb551c0 lnxubdwq lnxubdwq
0 19 3 0 200 ffffb8800fb54a00 lnxpwrwq lnxpwrwq
0 18 3 0 200 ffffb8800fb545c0 lnxlngwq lnxlngwq
0 17 3 1 200 ffffb8800fb54180 lnxhipwq lnxhipwq
0 16 3 1 200 ffffb8800fb4b9c0 lnxrcugc lnxrcugc
0 15 3 0 200 ffffb8800fb4b580 sysmon smtaskq
0 14 3 0 200 ffffb8800fb4b140 pmfsuspend pmfsuspend
0 13 3 0 200 ffffb8800fb48980 pmfevent pmfevent
0 12 3 0 200 ffffb8800fb48540 sopendfree sopendfr
0 11 3 1 200 ffffb8800fb48100 iflnkst iflnkst
0 10 3 0 200 ffffb8800fb3c940 nfssilly nfssilly
0 9 3 0 200 ffffb8800fb3c500 vdrain vdrain
0 8 3 0 200 ffffb8800fb3c0c0 modunload mod_unld
0 7 3 0 200 ffffb8800fb33900 xcall/0 xcall
0 6 1 0 200 ffffb8800fb334c0 softser/0
0 5 1 0 200 ffffb8800fb33080 softclk/0
0 4 1 0 200 ffffb8800fb318c0 softbio/0
0 3 1 0 200 ffffb8800fb31480 softnet/0
0 2 1 0 201 ffffb8800fb31040 idle/0
0 0 3 0 200 ffffffff83341640 swapper uvm
[Locks tracked through LWPs]

****** LWP 1082.1082 (syz-executor3707) @ 0xffffb88012b6c100, l_stat=3

*** Locks held:

* Lock 0 (initialized at vcache_alloc)

lock address : 0xffffb88013ce3ec0 type : sleep/adaptive
initialized : 0xffffffff81ca6720

shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xffffb88012b6c100 last held: 0xffffb88012b6c100
last locked* : 0xffffffff81cdccf6 unlocked : 0xffffffff81cdcd58
owner/count : 0xffffb88012b6c100 flags : 0x0000000000000004

Turnstile: no active turnstile for this lock.

* Lock 1 (initialized at vcache_alloc)

lock address : 0xffffb88013d16f40 type : sleep/adaptive
initialized : 0xffffffff81ca6720

shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xffffb88012b6c100 last held: 0xffffb88012b6c100
last locked* : 0xffffffff81cdccf6 unlocked : 000000000000000000
owner/count : 0xffffb88012b6c100 flags : 0x0000000000000004

Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 956.956 (syz-executor3707) @ 0xffffb88013ce5a40, l_stat=3

*** Locks held:

* Lock 0 (initialized at vcache_alloc)

lock address : 0xffffb88013ccee80 type : sleep/adaptive
initialized : 0xffffffff81ca6720

shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xffffb88013ce5a40 last held: 0xffffb88013ce5a40
last locked* : 0xffffffff81cdccf6 unlocked : 0xffffffff81cdcd58
owner/count : 0xffffb88013ce5a40 flags : 0x0000000000000004

Turnstile: no active turnstile for this lock.

* Lock 1 (initialized at vcache_alloc)

lock address : 0xffffb88013d16cc0 type : sleep/adaptive
initialized : 0xffffffff81ca6720

shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xffffb88013ce5a40 last held: 0xffffb88013ce5a40
last locked* : 0xffffffff81cdccf6 unlocked : 000000000000000000
owner/count : 0xffffb88013ce5a40 flags : 0x0000000000000004

Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 1224.1224 (syz-executor3707) @ 0xffffb88013ce5600, l_stat=7

*** Locks held:

* Lock 0 (initialized at fork1)
lock address : 0xffffb88013cd5850 type : sleep/adaptive
initialized : 0xffffffff81af289b

shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xffffb88013ce5600 last held: 0xffffb88013ce5600
last locked* : 0xffffffff81aeeb1b unlocked : 000000000000000000
owner/count : 0xffffb88013ce5600 flags : 0x0000000000000004

Turnstile: no active turnstile for this lock.

* Lock 1 (initialized at pmap_ctor)
lock address : 0xffffb88013cd9380 type : sleep/adaptive
initialized : 0xffffffff80957139

shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xffffb88013ce5600 last held: 0xffffb88013ce5600
last locked* : 0xffffffff8095d605 unlocked : 0xffffffff80957b65
owner field : 0xffffb88013ce5600 wait/spin: 0/0

Turnstile: no active turnstile for this lock.

*** Locks wanted:

* Lock 0 (initialized at main)

lock address : 0xffffffff834809c0 type : spin
initialized : 0xffffffff81f6669e

shared holds : 0 exclusive: 1

shares wanted: 0 exclusive: 1
relevant cpu : 0 last held: 1
relevant lwp : 0xffffb88013ce5600 last held: 0xffffb88012a04740
last locked* : 0xffffffff81b47ed0 unlocked : 0xffffffff80268f32

curcpu holds : 1 wanted by: 000000000000000000

****** LWP 981.981 (syz-executor3707) @ 0xffffb88013ce51c0, l_stat=3

*** Locks held:

* Lock 0 (initialized at fstrans_init)
lock address : 0xffffffff8348abc0 type : sleep/adaptive
initialized : 0xffffffff81ca1ee1

shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xffffb88013ce51c0 last held: 0xffffb88013ce51c0
last locked* : 0xffffffff81ca4408 unlocked : 0xffffffff81c88187
owner field : 0xffffb88013ce51c0 wait/spin: 0/0

Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 1220.1220 (syz-executor3707) @ 0xffffb88012a04740, l_stat=7

*** Locks held:

* Lock 0 (initialized at vcache_alloc)

lock address : 0xffffb88013ce3240 type : sleep/adaptive
initialized : 0xffffffff81ca6720

shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 1

relevant lwp : 0xffffb88012a04740 last held: 0xffffb88012a04740
last locked* : 0xffffffff81cdccf6 unlocked : 0xffffffff81cdcd58
owner/count : 0xffffb88012a04740 flags : 0x0000000000000004

Turnstile: no active turnstile for this lock.

* Lock 1 (initialized at vcache_alloc)

lock address : 0xffffb88013ce8240 type : sleep/adaptive
initialized : 0xffffffff81ca672c

shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 1

relevant lwp : 0xffffb88012a04740 last held: 0xffffb88012a04740
last locked* : 0xffffffff81ca72cd unlocked : 0xffffffff81ca6be3
owner field : 0xffffb88012a04740 wait/spin: 0/0

Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 547.547 (dhcpcd) @ 0xffffb88012c99900, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)