assert failed: mutex_owned(&tty_lock)

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit: e64099d25bfe gratuitous commit to fix spelling error
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=179cc4ab280000
kernel config: https://syzkaller.appspot.com/x/.config?x=fab579639ba4bf0a
dashboard link: https://syzkaller.appspot.com/bug?extid=3a82596dd3428d635a32
compiler: g++ (Debian 10.2.1-6) 10.2.1 20210110

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/472ca3e97be4/disk-e64099d2.raw.xz
netbsd.gdb: https://storage.googleapis.com/syzbot-assets/a56ca5cd0f0c/netbsd-e64099d2.gdb.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3a8259...@syzkaller.appspotmail.com

[ 994.4855669] panic: kernel diagnostic assertion "mutex_owned(&tty_lock)" failed: file "/syzkaller/managers/ci2-netbsd/kernel/sys/kern/tty_pty.c", line 552
[ 994.4955496] cpu1: Begin traceback...
[ 994.5255477] vpanic() at netbsd:vpanic+0x282 sys/kern/subr_prf.c:292
[ 994.5755491] _sub_D_65535_0() at netbsd:_sub_D_65535_0+-0x6bd2
[ 994.6255473] ptsstop() at netbsd:ptsstop+0x1ad sys/kern/tty_pty.c:552
[ 994.6755490] tty_try_xonxoff() at netbsd:tty_try_xonxoff+0x1e7 sys/kern/tty.c:3198
[ 994.7355496] pppinput() at netbsd:pppinput+0x1e4 sys/net/ppp_tty.c:844
[ 994.7855462] ttioctl() at netbsd:ttioctl+0xe85 sys/kern/tty.c:1549
[ 994.8355507] ptyioctl() at netbsd:ptyioctl+0x526 sys/kern/tty_pty.c:1182
[ 994.8855601] cdev_ioctl() at netbsd:cdev_ioctl+0x197 sys/kern/subr_devsw.c:1525
[ 994.9255459] spec_ioctl() at netbsd:spec_ioctl+0x148 sys/miscfs/specfs/spec_vnops.c:1331
[ 994.9755667] VOP_IOCTL() at netbsd:VOP_IOCTL+0x132 sys/kern/vnode_if.c:934
[ 995.0255494] vn_ioctl() at netbsd:vn_ioctl+0x1c4 sys/kern/vfs_vnops.c:892
[ 995.0655491] sys_ioctl() at netbsd:sys_ioctl+0x8f6 sys/kern/sys_generic.c:675
[ 995.1155499] sys___syscall() at netbsd:sys___syscall+0x10e sy_call sys/sys/syscallvar.h:65 [inline]
[ 995.1155499] sys___syscall() at netbsd:sys___syscall+0x10e sys/kern/sys_syscall.c:90
[ 995.1655501] syscall() at netbsd:syscall+0x25a sy_call sys/sys/syscallvar.h:65 [inline]
[ 995.1655501] syscall() at netbsd:syscall+0x25a sy_invoke sys/sys/syscallvar.h:94 [inline]
[ 995.1655501] syscall() at netbsd:syscall+0x25a sys/arch/x86/x86/syscall.c:138
[ 995.1755516] --- syscall (number 54 via SYS_syscall) ---
[ 995.1955513] netbsd:syscall+0x25a:
[ 995.1955513] cpu1: End traceback...
[ 995.1955513] fatal breakpoint trap in supervisor mode
[ 995.2055563] trap type 1 code 0 rip 0xffffffff8023241d cs 0x8 rflags 0x286 cr2 0x6250a0 ilevel 0 rsp 0xffffac824e7702f0
[ 995.2155535] curlwp 0xffffac8013453780 pid 10077.9088 lowest kstack 0xffffac824e7692c0
Stopped in pid 10077.9088 (syz-executor.5) at netbsd:breakpoint+0x5: leave
?
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:69
vpanic() at netbsd:vpanic+0x282 sys/kern/subr_prf.c:292
_sub_D_65535_0() at netbsd:_sub_D_65535_0+-0x6bd2
ptsstop() at netbsd:ptsstop+0x1ad sys/kern/tty_pty.c:552
tty_try_xonxoff() at netbsd:tty_try_xonxoff+0x1e7 sys/kern/tty.c:3198
pppinput() at netbsd:pppinput+0x1e4 sys/net/ppp_tty.c:844
ttioctl() at netbsd:ttioctl+0xe85 sys/kern/tty.c:1549
ptyioctl() at netbsd:ptyioctl+0x526 sys/kern/tty_pty.c:1182
cdev_ioctl() at netbsd:cdev_ioctl+0x197 sys/kern/subr_devsw.c:1525
spec_ioctl() at netbsd:spec_ioctl+0x148 sys/miscfs/specfs/spec_vnops.c:1331
VOP_IOCTL() at netbsd:VOP_IOCTL+0x132 sys/kern/vnode_if.c:934
vn_ioctl() at netbsd:vn_ioctl+0x1c4 sys/kern/vfs_vnops.c:892
sys_ioctl() at netbsd:sys_ioctl+0x8f6 sys/kern/sys_generic.c:675
sys___syscall() at netbsd:sys___syscall+0x10e sy_call sys/sys/syscallvar.h:65 [inline]
sys___syscall() at netbsd:sys___syscall+0x10e sys/kern/sys_syscall.c:90
syscall() at netbsd:syscall+0x25a sy_call sys/sys/syscallvar.h:65 [inline]
syscall() at netbsd:syscall+0x25a sy_invoke sys/sys/syscallvar.h:94 [inline]
syscall() at netbsd:syscall+0x25a sys/arch/x86/x86/syscall.c:138
--- syscall (number 54 via SYS_syscall) ---
netbsd:syscall+0x25a:
Panic string: kernel diagnostic assertion "mutex_owned(&tty_lock)" failed: file "/syzkaller/managers/ci2-netbsd/kernel/sys/kern/tty_pty.c", line 552
PID LID S CPU FLAGS STRUCT LWP * NAME WAIT
10573 10573 2 0 0 ffffac8012d928c0 syz-executor.4
9093 9093 2 0 0 ffffac8013dd3200 syz-executor.0
8957 8957 2 0 0 ffffac8012d82780 syz-executor.1
10077>9088 7 1 100 ffffac8013453780 syz-executor.5
10077 10077 2 1 10040000 ffffac8014344240 syz-executor.5
9100 8624 2 0 0 ffffac8014726b00 syz-executor.3
9100 10583 2 0 100 ffffac8012a69480 syz-executor.3
9100 9100 2 0 10040000 ffffac8012c8b340 syz-executor.3
8947 9434 2 1 100100 ffffac8013f418c0 syz-executor.2
8947 >9202 7 0 100100 ffffac80146fc600 syz-executor.2
8947 8947 2 0 10000140 ffffac8014616540 syz-executor.2
6582 6582 2 1 140 ffffac80134694c0 syz-executor.0
7237 7237 2 0 40 ffffac8013ded240 syz-executor.4
6079 6079 2 1 140 ffffac8012cf1180 syz-executor.3
5941 5941 3 0 180 ffffac8013ea7300 syz-executor.0 parked
7402 7402 3 1 180 ffffac801455c040 syz-executor.0 parked
6861 6861 3 1 180 ffffac8013e8fb40 syz-executor.0 parked
5525 5525 3 0 180 ffffac8014728700 syz-executor.0 parked
5442 5442 3 1 180 ffffac801471c240 syz-executor.0 parked
6855 6855 3 1 180 ffffac8012cf1a00 syz-executor.0 parked
6583 6583 3 0 180 ffffac8012dd8500 syz-executor.0 parked
6190 6190 3 0 180 ffffac8012cd5540 syz-executor.0 parked
6560 5164 3 1 1100000 ffffac8012d071c0 syz-executor.0 tstile
6560 6560 2 1 11000040 ffffac8013405700 syz-executor.0
6208 6208 2 1 140 ffffac8012dbd080 syz-executor.1
5109 6458 3 1 1100000 ffffac8012cb3900 syz-executor.0 tstile
5109 5109 2 1 11000040 ffffac80126e7740 syz-executor.0
5102 6215 3 0 1100000 ffffac801345d480 syz-executor.0 tstile
5102 5102 2 1 11000040 ffffac8012a43340 syz-executor.0
5008 6342 3 1 1100000 ffffac8012c17240 syz-executor.0 tstile
5008 5008 2 1 11000040 ffffac8013382140 syz-executor.0
6225 6225 3 0 180 ffffac8013f61940 syz-executor.3 parked
4766 5001 2 1 1000040 ffffac80134730c0 syz-executor.3
4766 6334 3 0 1100000 ffffac801347d540 syz-executor.3 vfork
4749 4676 3 0 1100000 ffffac8013f41040 syz-executor.0 tstile
4749 4749 2 1 11000040 ffffac8012be7600 syz-executor.0
6103 6103 3 1 180 ffffac801439e2c0 syz-executor.3 parked
3995 4601 3 0 1100000 ffffac8014340640 syz-executor.3 vfork
3995 3995 2 1 11000040 ffffac80134b55c0 syz-executor.3
4772 6097 3 0 1100000 ffffac8013e546c0 syz-executor.0 tstile
4772 4772 2 1 11000040 ffffac8013fc3580 syz-executor.0
5862 4350 3 0 1100000 ffffac8012c2b280 syz-executor.0 tstile
5862 5862 2 1 11000040 ffffac8012bb1180 syz-executor.0
5687 5687 2 1 140 ffffac80129a1280 syz-executor.2
5211 4252 3 0 1100000 ffffac80133ed6c0 syz-executor.0 tstile
5211 5734 3 0 1100000 ffffac8013473940 syz-executor.0 tstile
5211 5211 2 1 11000040 ffffac8012ac80c0 syz-executor.0
5205 5458 3 0 1100000 ffffac8012d16640 syz-executor.0 tstile
5205 5205 2 1 11000040 ffffac8013cf5a40 syz-executor.0
4079 4972 3 0 1100000 ffffac8012b8c580 syz-executor.0 tstile
4079 4079 2 1 11000040 ffffac8013f60080 syz-executor.0
3821 4064 3 1 1100000 ffffac8012d50740 syz-executor.0 tstile
3821 4044 3 0 1100000 ffffac80129a3b40 syz-executor.0 tstile
3821 3821 2 1 11000040 ffffac8012a0f740 syz-executor.0
3670 3670 3 0 180 ffffac8014344680 syz-executor.4 parked
3275 3275 3 0 180 ffffac8014340200 syz-executor.4 parked
2973 2973 3 0 180 ffffac8012ca0040 syz-executor.4 parked
3361 3361 3 0 180 ffffac8012d16200 syz-executor.4 parked
3057 3057 3 0 180 ffffac8012ce29c0 syz-executor.4 parked
3625 3625 2 1 140 ffffac801347d100 syz-executor.5
3249 3249 3 0 180 ffffac8012c17680 syz-executor.1 parked
3376 3376 3 0 180 ffffac8013469900 syz-executor.1 parked
2640 2640 3 0 180 ffffac8014005a40 syz-executor.1 parked
2292 2292 3 0 180 ffffac8012c71b80 syz-executor.1 parked
2620 2620 3 0 180 ffffac8012c02200 syz-executor.2 parked
1939 1939 3 1 180 ffffac8012ce2580 syz-executor.2 parked
1930 1930 3 0 180 ffffac8012be71c0 syz-executor.2 parked
1733 1733 3 0 1c0 ffffac8013dedac0 getty ttyraw
388 388 3 1 180 ffffac80133b9600 syz-executor.3 parked
1625 1625 3 1 180 ffffac8013fb8540 syz-executor.3 parked
1081 1841 2 0 140 ffffac8013f41480 syz-fuzzer
1081 1323 3 1 180 ffffac8012bb1a00 syz-fuzzer wait
1081 1245 3 1 180 ffffac8013e54280 syz-fuzzer parked
1081 1237 3 1 180 ffffac8013ded680 syz-fuzzer parked
1081 1246 3 1 180 ffffac8013dd3a80 syz-fuzzer parked
1081 991 3 1 1c0 ffffac8013dd3640 syz-fuzzer wait
1081 929 3 0 1c0 ffffac8012ac8500 syz-fuzzer wait
1081 829 3 0 180 ffffac8013cf51c0 syz-fuzzer wait
1081 1243 3 1 180 ffffac8012d50b80 syz-fuzzer parked
1081 449 3 1 180 ffffac80133d5ac0 syz-fuzzer parked
1081 1102 3 0 180 ffffac80133d5680 syz-fuzzer parked
1081 947 3 1 1c0 ffffac8013445b80 syz-fuzzer wait
1081 1231 2 0 140 ffffac8013445300 syz-fuzzer
1081 1081 3 1 180 ffffac80133a3a00 syz-fuzzer wait
1238 1238 3 0 180 ffffac8012ac8940 sshd select
1224 1224 3 1 180 ffffac80126eb480 getty nanoslp
1216 1216 3 0 180 ffffac80126eb040 getty nanoslp
1225 1225 3 0 180 ffffac80134b5180 getty nanoslp
1107 1107 3 0 180 ffffac80133c8640 sshd select
956 956 3 0 180 ffffac8012d92040 powerd kqueue
693 693 3 0 180 ffffac80134052c0 syslogd kqueue
559 559 3 0 180 ffffac8012c71740 dhcpcd poll
747 747 3 0 180 ffffac8012cd5100 dhcpcd poll
745 745 3 0 180 ffffac8012c8bbc0 dhcpcd poll
604 604 3 0 180 ffffac8012c8b780 dhcpcd poll
487 487 3 0 180 ffffac8012dd80c0 dhcpcd poll
292 292 3 0 180 ffffac8012dbd900 dhcpcd poll
485 485 3 1 180 ffffac8012dbd4c0 dhcpcd poll
1 1 3 1 180 ffffac8012878180 init wait
0 5084 3 0 200 ffffac80146aea00 ktrace ktrwait
0 7222 3 0 200 ffffac80133829c0 ktrace ktrwait
0 6234 3 0 200 ffffac801460e500 ktrace ktrwait
0 4537 3 1 200 ffffac8012a9c4c0 ktrace ktrwait
0 674 3 0 200 ffffac80129a16c0 physiod physiod
0 196 3 0 200 ffffac80129a3700 pooldrain pooldrain
0 195 3 1 200 ffffac80129a32c0 ioflush syncer
0 194 3 1 200 ffffac80129a1b00 pgdaemon pgdaemon
0 167 3 0 200 ffffac8012961ac0 usb7 usbevt
0 172 3 0 200 ffffac8012961680 usb6 usbevt
0 170 3 0 200 ffffac8012961240 usb5 usbevt
0 168 3 1 200 ffffac8012915a80 usb4 usbevt
0 166 3 1 200 ffffac8012915640 usb3 usbevt
0 165 3 0 200 ffffac8012915200 usb2 usbevt
0 31 3 0 200 ffffac80128d9a40 usb1 usbevt
0 63 3 0 240 ffffac80128d9600 usb0 tstile
0 126 3 0 200 ffffac80128d91c0 usbtask-dr usbtsk
0 125 3 1 200 ffffac8012878a00 usbtask-hc usbtsk
0 124 3 0 200 ffffac8010d76b00 swwreboot swwreboot
0 123 3 0 200 ffffac80128785c0 npfgc0 npfgcw
0 122 3 0 200 ffffac801286a9c0 rt_free rt_free
0 121 3 0 200 ffffac801286a580 unpgc unpgc
0 120 2 1 200 ffffac801286a140 key_timehandler
0 119 3 1 200 ffffac801271b980 icmp6_wqinput/1 icmp6_wqinput
0 118 3 0 200 ffffac801271b540 icmp6_wqinput/0 icmp6_wqinput
0 117 3 0 200 ffffac801271b100 nd6_timer nd6_timer
0 116 3 1 200 ffffac8012713940 carp6_wqinput/1 carp6_wqinput
0 115 3 0 200 ffffac8012713500 carp6_wqinput/0 carp6_wqinput
0 114 3 1 200 ffffac80127130c0 carp_wqinput/1 carp_wqinput
0 113 3 0 200 ffffac8012703900 carp_wqinput/0 carp_wqinput
0 112 3 1 200 ffffac80127034c0 icmp_wqinput/1 icmp_wqinput
0 111 3 0 200 ffffac8012703080 icmp_wqinput/0 icmp_wqinput
0 110 3 0 200 ffffac80126eb8c0 rt_timer rt_timer
0 109 3 0 200 ffffac80126ea780 vmem_rehash vmem_rehash
0 100 3 0 200 ffffac80126e7300 entbutler entropy
0 99 2 1 240 ffffac80120bcb40 viomb
0 98 3 1 200 ffffac80120bc700 vioif0_txrx/1 vioif0_txrx
0 97 3 0 200 ffffac80120bc2c0 vioif0_txrx/0 vioif0_txrx
0 30 3 0 200 ffffac8010d766c0 scsibus0 sccomp
0 29 3 0 200 ffffac8010d76280 pms0 pmsreset
0 28 3 1 200 ffffac8010cbcac0 xcall/1 xcall
0 27 1 1 200 ffffac8010cbc680 softser/1
0 26 1 1 200 ffffac8010cbc240 softclk/1
0 25 1 1 200 ffffac8010cb9a80 softbio/1
0 24 1 1 200 ffffac8010cb9640 softnet/1
0 23 1 1 201 ffffac8010cb9200 idle/1
0 22 3 0 200 ffffac800fb56a40 lnxsyswq lnxsyswq
0 21 3 0 200 ffffac800fb56600 lnxubdwq lnxubdwq
0 20 3 0 200 ffffac800fb561c0 lnxpwrwq lnxpwrwq
0 19 3 0 200 ffffac800fb55a00 lnxlngwq lnxlngwq
0 18 3 0 200 ffffac800fb555c0 lnxhipwq lnxhipwq
0 17 3 0 200 ffffac800fb55180 lnxrcugc lnxrcugc
0 16 3 0 200 ffffac800fb4e9c0 sysmon smtaskq
0 15 3 0 200 ffffac800fb4e580 pmfsuspend pmfsuspend
0 14 3 0 200 ffffac800fb4e140 pmfevent pmfevent
0 13 3 0 200 ffffac800fb49980 sopendfree sopendfr
0 12 3 0 200 ffffac800fb49540 ifwdog ifwdog
0 11 3 0 200 ffffac800fb49100 iflnkst iflnkst
0 10 3 0 200 ffffac800fb3c940 nfssilly nfssilly
0 9 3 0 200 ffffac800fb3c500 vdrain vdrain
0 8 3 0 200 ffffac800fb3c0c0 modunload mod_unld
0 7 3 0 200 ffffac800fb33900 xcall/0 xcall
0 6 1 0 200 ffffac800fb334c0 softser/0
0 5 1 0 200 ffffac800fb33080 softclk/0
0 4 1 0 200 ffffac800fb318c0 softbio/0
0 3 1 0 200 ffffac800fb31480 softnet/0
0 2 1 0 201 ffffac800fb31040 idle/0
0 0 3 0 200 ffffffff8334b900 swapper uvm
[Locks tracked through LWPs]

****** LWP 9093.9093 (syz-executor.0) @ 0xffffac8013dd3200, l_stat=2

*** Locks held:

* Lock 0 (initialized at netbsd:uvm_obj_init+0x9a sys/uvm/uvm_object.c:70)
lock address : ffffac8013d066c0
type : sleep/adaptive
initialized : netbsd:uvm_obj_init+0x9a
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffac8013dd3200 last held: 0xffffac8013dd3200
last locked* : netbsd:uvm_fault_internal+0x1e8d
unlocked : netbsd:uvm_fault_lower_enter+0x579
owner/count : 000000000000000000 flags : 000000000000000000
Turnstile: no active turnstile for this lock.

* Lock 1 (initialized at netbsd:pmap_ctor+0x93 sys/arch/x86/x86/pmap.c:2860)
lock address : ffffac8012d51380
type : sleep/adaptive
initialized : netbsd:pmap_ctor+0x93
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffac8013dd3200 last held: 0xffffac8013dd3200
last locked* : netbsd:pmap_enter_ma+0x386
unlocked : netbsd:pmap_extract+0x345
owner field : 0xffffac8013dd3200 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

* Lock 2 (initialized at netbsd:pmap_ctor+0x9f sys/arch/x86/x86/pmap.c:2861)
lock address : ffffac8012d51388
type : sleep/adaptive
initialized : netbsd:pmap_ctor+0x9f
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffac8013dd3200 last held: 0xffffac8013dd3200
last locked* : netbsd:pmap_enter_ma+0x13d4
unlocked : netbsd:pmap_enter_ma+0x14e2
owner/count : 000000000000000000 flags : 000000000000000000
Turnstile: no active turnstile for this lock.

*** Locks wanted:

* Lock 0 (initialized at netbsd:pool_init+0xa66 sys/kern/subr_pool.c:981)
lock address : ffffac800f6940f0
type : sleep/adaptive
initialized : netbsd:pool_init+0xa66
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 1
relevant cpu : 0 last held: 0
relevant lwp : 0xffffac8013dd3200 last held: 000000000000000000
last locked : netbsd:pool_get+0x147
unlocked* : netbsd:pool_get+0x996
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 8957.8957 (syz-executor.1) @ 0xffffac8012d82780, l_stat=2

*** Locks held:

* Lock 0 (initialized at netbsd:pmap_ctor+0x93 sys/arch/x86/x86/pmap.c:2860)
lock address : ffffac8014542980
type : sleep/adaptive
initialized : netbsd:pmap_ctor+0x93
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffac8012d82780 last held: 0xffffac8012d82780
last locked* : netbsd:pmap_enter_ma+0x386
unlocked : netbsd:pmap_extract+0x345
owner field : 0xffffac8012d82780 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 6560.5164 (syz-executor.0) @ 0xffffac8012d071c0, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0xe1 sys/dev/usb/vhci.c:1280)
lock address : ffffac80126a54c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0xe1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 12
relevant cpu : 1 last held: 0
relevant lwp : 0xffffac8012d071c0 last held: 0xffffac80128d9600
last locked* : netbsd:usbd_transfer+0x23e
unlocked : netbsd:usbd_free_xfer+0x19c
owner field : 0xffffac80128d9600 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 12 waiting writers: 0xffffac80129a3b40 0xffffac8012b8c580 0xffffac8012d16640 0xffffac80133ed6c0 0xffffac8013473940 0xffffac8012c2b280 0xffffac8013e546c0 0xffffac8013f41040 0xffffac8012c17240 0xffffac801345d480 0xffffac8012cb3900 0xffffac8012d071c0

****** LWP 5109.6458 (syz-executor.0) @ 0xffffac8012cb3900, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0xe1 sys/dev/usb/vhci.c:1280)
lock address : ffffac80126a54c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0xe1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 12
relevant cpu : 1 last held: 0
relevant lwp : 0xffffac8012cb3900 last held: 0xffffac80128d9600
last locked* : netbsd:usbd_transfer+0x23e
unlocked : netbsd:usbd_free_xfer+0x19c
owner field : 0xffffac80128d9600 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 12 waiting writers: 0xffffac80129a3b40 0xffffac8012b8c580 0xffffac8012d16640 0xffffac80133ed6c0 0xffffac8013473940 0xffffac8012c2b280 0xffffac8013e546c0 0xffffac8013f41040 0xffffac8012c17240 0xffffac801345d480 0xffffac8012cb3900 0xffffac8012d071c0

****** LWP 5102.6215 (syz-executor.0) @ 0xffffac801345d480, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0xe1 sys/dev/usb/vhci.c:1280)
lock address : ffffac80126a54c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0xe1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 12
relevant cpu : 0 last held: 0
relevant lwp : 0xffffac801345d480 last held: 0xffffac80128d9600
last locked* : netbsd:usbd_transfer+0x23e
unlocked : netbsd:usbd_free_xfer+0x19c
owner field : 0xffffac80128d9600 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 12 waiting writers: 0xffffac80129a3b40 0xffffac8012b8c580 0xffffac8012d16640 0xffffac80133ed6c0 0xffffac8013473940 0xffffac8012c2b280 0xffffac8013e546c0 0xffffac8013f41040 0xffffac8012c17240 0xffffac801345d480 0xffffac8012cb3900 0xffffac8012d071c0

****** LWP 5008.6342 (syz-executor.0) @ 0xffffac8012c17240, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0xe1 sys/dev/usb/vhci.c:1280)
lock address : ffffac80126a54c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0xe1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 12
relevant cpu : 1 last held: 0
relevant lwp : 0xffffac8012c17240 last held: 0xffffac80128d9600
last locked* : netbsd:usbd_transfer+0x23e
unlocked : netbsd:usbd_free_xfer+0x19c
owner field : 0xffffac80128d9600 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 12 waiting writers: 0xffffac80129a3b40 0xffffac8012b8c580 0xffffac8012d16640 0xffffac80133ed6c0 0xffffac8013473940 0xffffac8012c2b280 0xffffac8013e546c0 0xffffac8013f41040 0xffffac8012c17240 0xffffac801345d480 0xffffac8012cb3900 0xffffac8012d071c0

****** LWP 4749.4676 (syz-executor.0) @ 0xffffac8013f41040, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0xe1 sys/dev/usb/vhci.c:1280)
lock address : ffffac80126a54c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0xe1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 12
relevant cpu : 0 last held: 0
relevant lwp : 0xffffac8013f41040 last held: 0xffffac80128d9600
last locked* : netbsd:usbd_transfer+0x23e
unlocked : netbsd:usbd_free_xfer+0x19c
owner field : 0xffffac80128d9600 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 12 waiting writers: 0xffffac80129a3b40 0xffffac8012b8c580 0xffffac8012d16640 0xffffac80133ed6c0 0xffffac8013473940 0xffffac8012c2b280 0xffffac8013e546c0 0xffffac8013f41040 0xffffac8012c17240 0xffffac801345d480 0xffffac8012cb3900 0xffffac8012d071c0

****** LWP 4772.6097 (syz-executor.0) @ 0xffffac8013e546c0, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0xe1 sys/dev/usb/vhci.c:1280)
lock address : ffffac80126a54c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0xe1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 12
relevant cpu : 0 last held: 0
relevant lwp : 0xffffac8013e546c0 last held: 0xffffac80128d9600
last locked* : netbsd:usbd_transfer+0x23e
unlocked : netbsd:usbd_free_xfer+0x19c
owner field : 0xffffac80128d9600 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 12 waiting writers: 0xffffac80129a3b40 0xffffac8012b8c580 0xffffac8012d16640 0xffffac80133ed6c0 0xffffac8013473940 0xffffac8012c2b280 0xffffac8013e546c0 0xffffac8013f41040 0xffffac8012c17240 0xffffac801345d480 0xffffac8012cb3900 0xffffac8012d071c0

****** LWP 5862.4350 (syz-executor.0) @ 0xffffac8012c2b280, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0xe1 sys/dev/usb/vhci.c:1280)
lock address : ffffac80126a54c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0xe1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 12
relevant cpu : 0 last held: 0
relevant lwp : 0xffffac8012c2b280 last held: 0xffffac80128d9600
last locked* : netbsd:usbd_transfer+0x23e
unlocked : netbsd:usbd_free_xfer+0x19c
owner field : 0xffffac80128d9600 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 12 waiting writers: 0xffffac80129a3b40 0xffffac8012b8c580 0xffffac8012d16640 0xffffac80133ed6c0 0xffffac8013473940 0xffffac8012c2b280 0xffffac8013e546c0 0xffffac8013f41040 0xffffac8012c17240 0xffffac801345d480 0xffffac8012cb3900 0xffffac8012d071c0

****** LWP 5211.4252 (syz-executor.0) @ 0xffffac80133ed6c0, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0xe1 sys/dev/usb/vhci.c:1280)
lock address : ffffac80126a54c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0xe1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 12
relevant cpu : 0 last held: 0
relevant lwp : 0xffffac80133ed6c0 last held: 0xffffac80128d9600
last locked* : netbsd:usbd_transfer+0x23e
unlocked : netbsd:usbd_free_xfer+0x19c
owner field : 0xffffac80128d9600 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 12 waiting writers: 0xffffac80129a3b40 0xffffac8012b8c580 0xffffac8012d16640 0xffffac80133ed6c0 0xffffac8013473940 0xffffac8012c2b280 0xffffac8013e546c0 0xffffac8013f41040 0xffffac8012c17240 0xffffac801345d480 0xffffac8012cb3900 0xffffac8012d071c0

****** LWP 5211.5734 (syz-executor.0) @ 0xffffac8013473940, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0xe1 sys/dev/usb/vhci.c:1280)
lock address : ffffac80126a54c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0xe1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 12
relevant cpu : 0 last held: 0
relevant lwp : 0xffffac8013473940 last held: 0xffffac80128d9600
last locked* : netbsd:usbd_transfer+0x23e
unlocked : netbsd:usbd_free_xfer+0x19c
owner field : 0xffffac80128d9600 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 12 waiting writers: 0xffffac80129a3b40 0xffffac8012b8c580 0xffffac8012d16640 0xffffac80133ed6c0 0xffffac8013473940 0xffffac8012c2b280 0xffffac8013e546c0 0xffffac8013f41040 0xffffac8012c17240 0xffffac801345d480 0xffffac8012cb3900 0xffffac8012d071c0

****** LWP 5205.5458 (syz-executor.0) @ 0xffffac8012d16640, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0xe1 sys/dev/usb/vhci.c:1280)
lock address : ffffac80126a54c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0xe1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 12
relevant cpu : 0 last held: 0
relevant lwp : 0xffffac8012d16640 last held: 0xffffac80128d9600
last locked* : netbsd:usbd_transfer+0x23e
unlocked : netbsd:usbd_free_xfer+0x19c
owner field : 0xffffac80128d9600 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 12 waiting writers: 0xffffac80129a3b40 0xffffac8012b8c580 0xffffac8012d16640 0xffffac80133ed6c0 0xffffac8013473940 0xffffac8012c2b280 0xffffac8013e546c0 0xffffac8013f41040 0xffffac8012c17240 0xffffac801345d480 0xffffac8012cb3900 0xffffac8012d071c0

****** LWP 4079.4972 (syz-executor.0) @ 0xffffac8012b8c580, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0xe1 sys/dev/usb/vhci.c:1280)
lock address : ffffac80126a54c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0xe1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 12
relevant cpu : 0 last held: 0
relevant lwp : 0xffffac8012b8c580 last held: 0xffffac80128d9600
last locked* : netbsd:usbd_transfer+0x23e
unlocked : netbsd:usbd_free_xfer+0x19c
owner field : 0xffffac80128d9600 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 12 waiting writers: 0xffffac80129a3b40 0xffffac8012b8c580 0xffffac8012d16640 0xffffac80133ed6c0 0xffffac8013473940 0xffffac8012c2b280 0xffffac8013e546c0 0xffffac8013f41040 0xffffac8012c17240 0xffffac801345d480 0xffffac8012cb3900 0xffffac8012d071c0

****** LWP 3821.4064 (syz-executor.0) @ 0xffffac8012d50740, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0x129 sys/dev/usb/vhci.c:1283)
lock address : ffffac80126a56f0
type : sleep/adaptive
initialized : netbsd:vhci_attach+0x129
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 2
relevant cpu : 1 last held: 0
relevant lwp : 0xffffac8012d50740 last held: 0xffffac80129a3b40
last locked* : netbsd:vhci_usb_detach+0x115
unlocked : netbsd:vhci_fd_write+0x49d
owner field : 0xffffac80129a3b40 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 2 waiting writers: 0xffffac8012d50740 0xffffac80128d9600

****** LWP 3821.4044 (syz-executor.0) @ 0xffffac80129a3b40, l_stat=3

*** Locks held:

* Lock 0 (initialized at netbsd:vhci_attach+0x129 sys/dev/usb/vhci.c:1283)
lock address : ffffac80126a56f0
type : sleep/adaptive
initialized : netbsd:vhci_attach+0x129
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 2
relevant cpu : 0 last held: 0
relevant lwp : 0xffffac80129a3b40 last held: 0xffffac80129a3b40
last locked* : netbsd:vhci_usb_detach+0x115
unlocked : netbsd:vhci_fd_write+0x49d
owner field : 0xffffac80129a3b40 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 2 waiting writers: 0xffffac8012d50740 0xffffac80128d9600

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0xe1 sys/dev/usb/vhci.c:1280)
lock address : ffffac80126a54c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0xe1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 12
relevant cpu : 0 last held: 0
relevant lwp : 0xffffac80129a3b40 last held: 0xffffac80128d9600
last locked* : netbsd:usbd_transfer+0x23e
unlocked : netbsd:usbd_free_xfer+0x19c
owner field : 0xffffac80128d9600 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 12 waiting writers: 0xffffac80129a3b40 0xffffac8012b8c580 0xffffac8012d16640 0xffffac80133ed6c0 0xffffac8013473940 0xffffac8012c2b280 0xffffac8013e546c0 0xffffac8013f41040 0xffffac8012c17240 0xffffac801345d480 0xffffac8012cb3900 0xffffac8012d071c0

****** LWP 747.747 (dhcpcd) @ 0xffffac8012cd5100, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffac8012cd5100 last held: 000000000000000000
last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 745.745 (dhcpcd) @ 0xffffac8012c8bbc0, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffac8012c8bbc0 last held: 000000000000000000
last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 292.292 (dhcpcd) @ 0xffffac8012dbd900, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffac8012dbd900 last held: 000000000000000000
last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 485.485 (dhcpcd) @ 0xffffac8012dbd4c0, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0
relevant lwp : 0xffffac8012dbd4c0 last held: 000000000000000000
last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.63 (usb0) @ 0xffffac80128d9600, l_stat=3

*** Locks held:

* Lock 0 (initialized at netbsd:vhci_attach+0xe1 sys/dev/usb/vhci.c:1280)
lock address : ffffac80126a54c8
type : sleep/adaptive
initialized : netbsd:vhci_attach+0xe1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 12
relevant cpu : 0 last held: 0
relevant lwp : 0xffffac80128d9600 last held: 0xffffac80128d9600
last locked* : netbsd:usbd_transfer+0x23e
unlocked : netbsd:usbd_free_xfer+0x19c
owner field : 0xffffac80128d9600 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 12 waiting writers: 0xffffac80129a3b40 0xffffac8012b8c580 0xffffac8012d16640 0xffffac80133ed6c0 0xffffac8013473940 0xffffac8012c2b280 0xffffac8013e546c0 0xffffac8013f41040 0xffffac8012c17240 0xffffac801345d480 0xffffac8012cb3900 0xffffac8012d071c0

*** Locks wanted:

* Lock 0 (initialized at netbsd:vhci_attach+0x129 sys/dev/usb/vhci.c:1283)
lock address : ffffac80126a56f0
type : sleep/adaptive
initialized : netbsd:vhci_attach+0x129
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 2
relevant cpu : 0 last held: 0
relevant lwp : 0xffffac80128d9600 last held: 0xffffac80129a3b40
last locked* : netbsd:vhci_usb_detach+0x115
unlocked : netbsd:vhci_fd_write+0x49d
owner field : 0xffffac80129a3b40 wait/spin: 1/0
Turnstile:
=> 0 waiting readers:
=> 2 waiting writers: 0xffffac8012d50740 0xffffac80128d9600

****** LWP 0.26 (softclk/1) @ 0xffffac8010cbc240, l_stat=1

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0
relevant lwp : 0xffffac8010cbc240 last held: 000000000000000000
last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.11 (iflnkst) @ 0xffffac800fb49100, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffac800fb49100 last held: 000000000000000000
last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.0 (swapper) @ 0xffffffff8334b900, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffffff8334b900 last held: 000000000000000000
last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

[Locks tracked through CPUs]

******* Locks held on cpu1:

* Lock 0 (initialized at netbsd:main+0x12e sys/kern/init_main.c:303)
lock address : netbsd:kernel_lock
type : spin
initialized : netbsd:main+0x12e
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 1
relevant lwp : 0xffffac8013453780 last held: 0xffffac8013453780
last locked* : netbsd:cdev_ioctl+0x218
unlocked : netbsd:cdev_open+0x421
curcpu holds : 1 wanted by: 000000000000000000

* Lock 1 (initialized at netbsd:kprintf_init+0x61 sys/kern/subr_prf.c:156)
lock address : netbsd:kprintf_mtx
type : spin
initialized : netbsd:kprintf_init+0x61
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 1
relevant lwp : 0xffffac8013453780 last held: 0xffffac8013453780
last locked* : netbsd:kprintf_lock+0x33
unlocked : netbsd:kprintf_unlock+0x53
owner field : 0x0000000000000800 wait/spin: 0/1

PAGE FLAG PQ UOBJECT UANON
0xffffac8000017180 0041 00000000 0x0 0x0
0xffffac8000017200 0041 00000000 0x0 0x0
0xffffac8000017280 0041 00000000 0x0 0x0
0xffffac8000017300 0041 00000000 0x0 0x0
0xffffac8000017380 0041 00000000 0x0 0x0
0xffffac8000017400 0041 00000000 0x0 0x0
0xffffac8000017480 0041 00000000 0x0 0x0
0xffffac8000017500 0041 00000000 0x0 0x0
0xffffac8000017580 0041 00000000 0x0 0x0
0xffffac8000017600 0041 00000000 0x0 0x0
0xffffac8000017680 0041 00000000 0x0 0x0
0xffffac8000017700 0041 00000000 0x0 0x0
0xffffac8000017780 0041 00000000 0x0 0x0
0xffffac8000017800 0041 00000000 0x0 0x0
0xffffac8000017880 0041 00000000 0x0 0x0
0xffffac8000017900 0041 00000000 0x0 0x0
0xffffac8000017980 0041 00000000 0x0 0x0
0xffffac8000017a00 0041 00000000 0x0 0x0
0xffffac8000017a80 0041 00000000 0x0 0x0
0xffffac8000017b00 0041 00000000 0x0 0x0
0xffffac8000017b80 0041 00000000 0x0 0x0
0xffffac8000017c00 0041 00000000 0x0 0x0
0xffffac8000017c80 0041 00000000 0x0 0x0
0xffffac8000017d00 0041 00000000 0x0 0x0
0xffffac8000017d80 0041 00000000 0x0 0x0
0xffffac8000017e00 0041 00000000 0x0 0x0
0xffffac8000017e80 0041 00000000 0x0 0x0
0xffffac8000017f00 0041 00000000 0x0 0x0
0xffffac8000017f80 0041 00000000 0x0 0x0
0xffffac8000018000 0041 00000000 0x0 0x0
0xffffac8000018080 0041 00000000 0x0 0x0
0xffffac8000018100 0041 00000000 0x0 0x0
0xffffac8000018180 0041 00000000 0x0 0x0
0xffffac8000018200 0041 00000000 0x0 0x0
0xffffac8000018280 0041 00000000 0x0 0x0
0xffffac8000018300 0041 00000000 0x0 0x0
0xffffac8000018380 0041 00000000 0x0 0x0
0xffffac8000018400 0041 00000000 0x0 0x0
0xffffac8000018480 0041 00000000 0x0 0x0
0xffffac8000018500 0041 00000000 0x0 0x0
0xffffac8000018580 0041 00000000 0x0 0x0
0xffffac8000018600 0041 00000000 0x0 0x0
0xffffac8000018680 0041 00000000 0x0 0x0
0xffffac8000018700 0041 00000000 0x0 0x0
0xffffac8000018780 0041 00000000 0x0 0x0
0xffffac8000018800 0041 00000000 0x0 0x0
0xffffac8000018880 0041 00000000 0x0 0x0
0xffffac8000018900 0041 00000000 0x0 0x0
0xffffac8000018980 0041 00000000 0x0 0x0
0xffffac8000018a00 0041 00000000 0x0 0x0
0xffffac8000018a80 0041 00000000 0x0 0x0
0xffffac8000018b00 0041 00000000 0x0 0x0
0xffffac8000018b80 0041 00000000 0x0 0x0
0xffffac8000018c00 0041 00000000 0x0 0x0
0xffffac8000018c80 0041 00000000 0x0 0x0
0xffffac8000018d00 0041 00000000 0x0 0x0
0xffffac8000018d80 0041 00000000 0x0 0x0
0xffffac8000018e00 0041 00000000 0x0 0x0
0xffffac8000018e80 0041 00000000 0x0 0x0
0xffffac8000018f00 0041 00000000 0x0 0x0
0xffffac8000018f80 0041 00000000 0x0 0x0
0xffffac8000019000 0041 00000000 0x0 0x0
0xffffac8000019080 0041 00000000 0x0 0x0
0xffffac8000019100 0041 00000000 0x0 0x0
0xffffac8000019180 0041 00000000 0x0 0x0
0xffffac8000019200 0041 00000000 0x0 0x0
0xffffac8000019280 0041 00000000 0x0 0x0
0xffffac8000019300 0041 00000000 0x0 0x0
0xffffac8000019380 0041 00000000 0x0 0x0
0xffffac8000019400 0041 00000000 0x0 0x0
0xffffac8000019480 0041 00000000 0x0 0x0
0xffffac8000019500 0041 00000000 0x0 0x0
0xffffac8000019580 0041 00000000 0x0 0x0
0xffffac8000019600 0041 00000000 0x0 0x0
0xffffac8000019680 0041 00000000 0x0 0x0
0xffffac8000019700 0041 00000000 0x0 0x0
0xffffac8000019780 0041 00000000 0x0 0x0
0xffffac8000019800 0041 00000000 0x0 0x0
0xffffac8000019880 0041 00000000 0x0 0x0
0xffffac8000019900 0041 00000000 0x0 0x0
0xffffac8000019980 0041 00000000 0x0 0x0
0xffffac8000019a00 0041 00000000 0x0 0x0
0xffffac8000019a80 0041 00000000 0x0 0x0
0xffffac8000019b00 0041 00000000 0x0 0x0
0xffffac8000019b80 0041 00000000 0x0 0x0
0xffffac8000019c00 0041 00000000 0x0 0x0
0xffffac8000019c80 0041 00000000 0x0 0x0
0xffffac8000019d00 0041 00000000 0x0 0x0
0xffffac8000019d80 0041 00000000 0x0 0x0
0xffffac8000019e00 0041 00000000 0x0 0x0
0xffffac8000019e80 0041 00000000 0x0 0x0
0xffffac8000019f00 0041 00000000 0x0 0x0
0xffffac8000019f80 0041 00000000 0x0 0x0
0xffffac800001a000 0041 00000000 0x0 0x0
0xffffac800001a080 0041 00000000 0x0 0x0
0xffffac800001a100 0041 00000000 0x0 0x0
0xffffac800001a180 0041 00000000 0x0 0x0
0xffffac800001a200 0041 00000000 0x0 0x0
0xffffac800001a280 0041 00000000 0x0 0x0
0xffffac800001a300 0041 00000000 0x0 0x0
0xffffac800001a380 0041 00000000 0x0 0x0
0xffffac800001a400 0041 00000000 0x0 0x0
0xffffac800001a480 0041 00000000 0x0 0x0
0xffffac800001a500 0041 00000000 0x0 0x0
0xffffac800001a580 0041 00000000 0x0 0x0
0xffffac800001a600 0041 00000000 0x0 0x0
0xffffac800001a680 0041 00000000 0x0 0x0
0xffffac800001a700 0041 00000000 0x0 0x0
0xffffac800001a780 0041 00000000 0x0 0x0
0xffffac800001a800 0041 00000000 0x0 0x0
0xffffac800001a880 0041 00000000 0x0 0x0
0xffffac800001a900 0041 00000000 0x0 0x0
0xffffac800001a980 0041 00000000 0x0 0x0
0xffffac800001aa00 0041 00000000 0x0 0x0
0xffffac800001aa80 0041 00000000 0x0 0x0
0xffffac800001ab00 0041 00000000 0x0 0x0
0xffffac800001ab80 0041 00000000 0x0 0x0
0xffffac800001ac00 0041 00000000 0x0 0x0
0xffffac800001ac80 0041 00000000 0x0 0x0
0xffffac800001ad00 0041 00000000 0x0 0x0
0xffffac800001ad80 0041 00000000 0x0 0x0
0xffffac800001ae00 0041 00000000 0x0 0x0
0xffffac800001ae80 0041 00000000 0x0 0x0
0xffffac800001af00 0041 00000000 0x0 0x0
0xffffac800001af80 0041 00000000 0x0 0x0
0xffffac800001b000 0041 00000000 0x0 0x0
0xffffac800001b080 0041 00000000 0x0 0x0
0xffffac800001b100 0041 00000000 0x0 0x0
0xffffac800001b180 0041 00000000 0x0 0x0
0xffffac800001b200 0041 00000000 0x0 0x0
0xffffac800001b280 0041 00000000 0x0 0x0
0xffffac800001b300 0041 00000000 0x0 0x0
0xffffac800001b380 0041 00000000 0x0 0x0
0xffffac800001b400 0041 00000000 0x0 0x0
0xffffac800001b480 0041 00000000 0x0 0x0
0xffffac800001b500 0041 00000000 0x0 0x0
0xffffac800001b580 0041 00000000 0x0 0x0
0xffffac800001b600 0041 00000000 0x0 0x0
0xffffac800001b680 0041 00000000 0x0 0x0
0xffffac800001b700 0041 00000000 0x0 0x0
0xffffac800001b780 0041 00000000 0x0 0x0
0xffffac800001b800 0041 00000000 0x0 0x0
0xffffac800001b880 0041 00000000 0x0 0x0
0xffffac800001b900 0041 00000000 0x0 0x0
0xffffac800001b980 0041 00000000 0x0 0x0
0xffffac800001ba00 0041 00000000 0x0 0x0
0xffffac800001ba80 0041 00000000 0x0 0x0
0xffffac800001bb00 0041 00000000 0x0 0x0
0xffffac800001bb80 0001 00000000 0x0 0x0
0xffffac800001bc00 0001 00000000 0x0 0x0
0xffffac800001bc80 0001 00000000 0x0 0x0
0xffffac800001bd00 0001 00000000 0x0 0x0
0xffffac800001bd80 0001 00000000 0x0 0x0
0xffffac800001be00 0001 00000000 0x0 0x0
0xffffac800001be80 0001 00000000 0x0 0x0
0xffffac800001bf00 0001 00000000 0x0 0x0
0xffffac800001bf80 0001 00000000 0x0 0x0
0xffffac800001c000 0001 00000000 0x0 0x0
0xffffac800001c080 0001 00000000 0x0 0x0
0xffffac800001c100 0001 00000000 0x0 0x0
0xffffac800001c180 0001 00000000 0x0 0x0
0xffffac800001c200 0001 00000000 0x0 0x0
0xffffac800001c280 0001 00000000 0x0 0x0
0xffffac800001c300 0001 00000000 0x0 0x0
0xffffac800001c380 0001 00000000 0x0 0x0
0xffffac800001c400 0001 00000000 0x0 0x0
0xffffac800001c480 0001 00000000 0x0 0x0
0xffffac800001c500 0001 00000000 0x0 0x0
0xffffac800001c580 0001 00000000 0x0 0x0
0xffffac800001c600 0001 00000000 0x0 0x0
0xffffac800001c680 0001 00000000 0x0 0x0
0xffffac800001c700 0001 00000000 0x0 0x0
0xffffac800001c780 0001 00000000 0x0 0x0
0xffffac800001c800 0001 00000000 0x0 0x0
0xffffac800001c880 0001 00000000 0x0 0x0
0xffffac800001c900 0001 00000000 0x0 0x0
0xffffac800001c980 0001 00000000 0x0 0x0
0xffffac800001ca00 0001 00000000 0x0 0x0
0xffffac800001ca80 0001 00000000 0x0 0x0
0xffffac800001cb00 0001 00000000 0x0 0x0
0xffffac800001cb80 0001 00000000 0x0 0x0
0xffffac800001cc00 0001 00000000 0x0 0x0
0xffffac800001cc80 0001 00000000 0x0 0x0
0xffffac800001cd00 0001 00000000 0x0 0x0
0xffffac800001cd80 0001 00000000 0x0 0x0
0xffffac800001ce00 0001 00000000 0x0 0x0
0xffffac800001ce80 0001 00000000 0x0 0x0
0xffffac800001cf00 0001 00000000 0x0 0x0
0xffffac800001cf80 0001 00000000 0x0 0x0
0xffffac800001d000 0001 00000000 0x0 0x0
0xffffac800001d080 0001 00000000 0x0 0x0
0xffffac800001d100 0001 00000000 0x0 0x0
0xffffac800001d180 0001 00000000 0x0 0x0
0xffffac800001d200 0001 00000000 0x0 0x0
0xffffac800001d280 0001 00000000 0x0 0x0
0xffffac800001d300 0001 00000000 0x0 0x0
0xffffac800001d380 0001 00000000 0x0 0x0
0xffffac800001d400 0001 00000000 0x0 0x0
0xffffac800001d480 0001 00000000 0x0 0x0
0xffffac800001d500 0001 00000000 0x0 0x0
0xffffac800001d580 0001 00000000 0x0 0x0
0xffffac800001d600 0001 00000000 0x0 0x0
0xffffac800001d680 0001 00000000 0x0 0x0
0xffffac800001d700 0001 00000000 0x0 0x0
0xffffac800001d780 0001 00000000 0x0 0x0
0xffffac800001d800 0001 00000000 0x0 0x0
0xffffac800001d880 0001 00000000 0x0 0x0
0xffffac800001d900 0001 00000000 0x0 0x0
0xffffac800001d980 0001 00000000 0x0 0x0
0xffffac800001da00 0001 00000000 0x0 0x0
0xffffac800001da80 0001 00000000 0x0 0x0
0xffffac800001db00 0001 00000000 0x0 0x0
0xffffac800001db80 0001 00000000 0x0 0x0
0xffffac800001dc00 0001 00000000 0x0 0x0
0xffffac800001dc80 0001 00000000 0x0 0x0
0xffffac800001dd00 0001 00000000 0x0 0x0
0xffffac800001dd80 0001 00000000 0x0 0x0
0xffffac800001de00 0001 00000000 0x0 0x0
0xffffac800001de80 0001 00000000 0x0 0x0
0xffffac800001df00 0001 00000000 0x0 0x0
0xffffac800001df80 0001 00000000 0x0 0x0
0xffffac800001e000 0001 00000000 0x0 0x0
0xffffac800001e080 0001 00000000 0x0 0x0
0xffffac800001e100 0001 00000000 0x0 0x0
0xffffac800001e180 0001 00000000 0x0 0x0
0xffffac800001e200 0001 00000000 0x0 0x0
0xffffac800001e280 0001 00000000 0x0 0x0
0xffffac800001e300 0001 00000000 0x0 0x0
0xffffac800001e380 0001 00000000 0x0 0x0
0xffffac800001e400 0001 00000000 0x0 0x0
0xffffac800001e480 0001 00000000 0x0 0x0
0xffffac800001e500 0001 00000000 0x0 0x0
0xffffac800001e580 0001 00000000 0x0 0x0
0xffffac800001e600 0001 00000000 0x0 0x0
0xffffac800001e680 0001 00000000 0x0 0x0
0xffffac800001e700 0001 00000000 0x0 0x0
0xffffac800001e780 0001 00000000 0x0 0x0
0xffffac800001e800 0001 00000000 0x0 0x0
0xffffac800001e880 0001 00000000 0x0 0x0
0xffffac800001e900 0001 00000000 0x0 0x0
0xffffac800001e980 0001 00000000 0x0 0x0
0xffffac800001ea00 0001 00000000 0x0 0x0
0xffffac800001ea80 0001 00000000 0x0 0x0
0xffffac800001eb00 0001 00000000 0x0 0x0
0xffffac800001eb80 0001 00000000 0x0 0x0
0xffffac800001ec00 0001 00000000 0x0 0x0
0xffffac800001ec80 0001 00000000 0x0 0x0
0xffffac800001ed00 0001 00000000 0x0 0x0
0xffffac800001ed80 0001 00000000 0x0 0x0
0xffffac800001ee00 0001 00000000 0x0 0x0
0xffffac800001ee80 0001 00000000 0x0 0x0
0xffffac800001ef00 0001 00000000 0x0 0x0
0xffffac800001ef80 0001 00000000 0x0 0x0
0xffffac800001f000 0001 00000000 0x0 0x0
0xffffac800001f080 0001 00000000 0x0 0x0
0xffffac800001f100 0001 00000000 0x0 0x0
0xffffac800001f180 0001 00000000 0x0 0x0
0xffffac800001f200 0001 00000000 0x0 0x0
0xffffac800001f280 0001 00000000 0x0 0x0
0xffffac800001f300 0001 00000000 0x0 0x0
0xffffac800001f380 0001 00000000 0x0 0x0
0xffffac800001f400 0001 00000000 0x0 0x0
0xffffac800001f480 0001 00000000 0x0 0x0
0xffffac800001f500 0001 00000000 0x0 0x0
0xffffac800001f580 0001 00000000 0x0 0x0
0xffffac800001f600 0001 00000000 0x0 0x0
0xffffac800001f680 0001 00000000 0x0 0x0
0xffffac800001f700 0001 00000000 0x0 0x0
0xffffac800001f780 0001 00000000 0x0 0x0
0xffffac800001f800 0001 00000000 0x0 0x0
0xffffac800001f880 0001 00000000 0x0 0x0
0xffffac800001f900 0001 00000000 0x0 0x0
0xffffac800001f980 0001 00000000 0x0 0x0
0xffffac800001fa00 0001 00000000 0x0 0x0
0xffffac800001fa80 0001 00000000 0x0 0x0
0xffffac800001fb00 0001 00000000 0x0 0x0
0xffffac800001fb80 0001 00000000 0x0 0x0
0xffffac800001fc00 0001 00000000 0x0 0x0
0xffffac800001fc80 0001 00000000 0x0 0x0
0xffffac800001fd00 0001 00000000 0x0 0x0
0xffffac800001fd80 0001 00000000 0x0 0x0
0xffffac800001fe00 0001 00000000 0x0 0x0
0xffffac800001fe80 0001 00000000 0x0 0x0
0xffffac800001ff00 0001 00000000 0x0 0x0
0xffffac800001ff80 0001 00000000 0x0 0x0
0xffffac8000020000 0001 00000000 0x0 0x0
0xffffac8000020080 0001 00000000 0x0 0x0
0xffffac8000020100 0001 00000000 0x0 0x0
0xffffac8000020180 0001 00000000 0x0 0x0
0xffffac8000020200 0001 00000000 0x0 0x0
0xffffac8000020280 0001 00000000 0x0 0x0
0xffffac8000020300 0001 00000000 0x0 0x0
0xffffac8000020380 0001 00000000 0x0 0x0
0xffffac8000020400 0001 00000000 0x0 0x0
0xffffac8000020480 0001 00000000 0x0 0x0
0xffffac8000020500 0001 00000000 0x0 0x0
0xffffac8000020580 0001 00000000 0x0 0x0
0xffffac8000020600 0001 00000000 0x0 0x0
0xffffac8000020680 0001 00000000 0x0 0x0
0xffffac8000020700 0001 00000000 0x0 0x0
0xffffac8000020780 0001 00000000 0x0 0x0
0xffffac8000020800 0001 00000000 0x0 0x0
0xffffac8000020880 0001 00000000 0x0 0x0
0xffffac8000020900 0001 00000000 0x0 0x0
0xffffac8000020980 0001 00000000 0x0 0x0
0xffffac8000020a00 0001 00000000 0x0 0x0
0xffffac8000020a80 0001 00000000 0x0 0x0
0xffffac8000020b00 0001 00000000 0x0 0x0
0xffffac8000020b80 0001 00000000 0x0 0x0
0xffffac8000020c00 0001 00000000 0x0 0x0
0xffffac8000020c80 0001 00000000 0x0 0x0
0xffffac8000020d00 0001 00000000 0x0 0x0
0xffffac8000020d80 0001 00000000 0x0 0x0
0xffffac8000020e00 0001 00000000 0x0 0x0
0xffffac8000020e80 0001 00000000 0x0 0x0
0xffffac8000020f00 0001 00000000 0x0 0x0
0xffffac8000020f80 0001 00000000 0x0 0x0
0xffffac8000021000 0001 00000000 0x0 0x0
0xffffac8000021080 0001 00000000 0x0 0x0
0xffffac8000021100 0001 00000000 0x0 0x0
0xffffac8000021180 0001 00000000 0x0 0x0
0xffffac8000021200 0001 00000000 0x0 0x0
0xffffac8000021280 0001 00000000 0x0 0x0
0xffffac8000021300 0001 00000000 0x0 0x0
0xffffac8000021380 0001 00000000 0x0 0x0
0xffffac8000021400 0001 00000000 0x0 0x0
0xffffac8000021480 0001 00000000 0x0 0x0
0xffffac8000021500 0001 00000000 0x0 0x0
0xffffac8000021580 0001 00000000 0x0 0x0
0xffffac8000021600 0001 00000000 0x0 0x0
0xffffac8000021680 0001 00000000 0x0 0x0
0xffffac8000021700 0001 00000000 0x0 0x0
0xffffac8000021780 0001 00000000 0x0 0x0
0xffffac8000021800 0001 00000000 0x0 0x0
0xffffac8000021880 0001 00000000 0x0 0x0
0xffffac8000021900 0001 00000000 0x0 0x0
0xffffac8000021980 0001 00000000 0x0 0x0
0xffffac8000021a00 0001 00000000 0x0 0x0
0xffffac8000021a80 0001 00000000 0x0 0x0
0xffffac8000021b00 0001 00000000 0x0 0x0
0xffffac8000021b80 0001 00000000 0x0 0x0
0xffffac8000021c00 0001 00000000 0x0 0x0
0xffffac8000021c80 0001 00000000 0x0 0x0
0xffffac8000021d00 0001 00000000 0x0 0x0
0xffffac8000021d80 0001 00000000 0x0 0x0
0xffffac8000021e00 0001 00000000 0x0 0x0
0xffffac8000021e80 0001 00000000 0x0 0x0
0xffffac8000021f00 0001 00000000 0x0 0x0
0xffffac8000021f80 0001 00000000 0x0 0x0
0xffffac8000022000 0001 00000000 0x0 0x0
0xffffac8000022080 0001 00000000 0x0 0x0
0xffffac8000022100 0001 00000000 0x0 0x0
0xffffac8000022180 0001 00000000 0x0 0x0
0xffffac8000022200 0001 00000000 0x0 0x0
0xffffac8000022280 0001 00000000 0x0 0x0
0xffffac8000022300 0001 00000000 0x0 0x0
0xffffac8000022380 0001 00000000 0x0 0x0
0xffffac8000022400 0001 00000000 0x0 0x0
0xffffac8000022480 0001 00000000 0x0 0x0
0xffffac8000022500 0001 00000000 0x0 0x0
0xffffac8000022580 0001 00000000 0x0 0x0
0xffffac8000022600 0001 00000000 0x0 0x0
0xffffac8000022680 0001 00000000 0x0 0x0
0xffffac8000022700 0001 00000000 0x0 0x0
0xffffac8000022780 0001 00000000

---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

[syzbot]

syzbot has found a reproducer for the following issue on:

HEAD commit: e64099d25bfe gratuitous commit to fix spelling error
git tree: netbsd

console output: https://syzkaller.appspot.com/x/log.txt?x=16ba7407280000

kernel config: https://syzkaller.appspot.com/x/.config?x=fab579639ba4bf0a
dashboard link: https://syzkaller.appspot.com/bug?extid=3a82596dd3428d635a32
compiler: g++ (Debian 10.2.1-6) 10.2.1 20210110

syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1462071b280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16881853280000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/472ca3e97be4/disk-e64099d2.raw.xz
netbsd.gdb: https://storage.googleapis.com/syzbot-assets/a56ca5cd0f0c/netbsd-e64099d2.gdb.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3a8259...@syzkaller.appspotmail.com

login: [ 51.1621938] panic: kernel diagnostic assertion "mutex_owned(&tty_lock)" failed: file "/syzkaller/managers/ci2-netbsd/kernel/sys/kern/tty_pty.c", line 552
[ 51.1774592] cpu0: Begin traceback...
[ 51.1921748] vpanic() at netbsd:vpanic+0x282 sys/kern/subr_prf.c:292
[ 51.2321747] _sub_D_65535_0() at netbsd:_sub_D_65535_0+-0x6bd2
[ 51.2721764] ptsstop() at netbsd:ptsstop+0x1ad sys/kern/tty_pty.c:552
[ 51.3121765] tty_try_xonxoff() at netbsd:tty_try_xonxoff+0x1e7 sys/kern/tty.c:3198
[ 51.3621734] pppinput() at netbsd:pppinput+0x1e4 sys/net/ppp_tty.c:844
[ 51.4021735] ttioctl() at netbsd:ttioctl+0xe85 sys/kern/tty.c:1549
[ 51.4421724] ptyioctl() at netbsd:ptyioctl+0x526 sys/kern/tty_pty.c:1182
[ 51.4722007] cdev_ioctl() at netbsd:cdev_ioctl+0x197 sys/kern/subr_devsw.c:1525
[ 51.5121772] spec_ioctl() at netbsd:spec_ioctl+0x148 sys/miscfs/specfs/spec_vnops.c:1331
[ 51.5521728] VOP_IOCTL() at netbsd:VOP_IOCTL+0x132 sys/kern/vnode_if.c:934
[ 51.6021733] vn_ioctl() at netbsd:vn_ioctl+0x1c4 sys/kern/vfs_vnops.c:892
[ 51.6421733] sys_ioctl() at netbsd:sys_ioctl+0x8f6 sys/kern/sys_generic.c:675
[ 51.6821720] sys_syscall() at netbsd:sys_syscall+0x10e sy_call sys/sys/syscallvar.h:65 [inline]
[ 51.6821720] sys_syscall() at netbsd:sys_syscall+0x10e sys/kern/sys_syscall.c:90
[ 51.7221728] syscall() at netbsd:syscall+0x25a sy_call sys/sys/syscallvar.h:65 [inline]
[ 51.7221728] syscall() at netbsd:syscall+0x25a sy_invoke sys/sys/syscallvar.h:94 [inline]
[ 51.7221728] syscall() at netbsd:syscall+0x25a sys/arch/x86/x86/syscall.c:138
[ 51.7321720] --- syscall (number 54 via SYS_syscall) ---
[ 51.7521871] netbsd:syscall+0x25a:
[ 51.7521871] cpu0: End traceback...
[ 51.7521871] fatal breakpoint trap in supervisor mode
[ 51.7627811] trap type 1 code 0 rip 0xffffffff8023241d cs 0x8 rflags 0x286 cr2 0x7f072b83ed30 ilevel 0 rsp 0xffffd702485b92f0
[ 51.7755622] curlwp 0xffffd70013cfda40 pid 991.991 lowest kstack 0xffffd702485b22c0
Stopped in pid 991.991 (syz-executor1852) at netbsd:breakpoint+0x5: leave

?
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:69
vpanic() at netbsd:vpanic+0x282 sys/kern/subr_prf.c:292
_sub_D_65535_0() at netbsd:_sub_D_65535_0+-0x6bd2
ptsstop() at netbsd:ptsstop+0x1ad sys/kern/tty_pty.c:552
tty_try_xonxoff() at netbsd:tty_try_xonxoff+0x1e7 sys/kern/tty.c:3198
pppinput() at netbsd:pppinput+0x1e4 sys/net/ppp_tty.c:844
ttioctl() at netbsd:ttioctl+0xe85 sys/kern/tty.c:1549
ptyioctl() at netbsd:ptyioctl+0x526 sys/kern/tty_pty.c:1182
cdev_ioctl() at netbsd:cdev_ioctl+0x197 sys/kern/subr_devsw.c:1525
spec_ioctl() at netbsd:spec_ioctl+0x148 sys/miscfs/specfs/spec_vnops.c:1331
VOP_IOCTL() at netbsd:VOP_IOCTL+0x132 sys/kern/vnode_if.c:934
vn_ioctl() at netbsd:vn_ioctl+0x1c4 sys/kern/vfs_vnops.c:892
sys_ioctl() at netbsd:sys_ioctl+0x8f6 sys/kern/sys_generic.c:675

sys_syscall() at netbsd:sys_syscall+0x10e sy_call sys/sys/syscallvar.h:65 [inline]
sys_syscall() at netbsd:sys_syscall+0x10e sys/kern/sys_syscall.c:90

syscall() at netbsd:syscall+0x25a sy_call sys/sys/syscallvar.h:65 [inline]
syscall() at netbsd:syscall+0x25a sy_invoke sys/sys/syscallvar.h:94 [inline]
syscall() at netbsd:syscall+0x25a sys/arch/x86/x86/syscall.c:138
--- syscall (number 54 via SYS_syscall) ---
netbsd:syscall+0x25a:
Panic string: kernel diagnostic assertion "mutex_owned(&tty_lock)" failed: file "/syzkaller/managers/ci2-netbsd/kernel/sys/kern/tty_pty.c", line 552
PID LID S CPU FLAGS STRUCT LWP * NAME WAIT

943 943 2 0 0 ffffd70013d15640 syz-executor1852
1246 1246 2 0 0 ffffd70013d15200 syz-executor1852
991 > 991 7 0 0 ffffd70013cfda40 syz-executor1852
1240 1240 2 1 0 ffffd70013cfd600 syz-executor1852
1243 1243 2 0 0 ffffd70013cfd1c0 syz-executor1852
929 929 2 1 140 ffffd700133fcb40 syz-executor1852
1241 >1241 7 1 0 ffffd700133fc2c0 syz-executor1852
829 829 2 0 0 ffffd700133c3a80 syz-executor1852
1242 1242 2 1 140 ffffd70012a14b80 syz-executor1852
449 449 2 1 140 ffffd70012a14740 syz-executor1852
1222 1222 3 0 180 ffffd70012b7b100 syz-executor1852 nanoslp
1081 1081 3 0 180 ffffd70012b7b540 sshd select
1223 1223 3 0 180 ffffd700126ea780 getty nanoslp
1225 1225 3 1 180 ffffd700126ea340 getty nanoslp
1216 1216 3 1 180 ffffd700134b05c0 getty nanoslp
941 941 3 1 1c0 ffffd700134b0180 getty ttyraw
1107 1107 3 0 180 ffffd700133aa600 sshd select
958 958 3 1 180 ffffd70012d82040 powerd kqueue
699 699 3 1 180 ffffd7001344ebc0 syslogd kqueue
746 746 3 0 180 ffffd70012c7b740 dhcpcd poll
748 748 3 0 180 ffffd70012cd2100 dhcpcd poll
745 745 3 0 180 ffffd70012c94780 dhcpcd poll
604 604 3 0 180 ffffd70012c94bc0 dhcpcd poll
487 487 3 0 180 ffffd70012dc40c0 dhcpcd poll
292 292 3 0 180 ffffd70012dab900 dhcpcd poll
485 485 3 1 180 ffffd70012dab4c0 dhcpcd poll
1 1 3 0 180 ffffd70012878180 init wait
0 674 3 0 200 ffffd700129a16c0 physiod physiod
0 196 3 0 200 ffffd700129a3700 pooldrain pooldrain
0 195 3 0 200 ffffd700129a32c0 ioflush syncer
0 194 3 1 200 ffffd700129a1b00 pgdaemon pgdaemon
0 169 3 1 200 ffffd70012961ac0 usb7 usbevt
0 172 3 1 200 ffffd70012961680 usb6 usbevt
0 170 3 1 200 ffffd70012961240 usb5 usbevt
0 168 3 0 200 ffffd70012915a80 usb4 usbevt
0 166 3 0 200 ffffd70012915640 usb3 usbevt
0 165 3 0 200 ffffd70012915200 usb2 usbevt
0 31 3 0 200 ffffd700128d9a40 usb1 usbevt
0 63 3 0 200 ffffd700128d9600 usb0 usbevt
0 126 3 1 200 ffffd700128d91c0 usbtask-dr usbtsk
0 125 3 1 200 ffffd70012878a00 usbtask-hc usbtsk
0 124 3 0 200 ffffd70010d76b00 swwreboot swwreboot
0 123 3 0 200 ffffd700128785c0 npfgc0 npfgcw
0 122 3 1 200 ffffd7001286a9c0 rt_free rt_free
0 121 3 1 200 ffffd7001286a580 unpgc unpgc
0 120 2 0 200 ffffd7001286a140 key_timehandler
0 119 3 1 200 ffffd7001271b980 icmp6_wqinput/1 icmp6_wqinput
0 118 3 0 200 ffffd7001271b540 icmp6_wqinput/0 icmp6_wqinput
0 117 2 0 200 ffffd7001271b100 nd6_timer
0 116 3 1 200 ffffd70012713940 carp6_wqinput/1 carp6_wqinput
0 115 3 0 200 ffffd70012713500 carp6_wqinput/0 carp6_wqinput
0 114 3 1 200 ffffd700127130c0 carp_wqinput/1 carp_wqinput
0 113 3 0 200 ffffd70012703900 carp_wqinput/0 carp_wqinput
0 112 3 1 200 ffffd700127034c0 icmp_wqinput/1 icmp_wqinput
0 111 3 0 200 ffffd70012703080 icmp_wqinput/0 icmp_wqinput
0 110 2 0 200 ffffd700126eb8c0 rt_timer
0 109 2 0 200 ffffd700126e7b80 vmem_rehash
0 100 3 0 200 ffffd700126e7300 entbutler entropy
0 99 3 1 200 ffffd700120bcb40 viomb balloon
0 98 3 1 200 ffffd700120bc700 vioif0_txrx/1 vioif0_txrx
0 97 3 0 200 ffffd700120bc2c0 vioif0_txrx/0 vioif0_txrx
0 30 3 0 200 ffffd70010d766c0 scsibus0 sccomp
0 29 3 0 200 ffffd70010d76280 pms0 pmsreset
0 28 3 1 200 ffffd70010cbcac0 xcall/1 xcall
0 27 1 1 200 ffffd70010cbc680 softser/1
0 26 1 1 200 ffffd70010cbc240 softclk/1
0 25 1 1 200 ffffd70010cb9a80 softbio/1
0 24 1 1 200 ffffd70010cb9640 softnet/1
0 23 1 1 201 ffffd70010cb9200 idle/1
0 22 3 0 200 ffffd7000fb56a40 lnxsyswq lnxsyswq
0 21 3 0 200 ffffd7000fb56600 lnxubdwq lnxubdwq
0 20 3 0 200 ffffd7000fb561c0 lnxpwrwq lnxpwrwq
0 19 3 0 200 ffffd7000fb55a00 lnxlngwq lnxlngwq
0 18 3 0 200 ffffd7000fb555c0 lnxhipwq lnxhipwq
0 17 3 0 200 ffffd7000fb55180 lnxrcugc lnxrcugc
0 16 3 0 200 ffffd7000fb4e9c0 sysmon smtaskq
0 15 3 0 200 ffffd7000fb4e580 pmfsuspend pmfsuspend
0 14 3 0 200 ffffd7000fb4e140 pmfevent pmfevent
0 13 3 0 200 ffffd7000fb49980 sopendfree sopendfr
0 12 3 0 200 ffffd7000fb49540 ifwdog ifwdog
0 11 3 0 200 ffffd7000fb49100 iflnkst iflnkst
0 10 3 0 200 ffffd7000fb3c940 nfssilly nfssilly
0 9 3 0 200 ffffd7000fb3c500 vdrain vdrain
0 8 3 1 200 ffffd7000fb3c0c0 modunload mod_unld
0 7 3 0 200 ffffd7000fb33900 xcall/0 xcall
0 6 1 0 200 ffffd7000fb334c0 softser/0
0 5 1 0 200 ffffd7000fb33080 softclk/0
0 4 1 0 200 ffffd7000fb318c0 softbio/0
0 3 1 0 200 ffffd7000fb31480 softnet/0
0 2 1 0 201 ffffd7000fb31040 idle/0

0 0 3 0 200 ffffffff8334b900 swapper uvm
[Locks tracked through LWPs]

****** LWP 943.943 (syz-executor1852) @ 0xffffd70013d15640, l_stat=2

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:uvm_obj_init+0x9a sys/uvm/uvm_object.c:70)

lock address : ffffd7001296da40

type : sleep/adaptive
initialized : netbsd:uvm_obj_init+0x9a

shared holds : 0 exclusive: 0
shares wanted: 1 exclusive: 0
relevant cpu : 0 last held: 65535
relevant lwp : 0xffffd70013d15640 last held: 000000000000000000
last locked : netbsd:uvm_fault_internal+0x1e8d
unlocked* : netbsd:uvm_fault_lower_enter+0x579
owner/count : 0x0000000000000020 flags : 000000000000000000

Turnstile: no active turnstile for this lock.

****** LWP 1246.1246 (syz-executor1852) @ 0xffffd70013d15200, l_stat=2

*** Locks held:

* Lock 0 (initialized at netbsd:pmap_ctor+0x93 sys/arch/x86/x86/pmap.c:2860)

lock address : ffffd70013d08380

type : sleep/adaptive
initialized : netbsd:pmap_ctor+0x93
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xffffd70013d15200 last held: 0xffffd70013d15200

last locked* : netbsd:pmap_enter_ma+0x386
unlocked : netbsd:pmap_extract+0x345

owner field : 0xffffd70013d15200 wait/spin: 0/0

Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 1240.1240 (syz-executor1852) @ 0xffffd70013cfd600, l_stat=2

*** Locks held:

* Lock 0 (initialized at netbsd:uvmspace_alloc+0x174 uvm_map_setup sys/uvm/uvm_map.c:4789 [inline])
* Lock 0 (initialized at netbsd:uvmspace_alloc+0x174 uvmspace_init sys/uvm/uvm_map.c:4132 [inline])
* Lock 0 (initialized at netbsd:uvmspace_alloc+0x174 sys/uvm/uvm_map.c:4111)
lock address : ffffd700134a5ba8
type : sleep/adaptive
initialized : netbsd:uvmspace_alloc+0x174

shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 1

relevant lwp : 0xffffd70013cfd600 last held: 0xffffd70013cfd600
last locked* : netbsd:vm_map_lock+0x8f
unlocked : netbsd:uvm_fault_internal+0x31f0
owner/count : 0xffffd70013cfd600 flags : 0x0000000000000004

Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 1243.1243 (syz-executor1852) @ 0xffffd70013cfd1c0, l_stat=2

*** Locks held:

* Lock 0 (initialized at netbsd:amap_ctor+0x39 sys/uvm/uvm_amap.c:265)
lock address : ffffd70012bd8640
type : sleep/adaptive
initialized : netbsd:amap_ctor+0x39

shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xffffd70013cfd1c0 last held: 0xffffd70013cfd1c0
last locked* : netbsd:uvm_fault_internal+0x88a
unlocked : netbsd:amap_copy+0x4dc
owner/count : 0xffffd70013cfd1c0 flags : 0x0000000000000004

Turnstile: no active turnstile for this lock.

* Lock 1 (initialized at netbsd:pmap_ctor+0x93 sys/arch/x86/x86/pmap.c:2860)

lock address : ffffd700134acd80

type : sleep/adaptive
initialized : netbsd:pmap_ctor+0x93
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xffffd70013cfd1c0 last held: 0xffffd70013cfd1c0

last locked* : netbsd:pmap_enter_ma+0x386
unlocked : netbsd:pmap_extract+0x345

owner field : 0xffffd70013cfd1c0 wait/spin: 0/0

Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 1241.1241 (syz-executor1852) @ 0xffffd700133fc2c0, l_stat=7

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:main+0x12e sys/kern/init_main.c:303)
lock address : netbsd:kernel_lock
type : spin
initialized : netbsd:main+0x12e
shared holds : 0 exclusive: 1

shares wanted: 0 exclusive: 1

relevant cpu : 1 last held: 0

relevant lwp : 0xffffd700133fc2c0 last held: 0xffffd70013cfda40

last locked* : netbsd:cdev_ioctl+0x218
unlocked : netbsd:cdev_open+0x421
curcpu holds : 1 wanted by: 000000000000000000

****** LWP 829.829 (syz-executor1852) @ 0xffffd700133c3a80, l_stat=2

*** Locks held:

* Lock 0 (initialized at netbsd:pmap_ctor+0x93 sys/arch/x86/x86/pmap.c:2860)

lock address : ffffd700133dbf80

type : sleep/adaptive
initialized : netbsd:pmap_ctor+0x93
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xffffd700133c3a80 last held: 0xffffd700133c3a80
last locked* : netbsd:pmap_enter_ma+0x386
unlocked : netbsd:pmap_enter_ma+0xe14
owner field : 0xffffd700133c3a80 wait/spin: 0/0

Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 748.748 (dhcpcd) @ 0xffffd70012cd2100, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xffffd70012cd2100 last held: 000000000000000000

last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 745.745 (dhcpcd) @ 0xffffd70012c94780, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xffffd70012c94780 last held: 000000000000000000

last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 292.292 (dhcpcd) @ 0xffffd70012dab900, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xffffd70012dab900 last held: 000000000000000000

last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 485.485 (dhcpcd) @ 0xffffd70012dab4c0, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0

relevant lwp : 0xffffd70012dab4c0 last held: 000000000000000000

last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.11 (iflnkst) @ 0xffffd7000fb49100, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0

relevant lwp : 0xffffd7000fb49100 last held: 000000000000000000

last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.5 (softclk/0) @ 0xffffd7000fb33080, l_stat=1

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0

relevant cpu : 0 last held: 0

relevant lwp : 0xffffd7000fb33080 last held: 000000000000000000

last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.0 (swapper) @ 0xffffffff8334b900, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at netbsd:module_hook_init+0x1c sys/kern/kern_module_hook.c:132)
lock address : netbsd:module_hook
type : sleep/adaptive
initialized : netbsd:module_hook_init+0x1c
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffffff8334b900 last held: 000000000000000000
last locked : 0
unlocked* : 0
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

[Locks tracked through CPUs]

******* Locks held on cpu0:

* Lock 0 (initialized at netbsd:main+0x12e sys/kern/init_main.c:303)
lock address : netbsd:kernel_lock
type : spin
initialized : netbsd:main+0x12e
shared holds : 0 exclusive: 1

shares wanted: 0 exclusive: 1
relevant cpu : 0 last held: 0

relevant lwp : 0xffffd70013cfda40 last held: 0xffffd70013cfda40

last locked* : netbsd:cdev_ioctl+0x218
unlocked : netbsd:cdev_open+0x421
curcpu holds : 1 wanted by: 000000000000000000

* Lock 1 (initialized at netbsd:kprintf_init+0x61 sys/kern/subr_prf.c:156)
lock address : netbsd:kprintf_mtx
type : spin
initialized : netbsd:kprintf_init+0x61
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0

relevant cpu : 0 last held: 0

relevant lwp : 0xffffd70013cfda40 last held: 0xffffd70013cfda40

last locked* : netbsd:kprintf_lock+0x33
unlocked : netbsd:kprintf_unlock+0x53
owner field : 0x0000000000000800 wait/spin: 0/1

PAGE FLAG PQ UOBJECT UANON

0xffffd70000017180 0041 00000000 0x0 0x0
0xffffd70000017200 0041 00000000 0x0 0x0
0xffffd70000017280 0041 00000000 0x0 0x0
0xffffd70000017300 0041 00000000 0x0 0x0
0xffffd70000017380 0041 00000000 0x0 0x0
0xffffd70000017400 0041 00000000 0x0 0x0
0xffffd70000017480 0041 00000000 0x0 0x0
0xffffd70000017500 0041 00000000 0x0 0x0
0xffffd70000017580 0041 00000000 0x0 0x0
0xffffd70000017600 0041 00000000 0x0 0x0
0xffffd70000017680 0041 00000000 0x0 0x0
0xffffd70000017700 0041 00000000 0x0 0x0
0xffffd70000017780 0041 00000000 0x0 0x0
0xffffd70000017800 0041 00000000 0x0 0x0
0xffffd70000017880 0041 00000000 0x0 0x0
0xffffd70000017900 0041 00000000 0x0 0x0
0xffffd70000017980 0041 00000000 0x0 0x0
0xffffd70000017a00 0041 00000000 0x0 0x0
0xffffd70000017a80 0041 00000000 0x0 0x0
0xffffd70000017b00 0041 00000000 0x0 0x0
0xffffd70000017b80 0041 00000000 0x0 0x0
0xffffd70000017c00 0041 00000000 0x0 0x0
0xffffd70000017c80 0041 00000000 0x0 0x0
0xffffd70000017d00 0041 00000000 0x0 0x0
0xffffd70000017d80 0041 00000000 0x0 0x0
0xffffd70000017e00 0041 00000000 0x0 0x0
0xffffd70000017e80 0041 00000000 0x0 0x0
0xffffd70000017f00 0041 00000000 0x0 0x0
0xffffd70000017f80 0041 00000000 0x0 0x0
0xffffd70000018000 0041 00000000 0x0 0x0
0xffffd70000018080 0041 00000000 0x0 0x0
0xffffd70000018100 0041 00000000 0x0 0x0
0xffffd70000018180 0041 00000000 0x0 0x0
0xffffd70000018200 0041 00000000 0x0 0x0
0xffffd70000018280 0041 00000000 0x0 0x0
0xffffd70000018300 0041 00000000 0x0 0x0
0xffffd70000018380 0041 00000000 0x0 0x0
0xffffd70000018400 0041 00000000 0x0 0x0
0xffffd70000018480 0041 00000000 0x0 0x0
0xffffd70000018500 0041 00000000 0x0 0x0
0xffffd70000018580 0041 00000000 0x0 0x0
0xffffd70000018600 0041 00000000 0x0 0x0
0xffffd70000018680 0041 00000000 0x0 0x0
0xffffd70000018700 0041 00000000 0x0 0x0
0xffffd70000018780 0041 00000000 0x0 0x0
0xffffd70000018800 0041 00000000 0x0 0x0
0xffffd70000018880 0041 00000000 0x0 0x0
0xffffd70000018900 0041 00000000 0x0 0x0
0xffffd70000018980 0041 00000000 0x0 0x0
0xffffd70000018a00 0041 00000000 0x0 0x0
0xffffd70000018a80 0041 00000000 0x0 0x0
0xffffd70000018b00 0041 00000000 0x0 0x0
0xffffd70000018b80 0041 00000000 0x0 0x0
0xffffd70000018c00 0041 00000000 0x0 0x0
0xffffd70000018c80 0041 00000000 0x0 0x0
0xffffd70000018d00 0041 00000000 0x0 0x0
0xffffd70000018d80 0041 00000000 0x0 0x0
0xffffd70000018e00 0041 00000000 0x0 0x0
0xffffd70000018e80 0041 00000000 0x0 0x0
0xffffd70000018f00 0041 00000000 0x0 0x0
0xffffd70000018f80 0041 00000000 0x0 0x0
0xffffd70000019000 0041 00000000 0x0 0x0
0xffffd70000019080 0041 00000000 0x0 0x0
0xffffd70000019100 0041 00000000 0x0 0x0
0xffffd70000019180 0041 00000000 0x0 0x0
0xffffd70000019200 0041 00000000 0x0 0x0
0xffffd70000019280 0041 00000000 0x0 0x0
0xffffd70000019300 0041 00000000 0x0 0x0
0xffffd70000019380 0041 00000000 0x0 0x0
0xffffd70000019400 0041 00000000 0x0 0x0
0xffffd70000019480 0041 00000000 0x0 0x0
0xffffd70000019500 0041 00000000 0x0 0x0
0xffffd70000019580 0041 00000000 0x0 0x0
0xffffd70000019600 0041 00000000 0x0 0x0
0xffffd70000019680 0041 00000000 0x0 0x0
0xffffd70000019700 0041 00000000 0x0 0x0
0xffffd70000019780 0041 00000000 0x0 0x0
0xffffd70000019800 0041 00000000 0x0 0x0
0xffffd70000019880 0041 00000000 0x0 0x0
0xffffd70000019900 0041 00000000 0x0 0x0
0xffffd70000019980 0041 00000000 0x0 0x0
0xffffd70000019a00 0041 00000000 0x0 0x0
0xffffd70000019a80 0041 00000000 0x0 0x0
0xffffd70000019b00 0041 00000000 0x0 0x0
0xffffd70000019b80 0041 00000000 0x0 0x0
0xffffd70000019c00 0041 00000000 0x0 0x0
0xffffd70000019c80 0041 00000000 0x0 0x0
0xffffd70000019d00 0041 00000000 0x0 0x0
0xffffd70000019d80 0041 00000000 0x0 0x0
0xffffd70000019e00 0041 00000000 0x0 0x0
0xffffd70000019e80 0041 00000000 0x0 0x0
0xffffd70000019f00 0041 00000000 0x0 0x0
0xffffd70000019f80 0041 00000000 0x0 0x0
0xffffd7000001a000 0041 00000000 0x0 0x0
0xffffd7000001a080 0041 00000000 0x0 0x0
0xffffd7000001a100 0041 00000000 0x0 0x0
0xffffd7000001a180 0041 00000000 0x0 0x0
0xffffd7000001a200 0041 00000000 0x0 0x0
0xffffd7000001a280 0041 00000000 0x0 0x0
0xffffd7000001a300 0041 00000000 0x0 0x0
0xffffd7000001a380 0041 00000000 0x0 0x0
0xffffd7000001a400 0041 00000000 0x0 0x0
0xffffd7000001a480 0041 00000000 0x0 0x0
0xffffd7000001a500 0041 00000000 0x0 0x0
0xffffd7000001a580 0041 00000000 0x0 0x0
0xffffd7000001a600 0041 00000000 0x0 0x0
0xffffd7000001a680 0041 00000000 0x0 0x0
0xffffd7000001a700 0041 00000000 0x0 0x0
0xffffd7000001a780 0041 00000000 0x0 0x0
0xffffd7000001a800 0041 00000000 0x0 0x0
0xffffd7000001a880 0041 00000000 0x0 0x0
0xffffd7000001a900 0041 00000000 0x0 0x0
0xffffd7000001a980 0041 00000000 0x0 0x0
0xffffd7000001aa00 0041 00000000 0x0 0x0
0xffffd7000001aa80 0041 00000000 0x0 0x0
0xffffd7000001ab00 0041 00000000 0x0 0x0
0xffffd7000001ab80 0041 00000000 0x0 0x0
0xffffd7000001ac00 0041 00000000 0x0 0x0
0xffffd7000001ac80 0041 00000000 0x0 0x0
0xffffd7000001ad00 0041 00000000 0x0 0x0
0xffffd7000001ad80 0041 00000000 0x0 0x0
0xffffd7000001ae00 0041 00000000 0x0 0x0
0xffffd7000001ae80 0041 00000000 0x0 0x0
0xffffd7000001af00 0041 00000000 0x0 0x0
0xffffd7000001af80 0041 00000000 0x0 0x0
0xffffd7000001b000 0041 00000000 0x0 0x0
0xffffd7000001b080 0041 00000000 0x0 0x0
0xffffd7000001b100 0041 00000000 0x0 0x0
0xffffd7000001b180 0041 00000000 0x0 0x0
0xffffd7000001b200 0041 00000000 0x0 0x0
0xffffd7000001b280 0041 00000000 0x0 0x0
0xffffd7000001b300 0041 00000000 0x0 0x0
0xffffd7000001b380 0041 00000000 0x0 0x0
0xffffd7000001b400 0041 00000000 0x0 0x0
0xffffd7000001b480 0041 00000000 0x0 0x0
0xffffd7000001b500 0041 00000000 0x0 0x0
0xffffd7000001b580 0041 00000000 0x0 0x0
0xffffd7000001b600 0041 00000000 0x0 0x0
0xffffd7000001b680 0041 00000000 0x0 0x0
0xffffd7000001b700 0041 00000000 0x0 0x0
0xffffd7000001b780 0041 00000000 0x0 0x0
0xffffd7000001b800 0041 00000000 0x0 0x0
0xffffd7000001b880 0041 00000000 0x0 0x0
0xffffd7000001b900 0041 00000000 0x0 0x0
0xffffd7000001b980 0041 00000000 0x0 0x0
0xffffd7000001ba00 0041 00000000 0x0 0x0
0xffffd7000001ba80 0041 00000000 0x0 0x0
0xffffd7000001bb00 0041 00000000 0x0 0x0
0xffffd7000001bb80 0001 00000000 0x0 0x0
0xffffd7000001bc00 0001 00000000 0x0 0x0
0xffffd7000001bc80 0001 00000000 0x0 0x0
0xffffd7000001bd00 0001 00000000 0x0 0x0
0xffffd7000001bd80 0001 00000000 0x0 0x0
0xffffd7000001be00 0001 00000000 0x0 0x0
0xffffd7000001be80 0001 00000000 0x0 0x0
0xffffd7000001bf00 0001 00000000 0x0 0x0
0xffffd7000001bf80 0001 00000000 0x0 0x0
0xffffd7000001c000 0001 00000000 0x0 0x0
0xffffd7000001c080 0001 00000000 0x0 0x0
0xffffd7000001c100 0001 00000000 0x0 0x0
0xffffd7000001c180 0001 00000000 0x0 0x0
0xffffd7000001c200 0001 00000000 0x0 0x0
0xffffd7000001c280 0001 00000000 0x0 0x0
0xffffd7000001c300 0001 00000000 0x0 0x0
0xffffd7000001c380 0001 00000000 0x0 0x0
0xffffd7000001c400 0001 00000000 0x0 0x0
0xffffd7000001c480 0001 00000000 0x0 0x0
0xffffd7000001c500 0001 00000000 0x0 0x0
0xffffd7000001c580 0001 00000000 0x0 0x0
0xffffd7000001c600 0001 00000000 0x0 0x0
0xffffd7000001c680 0001 00000000 0x0 0x0
0xffffd7000001c700 0001 00000000 0x0 0x0
0xffffd7000001c780 0001 00000000 0x0 0x0
0xffffd7000001c800 0001 00000000 0x0 0x0
0xffffd7000001c880 0001 00000000 0x0 0x0
0xffffd7000001c900 0001 00000000 0x0 0x0
0xffffd7000001c980 0001 00000000 0x0 0x0
0xffffd7000001ca00 0001 00000000 0x0 0x0
0xffffd7000001ca80 0001 00000000 0x0 0x0
0xffffd7000001cb00 0001 00000000 0x0 0x0
0xffffd7000001cb80 0001 00000000 0x0 0x0
0xffffd7000001cc00 0001 00000000 0x0 0x0
0xffffd7000001cc80 0001 00000000 0x0 0x0
0xffffd7000001cd00 0001 00000000 0x0 0x0
0xffffd7000001cd80 0001 00000000 0x0 0x0
0xffffd7000001ce00 0001 00000000 0x0 0x0
0xffffd7000001ce80 0001 00000000 0x0 0x0
0xffffd7000001cf00 0001 00000000 0x0 0x0
0xffffd7000001cf80 0001 00000000 0x0 0x0
0xffffd7000001d000 0001 00000000 0x0 0x0
0xffffd7000001d080 0001 00000000 0x0 0x0
0xffffd7000001d100 0001 00000000 0x0 0x0
0xffffd7000001d180 0001 00000000 0x0 0x0
0xffffd7000001d200 0001 00000000 0x0 0x0
0xffffd7000001d280 0001 00000000 0x0 0x0
0xffffd7000001d300 0001 00000000 0x0 0x0
0xffffd7000001d380 0001 00000000 0x0 0x0
0xffffd7000001d400 0001 00000000 0x0 0x0
0xffffd7000001d480 0001 00000000 0x0 0x0
0xffffd7000001d500 0001 00000000 0x0 0x0
0xffffd7000001d580 0001 00000000 0x0 0x0
0xffffd7000001d600 0001 00000000 0x0 0x0
0xffffd7000001d680 0001 00000000 0x0 0x0
0xffffd7000001d700 0001 00000000 0x0 0x0
0xffffd7000001d780 0001 00000000 0x0 0x0
0xffffd7000001d800 0001 00000000 0x0 0x0
0xffffd7000001d880 0001 00000000 0x0 0x0
0xffffd7000001d900 0001 00000000 0x0 0x0
0xffffd7000001d980 0001 00000000 0x0 0x0
0xffffd7000001da00 0001 00000000 0x0 0x0
0xffffd7000001da80 0001 00000000 0x0 0x0
0xffffd7000001db00 0001 00000000 0x0 0x0
0xffffd7000001db80 0001 00000000 0x0 0x0
0xffffd7000001dc00 0001 00000000 0x0 0x0
0xffffd7000001dc80 0001 00000000 0x0 0x0
0xffffd7000001dd00 0001 00000000 0x0 0x0
0xffffd7000001dd80 0001 00000000 0x0 0x0
0xffffd7000001de00 0001 00000000 0x0 0x0
0xffffd7000001de80 0001 00000000 0x0 0x0
0xffffd7000001df00 0001 00000000 0x0 0x0
0xffffd7000001df80 0001 00000000 0x0 0x0
0xffffd7000001e000 0001 00000000 0x0 0x0
0xffffd7000001e080 0001 00000000 0x0 0x0
0xffffd7000001e100 0001 00000000 0x0 0x0
0xffffd7000001e180 0001 00000000 0x0 0x0
0xffffd7000001e200 0001 00000000 0x0 0x0
0xffffd7000001e280 0001 00000000 0x0 0x0
0xffffd7000001e300 0001 00000000 0x0 0x0
0xffffd7000001e380 0001 00000000 0x0 0x0
0xffffd7000001e400 0001 00000000 0x0 0x0
0xffffd7000001e480 0001 00000000 0x0 0x0
0xffffd7000001e500 0001 00000000 0x0 0x0
0xffffd7000001e580 0001 00000000 0x0 0x0
0xffffd7000001e600 0001 00000000 0x0 0x0
0xffffd7000001e680 0001 00000000 0x0 0x0
0xffffd7000001e700 0001 00000000 0x0 0x0
0xffffd7000001e780 0001 00000000 0x0 0x0
0xffffd7000001e800 0001 00000000 0x0 0x0
0xffffd7000001e880 0001 00000000 0x0 0x0
0xffffd7000001e900 0001 00000000 0x0 0x0
0xffffd7000001e980 0001 00000000 0x0 0x0
0xffffd7000001ea00 0001 00000000 0x0 0x0
0xffffd7000001ea80 0001 00000000 0x0 0x0
0xffffd7000001eb00 0001 00000000 0x0 0x0
0xffffd7000001eb80 0001 00000000 0x0 0x0
0xffffd7000001ec00 0001 00000000 0x0 0x0
0xffffd7000001ec80 0001 00000000 0x0 0x0
0xffffd7000001ed00 0001 00000000 0x0 0x0
0xffffd7000001ed80 0001 00000000 0x0 0x0
0xffffd7000001ee00 0001 00000000 0x0 0x0
0xffffd7000001ee80 0001 00000000 0x0 0x0
0xffffd7000001ef00 0001 00000000 0x0 0x0
0xffffd7000001ef80 0001 00000000 0x0 0x0
0xffffd7000001f000 0001 00000000 0x0 0x0
0xffffd7000001f080 0001 00000000 0x0 0x0
0xffffd7000001f100 0001 00000000 0x0 0x0
0xffffd7000001f180 0001 00000000 0x0 0x0
0xffffd7000001f200 0001 00000000 0x0 0x0
0xffffd7000001f280 0001 00000000 0x0 0x0
0xffffd7000001f300 0001 00000000 0x0 0x0
0xffffd7000001f380 0001 00000000 0x0 0x0
0xffffd7000001f400 0001 00000000 0x0 0x0
0xffffd7000001f480 0001 00000000 0x0 0x0
0xffffd7000001f500 0001 00000000 0x0 0x0
0xffffd7000001f580 0001 00000000 0x0 0x0
0xffffd7000001f600 0001 00000000 0x0 0x0
0xffffd7000001f680 0001 00000000 0x0 0x0
0xffffd7000001f700 0001 00000000 0x0 0x0
0xffffd7000001f780 0001 00000000 0x0 0x0
0xffffd7000001f800 0001 00000000 0x0 0x0
0xffffd7000001f880 0001 00000000 0x0 0x0
0xffffd7000001f900 0001 00000000 0x0 0x0
0xffffd7000001f980 0001 00000000 0x0 0x0
0xffffd7000001fa00 0001 00000000 0x0 0x0
0xffffd7000001fa80 0001 00000000 0x0 0x0
0xffffd7000001fb00 0001 00000000 0x0 0x0
0xffffd7000001fb80 0001 00000000 0x0 0x0
0xffffd7000001fc00 0001 00000000 0x0 0x0
0xffffd7000001fc80 0001 00000000 0x0 0x0
0xffffd7000001fd00 0001 00000000 0x0 0x0
0xffffd7000001fd80 0001 00000000 0x0 0x0
0xffffd7000001fe00 0001 00000000 0x0 0x0
0xffffd7000001fe80 0001 00000000 0x0 0x0
0xffffd7000001ff00 0001 00000000 0x0 0x0
0xffffd7000001ff80 0001 00000000 0x0 0x0
0xffffd70000020000 0001 00000000 0x0 0x0
0xffffd70000020080 0001 00000000 0x0 0x0
0xffffd70000020100 0001 00000000 0x0 0x0
0xffffd70000020180 0001 00000000 0x0 0x0
0xffffd70000020200 0001 00000000 0x0 0x0
0xffffd70000020280 0001 00000000 0x0 0x0
0xffffd70000020300 0001 00000000 0x0 0x0
0xffffd70000020380 0001 00000000 0x0 0x0
0xffffd70000020400 0001 00000000 0x0 0x0
0xffffd70000020480 0001 00000000 0x0 0x0
0xffffd70000020500 0001 00000000 0x0 0x0
0xffffd70000020580 0001 00000000 0x0 0x0
0xffffd70000020600 0001 00000000 0x0 0x0
0xffffd70000020680 0001 00000000 0x0 0x0
0xffffd70000020700 0001 00000000 0x0 0x0
0xffffd70000020780 0001 00000000 0x0 0x0
0xffffd70000020800 0001 00000000 0x0 0x0
0xffffd70000020880 0001 00000000 0x0 0x0
0xffffd70000020900 0001 00000000 0x0 0x0
0xffffd70000020980 0001 00000000 0x0 0x0
0xffffd70000020a00 0001 00000000 0x0 0x0
0xffffd70000020a80 0001 00000000 0x0 0x0
0xffffd70000020b00 0001 00000000 0x0 0x0
0xffffd70000020b80 0001 00000000 0x0 0x0
0xffffd70000020c00 0001 00000000 0x0 0x0
0xffffd70000020c80 0001 00000000 0x0 0x0
0xffffd70000020d00 0001 00000000 0x0 0x0
0xffffd70000020d80 0001 00000000 0x0 0x0
0xffffd70000020e00 0001 00000000 0x0 0x0
0xffffd70000020e80 0001 00000000 0x0 0x0
0xffffd70000020f00 0001 00000000 0x0 0x0
0xffffd70000020f80 0001 00000000 0x0 0x0
0xffffd70000021000 0001 00000000 0x0 0x0
0xffffd70000021080 0001 00000000 0x0 0x0
0xffffd70000021100 0001 00000000 0x0 0x0
0xffffd70000021180 0001 00000000 0x0 0x0
0xffffd70000021200 0001 00000000 0x0 0x0
0xffffd70000021280 0001 00000000 0x0 0x0
0xffffd70000021300 0001 00000000 0x0 0x0
0xffffd70000021380 0001 00000000 0x0 0x0
0xffffd70000021400 0001 00000000 0x0 0x0
0xffffd70000021480 0001 00000000 0x0 0x0
0xffffd70000021500 0001 00000000 0x0 0x0
0xffffd70000021580 0001 00000000 0x0 0x0
0xffffd70000021600 0001 00000000 0x0 0x0
0xffffd70000021680 0001 00000000 0x0 0x0
0xffffd70000021700 0001 00000000 0x0 0x0
0xffffd70000021780 0001 00000000 0x0 0x0
0xffffd70000021800 0001 00000000 0x0 0x0
0xffffd70000021880 0001 00000000 0x0 0x0
0xffffd70000021900 0001 00000000 0x0 0x0
0xffffd70000021980 0001 00000000 0x0 0x0
0xffffd70000021a00 0001 00000000 0x0 0x0
0xffffd70000021a80 0001 00000000 0x0 0x0
0xffffd70000021b00 0001 00000000 0x0 0x0
0xffffd70000021b80 0001 00000000 0x0 0x0
0xffffd70000021c00 0001 00000000 0x0 0x0
0xffffd70000021c80 0001 00000000 0x0 0x0
0xffffd70000021d00 0001 00000000 0x0 0x0
0xffffd70000021d80 0001 00000000 0x0 0x0
0xffffd70000021e00 0001 00000000 0x0 0x0
0xffffd70000021e80 0001 00000000 0x0 0x0
0xffffd70000021f00 0001 00000000 0x0 0x0
0xffffd70000021f80 0001 00000000 0x0 0x0
0xffffd70000022000 0001 00000000 0x0 0x0
0xffffd70000022080 0001 00000000 0x0 0x0
0xffffd70000022100 0001 00000000 0x0 0x0
0xffffd70000022180 0001 00000000 0x0 0x0
0xffffd70000022200 0001 00000000 0x0 0x0
0xffffd70000022280 0001 00000000 0x0 0x0
0xffffd70000022300 0001 00000000 0x0 0x0
0xffffd70000022380 0001 00000000 0x0 0x0
0xffffd70000022400 0001 00000000 0x0 0x0
0xffffd70000022480 0001 00000000 0x0 0x0
0xffffd70000022500 0001 00000000 0x0 0x0
0xffffd70000022580 0001 00000000 0x0 0x0
0xffffd70000022600 0001 00000000 0x0 0x0
0xffffd70000022680 0001 00000000 0x0 0x0
0xffffd70000022700 0001 00000000 0x0 0x0
0xffffd70000022780 0001 00000000 0x0 0x0
0xffffd70000022800 0001 00000000 0x0 0x0
0xffffd70000022880 0001 00000000 0x0 0x0
0xffffd70000022900 0001 00000000 0x0 0x0
0xffffd70000022980 0001 00000000 0x0 0x0
0xffffd70000022a00 0001 00000000 0x0 0x0
0xffffd70000022a80 0001 00000000 0x0 0x0
0xffffd70000022b00 0001 00000000 0x0 0x0
0xffffd70000022b80 0001 00000000 0x0 0x0
0xffffd70000022c00 0001 00000000 0x0 0x0
0xffffd70000022c80 0001 00000000 0x0 0x0
0xffffd70000022d00 0001 00000000 0x0 0x0
0xffffd70000022d80 0001 00000000 0x0 0x0
0xffffd70000022e00 0001 00000000 0x0 0x0
0xffffd70000022e80 0001 00000000 0x0 0x0
0xffffd70000022f00 0001 00000000 0x0 0x0
0xffffd70000022f80 0001 00000000 0x0 0x0
0xffffd70000023000 0001 00000000 0x0 0x0
0xffffd70000023080 0001 00000000 0x0 0x0
0xffffd70000023100 0001 00000000 0x0 0x0
0xffffd70000023180 0001 00000000 0x0 0x0
0xffffd70000023200 0001 00000000 0x0 0x0
0xffffd70000023280 0001 00000000 0x0 0x0
0xffffd70000023300 0001 00000000 0x0 0x0
0xffffd70000023380 0001 00000000 0x0 0x0
0xffffd70000023400 0001 00000000 0x0 0x0
0xffffd70000023480 0001 00000000 0x0 0x0
0xffffd70000023500 0001 00000000 0x0 0x0
0xffffd70000023580 0001 00000000 0x0 0x0
0xffffd70000023600 0001 00000000 0x0 0x0
0xffffd70000023680 0001 00000000 0x0 0x0
0xffffd70000023700 0001 00000000 0x0 0x0
0xffffd70000023780 0001 00000000 0x0 0x0
0xffffd70000023800 0001 00000000 0x0 0x0
0xffffd70000023880 0001 00000000 0x0 0x0
0xffffd70000023900 0001 00000000 0x0 0x0
0xffffd70000023980 0001 00000000 0x0 0x0
0xffffd70000023a00 0001 00000000 0x0 0x0
0xffffd70000023a80 0001 00000000 0x0 0x0
0xffffd70000023b00 0001 00000000 0x0 0x0
0xffffd70000023b80 0001 00000000 0x0 0x0
0xffffd70000023c00 0001 00000000 0x0 0x0
0xffffd70000023c80 0001 00000000 0x0 0x0
0xffffd70000023d00 0001 00000000 0x0 0x0
0xffffd70000023d80 0001 00000000 0x0 0x0
0xffffd70000023e00 0001 00000000 0x0 0x0
0xffffd70000023e80 0001 00000000 0x0 0x0
0xffffd70000023f00 0001 00000000 0x0 0x0
0xffffd70000023f80 0001 00000000 0x0 0x0
0xffffd70000024000 0001 00000000 0x0 0x0
0xffffd70000024080 0001 00000000 0x0 0x0
0xffffd70000024100 0001 00000000 0x0 0x0
0xffffd70000024180 0001 00000000 0x0 0x0
0xffffd70000024200 0001 00000000 0x0 0x0
0xffffd70000024280 0001 00000000 0x0 0x0
0xffffd70000024300 0001 00000000 0x0 0x0
0xffffd70000024380 0001 00000000 0x0 0x0
0xffffd70000024400 0001 00000000 0x0 0x0
0xffffd70000024480 0001 00000000 0x0 0x0
0xffffd70000024500 0001 00000000 0x0 0x0
0xffffd70000024580 0001 00000000 0x0 0x0
0xffffd70000024600 0001 00000000 0x0 0x0
0xffffd70000024680 0001 00000000 0x0 0x0
0xffffd70000024700 0001 00000000 0x0 0x0
0xffffd70000024780 0001 00000000 0x0 0x0
0xffffd70000024800 0001 00000000 0x0 0x0
0xffffd70000024880 0001 00000000 0x0 0x0
0xffffd70000024900 0001 00000000 0x0 0x0
0xffffd70000024980 0001 00000000 0x0 0x0
0xffffd70000024a00 0001 00000000 0x0 0x0
0xffffd70000024a80 0001 00000000 0x0 0x0
0xffffd70000024b00 0001 00000000 0x0 0x0
0xffffd70000024b80 0001 00000000 0x0 0x0
0xffffd70000024c00 0001 00000000 0x0 0x0
0xffffd70000024c80 0001 00000000 0x0 0x0
0xffffd70000024d00 0001 00000000 0x0 0x0
0xffffd70000024d80 0001 00000000 0x0 0x0
0xffffd70000024e00 0001 00000000 0x0 0x0
0xffffd70000024e80 0001 00000000 0x0 0x0
0xffffd70000024f00 0001 00000000 0x0 0x0
0xffffd70000024f80 0001 00000000 0x0 0x0
0xffffd70000025000 0001 00000000 0x0 0x0
0xffffd70000025080 0001 00000000 0x0 0x0
0xffffd70000025100 0001 00000000 0x0 0x0
0xffffd70000025180 0001 00000000 0x0 0x0
0xffffd70000025200 0001 00000000 0x0 0x0
0xffffd70000025280 0001 00000000 0x0 0x0
0xffffd70000025300 0001 00000000 0x0 0x0
0xffffd70000025380 0001 00000000 0x0 0x0
0xffffd70000025400 0001 00000000 0x0 0x0
0xffffd70000025480 0001 00000000 0x0 0x0
0xffffd70000025500 0001 00000000 0x0 0x0
0xffffd70000025580 0001 00000000 0x0 0x0
0xffffd70000025600 0001 00000000 0x0 0x0
0xffffd70000025680 0001 00000000 0x0 0x0
0xffffd70000025700 0001 00000000 0x0 0x0
0xffffd70000025780 0001 00000000 0x0 0x0
0xffffd70000025800 0001 00000000 0x0 0x0
0xffffd70000025880 0001 00000000 0x0 0x0
0xffffd70000025900 0001 00000000 0x0 0x0
0xffffd70000025980 0001 00000000 0x0 0x0
0xffffd70000025a00 0001 00000000 0x0 0x0
0xffffd70000025a80 0001 00000000 0x0 0x0
0xffffd70000025b00 0001 00000000 0x0 0x0
0xffffd70000025b80 0001 00000000 0x0 0x0
0xffffd70000025c00 0001 00000000 0x0 0x0
0xffffd70000025c80 0001 00000000 0x0 0x0
0xffffd70000025d00 0001 00000000 0x0 0x0
0xffffd70000025d80 0001 00000000 0x0 0x0
0xffffd70000025e00 0001 00000000 0x0 0x0
0xffffd70000025e80 0001 00000000 0x0 0x0
0xffffd70000025f00 0001 00000000 0x0 0x0
0xffffd70000025f80 0001 00000000 0x0 0x0
0xffffd70000026000 0001 00000000 0x0 0x0
0xffffd70000026080 0001 00000000 0x0 0x0
0xffffd70000026100 0001 00000000 0x0 0x0
0xffffd70000026180 0001 00000000 0x0 0x0
0xffffd70000026200 0001 00000000 0x0 0x0
0xffffd70000026280 0001 00000000 0x0 0x0
0xffffd70000026300 0001 00000000 0x0 0x0
0xffffd70000026380 0001 00000000 0x0 0x0
0xffffd70000026400 0001 00000000 0x0 0x0
0xffffd70000026480 0001 00000000 0x0 0x0
0xffffd70000026500 0001 00000000 0x0 0x0
0xffffd70000026580 0001 00000000 0x0 0x0
0xffffd70000026600 0001 00000000 0x0 0x0
0xffffd70000026680 0001 00000000 0x0 0x0
0xffffd70000026700 0001 00000000 0x0 0x0
0xffffd70000026780 0001 00000000 0x0 0x0
0xffffd70000026800 0001 00000000 0x0 0x0
0xffffd70000026880 0001 00000000 0x0 0x0
0xffffd70000026900 0001 00000000 0x0 0x0
0xffffd70000026980 0001 00000000 0x0 0x0
0xffffd70000026a00 0001 00000000 0x0 0x0
0xffffd70000026a80 0001 00000000 0x0 0x0
0xffffd70000026b00 0001 00000000 0x0 0x0
0xffffd70000026b80 0001 00000000 0x0 0x0
0xffffd70000026c00 0001 00000000 0x0 0x0
0xffffd70000026c80 0001 00000000 0x0 0x0
0xffffd70000026d00 0001 00000000 0x0 0x0
0xffffd70000026d80 0001 00000000 0x0 0x0
0xffffd70000026e00 0001 00000000 0x0 0x0
0xffffd70000026e80 0001 00000000 0x0 0x0
0xffffd70000026f00 0001 00000000 0x0 0x0
0xffffd70000026f80 0001 00000000 0x0 0x0
0xffffd70000027000 0001 00000000 0x0 0x0
0xffffd70000027080 0001 00000000 0x0 0x0
0xffffd70000027100 0001 00000000 0x0 0x0
0xffffd70000027180 0001 00000000 0x0 0x0
0xffffd70000027200 0001 00000000 0x0 0x0
0xffffd70000027280 0001 00000000 0x0 0x0
0xffffd70000027300 0001 00000000 0x0 0x0
0xffffd70000027380 0001 00000000 0x0 0x0
0xffffd70000027400 0001 00000000 0x0 0x0
0xffffd70000027480 0001 00000000 0x0 0x0
0xffffd70000027500 0001 00000000 0x0 0x0
0xffffd70000027580 0001 00000000 0x0 0x0
0xffffd70000027600 0001 00000000 0x0 0x0
0xffffd70000027680 0001 00000000 0x0 0x0
0xffffd70000027700 0001 00000000 0x0 0x0
0xffffd70000027780 0001 00000000 0x0 0x0
0xffffd70000027800 0001 00000000 0x0 0x0
0xffffd70000027880 0001 00000000 0x0 0x0
0xffffd70000027900 0001 00000000 0x0 0x0
0xffffd70000027980 0001 00000000 0x0 0x0
0xffffd70000027a00 0001 00000000 0x0 0x0
0xffffd70000027a80 0001 00000000 0x0 0x0
0xffffd70000027b00 0001 00000000 0x0 0x0
0xffffd70000027b80 0001 00000000 0x0 0x0
0xffffd70000027c00 0001 00000000 0x0 0x0
0xffffd70000027c80 0001 00000000 0x0 0x0
0xffffd70000027d00 0001 00000000 0x0 0x0
0xffffd70000027d80 0001 00000000 0x0 0x0
0xffffd70000027e00 0001 00000000 0x0 0x0
0xffffd70000027e80 0001 00000000 0x0 0x0
0xffffd70000027f00 0001 00000000 0x0 0x0
0xffffd70000027f80 0001 00000000 0x0 0x0
0xffffd70000028000 0001 00000000 0x0 0x0
0xffffd70000028080 0001 00000000 0x0 0x0
0xffffd70000028100 0001 00000000 0x0 0x0
0xffffd70000028180 0001 00000000 0x0 0x0
0xffffd70000028200 0001 00000000 0x0 0x0
0xffffd70000028280 0001 00000000 0x0 0x0
0xffffd70000028300 0001 00000000 0x0 0x0
0xffffd70000028380 0001 00000000 0x0 0x0
0xffffd70000028400 0001 00000000 0x0 0x0
0xffffd70000028480 0001 00000000 0x0 0x0
0xffffd70000028500 0001 00000000 0x0 0x0
0xffffd70000028580 0001 00000000 0x0 0x0
0xffffd70000028600 0001 00000000 0x0 0x0
0xffffd70000028680 0001 00000000 0x0 0x0
0xffffd70000028700 0001 00000000 0x0 0x0
0xffffd70000028780 0001 00000000 0x0 0x0
0xffffd70000028800 0001 00000000 0x0 0x0
0xffffd70000028880 0001 00000000 0x0 0x0
0xffffd70000028900 0001 00000000 0x0 0x0
0xffffd70000028980 0001 00000000 0x0 0x0
0xffffd70000028a00 0001 00000000 0x0 0x0
0xffffd70000028a80 0001 00000000 0x0 0x0
0xffffd70000028b00 0001 00000000 0x0 0x0
0xffffd70000028b80 0001 00000000 0x0 0x0
0xffffd70000028c00 0001 00000000 0x0 0x0
0xffffd70000028c80 0001 00000000 0x0 0x0
0xffffd70000028d00 0001 00000000 0x0 0x0
0xffffd70000028d80 0001 00000000 0x0 0x0
0xffffd70000028e00 0001 00000000 0x0 0x0
0xffffd70000028e80 0001 00000000 0x0 0x0
0xffffd70000028f00 0001 00000000 0x0 0x0
0xffffd70000028f80 0001 00000000 0x0 0x0
0xffffd70000029000 0001 00000000 0x0 0x0
0xffffd70000029080 0001 00000000 0x0 0x0
0xffffd70000029100 0001 00000000 0x0 0x0
0xffffd70000029180 0001 00000000 0x0 0x0
0xffffd70000029200 0001 00000000 0x0 0x0
0xffffd70000029280 0001 00000000 0x0 0x0
0xffffd70000029300 0001 00000000 0x0 0x0
0xffffd70000029380 0001 00000000 0x0 0x0
0xffffd70000029400 0001 00000000 0x0 0x0
0xffffd70000029480 0001 00000000 0x0 0x0
0xffffd70000029500 0001 00000000 0x0 0x0
0xffffd70000029580 0001 00000000 0x0 0x0
0xffffd70000029600 0001 00000000 0x0 0x0
0xffffd70000029680 0001 00000000 0x0 0x0
0xffffd70000029700 0001 00000000 0x0 0x0
0xffffd70000029780 0001 00000000 0x0 0x0
0xffffd70000029800 0001 00000000 0x0 0x0
0xffffd70000029880 0001 00000000 0x0 0x0
0xffffd70000029900 0001 00000000 0x0 0x0
0xffffd70000029980 0001 00000000 0x0 0x0
0xffffd70000029a00 0001 00000000 0x0 0x0
0xffffd70000029a80 0001 00000000 0x0 0x0
0xffffd70000029b00 0001 00000000 0x0 0x0
0xffffd70000029b80 0001 00000000 0x0 0x0
0xffffd70000029c00 0001 00000000 0x0 0x0
0xffffd70000029c80 0001 00000000 0x0 0x0
0xffffd70000029d00 0001 00000000 0x0 0x0
0xffffd70000029d80 0001 00000000 0x0 0x0
0xffffd70000029e00 0001 00000000 0x0 0x0
0xffffd70000029e80 0001 00000000 0x0 0x0
0xffffd70000029f00 0001 00000000 0x0 0x0
0xffffd70000029f80 0001 00000000 0x0 0x0
0xffffd7000002a000 0001 00000000 0x0 0x0
0xffffd7000002a080 0001 00000000 0x0 0x0
0xffffd7000002a100 0001 00000000 0x0 0x0
0xffffd7000002a180 0001 00000000 0x0 0x0
0xffffd7000002a200 0001 00000000 0x0 0x0
0xffffd7000002a280 0001 00000000 0x0 0x0
0xffffd7000002a300 0001 00000000 0x0 0x0
0xffffd7000002a380 0001 00000000 0x0 0x0
0xffffd7000002a400 0001 00000000 0x0 0x0
0xffffd7000002a480 0001 00000000 0x0 0x0
0xffffd7000002a500 0001 00000000 0x0 0x0
0xffffd7000002a580 0001 00000000 0x0 0x0
0xffffd7000002a600 0001 00000000 0x0 0x0
0xffffd7000002a680 0001 00000000 0x0 0x0
0xffffd7000002a700 0001 00000000 0x0 0x0
0xffffd7000002a780 0001 00000000 0x0 0x0
0xffffd7000002a800 0001 00000000 0x0 0x0
0xffffd7000

---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.