assert failed: ci->ci_tlbstate != TLBSTATE_VALID

1 view
Skip to first unread message

syzbot

unread,
Dec 14, 2019, 6:56:09 PM12/14/19
to syzkaller-...@googlegroups.com
Hello,

syzbot found the following crash on:

HEAD commit: cdbef540 If a fictious label has no RAW_PART assume there ..
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=13e02d2ee00000
kernel config: https://syzkaller.appspot.com/x/.config?x=6e4d6bd2b8e377a2
dashboard link: https://syzkaller.appspot.com/bug?extid=689fb7dab41abff8e75a
compiler: g++ (Ubuntu 5.4.0-6ubuntu1~16.04.12) 5.4.0 20160609

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+689fb7...@syzkaller.appspotmail.com

login: [ 64.0175082] panic: kernel diagnostic
assertion "ci->ci_tlbstate != TLBSTATE_VALID" failed:
file "/syzkaller/managers/netbsd/kernel/sys/arch/x86/x86/pmap.c", line 2790
[ 64.0275141] cpu1: Begin traceback...
[ 64.0475432] vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336
[ 64.0775893] _GLOBAL__sub_D_65535_0_cpu_configure() at
netbsd:_GLOBAL__sub_D_65535_0_cpu_configure
[ 64.1176475] pmap_activate() at netbsd:pmap_activate+0x179
sys/arch/x86/x86/pmap.c:2790
[ 64.1577064] mi_switch() at netbsd:mi_switch+0x5bc
sys/kern/kern_synch.c:738
[ 64.1877501] sleepq_block() at netbsd:sleepq_block+0x2b4
sys/kern/kern_sleepq.c:276
[ 64.2278112] kpause() at netbsd:kpause+0x1da sys/kern/kern_synch.c:235
[ 64.2578555] nanosleep1() at netbsd:nanosleep1+0x289
sys/kern/kern_time.c:355
[ 64.2979144] sys___nanosleep50() at netbsd:sys___nanosleep50+0xe5
sys/kern/kern_time.c:293
[ 64.3379729] syscall() at netbsd:syscall+0x559 sy_call
sys/sys/syscallvar.h:65 [inline]
[ 64.3379729] syscall() at netbsd:syscall+0x559 sy_invoke
sys/sys/syscallvar.h:94 [inline]
[ 64.3379729] syscall() at netbsd:syscall+0x559
sys/arch/x86/x86/syscall.c:138
[ 64.3479899] --- syscall (number 430) ---
[ 64.3680237] 7c32d0842a1a:
[ 64.3680237] cpu1: End traceback...
[ 64.3680237] fatal breakpoint trap in supervisor mode
[ 64.3780294] trap type 1 code 0 rip 0xffffffff8021ccb5 cs 0x8 rflags
0x246 cr2 0x628060 ilevel 0x8 rsp 0xffffd70174837890
[ 64.3880454] curlwp 0xffffd70012d97ae0 pid 603.1 lowest kstack
0xffffd701748302c0
Stopped in pid 603.1 (syz-executor.5) at netbsd:breakpoint+0x5:
leave
?
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0xe9 sys/ddb/db_panic.c:67
vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336
_GLOBAL__sub_D_65535_0_cpu_configure() at
netbsd:_GLOBAL__sub_D_65535_0_cpu_configure
pmap_activate() at netbsd:pmap_activate+0x179 sys/arch/x86/x86/pmap.c:2790
mi_switch() at netbsd:mi_switch+0x5bc sys/kern/kern_synch.c:738
sleepq_block() at netbsd:sleepq_block+0x2b4 sys/kern/kern_sleepq.c:276
kpause() at netbsd:kpause+0x1da sys/kern/kern_synch.c:235
nanosleep1() at netbsd:nanosleep1+0x289 sys/kern/kern_time.c:355
sys___nanosleep50() at netbsd:sys___nanosleep50+0xe5
sys/kern/kern_time.c:293
syscall() at netbsd:syscall+0x559 sy_call sys/sys/syscallvar.h:65 [inline]
syscall() at netbsd:syscall+0x559 sy_invoke sys/sys/syscallvar.h:94 [inline]
syscall() at netbsd:syscall+0x559 sys/arch/x86/x86/syscall.c:138
--- syscall (number 430) ---
7c32d0842a1a:
ds 360
es 7950
fs 7870
gs 78c0
rdi ffffd7000cb1a458
rsi ffffd70012d97dc8
rbp ffffd70174837890
rbx ffffd7016ca80000
rdx 2
rcx ffffffff80d00841 db_panic+0xd5
rax 0
r8 4
r9 1ffffffff0553818
r10 ffffffff82a9c0c3 db_onpanic+0x3
r11 8000000000
r12 ffffd7016ca92000
r13 ffffffff81c22540 platform_private_nodes+0x140
r14 ffffd70174837920
r15 ffffd7016ca80060
rip ffffffff8021ccb5 breakpoint+0x5
cs 8
rflags 246
rsp ffffd70174837890
ss 10
netbsd:breakpoint+0x5: leave
PID LID S CPU FLAGS STRUCT LWP * NAME WAIT
619 4 4 0 1000000 ffffd70012ff9780 syz-executor.5
682 5 3 0 80 ffffd70012ffa480 syz-executor.4 parked
682 4 3 1 80 ffffd70012ffa040 syz-executor.4 parked
682 3 3 0 80 ffffd70012ff9bc0 syz-executor.4 parked
682 1 2 1 0 ffffd70012ff9340 syz-executor.4
647 1 2 1 10000000 ffffd70012d56660 syz-executor.2
72 4 3 0 80 ffffd70012018180 syz-executor.5 parked
72 3 3 0 80 ffffd70012eb8b00 syz-executor.5 parked
72 1 2 0 10000000 ffffd70012efb2c0 syz-executor.5
742 4 3 1 80 ffffd700120311c0 syz-executor.3 parked
742 3 3 1 80 ffffd70011fda500 syz-executor.3 parked
742 1 2 1 10040000 ffffd70012fa5ba0 syz-executor.3
676 4 3 1 80 ffffd70011fa3080 syz-executor.1 parked
676 3 3 1 40080 ffffd70011fe3960 syz-executor.1 parked
676 1 2 1 10040000 ffffd7001136a300 syz-executor.1
477 3 3 1 80 ffffd70011f7f8c0 syz-executor.5 parked
201 4 3 1 80 ffffd70011f914a0 syz-executor.5 parked
603 > 1 7 1 0 ffffd70012d97ae0 syz-executor.5
615 1 2 0 0 ffffd70012d976a0 syz-executor.4
533 1 2 0 0 ffffd70012d97260 syz-executor.3
556 1 2 1 0 ffffd70012d6cac0 syz-executor.2
479 1 2 0 0 ffffd70012d6c680 syz-executor.1
40 1 2 0 0 ffffd70012d6c240 syz-executor.0
523 10 2 0 0 ffffd70012d56aa0 syz-fuzzer
523 9 3 1 80 ffffd700110d39e0 syz-fuzzer parked
523 8 3 1 80 ffffd70012d56220 syz-fuzzer parked
523 7 3 0 80 ffffd700127c0a80 syz-fuzzer parked
523 6 3 0 80 ffffd700127c0640 syz-fuzzer parked
523 5 3 1 80 ffffd70011f32b80 syz-fuzzer kqueue
523 4 3 0 80 ffffd70012021a20 syz-fuzzer parked
523 3 3 1 80 ffffd700120215e0 syz-fuzzer parked
523 2 3 1 80 ffffd700120185c0 syz-fuzzer parked
523 1 3 0 80 ffffd700110d75e0 syz-fuzzer parked
400 1 3 0 80 ffffd70011f55320 sshd select
536 1 3 1 80 ffffd70011f32300 getty nanoslp
586 1 3 0 80 ffffd70011ff8560 getty nanoslp
580 1 3 1 80 ffffd70011ff8120 getty nanoslp
534 1 3 0 80 ffffd70011fee100 getty ttyraw
526 1 3 0 80 ffffd70011f55760 cron nanoslp
542 1 3 1 80 ffffd700115a06e0 inetd kqueue
370 1 3 1 80 ffffd700115af2c0 sshd select
468 1 3 1 80 ffffd700114c9a20 powerd kqueue
467 > 1 7 0 0 ffffd7001145f980 makemandb
195 1 3 0 80 ffffd70011f55ba0 syslogd kqueue
249 1 3 1 80 ffffd700114eb1e0 dhcpcd kqueue
218 1 3 1 80 ffffd700113f58e0 dhcpcd kqueue
1 1 3 0 80 ffffd700111fa240 init wait
0 58 3 0 204 ffffd700111faac0 physiod physiod
0 57 2 0 200 ffffd70011242280 aiodoned
0 56 3 1 200 ffffd70011241ae0 ioflush syncer
0 55 3 0 204 ffffd700112416a0 pooldrain pooldrain
0 54 3 0 200 ffffd70011241260 pgdaemon pgdaemon
0 51 3 1 200 ffffd700111fa680 npfgc-0 npfgccv
0 50 3 0 204 ffffd700111ecaa0 rt_free rt_free
0 49 3 0 204 ffffd700111ec660 unpgc unpgc
0 48 3 0 204 ffffd700111ec220 key_timehandler
key_timehandler
0 47 3 1 204 ffffd700111e4a80 icmp6_wqinput/1
icmp6_wqinput
0 46 3 0 204 ffffd700111e4640 icmp6_wqinput/0
icmp6_wqinput
0 45 3 1 204 ffffd700111e4200 nd6_timer nd6_timer
0 44 3 1 204 ffffd700110fba60 carp6_wqinput/1
carp6_wqinput
0 43 3 0 204 ffffd700110fb620 carp6_wqinput/0
carp6_wqinput
0 42 3 1 204 ffffd700110fb1e0 carp_wqinput/1
carp_wqinput
0 41 3 0 204 ffffd700110e9a40 carp_wqinput/0
carp_wqinput
0 40 3 1 204 ffffd700110e9600 icmp_wqinput/1
icmp_wqinput
0 39 3 0 204 ffffd700110e91c0 icmp_wqinput/0
icmp_wqinput
0 38 3 1 204 ffffd700110d7a20 rt_timer rt_timer
0 37 3 0 204 ffffd700110d4180 vmem_rehash vmem_rehash
0 27 3 0 204 ffffd7000e9b9580 scsibus0 sccomp
0 26 3 0 200 ffffd7000e9b9140 pms0 pmsreset
0 25 3 1 204 ffffd7000e92b9a0 xcall/1 xcall
0 24 1 1 200 ffffd7000e92b560 softser/1
0 23 1 1 200 ffffd7000e92b120 softclk/1
0 22 1 1 200 ffffd7000e927980 softbio/1
0 21 1 1 200 ffffd7000e927540 softnet/1
0 20 1 1 201 ffffd7000e927100 idle/1
0 19 3 0 204 ffffd7000e85d960 lnxpwrwq lnxpwrwq
0 18 3 1 204 ffffd7000e85d520 lnxlngwq lnxlngwq
0 17 3 0 204 ffffd7000e85d0e0 lnxsyswq lnxsyswq
0 16 3 0 204 ffffd7000d042940 lnxrcugc lnxrcugc
0 15 3 0 204 ffffd7000d042500 sysmon smtaskq
0 14 3 1 204 ffffd7000d0420c0 pmfsuspend pmfsuspend
0 13 3 0 204 ffffd7000d033920 pmfevent pmfevent
0 12 3 0 204 ffffd7000d0334e0 sopendfree sopendfr
0 11 3 1 204 ffffd7000d0330a0 nfssilly nfssilly
0 10 3 1 200 ffffd7000d027900 cachegc cachegc
0 9 3 1 204 ffffd7000d0274c0 vdrain vdrain
0 8 3 0 200 ffffd7000d027080 modunload mod_unld
0 7 3 0 204 ffffd7000d0188e0 xcall/0 xcall
0 6 1 0 200 ffffd7000d0184a0 softser/0
0 5 1 0 200 ffffd7000d018060 softclk/0
0 4 1 0 200 ffffd7000d0148c0 softbio/0
0 3 1 0 200 ffffd7000d014480 softnet/0
0 2 1 0 201 ffffd7000d014040 idle/0
0 1 3 1 200 ffffffff82b62fa0 swapper uvm
[Locks tracked through LWPs]
Locks held by an LWP (syz-executor.4):
Lock 0 (initialized at amap_alloc)
lock address : 0xffffd70012e4fb00 type : sleep/adaptive
initialized : 0xffffffff810c6fb1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
current cpu : 1 last held: 1
current lwp : 0xffffd70012d97ae0 last held: 0xffffd70012ff9340
last locked* : 0xffffffff810d65a5 unlocked : 0xffffffff810d42b8
owner field : 0xffffd70012ff9340 wait/spin: 0/0

Turnstile chain at 0xffffffff82d83ae0 with mutex 0xffffd7000d00bd00.
=> No active turnstile for this lock.

Locks held by an LWP (syz-executor.2):
Lock 0 (initialized at fork1)
lock address : 0xffffd700114cb0b8 type : sleep/adaptive
initialized : 0xffffffff8114751c
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
current cpu : 1 last held: 1
current lwp : 0xffffd70012d97ae0 last held: 0xffffd70012d56660
last locked* : 0xffffffff81143c0d unlocked : 000000000000000000
owner/count : 0xffffd70012d56660 flags : 0x0000000000000004

Turnstile chain at 0xffffffff82d83990 with mutex 0xffffd7000d00b280.
=> No active turnstile for this lock.
Lock 1 (initialized at amap_alloc)
lock address : 0xffffd70012d83600 type : sleep/adaptive
initialized : 0xffffffff810c6fb1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
current cpu : 1 last held: 1
current lwp : 0xffffd70012d97ae0 last held: 0xffffd70012d56660
last locked* : 0xffffffff810e7bd1 unlocked : 0xffffffff810d42b8
owner field : 0xffffd70012d56660 wait/spin: 0/0

Turnstile chain at 0xffffffff82d83a40 with mutex 0xffffd7000d00b800.
=> No active turnstile for this lock.
Lock 2 (initialized at pmap_create)
lock address : 0xffffd700114c72d0 type : sleep/adaptive
initialized : 0xffffffff80272166
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
current cpu : 1 last held: 1
current lwp : 0xffffd70012d97ae0 last held: 0xffffd70012d56660
last locked* : 0xffffffff80274a67 unlocked : 0xffffffff80274456
owner field : 0xffffd70012d56660 wait/spin: 0/0

Turnstile chain at 0xffffffff82d839d8 with mutex 0xffffd7000d00b4c0.
=> No active turnstile for this lock.


[Locks tracked through CPUs]

PAGE FLAG PQ UOBJECT UANON
0xffffd70000014180 0048 00000000 0x0 0x0
0xffffd700000141f0 0048 00000000 0x0 0x0
0xffffd70000014260 0048 00000000 0x0 0x0
0xffffd700000142d0 0048 00000000 0x0 0x0
0xffffd70000014340 0040 00000000 0x0 0x0
0xffffd700000143b0 0048 00000000 0x0 0x0
0xffffd70000014420 0048 00000000 0x0 0x0
0xffffd70000014490 0048 00000000 0x0 0x0
0xffffd70000014500 0048 00000000 0x0 0x0
0xffffd70000014570 0048 00000000 0x0 0x0
0xffffd700000145e0 0048 00000000 0x0 0x0
0xffffd70000014650 0048 00000000 0x0 0x0
0xffffd700000146c0 0048 00000000 0x0 0x0
0xffffd70000014730 0040 00000000 0x0 0x0
0xffffd700000147a0 0040 00000000 0x0 0x0
0xffffd70000014810 0040 00000000 0x0 0x0
0xffffd70000014880 0040 00000000 0x0 0x0
0xffffd700000148f0 0040 00000000 0x0 0x0
0xffffd70000014960 0040 00000000 0x0 0x0
0xffffd700000149d0 0040 00000000 0x0 0x0
0xffffd70000014a40 0048 00000000 0x0 0x0
0xffffd70000014ab0 0048 00000000 0x0 0x0
0xffffd70000014b20 0048 00000000 0x0 0x0
0xffffd70000014b90 0048 00000000 0x0 0x0
0xffffd70000014c00 0048 00000000 0x0 0x0
0xffffd70000014c70 0048 00000000 0x0 0x0
0xffffd70000014ce0 0048 00000000 0x0 0x0
0xffffd70000014d50 0048 00000000 0x0 0x0
0xffffd70000014dc0 0040 00000000 0x0 0x0
0xffffd70000014e30 0048 00000000 0x0 0x0
0xffffd70000014ea0 0048 00000000 0x0 0x0
0xffffd70000014f10 0048 00000000 0x0 0x0
0xffffd70000014f80 0048 00000000 0x0 0x0
0xffffd70000014ff0 0048 00000000 0x0 0x0
0xffffd70000015060 0048 00000000 0x0 0x0
0xffffd700000150d0 0048 00000000 0x0 0x0
0xffffd70000015140 0048 00000000 0x0 0x0
0xffffd700000151b0 0048 00000000 0x0 0x0
0xffffd70000015220 0048 00000000 0x0 0x0
0xffffd70000015290 0048 00000000 0x0 0x0
0xffffd70000015300 0048 00000000 0x0 0x0
0xffffd70000015370 0048 00000000 0x0 0x0
0xffffd700000153e0 0048 00000000 0x0 0x0
0xffffd70000015450 0048 00000000 0x0 0x0
0xffffd700000154c0 0048 00000000 0x0 0x0
0xffffd70000015530 0048 00000000 0x0 0x0
0xffffd700000155a0 0048 00000000 0x0 0x0
0xffffd70000015610 0048 00000000 0x0 0x0
0xffffd70000015680 0048 00000000 0x0 0x0
0xffffd700000156f0 0048 00000000 0x0 0x0
0xffffd70000015760 0048 00000000 0x0 0x0
0xffffd700000157d0 0048 00000000 0x0 0x0
0xffffd70000015840 0048 00000000 0x0 0x0
0xffffd700000158b0 0048 00000000 0x0 0x0
0xffffd70000015920 0048 00000000 0x0 0x0
0xffffd70000015990 0048 00000000 0x0 0x0
0xffffd70000015a00 0048 00000000 0x0 0x0
0xffffd70000015a70 0048 00000000 0x0 0x0
0xffffd70000015ae0 0048 00000000 0x0 0x0
0xffffd70000015b50 0048 00000000 0x0 0x0
0xffffd70000015bc0 0048 00000000 0x0 0x0
0xffffd70000015c30 0048 00000000 0x0 0x0
0xffffd70000015ca0 0048 00000000 0x0 0x0
0xffffd70000015d10 0048 00000000 0x0 0x0
0xffffd70000015d80 0048 00000000 0x0 0x0
0xffffd70000015df0 0048 00000000 0x0 0x0
0xffffd70000015e60 0041 00000000 0x0 0x0
0xffffd70000015ed0 0041 00000000 0x0 0x0
0xffffd70000015f40 0048 00000000 0x0 0x0
0xffffd70000015fb0 0048 00000000 0x0 0x0
0xffffd70000016020 0048 00000000 0x0 0x0
0xffffd70000016090 0048 00000000 0x0 0x0
0xffffd70000016100 0048 00000000 0x0 0x0
0xffffd70000016170 0048 00000000 0x0 0x0
0xffffd700000161e0 0041 00000000 0x0 0x0
0xffffd70000016250 0041 00000000 0x0 0x0
0xffffd700000162c0 0041 00000000 0x0 0x0
0xffffd70000016330 0040 00000000 0x0 0x0
0xffffd700000163a0 0040 00000000 0x0 0x0
0xffffd70000016410 0048 00000000 0x0 0x0
0xffffd70000016480 0040 00000000 0x0 0x0
0xffffd700000164f0 0040 00000000 0x0 0x0
0xffffd70000016560 0048 00000000 0x0 0x0
0xffffd700000165d0 0048 00000000 0x0 0x0
0xffffd70000016640 0041 00000000 0x0 0x0
0xffffd700000166b0 0041 00000000 0x0 0x0
0xffffd70000016720 0041 00000000 0x0 0x0
0xffffd70000016790 0040 00000000 0x0 0x0
0xffffd70000016800 0041 00000000 0x0 0x0
0xffffd70000016870 0041 00000000 0x0 0x0
0xffffd700000168e0 0048 00000000 0x0 0x0
0xffffd70000016950 0048 00000000 0x0 0x0
0xffffd700000169c0 0048 00000000 0x0 0x0
0xffffd70000016a30 0041 00000000 0x0 0x0
0xffffd70000016aa0 0041 00000000 0x0 0x0
0xffffd70000016b10 0041 00000000 0x0 0x0
0xffffd70000016b80 0041 00000000 0x0 0x0
0xffffd70000016bf0 0041 00000000 0x0 0x0
0xffffd70000016c60 0048 00000000 0x0 0x0
0xffffd70000016cd0 0048 00000000 0x0 0x0
0xffffd70000016d40 0048 00000000 0x0 0x0
0xffffd70000016db0 0048 00000000 0x0 0x0
0xffffd70000016e20 0048 00000000 0x0 0x0
0xffffd70000016e90 0041 00000000 0x0 0x0
0xffffd70000016f00 0048 00000000 0x0 0x0
0xffffd70000016f70 0048 00000000 0x0 0x0
0xffffd70000016fe0 0048 00000000 0x0 0x0
0xffffd70000017050 0048 00000000 0x0 0x0
0xffffd700000170c0 0048 00000000 0x0 0x0
0xffffd70000017130 0048 00000000 0x0 0x0
0xffffd700000171a0 0048 00000000 0x0 0x0
0xffffd70000017210 0048 00000000 0x0 0x0
0xffffd70000017280 0048 00000000 0x0 0x0
0xffffd700000172f0 0048 00000000 0x0 0x0
0xffffd70000017360 0048 00000000 0x0 0x0
0xffffd700000173d0 0048 00000000 0x0 0x0
0xffffd70000017440 0048 00000000 0x0 0x0
0xffffd700000174b0 0048 00000000 0x0 0x0
0xffffd70000017520 0048 00000000 0x0 0x0
0xffffd70000017590 0048 00000000 0x0 0x0
0xffffd70000017600 0048 00000000 0x0 0x0
0xffffd70000017670 0048 00000000 0x0 0x0
0xffffd700000176e0 0048 00000000 0x0 0x0
0xffffd70000017750 0048 00000000 0x0 0x0
0xffffd700000177c0 0048 00000000 0x0 0x0
0xffffd70000017830 0048 00000000 0x0 0x0
0xffffd700000178a0 0048 00000000 0x0 0x0
0xffffd70000017910 0048 00000000 0x0 0x0
0xffffd70000017980 0048 00000000 0x0 0x0
0xffffd700000179f0 0048 00000000 0x0 0x0
0xffffd70000017a60 0048 00000000 0x0 0x0
0xffffd70000017ad0 0048 00000000 0x0 0x0
0xffffd70000017b40 0048 00000000 0x0 0x0
0xffffd70000017bb0 0048 00000000 0x0 0x0
0xffffd70000017c20 0048 00000000 0x0 0x0
0xffffd70000017c90 0048 00000000 0x0 0x0
0xffffd70000017d00 0048 00000000 0x0 0x0
0xffffd70000017d70 0048 00000000 0x0 0x0
0xffffd70000017de0 0048 00000000 0x0 0x0
0xffffd70000017e50 0048 00000000 0x0 0x0
0xffffd70000017ec0 0048 00000000 0x0 0x0
0xffffd70000017f30 0048 00000000 0x0 0x0
0xffffd70000017fa0 0048 00000000 0x0 0x0
0xffffd70000018010 0048 00000000 0x0 0x0
0xffffd70000018080 0048 00000000 0x0 0x0
0xffffd700000180f0 0048 00000000 0x0 0x0
0xffffd70000018160 0048 00000000 0x0 0x0
0xffffd700000181d0 0048 00000000 0x0 0x0
0xffffd70000018240 0048 00000000 0x0 0x0
0xffffd700000182b0 0048 00000000 0x0 0x0
0xffffd70000018320 0048 00000000 0x0 0x0
0xffffd70000018390 0048 00000000 0x0 0x0
0xffffd70000018400 0048 00000000 0x0 0x0
0xffffd70000018470 0048 00000000 0x0 0x0
0xffffd700000184e0 0048 00000000 0x0 0x0
0xffffd70000018550 0048 00000000 0x0 0x0
0xffffd700000185c0 0048 00000000 0x0 0x0
0xffffd70000018630 0048 00000000 0x0 0x0
0xffffd700000186a0 0048 00000000 0x0 0x0
0xffffd70000018710 0048 00000000 0x0 0x0
0xffffd70000018780 0048 00000000 0x0 0x0
0xffffd700000187f0 0048 00000000 0x0 0x0
0xffffd70000018860 0048 00000000 0x0 0x0
0xffffd700000188d0 0048 00000000 0x0 0x0
0xffffd70000018940 0048 00000000 0x0 0x0
0xffffd700000189b0 0048 00000000 0x0 0x0
0xffffd70000018a20 0048 00000000 0x0 0x0
0xffffd70000018a90 0048 00000000 0x0 0x0
0xffffd70000018b00 0048 00000000 0x0 0x0
0xffffd70000018b70 0048 00000000 0x0 0x0
0xffffd70000018be0 0048 00000000 0x0 0x0
0xffffd70000018c50 0048 00000000 0x0 0x0
0xffffd70000018cc0 0048 00000000 0x0 0x0
0xffffd70000018d30 0048 00000000 0x0 0x0
0xffffd70000018da0 0048 00000000 0x0 0x0
0xffffd70000018e10 0048 00000000 0x0 0x0
0xffffd70000018e80 0048 00000000 0x0 0x0
0xffffd70000018ef0 0048 00000000 0x0 0x0
0xffffd70000018f60 0048 00000000 0x0 0x0
0xffffd70000018fd0 0048 00000000 0x0 0x0
0xffffd70000019040 0048 00000000 0x0 0x0
0xffffd700000190b0 0048 00000000 0x0 0x0
0xffffd70000019120 0048 00000000 0x0 0x0
0xffffd70000019190 0048 00000000 0x0 0x0
0xffffd70000019200 0048 00000000 0x0 0x0
0xffffd70000019270 0048 00000000 0x0 0x0
0xffffd700000192e0 0048 00000000 0x0 0x0
0xffffd70000019350 0048 00000000 0x0 0x0
0xffffd700000193c0 0048 00000000 0x0 0x0
0xffffd70000019430 0048 00000000 0x0 0x0
0xffffd700000194a0 0048 00000000 0x0 0x0
0xffffd70000019510 0048 00000000 0x0 0x0
0xffffd70000019580 0048 00000000 0x0 0x0
0xffffd700000195f0 0048 00000000 0x0 0x0
0xffffd70000019660 0048 00000000 0x0 0x0
0xffffd700000196d0 0048 00000000 0x0 0x0
0xffffd70000019740 0048 00000000 0x0 0x0
0xffffd700000197b0 0048 00000000 0x0 0x0
0xffffd70000019820 0048 00000000 0x0 0x0
0xffffd70000019890 0048 00000000 0x0 0x0
0xffffd70000019900 0048 00000000 0x0 0x0
0xffffd70000019970 0048 00000000 0x0 0x0
0xffffd700000199e0 0048 00000000 0x0 0x0
0xffffd70000019a50 0048 00000000 0x0 0x0
0xffffd70000019ac0 0048 00000000 0x0 0x0
0xffffd70000019b30 0048 00000000 0x0 0x0
0xffffd70000019ba0 0048 00000000 0x0 0x0
0xffffd70000019c10 0048 00000000 0x0 0x0
0xffffd70000019c80 0048 00000000 0x0 0x0
0xffffd70000019cf0 0048 00000000 0x0 0x0
0xffffd70000019d60 0048 00000000 0x0 0x0
0xffffd70000019dd0 0048 00000000 0x0 0x0
0xffffd70000019e40 0048 00000000 0x0 0x0
0xffffd70000019eb0 0048 00000000 0x0 0x0
0xffffd70000019f20 0048 00000000 0x0 0x0
0xffffd70000019f90 0048 00000000 0x0 0x0
0xffffd7000001a000 0048 00000000 0x0 0x0
0xffffd7000001a070 0048 00000000 0x0 0x0
0xffffd7000001a0e0 0048 00000000 0x0 0x0
0xffffd7000001a150 0048 00000000 0x0 0x0
0xffffd7000001a1c0 0048 00000000 0x0 0x0
0xffffd7000001a230 0048 00000000 0x0 0x0
0xffffd7000001a2a0 0048 00000000 0x0 0x0
0xffffd7000001a310 0048 00000000 0x0 0x0
0xffffd7000001a380 0048 00000000 0x0 0x0
0xffffd7000001a3f0 0048 00000000 0x0 0x0
0xffffd7000001a460 0008 00000000 0x0 0x0
0xffffd7000001a4d0 0008 00000000 0x0 0x0
0xffffd7000001a540 0008 00000000 0x0 0x0
0xffffd7000001a5b0 0008 00000000 0x0 0x0
0xffffd7000001a620 0008 00000000 0x0 0x0
0xffffd7000001a690 0008 00000000 0x0 0x0
0xffffd7000001a700 0008 00000000 0x0 0x0
0xffffd7000001a770 0008 00000000 0x0 0x0
0xffffd7000001a7e0 0008 00000000 0x0 0x0
0xffffd7000001a850 0008 00000000 0x0 0x0
0xffffd7000001a8c0 0008 00000000 0x0 0x0
0xffffd7000001a930 0008 00000000 0x0 0x0
0xffffd7000001a9a0 0008 00000000 0x0 0x0
0xffffd7000001aa10 0008 00000000 0x0 0x0
0xffffd7000001aa80 0008 00000000 0x0 0x0
0xffffd7000001aaf0 0008 00000000 0x0 0x0
0xffffd7000001ab60 0008 00000000 0x0 0x0
0xffffd7000001abd0 0008 00000000 0x0 0x0
0xffffd7000001ac40 0008 00000000 0x0 0x0
0xffffd7000001acb0 0008 00000000 0x0 0x0
0xffffd7000001ad20 0008 00000000 0x0 0x0
0xffffd7000001ad90 0008 00000000 0x0 0x0
0xffffd7000001ae00 0008 00000000 0x0 0x0
0xffffd7000001ae70 0008 00000000 0x0 0x0
0xffffd7000001aee0 0008 00000000 0x0 0x0
0xffffd7000001af50 0008 00000000 0x0 0x0
0xffffd7000001afc0 0008 00000000 0x0 0x0
0xffffd7000001b030 0008 00000000 0x0 0x0
0xffffd7000001b0a0 0008 00000000 0x0 0x0
0xffffd7000001b110 0008 00000000 0x0 0x0
0xffffd7000001b180 0008 00000000 0x0 0x0
0xffffd7000001b1f0 0008 00000000 0x0 0x0
0xffffd7000001b260 0008 00000000 0x0 0x0
0xffffd7000001b2d0 0008 00000000 0x0 0x0
0xffffd7000001b340 0008 00000000 0x0 0x0
0xffffd7000001b3b0 0008 00000000 0x0 0x0
0xffffd7000001b420 0008 00000000 0x0 0x0
0xffffd7000001b490 0008 00000000 0x0 0x0
0xffffd7000001b500 0008 00000000 0x0 0x0
0xffffd7000001b570 0008 00000000 0x0 0x0
0xffffd7000001b5e0 0008 00000000 0x0 0x0
0xffffd7000001b650 0008 00000000 0x0 0x0
0xffffd7000001b6c0 0008 00000000 0x0 0x0
0xffffd7000001b730 0008 00000000 0x0 0x0
0xffffd7000001b7a0 0008 00000000 0x0 0x0
0xffffd7000001b810 0008 00000000 0x0 0x0
0xffffd7000001b880 0008 00000000 0x0 0x0
0xffffd7000001b8f0 0008 00000000 0x0 0x0
0xffffd7000001b960 0008 00000000 0x0 0x0
0xffffd7000001b9d0 0008 00000000 0x0 0x0
0xffffd7000001ba40 0008 00000000 0x0 0x0
0xffffd7000001bab0 0008 00000000 0x0 0x0
0xffffd7000001bb20 0008 00000000 0x0 0x0
0xffffd7000001bb90 0008 00000000 0x0 0x0
0xffffd7000001bc00 0048 00000000 0x0 0x0
0xffffd7000001bc70 0048 00000000 0x0 0x0
0xffffd7000001bce0 0048 00000000 0x0 0x0
0xffffd7000001bd50 0048 00000000 0x0 0x0
0xffffd7000001bdc0 0048 00000000 0x0 0x0
0xffffd7000001be30 0048 00000000 0x0 0x0
0xffffd7000001bea0 0048 00000000 0x0 0x0
0xffffd7000001bf10 0048 00000000 0x0 0x0
0xffffd7000001bf80 0048 00000000 0x0 0x0
0xffffd7000001bff0 0048 00000000 0x0 0x0
0xffffd7000001c060 0048 00000000 0x0 0x0
0xffffd7000001c0d0 0048 00000000 0x0 0x0
0xffffd7000001c140 0048 00000000 0x0 0x0
0xffffd7000001c1b0 0048 00000000 0x0 0x0
0xffffd7000001c220 0048 00000000 0x0 0x0
0xffffd7000001c290 0048 00000000 0x0 0x0
0xffffd7000001c300 0048 00000000 0x0 0x0
0xffffd7000001c370 0048 00000000 0x0 0x0
0xffffd7000001c3e0 0048 00000000 0x0 0x0
0xffffd7000001c450 0048 00000000 0x0 0x0
0xffffd7000001c4c0 0048 00000000 0x0 0x0
0xffffd7000001c530 0048 00000000 0x0 0x0
0xffffd7000001c5a0 0048 00000000 0x0 0x0
0xffffd7000001c610 0048 00000000 0x0 0x0
0xffffd7000001c680 0048 00000000 0x0 0x0
0xffffd7000001c6f0 0048 00000000 0x0 0x0
0xffffd7000001c760 0048 00000000 0x0 0x0
0xffffd7000001c7d0 0048 00000000 0x0 0x0
0xffffd7000001c840 0048 00000000 0x0 0x0
0xffffd7000001c8b0 0048 00000000 0x0 0x0
0xffffd7000001c920 0048 00000000 0x0 0x0
0xffffd7000001c990 0048 00000000 0x0 0x0
0xffffd7000001ca00 0048 00000000 0x0 0x0
0xffffd7000001ca70 0048 00000000 0x0 0x0
0xffffd7000001cae0 0048 00000000 0x0 0x0
0xffffd7000001cb50 0048 00000000 0x0 0x0
0xffffd7000001cbc0 0048 00000000 0x0 0x0
0xffffd7000001cc30 0048 00000000 0x0 0x0
0xffffd7000001cca0 0048 00000000 0x0 0x0
0xffffd7000001cd10 0048 00000000 0x0 0x0
0xffffd7000001cd80 0048 00000000 0x0 0x0
0xffffd7000001cdf0 0048 00000000 0x0 0x0
0xffffd7000001ce60 0048 00000000 0x0 0x0
0xffffd7000001ced0 0048 00000000 0x0 0x0
0xffffd7000001cf40 0048 00000000 0x0 0x0
0xffffd7000001cfb0 0048 00000000 0x0 0x0
0xffffd7000001d020 0048 00000000 0x0 0x0
0xffffd7000001d090 0048 00000000 0x0 0x0
0xffffd7000001d100 0008 00000000 0x0 0x0
0xffffd7000001d170 0008 00000000 0x0 0x0
0xffffd7000001d1e0 0008 00000000 0x0 0x0
0xffffd7000001d250 0008 00000000 0x0 0x0
0xffffd7000001d2c0 0008 00000000 0x0 0x0
0xffffd7000001d330 0008 00000000 0x0 0x0
0xffffd7000001d3a0 0008 00000000 0x0 0x0
0xffffd7000001d410 0008 00000000 0x0 0x0
0xffffd7000001d480 0008 00000000 0x0 0x0
0xffffd7000001d4f0 0008 00000000 0x0 0x0
0xffffd7000001d560 0008 00000000 0x0 0x0
0xffffd7000001d5d0 0008 00000000 0x0 0x0
0xffffd7000001d640 0008 00000000 0x0 0x0
0xffffd7000001d6b0 0008 00000000 0x0 0x0
0xffffd7000001d720 0008 00000000 0x0 0x0
0xffffd7000001d790 0008 00000000 0x0 0x0
0xffffd7000001d800 0008 00000000 0x0 0x0
0xffffd7000001d870 0008 00000000 0x0 0x0
0xffffd7000001d8e0 0008 00000000 0x0 0x0
0xffffd7000001d950 0008 00000000 0x0 0x0
0xffffd7000001d9c0 0008 00000000 0x0 0x0
0xffffd7000001da30 0008 00000000 0x0 0x0
0xffffd7000001daa0 0008 00000000 0x0 0x0
0xffffd7000001db10 0008 00000000 0x0 0x0
0xffffd7000001db80 0008 00000000 0x0 0x0
0xffffd7000001dbf0 0008 00000000 0x0 0x0
0xffffd7000001dc60 0008 00000000 0x0 0x0
0xffffd7000001dcd0 0008 00000000 0x0 0x0
0xffffd7000001dd40 0008 00000000 0x0 0x0
0xffffd7000001ddb0 0008 00000000 0x0 0x0
0xffffd7000001de20 0008 00000000 0x0 0x0
0xffffd7000001de90 0008 00000000 0x0 0x0
0xffffd7000001df00 0008 00000000 0x0 0x0
0xffffd7000001df70 0008 00000000 0x0 0x0
0xffffd7000001dfe0 0008 00000000 0x0 0x0
0xffffd7000001e050 0008 00000000 0x0 0x0
0xffffd7000001e0c0 0008 00000000 0x0 0x0
0xffffd7000001e130 0008 00000000 0x0 0x0
0xffffd7000001e1a0 0008 00000000 0x0 0x0
0xffffd7000001e210 0008 00000000 0x0 0x0
0xffffd7000001e280 0008 00000000 0x0 0x0
0xffffd7000001e2f0 0008 00000000 0x0 0x0
0xffffd7000001e360 0008 00000000 0x0 0x0
0xffffd7000001e3d0 0008 00000000 0x0 0x0
0xffffd7000001e440 0008 00000000 0x0 0x0
0xffffd7000001e4b0 0008 00000000 0x0 0x0
0xffffd7000001e520 0008 00000000 0x0 0x0
0xffffd7000001e590 0008 00000000 0x0 0x0
0xffffd7000001e600 0008 00000000 0x0 0x0
0xffffd7000001e670 0008 00000000 0x0 0x0
0xffffd7000001e6e0 0008 00000000 0x0 0x0
0xffffd7000001e750 0008 00000000 0x0 0x0
0xffffd7000001e7c0 0008 00000000 0x0 0x0
0xffffd7000001e830 0008 00000000 0x0 0x0
0xffffd7000001e8a0 0048 00000000 0x0 0x0
0xffffd7000001e910 0048 00000000 0x0 0x0
0xffffd7000001e980 0048 00000000 0x0 0x0
0xffffd7000001e9f0 0048 00000000 0x0 0x0
0xffffd7000001ea60 0048 00000000 0x0 0x0
0xffffd7000001ead0 0048 00000000 0x0 0x0
0xffffd7000001eb40 0048 00000000 0x0 0x0
0xffffd7000001ebb0 0048 00000000 0x0 0x0
0xffffd7000001ec20 0048 00000000 0x0 0x0
0xffffd7000001ec90 0048 00000000 0x0 0x0
0xffffd7000001ed00 0048 00000000 0x0 0x0
0xffffd7000001ed70 0048 00000000 0x0 0x0
0xffffd7000001ede0 0048 00000000 0x0 0x0
0xffffd7000001ee50 0048 00000000 0x0 0x0
0xffffd7000001eec0 0048 00000000 0x0 0x0
0xffffd7000001ef30 0048 00000000 0x0 0x0
0xffffd7000001efa0 0048 00000000 0x0 0x0
0xffffd7000001f010 0048 00000000 0x0 0x0
0xffffd7000001f080 0048 00000000 0x0 0x0
0xffffd7000001f0f0 0048 00000000 0x0 0x0
0xffffd7000001f160 0048 00000000 0x0 0x0
0xffffd7000001f1d0 0048 00000000 0x0 0x0
0xffffd7000001f240 0048 00000000 0x0 0x0
0xffffd7000001f2b0 0048 00000000 0x0 0x0
0xffffd7000001f320 0040 00000000 0x0 0x0
0xffffd7000001f390 0048 00000000 0x0 0x0
0xffffd7000001f400 0048 00000000 0x0 0x0
0xffffd7000001f470 0048 00000000 0x0 0x0
0xffffd7000001f4e0 0048 00000000 0x0 0x0
0xffffd7000001f550 0040 00000000 0x0 0x0
0xffffd7000001f5c0 0048 00000000 0x0 0x0
0xffffd7000001f630 0048 00000000 0x0 0x0
0xffffd7000001f6a0 0040 00000000 0x0 0x0
0xffffd7000001f710 0048 00000000 0x0 0x0
0xffffd7000001f780 0048 00000000 0x0 0x0
0xffffd7000001f7f0 0048 00000000 0x0 0x0
0xffffd7000001f860 0040 00000000 0x0 0x0
0xffffd7000001f8d0 0040 00000000 0x0 0x0
0xffffd7000001f940 0040 00000000 0x0 0x0
0xffffd7000001f9b0 0040 00000000 0x0 0x0
0xffffd7000001fa20 0040 00000000 0x0 0x0
0xffffd7000001fa90 0048 00000000 0x0 0x0
0xffffd7000001fb00 0048 00000000 0x0 0x0
0xffffd7000001fb70 0048 00000000 0x0 0x0
0xffffd7000001fbe0 0008 00000000 0x0 0x0
0xffffd7000001fc50 0008 00000000 0x0 0x0
0xffffd7000001fcc0 0008 00000000 0x0 0x0
0xffffd7000001fd30 0008 00000000 0x0 0x0
0xffffd7000001fda0 0008 00000000 0x0 0x0
0xffffd7000001fe10 0008 00000000 0x0 0x0
0xffffd7000001fe80 0008 00000000 0x0 0x0
0xffffd7000001fef0 0008 00000000 0x0 0x0
0xffffd7000001ff60 0008 00000000 0x0 0x0
0xffffd7000001ffd0 0008 00000000 0x0 0x0
0xffffd70000020040 0008 00000000 0x0 0x0
0xffffd700000200b0 0008 00000000 0x0 0x0
0xffffd70000020120 0008 00000000 0x0 0x0
0xffffd70000020190 0008 00000000 0x0 0x0
0xffffd70000020200 0008 00000000 0x0 0x0
0xffffd70000020270 0008 00000000 0x0 0x0
0xffffd700000202e0 0008 00000000 0x0 0x0
0xffffd70000020350 0008 00000000 0x0 0x0
0xffffd700000203c0 0008 00000000 0x0 0x0
0xffffd70000020430 0008 00000000 0x0 0x0
0xffffd700000204a0 0008 00000000 0x0 0x0
0xffffd70000020510 0008 00000000 0x0 0x0
0xffffd70000020580 0008 00000000 0x0 0x0
0xffffd700000205f0 0008 00000000 0x0 0x0
0xffffd70000020660 0008 00000000 0x0 0x0
0xffffd700000206d0 0008 00000000 0x0 0x0
0xffffd70000020740 0008 00000000 0x0 0x0
0xffffd700000207b0 0008 00000000 0x0 0x0
0xffffd70000020820 0008 00000000 0x0 0x0
0xffffd70000020890 0008 00000000 0x0 0x0
0xffffd70000020900 0008 00000000 0x0 0x0
0xffffd70000020970 0008 00000000 0x0 0x0
0xffffd700000209e0 0008 00000000 0x0 0x0
0xffffd70000020a50 0008 00000000 0x0 0x0
0xffffd70000020ac0 0008 00000000 0x0 0x0
0xffffd70000020b30 0008 00000000 0x0 0x0
0xffffd70000020ba0 0008 00000000 0x0 0x0
0xffffd70000020c10 0008 00000000 0x0 0x0
0xffffd70000020c80 0008 00000000 0x0 0x0
0xffffd70000020cf0 0008 00000000 0x0 0x0
0xffffd70000020d60 0008 00000000 0x0 0x0
0xffffd70000020dd0 0008 00000000 0x0 0x0
0xffffd70000020e40 0008 00000000 0x0 0x0
0xffffd70000020eb0 0008 00000000 0x0 0x0
0xffffd70000020f20 0008 00000000 0x0 0x0
0xffffd70000020f90 0008 00000000 0x0 0x0
0xffffd70000021000 0008 00000000 0x0 0x0
0xffffd70000021070 0008 00000000 0x0 0x0
0xffffd700000210e0 0008 00000000 0x0 0x0
0xffffd70000021150 0008 00000000 0x0 0x0
0xffffd700000211c0 0008 00000000 0x0 0x0
0xffffd70000021230 0008 00000000 0x0 0x0
0xffffd700000212a0 0008 00000000 0x0 0x0
0xffffd70000021310 0008 00000000 0x0 0x0
0xffffd70000021380 0040 00000000 0x0 0x0
0xffffd700000213f0 0040 00000000 0x0 0x0
0xffffd70000021460 0040 00000000 0x0 0x0
0xffffd700000214d0 0040 00000000 0x0 0x0
0xffffd70000021540 0040 00000000 0x0 0x0
0xffffd700000215b0 0040 00000000 0x0 0x0
0xffffd70000021620 0040 00000000 0x0 0x0
0xffffd70000021690 0040 00000000 0x0 0x0
0xffffd70000021700 0040 00000000 0x0 0x0
0xffffd70000021770 0040 00000000 0x0 0x0
0xffffd700000217e0 0040 00000000 0x0 0x0
0xffffd70000021850 0040 00000000 0x0 0x0
0xffffd700000218c0 0040 00000000 0x0 0x0
0xffffd70000021930 0040 00000000 0x0 0x0
0xffffd700000219a0 0040 00000000 0x0 0x0
0xffffd70000021a10 0040 00000000 0x0 0x0
0xffffd70000021a80 0040 00000000 0x0 0x0
0xffffd70000021af0 0040 00000000 0x0 0x0
0xffffd70000021b60 0040 00000000 0x0 0x0
0xffffd70000021bd0 0040 00000000 0x0 0x0
0xffffd70000021c40 0040 00000000 0x0 0x0
0xffffd70000021cb0 0040 00000000 0x0 0x0
0xffffd70000021d20 0040 00000000 0x0 0x0
0xffffd70000021d90 0040 00000000 0x0 0x0
0xffffd70000021e00 0040 00000000 0x0 0x0
0xffffd70000021e70 0040 00000000 0x0 0x0
0xffffd70000021ee0 0040 00000000 0x0 0x0
0xffffd70000021f50 0040 00000000 0x0 0x0
0xffffd70000021fc0 0040 00000000 0x0 0x0
0xffffd70000022030 0040 00000000 0x0 0x0
0xffffd700000220a0 0040 00000000 0x0 0x0
0xffffd70000022110 0040 00000000 0x0 0x0
0xffffd70000022180 0040 00000000 0x0 0x0
0xffffd700000221f0 0040 00000000 0x0 0x0
0xffffd70000022260 0040 00000000 0x0 0x0
0xffffd700000222d0 0040 00000000 0x0 0x0
0xffffd70000022340 0040 00000000 0x0 0x0
0xffffd700000223b0 0040 00000000 0x0 0x0
0xffffd70000022420 0040 00000000 0x0 0x0
0xffffd70000022490 0040 00000000 0x0 0x0
0xffffd70000022500 0040 00000000 0x0 0x0
0xffffd70000022570 0040 00000000 0x0 0x0
0xffffd700000225e0 0040 00000000 0x0 0x0
0xffffd70000022650 0040 00000000 0x0 0x0
0xffffd700000226c0 0040 00000000 0x0 0x0
0xffffd70000022730 0040 00000000 0x0 0x0
0xffffd700000227a0 0048 00000000 0x0 0x0
0xffffd70000022810 0040 00000000 0x0 0x0
0xffffd70000022880 0040 00000000 0x0 0x0
0xffffd700000228f0 0040 00000000 0x0 0x0
0xffffd70000022960 0040 00000000 0x0 0x0
0xffffd700000229d0 0048 00000000 0x0 0x0
0xffffd70000022a40 0040 00000000 0x0 0x0
0xffffd70000022ab0 0040 00000000 0x0 0x0
0xffffd70000022b20 0048 00000000 0x0 0x0
0xffffd70000022b90 0040 00000000 0x0 0x0
0xffffd70000022c00 0040 00000000 0x0 0x0
0xffffd70000022c70 0040 00000000 0x0 0x0
0xffffd70000022ce0 0048 00000000 0x0 0x0
0xffffd70000022d50 0048 00000000 0x0 0x0
0xffffd70000022dc0 0048 00000000 0x0 0x0
0xffffd70000022e30 0040 00000000 0x0 0x0
0xffffd70000022ea0 0048 00000000 0x0 0x0
0xffffd70000022f10 0040 00000000 0x0 0x0
0xffffd70000022f80 0048 00000000 0x0 0x0
0xffffd70000022ff0 0048 00000000 0x0 0x0
0xffffd70000023060 0048 00000000 0x0 0x0
0xffffd700000230d0 0048 00000000 0x0 0x0
0xffffd70000023140 0048 00000000 0x0 0x0
0xffffd700000231b0 0048 00000000 0x0 0x0
0xffffd70000023220 0048 00000000 0x0 0x0
0xffffd70000023290 0048 00000000 0x0 0x0
0xffffd70000023300 0048 00000000 0x0 0x0
0xffffd70000023370 0048 00000000 0x0 0x0
0xffffd700000233e0 0048 00000000 0x0 0x0
0xffffd70000023450 0048 00000000 0x0 0x0
0xffffd700000234c0 0048 00000000 0x0 0x0
0xffffd70000023530 0048 00000000 0x0 0x0
0xffffd700000235a0 0048 00000000 0x0 0x0
0xffffd70000023610 0048 00000000 0x0 0x0
0xffffd70000023680 0048 00000000 0x0 0x0
0xffffd700000236f0 0048 00000000 0x0 0x0
0xffffd70000023760 0048 00000000 0x0 0x0
0xffffd700000237d0 0048 00000000 0x0 0x0
0xffffd70000023840 0048 00000000 0x0 0x0
0xffffd700000238b0 0048 00000000 0x0 0x0
0xffffd70000023920 0048 00000000 0x0 0x0
0xffffd70000023990 0048 00000000 0x0 0x0
0xffffd70000023a00 0048 00000000 0x0 0x0
0xffffd70000023a70 0048 00000000 0x0 0x0
0xffffd70000023ae0 0048 00000000 0x0 0x0
0xffffd70000023b50 0048 00000000 0x0 0x0
0xffffd70000023bc0 0048 00000000 0x0 0x0
0xffffd70000023c30 0048 00000000 0x0 0x0
0xffffd70000023ca0 0048 00000000 0x0 0x0
0xffffd70000023d10 0048 00000000 0x0 0x0
0xffffd70000023d80 0048 00000000 0x0 0x0
0xffffd70000023df0 0048 00000000 0x0 0x0
0xffffd70000023e60 0048 00000000 0x0 0x0
0xffffd70000023ed0 0048 00000000 0x0 0x0
0xffffd70000023f40 0048 00000000 0x0 0x0
0xffffd70000023fb0 0048 00000000 0x0 0x0
0xffffd70000024020 0048 00000000 0x0 0x0
0xffffd70000024090 0048 00000000 0x0 0x0
0xffffd70000024100 0048 00000000 0x0 0x0
0xffffd70000024170 0048 00000000 0x0 0x0
0xffffd700000241e0 0048 00000000 0x0 0x0
0xffffd70000024250 0048 00000000 0x0 0x0
0xffffd700000242c0 0048 00000000 0x0 0x0
0xffffd70000024330 0048 00000000 0x0 0x0
0xffffd700000243a0 0048 00000000 0x0 0x0
0xffffd70000024410 0048 00000000 0x0 0x0
0xffffd70000024480 0048 00000000 0x0 0x0
0xffffd700000244f0 0048 00000000 0x0 0x0
0xffffd70000024560 0048 00000000 0x0 0x0
0xffffd700000245d0 0048 00000000 0x0 0x0
0xffffd70000024640 0048 00000000 0x0 0x0
0xffffd700000246b0 0048 00000000 0x0 0x0
0xffffd70000024720 0008 00000000 0x0 0x0
0xffffd70000024790 0008 00000000 0x0 0x0
0xffffd70000024800 0008 00000000 0x0 0x0
0xffffd70000024870 0008 00000000 0x0 0x0
0xffffd700000248e0 0008 00000000 0x0 0x0
0xffffd70000024950 0008 00000000 0x0 0x0
0xffffd700000249c0 0008 00000000 0x0 0x0
0xffffd70000024a30 0008 00000000 0x0 0x0
0xffffd70000024aa0 0008 00000000 0x0 0x0
0xffffd70000024b10 0008 00000000 0x0 0x0
0xffffd70000024b80 0008 00000000 0x0 0x0
0xffffd70000024bf0 0008 00000000 0x0 0x0
0xffffd70000024c60 0008 00000000 0x0 0x0
0xffffd70000024cd0 0008 00000000 0x0 0x0
0xffffd70000024d40 0008 00000000 0x0 0x0
0xffffd70000024db0 0008 00000000 0x0 0x0
0xffffd70000024e20 0008 00000000 0x0 0x0
0xffffd70000024e90 0008 00000000 0x0 0x0
0xffffd70000024f00 0008 00000000 0x0 0x0
0xffffd70000024f70 0008 00000000 0x0 0x0
0xffffd70000024fe0 0008 00000000 0x0 0x0
0xffffd70000025050 0008 00000000 0x0 0x0
0xffffd700000250c0 0008 00000000 0x0 0x0
0xffffd70000025130 0008 00000000 0x0 0x0
0xffffd700000251a0 0008 00000000 0x0 0x0
0xffffd70000025210 0008 00000000 0x0 0x0
0xffffd70000025280 0008 00000000 0x0 0x0
0xffffd700000252f0 0008 00000000 0x0 0x0
0xffffd70000025360 0008 00000000 0x0 0x0
0xffffd700000253d0 0008 00000000 0x0 0x0
0xffffd70000025440 0008 00000000 0x0 0x0
0xffffd700000254b0 0008 00000000 0x0 0x0
0xffffd70000025520 0008 00000000 0x0 0x0
0xffffd70000025590 0008 00000000 0x0 0x0
0xffffd70000025600 0008 00000000 0x0 0x0
0xffffd70000025670 0008 00000000 0x0 0x0
0xffffd700000256e0 0008 00000000 0x0 0x0
0xffffd70000025750 0008 00000000 0x0 0x0
0xffffd700000257c0 0008 00000000 0x0 0x0
0xffffd70000025830 0008 00000000 0x0 0x0
0xffffd700000258a0 0008 00000000 0x0 0x0
0xffffd70000025910 0008 00000000 0x0 0x0
0xffffd70000025980 0008 00000000 0x0 0x0
0xffffd700000259f0 0008 00000000 0x0 0x0
0xffffd70000025a60 0008 00000000 0x0 0x0
0xffffd70000025ad0 0008 00000000 0x0 0x0
0xffffd70000025b40 0008 00000000 0x0 0x0
0xffffd70000025bb0 0008 00000000 0x0 0x0
0xffffd70000025c20 0008 00000000 0x0 0x0
0xffffd70000025c90 0008 00000000 0x0 0x0
0xffffd70000025d00 0008 00000000 0x0 0x0
0xffffd70000025d70 0008 00000000 0x0 0x0
0xffffd70000025de0 0008 00000000 0x0 0x0
0xffffd70000025e50 0008 00000000 0x0 0x0
0xffffd70000025ec0 0008 00000000 0x0 0x0
0xffffd70000025f30 0008 00000000 0x0 0x0
0xffffd70000025fa0 0008 00000000 0x0 0x0
0xffffd70000026010 0008 00000000 0x0 0x0
0xffffd70000026080 0008 00000000 0x0 0x0
0xffffd700000260f0 0008 00000000 0x0 0x0
0xffffd70000026160 0008 00000000 0x0 0x0
0xffffd700000261d0 0008 00000000 0x0 0x0
0xffffd70000026240 0008 00000000 0x0 0x0
0xffffd700000262b0 0008 00000000 0x0 0x0
0xffffd70000026320 0008 00000000 0x0 0x0
0xffffd70000026390 0008 00000000 0x0 0x0
0xffffd70000026400 0008 00000000 0x0 0x0
0xffffd70000026470 0008 00000000 0x0 0x0
0xffffd700000264e0 0008 00000000 0x0 0x0
0xffffd70000026550 0008 00000000 0x0 0x0
0xffffd700000265c0 0008 00000000 0x0 0x0
0xffffd70000026630 0008 00000000 0x0 0x0
0xffffd700000266a0 0008 00000000 0x0 0x0
0xffffd70000026710 0008 00000000 0x0 0x0
0xffffd70000026780 0008 00000000 0x0 0x0
0xffffd700000267f0 0008 00000000 0x0 0x0
0xffffd70000026860 0008 00000000 0x0 0x0
0xffffd700000268d0 0008 00000000 0x0 0x0
0xffffd70000026940 0008 00000000 0x0 0x0
0xffffd700000269b0 0008 00000000 0x0 0x0
0xffffd70000026a20 0008 00000000 0x0 0x0
0xffffd70000026a90 0008 00000000 0x0 0x0
0xffffd70000026b00 0008 00000000 0x0 0x0
0xffffd70000026b70 0008 00000000 0x0 0x0
0xffffd70000026be0 0008 00000000 0x0 0x0
0xffffd70000026c50 0008 00000000 0x0 0x0
0xffffd70000026cc0 0008 00000000 0x0 0x0
0xffffd70000026d30 0008 00000000 0x0 0x0
0xffffd70000026da0 0008 00000000 0x0 0x0
0xffffd70000026e10 0008 00000000 0x0 0x0
0xffffd70000026e80 0008 00000000 0x0 0x0
0xffffd70000026ef0 0008 00000000 0x0 0x0
0xffffd70000026f60 0008 00000000 0x0 0x0
0xffffd70000026fd0 0008 00000000 0x0 0x0
0xffffd70000027040 0008 00000000 0x0 0x0
0xffffd700000270b0 0008 00000000 0x0 0x0
0xffffd70000027120 0008 00000000 0x0 0x0
0xffffd70000027190 0008 00000000 0x0 0x0
0xffffd70000027200 0008 00000000 0x0 0x0
0xffffd70000027270 0008 00000000 0x0 0x0
0xffffd700000272e0 0008 00000000 0x0 0x0
0xffffd70000027350 0008 00000000 0x0 0x0
0xffffd700000273c0 0008 00000000 0x0 0x0
0xffffd70000027430 0008 00000000 0x0 0x0
0xffffd700000274a0 0008 00000000 0x0 0x0
0xffffd70000027510 0008 00000000 0x0 0x0
0xffffd70000027580 0008 00000000 0x0 0x0
0xffffd700000275f0 0008 00000000 0x0 0x0
0xffffd70000027660 0008 00000000 0x0 0x0
0xffffd700000276d0 0008 00000000 0x0 0x0
0xffffd70000027740 0008 00000000 0x0 0x0
0xffffd700000277b0 0008 00000000 0x0 0x0
0xffffd70000027820 0008 00000000 0x0 0x0
0xffffd70000027890 0008 00000000 0x0 0x0
0xffffd70000027900 0008 00000000 0x0 0x0
0xffffd70000027970 0008 00000000 0x0 0x0
0xffffd700000279e0 0008 00000000 0x0 0x0
0xffffd70000027a50 0008 00000000 0x0 0x0
0xffffd70000027ac0 0008 00000000 0x0 0x0
0xffffd70000027b30 0008 00000000 0x0 0x0
0xffffd70000027ba0 0008 00000000 0x0 0x0
0xffffd70000027c10 0008 00000000 0x0 0x0
0xffffd70000027c80 0008 00000000 0x0 0x0
0xffffd70000027cf0 0008 00000000 0x0 0x0
0xffffd70000027d60 0008 00000000 0x0 0x0
0xffffd70000027dd0 0008 00000000 0x0 0x0
0xffffd70000027e40 0008 00000000 0x0 0x0
0xffffd70000027eb0 0008 00000000 0x0 0x0
0xffffd70000027f20 0008 00000000 0x0 0x0
0xffffd70000027f90 0008 00000000 0x0 0x0
0xffffd70000028000 0008 00000000 0x0 0x0
0xffffd70000028070 0008 00000000 0x0 0x0
0xffffd700000280e0 0008 00000000 0x0 0x0
0xffffd70000028150 0008 00000000 0x0 0x0
0xffffd700000281c0 0008 00000000 0x0 0x0
0xffffd70000028230 0008 00000000 0x0 0x0
0xffffd700000282a0 0008 00000000 0x0 0x0
0xffffd70000028310 0008 00000000 0x0 0x0
0xffffd70000028380 0008 00000000 0x0 0x0
0xffffd700000283f0 0008 00000000 0x0 0x0
0xffffd70000028460 0008 00000000 0x0 0x0
0xffffd700000284d0 0008 00000000 0x0 0x0
0xffffd70000028540 0008 00000000 0x0 0x0
0xffffd700000285b0 0008 00000000 0x0 0x0
0xffffd70000028620 0008 00000000 0x0 0x0
0xffffd70000028690 0008 00000000 0x0 0x0
0xffffd70000028700 0008 00000000 0x0

---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

syzbot

unread,
Dec 14, 2019, 7:18:09 PM12/14/19
to syzkaller-...@googlegroups.com
syzbot has found a reproducer for the following crash on:

HEAD commit: cdbef540 If a fictious label has no RAW_PART assume there ..
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=16fd520ae00000
kernel config: https://syzkaller.appspot.com/x/.config?x=6e4d6bd2b8e377a2
dashboard link: https://syzkaller.appspot.com/bug?extid=689fb7dab41abff8e75a
compiler: g++ (Ubuntu 5.4.0-6ubuntu1~16.04.12) 5.4.0 20160609
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1086d251e00000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+689fb7...@syzkaller.appspotmail.com

[ 64.1530698] panic: kernel diagnostic assertion "ci->ci_tlbstate !=
TLBSTATE_VALID" failed:
file "/syzkaller/managers/netbsd/kernel/sys/arch/x86/x86/pmap.c", line 2790
[ 64.1630750] cpu1: Begin traceback...
[ 64.1831147] vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336
[ 64.2131643] _GLOBAL__sub_D_65535_0_cpu_configure() at
netbsd:_GLOBAL__sub_D_65535_0_cpu_configure
[ 64.2532339] pmap_activate() at netbsd:pmap_activate+0x179
sys/arch/x86/x86/pmap.c:2790
[ 64.2933048] mi_switch() at netbsd:mi_switch+0x5bc
sys/kern/kern_synch.c:738
[ 64.3233548] sleepq_block() at netbsd:sleepq_block+0x2b4
sys/kern/kern_sleepq.c:276
[ 64.3634276] kpause() at netbsd:kpause+0x1da sys/kern/kern_synch.c:235
[ 64.3934773] nanosleep1() at netbsd:nanosleep1+0x289
sys/kern/kern_time.c:355
[ 64.4335495] sys___nanosleep50() at netbsd:sys___nanosleep50+0xe5
sys/kern/kern_time.c:293
[ 64.4736192] syscall() at netbsd:syscall+0x559 sy_call
sys/sys/syscallvar.h:65 [inline]
[ 64.4736192] syscall() at netbsd:syscall+0x559 sy_invoke
sys/sys/syscallvar.h:94 [inline]
[ 64.4736192] syscall() at netbsd:syscall+0x559
sys/arch/x86/x86/syscall.c:138
[ 64.4836398] --- syscall (number 430) ---
[ 64.4936532] 7e3b2de42a1a:
[ 64.5036687] cpu1: End traceback...
[ 64.5036687] fatal breakpoint trap in supervisor mode
[ 64.5136886] trap type 1 code 0 rip 0xffffffff8021ccb5 cs 0x8 rflags
0x246 cr2 0xffffcb016d42e000 ilevel 0x8 rsp 0xffffcb016e1b3890
[ 64.5237066] curlwp 0xffffcb0012d50aa0 pid 45.1 lowest kstack
0xffffcb016e1ac2c0
Stopped in pid 45.1 (syz-executor.3) at netbsd:breakpoint+0x5: leave
?
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0xe9 sys/ddb/db_panic.c:67
vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336
_GLOBAL__sub_D_65535_0_cpu_configure() at
netbsd:_GLOBAL__sub_D_65535_0_cpu_configure
pmap_activate() at netbsd:pmap_activate+0x179 sys/arch/x86/x86/pmap.c:2790
mi_switch() at netbsd:mi_switch+0x5bc sys/kern/kern_synch.c:738
sleepq_block() at netbsd:sleepq_block+0x2b4 sys/kern/kern_sleepq.c:276
kpause() at netbsd:kpause+0x1da sys/kern/kern_synch.c:235
nanosleep1() at netbsd:nanosleep1+0x289 sys/kern/kern_time.c:355
sys___nanosleep50() at netbsd:sys___nanosleep50+0xe5
sys/kern/kern_time.c:293
syscall() at netbsd:syscall+0x559 sy_call sys/sys/syscallvar.h:65 [inline]
syscall() at netbsd:syscall+0x559 sy_invoke sys/sys/syscallvar.h:94 [inline]
syscall() at netbsd:syscall+0x559 sys/arch/x86/x86/syscall.c:138
--- syscall (number 430) ---
7e3b2de42a1a:
ds 6a0
es 3950
fs 3870
gs 38c0
rdi ffffcb000cb1a458
rsi ffffcb0012d50d88
rbp ffffcb016e1b3890
rbx ffffcb016ca80000
rdx 2
rcx ffffffff80d00841 db_panic+0xd5
rax 0
r8 4
r9 1ffffffff0553818
r10 ffffffff82a9c0c3 db_onpanic+0x3
r11 8000000000
r12 ffffcb016ca92000
r13 ffffffff81c22540 platform_private_nodes+0x140
r14 ffffcb016e1b3920
r15 ffffcb016ca80060
rip ffffffff8021ccb5 breakpoint+0x5
cs 8
rflags 246
rsp ffffcb016e1b3890
ss 10
netbsd:breakpoint+0x5: leave
PID LID S CPU FLAGS STRUCT LWP * NAME WAIT
914 1 2 0 0 ffffcb0011ffd140 syz-executor.0
971 1 2 0 0 ffffcb00114ab9e0 syz-executor.3
953 1 2 1 10000000 ffffcb0011f6d340 syz-executor.1
823 1 2 0 0 ffffcb0011fde0e0 syz-executor.2
519 1 2 1 0 ffffcb0012d98b00 syz-executor.5
445 1 2 0 0 ffffcb0012d6cae0 syz-executor.0
496 1 2 0 0 ffffcb0012d6c6a0 syz-executor.1
575 1 3 0 4 ffffcb0012d6c260 syz-executor.4 xclocv
45 > 1 7 1 0 ffffcb0012d50aa0 syz-executor.3
564 > 1 7 0 0 ffffcb0012d50660 syz-executor.2
566 11 3 0 80 ffffcb0012d5bac0 syz-execprog parked
566 10 3 0 80 ffffcb0012d5b680 syz-execprog parked
566 9 3 0 80 ffffcb0012d5b240 syz-execprog parked
566 8 2 1 0 ffffcb0012d50220 syz-execprog
566 7 3 0 80 ffffcb0012724a80 syz-execprog parked
566 6 3 1 80 ffffcb000e9b99c0 syz-execprog parked
566 5 3 1 80 ffffcb0011f7a8c0 syz-execprog parked
566 4 3 0 80 ffffcb00120089e0 syz-execprog parked
566 3 3 1 80 ffffcb0012008160 syz-execprog parked
566 2 3 0 80 ffffcb0011fe9540 syz-execprog parked
566 1 3 0 80 ffffcb00110d4180 syz-execprog parked
40 1 3 1 80 ffffcb00110d71a0 sshd select
558 1 3 1 80 ffffcb0011ff3560 getty nanoslp
570 1 3 1 80 ffffcb0011ff3120 getty nanoslp
580 1 3 1 80 ffffcb0011ffd9c0 getty nanoslp
539 1 3 1 80 ffffcb0011ffd580 getty ttyraw
357 1 3 1 80 ffffcb0011f30b80 cron nanoslp
499 1 3 1 80 ffffcb0011f7a480 inetd kqueue
431 1 3 0 80 ffffcb001159f6e0 sshd select
478 1 3 1 80 ffffcb00114d9a40 powerd kqueue
259 1 2 1 40000 ffffcb001145f980 makemandb
330 1 3 1 80 ffffcb0011f50ba0 syslogd kqueue
268 1 3 0 80 ffffcb00114e81e0 dhcpcd kqueue
220 1 3 1 80 ffffcb00113f68e0 dhcpcd kqueue
1 1 3 1 80 ffffcb00111fa240 init wait
0 58 3 0 204 ffffcb00111faac0 physiod physiod
0 57 3 0 204 ffffcb0011242280 aiodoned aiodoned
0 56 3 1 200 ffffcb0011241ae0 ioflush syncer
0 55 3 0 204 ffffcb00112416a0 pooldrain pooldrain
0 54 3 0 200 ffffcb0011241260 pgdaemon pgdaemon
0 51 3 0 200 ffffcb00111fa680 npfgc-0 npfgccv
0 50 3 0 204 ffffcb00111ebaa0 rt_free rt_free
0 49 3 0 204 ffffcb00111eb660 unpgc unpgc
0 48 3 1 204 ffffcb00111eb220 key_timehandler
key_timehandler
0 47 3 1 204 ffffcb0011104a80 icmp6_wqinput/1
icmp6_wqinput
0 46 3 0 204 ffffcb0011104640 icmp6_wqinput/0
icmp6_wqinput
0 45 3 0 204 ffffcb0011104200 nd6_timer nd6_timer
0 44 3 1 204 ffffcb00110f9a60 carp6_wqinput/1
carp6_wqinput
0 43 3 0 204 ffffcb00110f9620 carp6_wqinput/0
carp6_wqinput
0 42 3 1 204 ffffcb00110f91e0 carp_wqinput/1
carp_wqinput
0 41 3 0 204 ffffcb00110e8a40 carp_wqinput/0
carp_wqinput
0 40 3 1 204 ffffcb00110e8600 icmp_wqinput/1
icmp_wqinput
0 39 3 0 204 ffffcb00110e81c0 icmp_wqinput/0
icmp_wqinput
0 38 3 1 204 ffffcb00110d7a20 rt_timer rt_timer
0 37 3 0 204 ffffcb00110d35a0 vmem_rehash vmem_rehash
0 27 3 0 204 ffffcb000e9b9580 scsibus0 sccomp
0 26 3 0 200 ffffcb000e9b9140 pms0 pmsreset
0 25 2 1 200 ffffcb000e92b9a0 xcall/1
0 24 1 1 200 ffffcb000e92b560 softser/1
0 23 1 1 200 ffffcb000e92b120 softclk/1
0 22 1 1 200 ffffcb000e927980 softbio/1
0 21 1 1 200 ffffcb000e927540 softnet/1
0 20 1 1 201 ffffcb000e927100 idle/1
0 19 3 1 204 ffffcb000e85d960 lnxpwrwq lnxpwrwq
0 18 3 1 204 ffffcb000e85d520 lnxlngwq lnxlngwq
0 17 3 0 204 ffffcb000e85d0e0 lnxsyswq lnxsyswq
0 16 3 1 204 ffffcb000d042940 lnxrcugc lnxrcugc
0 15 3 0 204 ffffcb000d042500 sysmon smtaskq
0 14 3 0 204 ffffcb000d0420c0 pmfsuspend pmfsuspend
0 13 3 0 204 ffffcb000d033920 pmfevent pmfevent
0 12 3 0 204 ffffcb000d0334e0 sopendfree sopendfr
0 11 3 0 204 ffffcb000d0330a0 nfssilly nfssilly
0 10 3 1 200 ffffcb000d027900 cachegc cachegc
0 9 3 1 204 ffffcb000d0274c0 vdrain vdrain
0 8 3 0 200 ffffcb000d027080 modunload mod_unld
0 7 3 0 204 ffffcb000d0188e0 xcall/0 xcall
0 6 1 0 200 ffffcb000d0184a0 softser/0
0 5 1 0 200 ffffcb000d018060 softclk/0
0 4 1 0 200 ffffcb000d0148c0 softbio/0
0 3 1 0 200 ffffcb000d014480 softnet/0
0 2 1 0 201 ffffcb000d014040 idle/0
0 1 3 1 200 ffffffff82b62fa0 swapper uvm
[Locks tracked through LWPs]
Locks held by an LWP (syz-executor.3):
Lock 0 (initialized at uvm_obj_init)
lock address : 0xffffcb001295ca80 type : sleep/adaptive
initialized : 0xffffffff810f33bc
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
current cpu : 1 last held: 0
current lwp : 0xffffcb0012d50aa0 last held: 0xffffcb00114ab9e0
last locked* : 0xffffffff810d79ce unlocked : 0xffffffff810e0baa
owner field : 000000000000000000 wait/spin: 0/0

Turnstile chain at 0xffffffff82d838d0 with mutex 0xffffcb000cb2fc40.
=> No active turnstile for this lock.

Locks held by an LWP (syz-executor.1):
Lock 0 (initialized at fork1)
lock address : 0xffffcb0011f72698 type : sleep/adaptive
initialized : 0xffffffff8114751c
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
current cpu : 1 last held: 1
current lwp : 0xffffcb0012d50aa0 last held: 0xffffcb0011f6d340
last locked* : 0xffffffff81143c0d unlocked : 000000000000000000
owner/count : 0xffffcb0011f6d340 flags : 0x0000000000000004

Turnstile chain at 0xffffffff82d83850 with mutex 0xffffcb000cb2f840.
=> No active turnstile for this lock.
Lock 1 (initialized at amap_alloc)
lock address : 0xffffcb0012d61cc0 type : sleep/adaptive
initialized : 0xffffffff810c6fb1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
current cpu : 1 last held: 1
current lwp : 0xffffcb0012d50aa0 last held: 0xffffcb0011f6d340
last locked* : 0xffffffff810e7bd1 unlocked : 0xffffffff810d4895
owner field : 0xffffcb0011f6d340 wait/spin: 0/0

Turnstile chain at 0xffffffff82d83b18 with mutex 0xffffcb000d00bec0.
=> No active turnstile for this lock.
Lock 2 (initialized at pmap_create)
lock address : 0xffffcb0011f4c498 type : sleep/adaptive
initialized : 0xffffffff80272166
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
current cpu : 1 last held: 1
current lwp : 0xffffcb0012d50aa0 last held: 0xffffcb0011f6d340
last locked* : 0xffffffff80274a67 unlocked : 0xffffffff80274456
owner field : 0xffffcb0011f6d340 wait/spin: 0/0

Turnstile chain at 0xffffffff82d83810 with mutex 0xffffcb000cb2f640.
=> No active turnstile for this lock.

Locks held by an LWP (syz-executor.0):
Lock 0 (initialized at vcache_alloc)
lock address : 0xffffcb0012d47780 type : sleep/adaptive
initialized : 0xffffffff812ad182
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
current cpu : 1 last held: 0
current lwp : 0xffffcb0012d50aa0 last held: 0xffffcb0012d6cae0
last locked* : 0xffffffff812da8f0 unlocked : 0xffffffff812da7ad
owner/count : 000000000000000000 flags : 000000000000000000

Turnstile chain at 0xffffffff82d83a70 with mutex 0xffffcb000d00b980.
=> No active turnstile for this lock.
Lock 1 (initialized at vcache_alloc)
lock address : 0xffffcb0012e6b400 type : sleep/adaptive
initialized : 0xffffffff812ad182
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
current cpu : 1 last held: 0
current lwp : 0xffffcb0012d50aa0 last held: 0xffffcb0012d6cae0
last locked* : 0xffffffff812da8f0 unlocked : 0xffffffff812da7ad
[ 64.5237066] Skipping crash dump on recursive panic
[ 64.5237066] panic: ASan: Unauthorized Access In 0xffffffff81182850: Addr
0xffffcb0012e6b400 [8 bytes, read, PoolUseAfterFree]

[ 64.5237066] cpu1: Begin traceback...
[ 64.5237066] vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336
[ 64.5237066] snprintf() at netbsd:snprintf
[ 64.5237066] kasan_report() at netbsd:kasan_report+0x8f kasan_code_name
sys/kern/subr_asan.c:172 [inline]
[ 64.5237066] kasan_report() at netbsd:kasan_report+0x8f
sys/kern/subr_asan.c:194
[ 64.5237066] __asan_load8() at netbsd:__asan_load8+0x294
kasan_shadow_4byte_isvalid sys/kern/subr_asan.c:344 [inline]
[ 64.5237066] __asan_load8() at netbsd:__asan_load8+0x294
kasan_shadow_8byte_isvalid sys/kern/subr_asan.c:358 [inline]
[ 64.5237066] __asan_load8() at netbsd:__asan_load8+0x294
kasan_shadow_check sys/kern/subr_asan.c:410 [inline]
[ 64.5237066] __asan_load8() at netbsd:__asan_load8+0x294
sys/kern/subr_asan.c:1180
[ 64.5237066] rw_dump() at netbsd:rw_dump+0x20 sys/kern/kern_rwlock.c:191
[ 64.5237066] lockdebug_dump() at netbsd:lockdebug_dump+0x281
sys/kern/subr_lockdebug.c:777
[ 64.5237066] lockdebug_show_one() at netbsd:lockdebug_show_one+0xb9
sys/kern/subr_lockdebug.c:855
[ 64.5237066] lockdebug_show_all_locks() at
netbsd:lockdebug_show_all_locks+0x12f lockdebug_show_all_locks_lwp
sys/kern/subr_lockdebug.c:886 [inline]
[ 64.5237066] lockdebug_show_all_locks() at
netbsd:lockdebug_show_all_locks+0x12f sys/kern/subr_lockdebug.c:933
[ 64.5237066] db_command() at netbsd:db_command+0x2c0
sys/ddb/db_command.c:935
[ 64.5237066] db_command_loop() at netbsd:db_command_loop+0x26c
db_execute_commandlist sys/ddb/db_command.c:432 [inline]
[ 64.5237066] db_command_loop() at netbsd:db_command_loop+0x26c
sys/ddb/db_command.c:582
[ 64.5237066] db_trap() at netbsd:db_trap+0x219 sys/ddb/db_trap.c:94
[ 64.5237066] kdb_trap() at netbsd:kdb_trap+0x1ce
sys/arch/amd64/amd64/db_interface.c:246
[ 64.5237066] trap() at netbsd:trap+0x650 sys/arch/amd64/amd64/trap.c:313
[ 64.5237066] --- trap (number 1) ---
[ 64.5237066] breakpoint() at netbsd:breakpoint+0x5
[ 64.5237066] db_panic() at netbsd:db_panic+0xe9 sys/ddb/db_panic.c:67
[ 64.5237066] vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336
[ 64.5237066] _GLOBAL__sub_D_65535_0_cpu_configure() at
netbsd:_GLOBAL__sub_D_65535_0_cpu_configure
[ 64.5237066] pmap_activate() at netbsd:pmap_activate+0x179
sys/arch/x86/x86/pmap.c:2790
[ 64.5237066] mi_switch() at netbsd:mi_switch+0x5bc
sys/kern/kern_synch.c:738
[ 64.5237066] sleepq_block() at netbsd:sleepq_block+0x2b4
sys/kern/kern_sleepq.c:276
[ 64.5237066] kpause() at netbsd:kpause+0x1da sys/kern/kern_synch.c:235
[ 64.5237066] nanosleep1() at netbsd:nanosleep1+0x289
sys/kern/kern_time.c:355
[ 64.5237066] sys___nanosleep50() at netbsd:sys___nanosleep50+0xe5
sys/kern/kern_time.c:293
[ 64.5237066] syscall() at netbsd:syscall+0x559 sy_call
sys/sys/syscallvar.h:65 [inline]
[ 64.5237066] syscall() at netbsd:syscall+0x559 sy_invoke
sys/sys/syscallvar.h:94 [inline]
[ 64.5237066] syscall() at netbsd:syscall+0x559
sys/arch/x86/x86/syscall.c:138
[ 64.5237066] --- syscall (number 430) ---
[ 64.5237066] 7e3b2de42a1a:
[ 64.5237066] cpu1: End traceback...
[ 64.5237066] fatal breakpoint trap in supervisor mode
[ 64.5237066] trap type 1 code 0 rip 0xffffffff8021ccb5 cs 0x8 rflags
0x246 cr2 0xffffcb016d42e000 ilevel 0x8 rsp 0xffffcb016e1b2e50
[ 64.5237066] curlwp 0xffffcb0012d50aa0 pid 45.1 lowest kstack
0xffffcb016e1ac2c0
Stopped in pid 45.1 (syz-executor.3) at netbsd:breakpoint+0x5: leave
db{1}>

syzbot

unread,
Dec 14, 2019, 7:31:09 PM12/14/19
to syzkaller-...@googlegroups.com
syzbot has found a reproducer for the following crash on:

HEAD commit: cdbef540 If a fictious label has no RAW_PART assume there ..
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=151a177ee00000
kernel config: https://syzkaller.appspot.com/x/.config?x=6e4d6bd2b8e377a2
dashboard link: https://syzkaller.appspot.com/bug?extid=689fb7dab41abff8e75a
compiler: g++ (Ubuntu 5.4.0-6ubuntu1~16.04.12) 5.4.0 20160609
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11102ddee00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10f2201ae00000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+689fb7...@syzkaller.appspotmail.com

[ 84.7664541] panic: kernel diagnostic assertion "ci->ci_tlbstate !=
TLBSTATE_VALID" failed:
file "/syzkaller/managers/netbsd/kernel/sys/arch/x86/x86/pmap.c", line 2790
[ 84.7887445] cpu1: Begin traceback...
[ 84.7998999] vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336
[ 84.8445114] _GLOBAL__sub_D_65535_0_cpu_configure() at
netbsd:_GLOBAL__sub_D_65535_0_cpu_configure
[ 84.8891234] pmap_activate() at netbsd:pmap_activate+0x179
sys/arch/x86/x86/pmap.c:2790
[ 84.9337297] mi_switch() at netbsd:mi_switch+0x5bc
sys/kern/kern_synch.c:738
[ 84.9783444] sleepq_block() at netbsd:sleepq_block+0x303
sys/kern/kern_sleepq.c:264
[ 85.0117969] cv_wait() at netbsd:cv_wait+0x1fd sys/kern/kern_condvar.c:252
[ 85.0564083] biowait() at netbsd:biowait+0xff sys/kern/vfs_bio.c:1586
[ 85.1010174] bwrite() at netbsd:bwrite+0x2be sys/kern/vfs_bio.c:921
[ 85.1344743] VOP_BWRITE() at netbsd:VOP_BWRITE+0x129
sys/kern/vnode_if.c:143
[ 85.1790826] ufs_dirremove() at netbsd:ufs_dirremove+0x30c
sys/ufs/ufs/ufs_lookup.c:1179
[ 85.2125392] ufs_rmdir() at netbsd:ufs_rmdir+0x25a
sys/ufs/ufs/ufs_vnops.c:1107
[ 85.2571513] VOP_RMDIR() at netbsd:VOP_RMDIR+0xf8 sys/kern/vnode_if.c:1043
[ 85.3017616] do_sys_unlinkat() at netbsd:do_sys_unlinkat+0x498
sys/kern/vfs_syscalls.c:2731
[ 85.3463693] syscall() at netbsd:syscall+0x559 sy_call
sys/sys/syscallvar.h:65 [inline]
[ 85.3463693] syscall() at netbsd:syscall+0x559 sy_invoke
sys/sys/syscallvar.h:94 [inline]
[ 85.3463693] syscall() at netbsd:syscall+0x559
sys/arch/x86/x86/syscall.c:138
[ 85.3575278] --- syscall (number 137) ---
[ 85.3798288] 72ac2f68f26a:
[ 85.3798288] cpu1: End traceback...
[ 85.3798288] fatal breakpoint trap in supervisor mode
[ 85.3909788] trap type 1 code 0 rip 0xffffffff8021ccb5 cs 0x8 rflags
0x246 cr2 0x72ac2f9f4c50 ilevel 0x8 rsp 0xffffc0016e09f690
[ 85.4021278] curlwp 0xffffc0001279f640 pid 506.1 lowest kstack
0xffffc0016e0982c0
Stopped in pid 506.1 (syz-executor3617) at netbsd:breakpoint+0x5:
leave
?
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0xe9 sys/ddb/db_panic.c:67
vpanic() at netbsd:vpanic+0x241 sys/kern/subr_prf.c:336
_GLOBAL__sub_D_65535_0_cpu_configure() at
netbsd:_GLOBAL__sub_D_65535_0_cpu_configure
pmap_activate() at netbsd:pmap_activate+0x179 sys/arch/x86/x86/pmap.c:2790
mi_switch() at netbsd:mi_switch+0x5bc sys/kern/kern_synch.c:738
sleepq_block() at netbsd:sleepq_block+0x303 sys/kern/kern_sleepq.c:264
cv_wait() at netbsd:cv_wait+0x1fd sys/kern/kern_condvar.c:252
biowait() at netbsd:biowait+0xff sys/kern/vfs_bio.c:1586
bwrite() at netbsd:bwrite+0x2be sys/kern/vfs_bio.c:921
VOP_BWRITE() at netbsd:VOP_BWRITE+0x129 sys/kern/vnode_if.c:143
ufs_dirremove() at netbsd:ufs_dirremove+0x30c sys/ufs/ufs/ufs_lookup.c:1179
ufs_rmdir() at netbsd:ufs_rmdir+0x25a sys/ufs/ufs/ufs_vnops.c:1107
VOP_RMDIR() at netbsd:VOP_RMDIR+0xf8 sys/kern/vnode_if.c:1043
do_sys_unlinkat() at netbsd:do_sys_unlinkat+0x498
sys/kern/vfs_syscalls.c:2731
syscall() at netbsd:syscall+0x559 sy_call sys/sys/syscallvar.h:65 [inline]
syscall() at netbsd:syscall+0x559 sy_invoke sys/sys/syscallvar.h:94 [inline]
syscall() at netbsd:syscall+0x559 sys/arch/x86/x86/syscall.c:138
--- syscall (number 137) ---
72ac2f68f26a:
ds 360
es 0
fs f670
gs f6c0
rdi ffffc0000cb1a458
rsi ffffc0001279f928
rbp ffffc0016e09f690
rbx ffffc0016ca80000
rdx 2
rcx ffffffff80d00841 db_panic+0xd5
rax 0
r8 4
r9 1ffffffff0553818
r10 ffffffff82a9c0c3 db_onpanic+0x3
r11 8000000000
r12 ffffc0016ca92000
r13 ffffffff81c22540 platform_private_nodes+0x140
r14 ffffc0016e09f720
r15 ffffc0016ca80060
rip ffffffff8021ccb5 breakpoint+0x5
cs 8
rflags 246
rsp ffffc0016e09f690
ss 10
netbsd:breakpoint+0x5: leave
PID LID S CPU FLAGS STRUCT LWP * NAME WAIT
34 1 3 0 0 ffffc000112df2c0 syz-executor3617 tstile
607 1 2 1 10000000 ffffc00012de5ac0 syz-executor3617
455 3 2 0 0 ffffc0000e9b99c0 syz-executor3617
455 1 2 0 0 ffffc00012d81220 syz-executor3617
506 > 1 7 1 0 ffffc0001279f640 syz-executor3617
619 1 2 0 0 ffffc00011f50760 syz-executor3617
590 1 3 0 0 ffffc00011f50320 syz-executor3617 tstile
528 1 2 0 0 ffffc0001149c580 syz-executor3617
618 > 1 7 0 0 ffffc000120145c0 syz-executor3617
45 1 2 1 0 ffffc00012021a20 syz-executor3617
472 1 3 0 80 ffffc000110d35a0 syz-executor3617 nanoslp
41 1 3 0 80 ffffc000110d45c0 sshd select
562 1 3 1 80 ffffc00011f7b8c0 getty nanoslp
469 1 3 1 80 ffffc00011ff5560 getty nanoslp
507 1 3 1 80 ffffc00011ff5120 getty nanoslp
495 1 3 0 80 ffffc00011fff580 getty ttyraw
433 1 3 0 80 ffffc000115d1b60 cron nanoslp
484 1 3 1 80 ffffc00011f8a4a0 inetd kqueue
317 1 3 1 80 ffffc0001158b6e0 sshd select
460 1 3 1 80 ffffc000114f4640 powerd kqueue
195 1 3 0 80 ffffc00011f50ba0 syslogd kqueue
278 1 3 0 80 ffffc000114e71e0 dhcpcd kqueue
220 1 3 1 80 ffffc000113f68e0 dhcpcd kqueue
1 1 3 0 80 ffffc000111fa240 init wait
0 58 3 0 204 ffffc000111faac0 physiod physiod
0 57 3 0 204 ffffc00011243280 aiodoned aiodoned
0 56 3 1 200 ffffc00011242ae0 ioflush syncer
0 55 3 0 204 ffffc000112426a0 pooldrain pooldrain
0 54 3 0 200 ffffc00011242260 pgdaemon pgdaemon
0 51 3 1 200 ffffc000111fa680 npfgc-0 npfgccv
0 50 3 1 204 ffffc000111ebaa0 rt_free rt_free
0 49 3 1 204 ffffc000111eb660 unpgc unpgc
0 48 3 1 204 ffffc000111eb220 key_timehandler
key_timehandler
0 47 3 1 204 ffffc00011104a80 icmp6_wqinput/1
icmp6_wqinput
0 46 3 0 204 ffffc00011104640 icmp6_wqinput/0
icmp6_wqinput
0 45 3 1 204 ffffc00011104200 nd6_timer nd6_timer
0 44 3 1 204 ffffc000110f9a60 carp6_wqinput/1
carp6_wqinput
0 43 3 0 204 ffffc000110f9620 carp6_wqinput/0
carp6_wqinput
0 42 3 1 204 ffffc000110f91e0 carp_wqinput/1
carp_wqinput
0 41 3 0 204 ffffc000110e8a40 carp_wqinput/0
carp_wqinput
0 40 3 1 204 ffffc000110e8600 icmp_wqinput/1
icmp_wqinput
0 39 3 0 204 ffffc000110e81c0 icmp_wqinput/0
icmp_wqinput
0 38 3 1 204 ffffc000110d7a20 rt_timer rt_timer
0 37 3 0 204 ffffc000110d4180 vmem_rehash vmem_rehash
0 27 3 0 204 ffffc0000e9b9580 scsibus0 sccomp
0 26 3 0 200 ffffc0000e9b9140 pms0 pmsreset
0 25 3 1 204 ffffc0000e92b9a0 xcall/1 xcall
0 24 1 1 200 ffffc0000e92b560 softser/1
0 23 1 1 200 ffffc0000e92b120 softclk/1
0 22 1 1 200 ffffc0000e927980 softbio/1
0 21 1 1 200 ffffc0000e927540 softnet/1
0 20 1 1 201 ffffc0000e927100 idle/1
0 19 3 1 204 ffffc0000e85d960 lnxpwrwq lnxpwrwq
0 18 3 0 204 ffffc0000e85d520 lnxlngwq lnxlngwq
0 17 3 1 204 ffffc0000e85d0e0 lnxsyswq lnxsyswq
0 16 3 0 204 ffffc0000d042940 lnxrcugc lnxrcugc
0 15 3 0 204 ffffc0000d042500 sysmon smtaskq
0 14 3 0 204 ffffc0000d0420c0 pmfsuspend pmfsuspend
0 13 3 0 204 ffffc0000d033920 pmfevent pmfevent
0 12 3 0 204 ffffc0000d0334e0 sopendfree sopendfr
0 11 3 1 204 ffffc0000d0330a0 nfssilly nfssilly
0 10 3 1 200 ffffc0000d027900 cachegc cachegc
0 9 3 1 204 ffffc0000d0274c0 vdrain vdrain
0 8 3 0 200 ffffc0000d027080 modunload mod_unld
0 7 3 0 204 ffffc0000d0188e0 xcall/0 xcall
0 6 1 0 200 ffffc0000d0184a0 softser/0
0 5 1 0 200 ffffc0000d018060 softclk/0
0 4 1 0 200 ffffc0000d0148c0 softbio/0
0 3 1 0 200 ffffc0000d014480 softnet/0
0 2 1 0 201 ffffc0000d014040 idle/0
0 1 3 1 200 ffffffff82b62fa0 swapper uvm
[Locks tracked through LWPs]
Locks held by an LWP (syz-executor3617):
Lock 0 (initialized at amap_alloc)
lock address : 0xffffc00011258980 type : sleep/adaptive
initialized : 0xffffffff810c6fb1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
current cpu : 1 last held: 0
current lwp : 0xffffc0001279f640 last held: 0xffffc000112df2c0
last locked* : 0xffffffff810d65a5 unlocked : 0xffffffff810d42b8
owner field : 000000000000000000 wait/spin: 0/0

Turnstile chain at 0xffffffff82d838b0 with mutex 0xffffc0000cb2fb40.
=> No active turnstile for this lock.
Lock 1 (initialized at pool_init)
lock address : 0xffffffff82d8d4b0 type : sleep/adaptive
initialized : 0xffffffff811f0b89
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
current cpu : 1 last held: 0
current lwp : 0xffffc0001279f640 last held: 0xffffc000112df2c0
last locked* : 0xffffffff811f1758 unlocked : 0xffffffff811f1d96
owner field : 000000000000000000 wait/spin: 0/0

Turnstile chain at 0xffffffff82d83a10 with mutex 0xffffc0000d00b680.
=> No active turnstile for this lock.

Locks held by an LWP (syz-executor3617):
Lock 0 (initialized at fork1)
lock address : 0xffffc00012d876f0 type : sleep/adaptive
initialized : 0xffffffff8114751c
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
current cpu : 1 last held: 1
current lwp : 0xffffc0001279f640 last held: 0xffffc00012de5ac0
last locked* : 0xffffffff81143c0d unlocked : 000000000000000000
owner/count : 0xffffc00012de5ac0 flags : 0x0000000000000004

Turnstile chain at 0xffffffff82d83a58 with mutex 0xffffc0000d00b8c0.
=> No active turnstile for this lock.
Lock 1 (initialized at amap_alloc)
lock address : 0xffffc00011f63480 type : sleep/adaptive
initialized : 0xffffffff810c6fb1
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
current cpu : 1 last held: 1
current lwp : 0xffffc0001279f640 last held: 0xffffc00012de5ac0
last locked* : 0xffffffff810e7bd1 unlocked : 0xffffffff810e7c63
owner field : 0xffffc00012de5ac0 wait/spin: 1/0

Turnstile chain at 0xffffffff82d83a10 with mutex 0xffffc0000d00b680.
=> Turnstile at 0xffffc000112f3140 (wrq=0xffffc000112f3160,
rdq=0xffffc000112f3170).
=> 0 waiting readers:
=> 2 waiting writers: 0xffffc000112df2c0 0xffffc00011f50320
Lock 2 (initialized at pmap_create)
lock address : 0xffffc00012750eb8 type : sleep/adaptive
initialized : 0xffffffff80272166
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
current cpu : 1 last held: 1
current lwp : 0xffffc0001279f640 last held: 0xffffc00012de5ac0
last locked* : 0xffffffff80274a67 unlocked : 0xffffffff80274456
owner field : 0xffffc00012de5ac0 wait/spin: 0/0

Turnstile chain at 0xffffffff82d83950 with mutex 0xffffc0000d00b080.
=> No active turnstile for this lock.

Locks held by an LWP (syz-executor3617):
Lock 0 (initialized at uvm_map_setup)
lock address : 0xffffc000127478d8 type : sleep/adaptive
initialized : 0xffffffff810e792d
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
current cpu : 1 last held: 0
current lwp : 0xffffc0001279f640 last held: 0xffffc00012d81220
last locked* : 0xffffffff810e17d4 unlocked : 0xffffffff810d886d
owner/count : 0xffffc00012d81220 flags : 0x0000000000000004

Turnstile chain at 0xffffffff82d83a98 with mutex 0xffffc0000d00bac0.
=> No active turnstile for this lock.

Locks held by an LWP (syz-executor3617):
Lock 0 (initialized at vcache_alloc)
lock address : 0xffffc00012d6e140 type : sleep/adaptive
initialized : 0xffffffff812ad182
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
current cpu : 1 last held: 1
current lwp : 0xffffc0001279f640 last held: 0xffffc0001279f640
last locked* : 0xffffffff812da8f0 unlocked : 0xffffffff812da7ad
owner/count : 0xffffc0001279f640 flags : 0x0000000000000004

Turnstile chain at 0xffffffff82d837a8 with mutex 0xffffc0000cb2f300.
=> No active turnstile for this lock.
Lock 1 (initialized at vcache_alloc)
lock address : 0xffffc00012d6e200 type : sleep/adaptive
initialized : 0xffffffff812ad182
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
current cpu : 1 last held: 1
current lwp : 0xffffc0001279f640 last held: 0xffffc0001279f640
last locked* : 0xffffffff812da8f0 unlocked : 0xffffffff812da7ad
owner/count : 0xffffc0001279f640 flags : 0x0000000000000004

Turnstile chain at 0xffffffff82d837c0 with mutex 0xffffc0000cb2f3c0.
=> No active turnstile for this lock.

Locks held by an LWP (syz-executor3617):
Lock 0 (initialized at uvm_map_setup)
lock address : 0xffffc00012003d18 type : sleep/adaptive
initialized : 0xffffffff810e792d
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
current cpu : 1 last held: 0
current lwp : 0xffffc0001279f640 last held: 0xffffc000120145c0
last locked* : 0xffffffff810e17d4 unlocked : 0xffffffff810d886d
owner/count : 000000000000000000 flags : 000000000000000000

Turnstile chain at 0xffffffff82d83b20 with mutex 0xffffc0000d00bf00.
=> No active turnstile for this lock.


[Locks tracked through CPUs]

PAGE FLAG PQ UOBJECT UANON
0xffffc00000014180 0048 00000000 0x0 0x0
0xffffc000000141f0 0048 00000000 0x0 0x0
0xffffc00000014260 0048 00000000 0x0 0x0
0xffffc000000142d0 0048 00000000 0x0 0x0
0xffffc00000014340 0040 00000000 0x0 0x0
0xffffc000000143b0 0048 00000000 0x0 0x0
0xffffc00000014420 0048 00000000 0x0 0x0
0xffffc00000014490 0048 00000000 0x0 0x0
0xffffc00000014500 0048 00000000 0x0 0x0
0xffffc00000014570 0048 00000000 0x0 0x0
0xffffc000000145e0 0048 00000000 0x0 0x0
0xffffc00000014650 0048 00000000 0x0 0x0
0xffffc000000146c0 0048 00000000 0x0 0x0
0xffffc00000014730 0040 00000000 0x0 0x0
0xffffc000000147a0 0040 00000000 0x0 0x0
0xffffc00000014810 0040 00000000 0x0 0x0
0xffffc00000014880 0040 00000000 0x0 0x0
0xffffc000000148f0 0040 00000000 0x0 0x0
0xffffc00000014960 0040 00000000 0x0 0x0
0xffffc000000149d0 0040 00000000 0x0 0x0
0xffffc00000014a40 0048 00000000 0x0 0x0
0xffffc00000014ab0 0048 00000000 0x0 0x0
0xffffc00000014b20 0048 00000000 0x0 0x0
0xffffc00000014b90 0048 00000000 0x0 0x0
0xffffc00000014c00 0048 00000000 0x0 0x0
0xffffc00000014c70 0048 00000000 0x0 0x0
0xffffc00000014ce0 0048 00000000 0x0 0x0
0xffffc00000014d50 0048 00000000 0x0 0x0
0xffffc00000014dc0 0040 00000000 0x0 0x0
0xffffc00000014e30 0048 00000000 0x0 0x0
0xffffc00000014ea0 0048 00000000 0x0 0x0
0xffffc00000014f10 0048 00000000 0x0 0x0
0xffffc00000014f80 0048 00000000 0x0 0x0
0xffffc00000014ff0 0048 00000000 0x0 0x0
0xffffc00000015060 0048 00000000 0x0 0x0
0xffffc000000150d0 0048 00000000 0x0 0x0
0xffffc00000015140 0048 00000000 0x0 0x0
0xffffc000000151b0 0048 00000000 0x0 0x0
0xffffc00000015220 0048 00000000 0x0 0x0
0xffffc00000015290 0048 00000000 0x0 0x0
0xffffc00000015300 0048 00000000 0x0 0x0
0xffffc00000015370 0048 00000000 0x0 0x0
0xffffc000000153e0 0048 00000000 0x0 0x0
0xffffc00000015450 0048 00000000 0x0 0x0
0xffffc000000154c0 0048 00000000 0x0 0x0
0xffffc00000015530 0048 00000000 0x0 0x0
0xffffc000000155a0 0048 00000000 0x0 0x0
0xffffc00000015610 0048 00000000 0x0 0x0
0xffffc00000015680 0048 00000000 0x0 0x0
0xffffc000000156f0 0048 00000000 0x0 0x0
0xffffc00000015760 0048 00000000 0x0 0x0
0xffffc000000157d0 0048 00000000 0x0 0x0
0xffffc00000015840 0048 00000000 0x0 0x0
0xffffc000000158b0 0048 00000000 0x0 0x0
0xffffc00000015920 0048 00000000 0x0 0x0
0xffffc00000015990 0048 00000000 0x0 0x0
0xffffc00000015a00 0048 00000000 0x0 0x0
0xffffc00000015a70 0048 00000000 0x0 0x0
0xffffc00000015ae0 0048 00000000 0x0 0x0
0xffffc00000015b50 0048 00000000 0x0 0x0
0xffffc00000015bc0 0048 00000000 0x0 0x0
0xffffc00000015c30 0048 00000000 0x0 0x0
0xffffc00000015ca0 0048 00000000 0x0 0x0
0xffffc00000015d10 0048 00000000 0x0 0x0
0xffffc00000015d80 0048 00000000 0x0 0x0
0xffffc00000015df0 0048 00000000 0x0 0x0
0xffffc00000015e60 0041 00000000 0x0 0x0
0xffffc00000015ed0 0041 00000000 0x0 0x0
0xffffc00000015f40 0048 00000000 0x0 0x0
0xffffc00000015fb0 0048 00000000 0x0 0x0
0xffffc00000016020 0048 00000000 0x0 0x0
0xffffc00000016090 0048 00000000 0x0 0x0
0xffffc00000016100 0048 00000000 0x0 0x0
0xffffc00000016170 0048 00000000 0x0 0x0
0xffffc000000161e0 0041 00000000 0x0 0x0
0xffffc00000016250 0041 00000000 0x0 0x0
0xffffc000000162c0 0041 00000000 0x0 0x0
0xffffc00000016330 0040 00000000 0x0 0x0
0xffffc000000163a0 0040 00000000 0x0 0x0
0xffffc00000016410 0048 00000000 0x0 0x0
0xffffc00000016480 0040 00000000 0x0 0x0
0xffffc000000164f0 0040 00000000 0x0 0x0
0xffffc00000016560 0048 00000000 0x0 0x0
0xffffc000000165d0 0048 00000000 0x0 0x0
0xffffc00000016640 0041 00000000 0x0 0x0
0xffffc000000166b0 0041 00000000 0x0 0x0
0xffffc00000016720 0041 00000000 0x0 0x0
0xffffc00000016790 0040 00000000 0x0 0x0
0xffffc00000016800 0041 00000000 0x0 0x0
0xffffc00000016870 0041 00000000 0x0 0x0
0xffffc000000168e0 0048 00000000 0x0 0x0
0xffffc00000016950 0048 00000000 0x0 0x0
0xffffc000000169c0 0048 00000000 0x0 0x0
0xffffc00000016a30 0041 00000000 0x0 0x0
0xffffc00000016aa0 0041 00000000 0x0 0x0
0xffffc00000016b10 0041 00000000 0x0 0x0
0xffffc00000016b80 0041 00000000 0x0 0x0
0xffffc00000016bf0 0041 00000000 0x0 0x0
0xffffc00000016c60 0048 00000000 0x0 0x0
0xffffc00000016cd0 0048 00000000 0x0 0x0
0xffffc00000016d40 0048 00000000 0x0 0x0
0xffffc00000016db0 0048 00000000 0x0 0x0
0xffffc00000016e20 0048 00000000 0x0 0x0
0xffffc00000016e90 0041 00000000 0x0 0x0
0xffffc00000016f00 0048 00000000 0x0 0x0
0xffffc00000016f70 0048 00000000 0x0 0x0
0xffffc00000016fe0 0048 00000000 0x0 0x0
0xffffc00000017050 0048 00000000 0x0 0x0
0xffffc000000170c0 0048 00000000 0x0 0x0
0xffffc00000017130 0048 00000000 0x0 0x0
0xffffc000000171a0 0048 00000000 0x0 0x0
0xffffc00000017210 0048 00000000 0x0 0x0
0xffffc00000017280 0048 00000000 0x0 0x0
0xffffc000000172f0 0048 00000000 0x0 0x0
0xffffc00000017360 0048 00000000 0x0 0x0
0xffffc000000173d0 0048 00000000 0x0 0x0
0xffffc00000017440 0048 00000000 0x0 0x0
0xffffc000000174b0 0048 00000000 0x0 0x0
0xffffc00000017520 0048 00000000 0x0 0x0
0xffffc00000017590 0048 00000000 0x0 0x0
0xffffc00000017600 0048 00000000 0x0 0x0
0xffffc00000017670 0048 00000000 0x0 0x0
0xffffc000000176e0 0048 00000000 0x0 0x0
0xffffc00000017750 0048 00000000 0x0 0x0
0xffffc000000177c0 0048 00000000 0x0 0x0
0xffffc00000017830 0048 00000000 0x0 0x0
0xffffc000000178a0 0048 00000000 0x0 0x0
0xffffc00000017910 0048 00000000 0x0 0x0
0xffffc00000017980 0048 00000000 0x0 0x0
0xffffc000000179f0 0048 00000000 0x0 0x0
0xffffc00000017a60 0048 00000000 0x0 0x0
0xffffc00000017ad0 0048 00000000 0x0 0x0
0xffffc00000017b40 0048 00000000 0x0 0x0
0xffffc00000017bb0 0048 00000000 0x0 0x0
0xffffc00000017c20 0048 00000000 0x0 0x0
0xffffc00000017c90 0048 00000000 0x0 0x0
0xffffc00000017d00 0048 00000000 0x0 0x0
0xffffc00000017d70 0048 00000000 0x0 0x0
0xffffc00000017de0 0048 00000000 0x0 0x0
0xffffc00000017e50 0048 00000000 0x0 0x0
0xffffc00000017ec0 0048 00000000 0x0 0x0
0xffffc00000017f30 0048 00000000 0x0 0x0
0xffffc00000017fa0 0048 00000000 0x0 0x0
0xffffc00000018010 0048 00000000 0x0 0x0
0xffffc00000018080 0048 00000000 0x0 0x0
0xffffc000000180f0 0048 00000000 0x0 0x0
0xffffc00000018160 0048 00000000 0x0 0x0
0xffffc000000181d0 0048 00000000 0x0 0x0
0xffffc00000018240 0048 00000000 0x0 0x0
0xffffc000000182b0 0048 00000000 0x0 0x0
0xffffc00000018320 0048 00000000 0x0 0x0
0xffffc00000018390 0048 00000000 0x0 0x0
0xffffc00000018400 0048 00000000 0x0 0x0
0xffffc00000018470 0048 00000000 0x0 0x0
0xffffc000000184e0 0048 00000000 0x0 0x0
0xffffc00000018550 0048 00000000 0x0 0x0
0xffffc000000185c0 0048 00000000 0x0 0x0
0xffffc00000018630 0048 00000000 0x0 0x0
0xffffc000000186a0 0048 00000000 0x0 0x0
0xffffc00000018710 0048 00000000 0x0 0x0
0xffffc00000018780 0048 00000000 0x0 0x0
0xffffc000000187f0 0048 00000000 0x0 0x0
0xffffc00000018860 0048 00000000 0x0 0x0
0xffffc000000188d0 0048 00000000 0x0 0x0
0xffffc00000018940 0048 00000000 0x0 0x0
0xffffc000000189b0 0048 00000000 0x0 0x0
0xffffc00000018a20 0048 00000000 0x0 0x0
0xffffc00000018a90 0048 00000000 0x0 0x0
0xffffc00000018b00 0048 00000000 0x0 0x0
0xffffc00000018b70 0048 00000000 0x0 0x0
0xffffc00000018be0 0048 00000000 0x0 0x0
0xffffc00000018c50 0048 00000000 0x0 0x0
0xffffc00000018cc0 0048 00000000 0x0 0x0
0xffffc00000018d30 0048 00000000 0x0 0x0
0xffffc00000018da0 0048 00000000 0x0 0x0
0xffffc00000018e10 0048 00000000 0x0 0x0
0xffffc00000018e80 0048 00000000 0x0 0x0
0xffffc00000018ef0 0048 00000000 0x0 0x0
0xffffc00000018f60 0048 00000000 0x0 0x0
0xffffc00000018fd0 0048 00000000 0x0 0x0
0xffffc00000019040 0048 00000000 0x0 0x0
0xffffc000000190b0 0048 00000000 0x0 0x0
0xffffc00000019120 0048 00000000 0x0 0x0
0xffffc00000019190 0048 00000000 0x0 0x0
0xffffc00000019200 0048 00000000 0x0 0x0
0xffffc00000019270 0048 00000000 0x0 0x0
0xffffc000000192e0 0048 00000000 0x0 0x0
0xffffc00000019350 0048 00000000 0x0 0x0
0xffffc000000193c0 0048 00000000 0x0 0x0
0xffffc00000019430 0048 00000000 0x0 0x0
0xffffc000000194a0 0048 00000000 0x0 0x0
0xffffc00000019510 0048 00000000 0x0 0x0
0xffffc00000019580 0048 00000000 0x0 0x0
0xffffc000000195f0 0048 00000000 0x0 0x0
0xffffc00000019660 0048 00000000 0x0 0x0
0xffffc000000196d0 0048 00000000 0x0 0x0
0xffffc00000019740 0048 00000000 0x0 0x0
0xffffc000000197b0 0048 00000000 0x0 0x0
0xffffc00000019820 0048 00000000 0x0 0x0
0xffffc00000019890 0048 00000000 0x0 0x0
0xffffc00000019900 0048 00000000 0x0 0x0
0xffffc00000019970 0048 00000000 0x0 0x0
0xffffc000000199e0 0048 00000000 0x0 0x0
0xffffc00000019a50 0048 00000000 0x0 0x0
0xffffc00000019ac0 0048 00000000 0x0 0x0
0xffffc00000019b30 0048 00000000 0x0 0x0
0xffffc00000019ba0 0048 00000000 0x0 0x0
0xffffc00000019c10 0048 00000000 0x0 0x0
0xffffc00000019c80 0048 00000000 0x0 0x0
0xffffc00000019cf0 0048 00000000 0x0 0x0
0xffffc00000019d60 0048 00000000 0x0 0x0
0xffffc00000019dd0 0048 00000000 0x0 0x0
0xffffc00000019e40 0048 00000000 0x0 0x0
0xffffc00000019eb0 0048 00000000 0x0 0x0
0xffffc00000019f20 0048 00000000 0x0 0x0
0xffffc00000019f90 0048 00000000 0x0 0x0
0xffffc0000001a000 0048 00000000 0x0 0x0
0xffffc0000001a070 0048 00000000 0x0 0x0
0xffffc0000001a0e0 0048 00000000 0x0 0x0
0xffffc0000001a150 0048 00000000 0x0 0x0
0xffffc0000001a1c0 0048 00000000 0x0 0x0
0xffffc0000001a230 0048 00000000 0x0 0x0
0xffffc0000001a2a0 0048 00000000 0x0 0x0
0xffffc0000001a310 0048 00000000 0x0 0x0
0xffffc0000001a380 0048 00000000 0x0 0x0
0xffffc0000001a3f0 0048 00000000 0x0 0x0
0xffffc0000001a460 0008 00000000 0x0 0x0
0xffffc0000001a4d0 0008 00000000 0x0 0x0
0xffffc0000001a540 0008 00000000 0x0 0x0
0xffffc0000001a5b0 0008 00000000 0x0 0x0
0xffffc0000001a620 0008 00000000 0x0 0x0
0xffffc0000001a690 0008 00000000 0x0 0x0
0xffffc0000001a700 0008 00000000 0x0 0x0
0xffffc0000001a770 0008 00000000 0x0 0x0
0xffffc0000001a7e0 0008 00000000 0x0 0x0
0xffffc0000001a850 0008 00000000 0x0 0x0
0xffffc0000001a8c0 0008 00000000 0x0 0x0
0xffffc0000001a930 0008 00000000 0x0 0x0
0xffffc0000001a9a0 0008 00000000 0x0 0x0
0xffffc0000001aa10 0008 00000000 0x0 0x0
0xffffc0000001aa80 0008 00000000 0x0 0x0
0xffffc0000001aaf0 0008 00000000 0x0 0x0
0xffffc0000001ab60 0008 00000000 0x0 0x0
0xffffc0000001abd0 0008 00000000 0x0 0x0
0xffffc0000001ac40 0008 00000000 0x0 0x0
0xffffc0000001acb0 0008 00000000 0x0 0x0
0xffffc0000001ad20 0008 00000000 0x0 0x0
0xffffc0000001ad90 0008 00000000 0x0 0x0
0xffffc0000001ae00 0008 00000000 0x0 0x0
0xffffc0000001ae70 0008 00000000 0x0 0x0
0xffffc0000001aee0 0008 00000000 0x0 0x0
0xffffc0000001af50 0008 00000000 0x0 0x0
0xffffc0000001afc0 0008 00000000 0x0 0x0
0xffffc0000001b030 0008 00000000 0x0 0x0
0xffffc0000001b0a0 0008 00000000 0x0 0x0
0xffffc0000001b110 0008 00000000 0x0 0x0
0xffffc0000001b180 0008 00000000 0x0 0x0
0xffffc0000001b1f0 0008 00000000 0x0 0x0
0xffffc0000001b260 0008 00000000 0x0 0x0
0xffffc0000001b2d0 0008 00000000 0x0 0x0
0xffffc0000001b340 0008 00000000 0x0 0x0
0xffffc0000001b3b0 0008 00000000 0x0 0x0
0xffffc0000001b420 0008 00000000 0x0 0x0
0xffffc0000001b490 0008 00000000 0x0 0x0
0xffffc0000001b500 0008 00000000 0x0 0x0
0xffffc0000001b570 0008 00000000 0x0 0x0
0xffffc0000001b5e0 0008 00000000 0x0 0x0
0xffffc0000001b650 0008 00000000 0x0 0x0
0xffffc0000001b6c0 0008 00000000 0x0 0x0
0xffffc0000001b730 0008 00000000 0x0 0x0
0xffffc0000001b7a0 0008 00000000 0x0 0x0
0xffffc0000001b810 0008 00000000 0x0 0x0
0xffffc0000001b880 0008 00000000 0x0 0x0
0xffffc0000001b8f0 0008 00000000 0x0 0x0
0xffffc0000001b960 0008 00000000 0x0 0x0
0xffffc0000001b9d0 0008 00000000 0x0 0x0
0xffffc0000001ba40 0008 00000000 0x0 0x0
0xffffc0000001bab0 0008 00000000 0x0 0x0
0xffffc0000001bb20 0008 00000000 0x0 0x0
0xffffc0000001bb90 0008 00000000 0x0 0x0
0xffffc0000001bc00 0048 00000000 0x0 0x0
0xffffc0000001bc70 0048 00000000 0x0 0x0
0xffffc0000001bce0 0048 00000000 0x0 0x0
0xffffc0000001bd50 0048 00000000 0x0 0x0
0xffffc0000001bdc0 0048 00000000 0x0 0x0
0xffffc0000001be30 0048 00000000 0x0 0x0
0xffffc0000001bea0 0048 00000000 0x0 0x0
0xffffc0000001bf10 0048 00000000 0x0 0x0
0xffffc0000001bf80 0048 00000000 0x0 0x0
0xffffc0000001bff0 0048 00000000 0x0 0x0
0xffffc0000001c060 0048 00000000 0x0 0x0
0xffffc0000001c0d0 0048 00000000 0x0 0x0
0xffffc0000001c140 0048 00000000 0x0 0x0
0xffffc0000001c1b0 0048 00000000 0x0 0x0
0xffffc0000001c220 0048 00000000 0x0 0x0
0xffffc0000001c290 0048 00000000 0x0 0x0
0xffffc0000001c300 0048 00000000 0x0 0x0
0xffffc0000001c370 0048 00000000 0x0 0x0
0xffffc0000001c3e0 0048 00000000 0x0 0x0
0xffffc0000001c450 0048 00000000 0x0 0x0
0xffffc0000001c4c0 0048 00000000 0x0 0x0
0xffffc0000001c530 0048 00000000 0x0 0x0
0xffffc0000001c5a0 0048 00000000 0x0 0x0
0xffffc0000001c610 0048 00000000 0x0 0x0
0xffffc0000001c680 0048 00000000 0x0 0x0
0xffffc0000001c6f0 0048 00000000 0x0 0x0
0xffffc0000001c760 0048 00000000 0x0 0x0
0xffffc0000001c7d0 0048 00000000 0x0 0x0
0xffffc0000001c840 0048 00000000 0x0 0x0
0xffffc0000001c8b0 0048 00000000 0x0 0x0
0xffffc0000001c920 0048 00000000 0x0 0x0
0xffffc0000001c990 0048 00000000 0x0 0x0
0xffffc0000001ca00 0048 00000000 0x0 0x0
0xffffc0000001ca70 0048 00000000 0x0 0x0
0xffffc0000001cae0 0048 00000000 0x0 0x0
0xffffc0000001cb50 0048 00000000 0x0 0x0
0xffffc0000001cbc0 0048 00000000 0x0 0x0
0xffffc0000001cc30 0048 00000000 0x0 0x0
0xffffc0000001cca0 0048 00000000 0x0 0x0
0xffffc0000001cd10 0048 00000000 0x0 0x0
0xffffc0000001cd80 0048 00000000 0x0 0x0
0xffffc0000001cdf0 0048 00000000 0x0 0x0
0xffffc0000001ce60 0048 00000000 0x0 0x0
0xffffc0000001ced0 0048 00000000 0x0 0x0
0xffffc0000001cf40 0048 00000000 0x0 0x0
0xffffc0000001cfb0 0048 00000000 0x0 0x0
0xffffc0000001d020 0048 00000000 0x0 0x0
0xffffc0000001d090 0048 00000000 0x0 0x0
0xffffc0000001d100 0008 00000000 0x0 0x0
0xffffc0000001d170 0008 00000000 0x0 0x0
0xffffc0000001d1e0 0008 00000000 0x0 0x0
0xffffc0000001d250 0008 00000000 0x0 0x0
0xffffc0000001d2c0 0008 00000000 0x0 0x0
0xffffc0000001d330 0008 00000000 0x0 0x0
0xffffc0000001d3a0 0008 00000000 0x0 0x0
0xffffc0000001d410 0008 00000000 0x0 0x0
0xffffc0000001d480 0008 00000000 0x0 0x0
0xffffc0000001d4f0 0008 00000000 0x0 0x0
0xffffc0000001d560 0008 00000000 0x0 0x0
0xffffc0000001d5d0 0008 00000000 0x0 0x0
0xffffc0000001d640 0008 00000000 0x0 0x0
0xffffc0000001d6b0 0008 00000000 0x0 0x0
0xffffc0000001d720 0008 00000000 0x0 0x0
0xffffc0000001d790 0008 00000000 0x0 0x0
0xffffc0000001d800 0008 00000000 0x0 0x0
0xffffc0000001d870 0008 00000000 0x0 0x0
0xffffc0000001d8e0 0008 00000000 0x0 0x0
0xffffc0000001d950 0008 00000000 0x0 0x0
0xffffc0000001d9c0 0008 00000000 0x0 0x0
0xffffc0000001da30 0008 00000000 0x0 0x0
0xffffc0000001daa0 0008 00000000 0x0 0x0
0xffffc0000001db10 0008 00000000 0x0 0x0
0xffffc0000001db80 0008 00000000 0x0 0x0
0xffffc0000001dbf0 0008 00000000 0x0 0x0
0xffffc0000001dc60 0008 00000000 0x0 0x0
0xffffc0000001dcd0 0008 00000000 0x0 0x0
0xffffc0000001dd40 0008 00000000 0x0 0x0
0xffffc0000001ddb0 0008 00000000 0x0 0x0
0xffffc0000001de20 0008 00000000 0x0 0x0
0xffffc0000001de90 0008 00000000 0x0 0x0
0xffffc0000001df00 0008 00000000 0x0 0x0
0xffffc0000001df70 0008 00000000 0x0 0x0
0xffffc0000001dfe0 0008 00000000 0x0 0x0
0xffffc0000001e050 0008 00000000 0x0 0x0
0xffffc0000001e0c0 0008 00000000 0x0 0x0
0xffffc0000001e130 0008 00000000 0x0 0x0
0xffffc0000001e1a0 0008 00000000 0x0 0x0
0xffffc0000001e210 0008 00000000 0x0 0x0
0xffffc0000001e280 0008 00000000 0x0 0x0
0xffffc0000001e2f0 0008 00000000 0x0 0x0
0xffffc0000001e360 0008 00000000 0x0 0x0
0xffffc0000001e3d0 0008 00000000 0x0 0x0
0xffffc0000001e440 0008 00000000 0x0 0x0
0xffffc0000001e4b0 0008 00000000 0x0 0x0
0xffffc0000001e520 0008 00000000 0x0 0x0
0xffffc0000001e590 0008 00000000 0x0 0x0
0xffffc0000001e600 0008 00000000 0x0 0x0
0xffffc0000001e670 0008 00000000 0x0 0x0
0xffffc0000001e6e0 0008 00000000 0x0 0x0
0xffffc0000001e750 0008 00000000 0x0 0x0
0xffffc0000001e7c0 0008 00000000 0x0 0x0
0xffffc0000001e830 0008 00000000 0x0 0x0
0xffffc0000001e8a0 0048 00000000 0x0 0x0
0xffffc0000001e910 0048 00000000 0x0 0x0
0xffffc0000001e980 0048 00000000 0x0 0x0
0xffffc0000001e9f0 0048 00000000 0x0 0x0
0xffffc0000001ea60 0048 00000000 0x0 0x0
0xffffc0000001ead0 0048 00000000 0x0 0x0
0xffffc0000001eb40 0048 00000000 0x0 0x0
0xffffc0000001ebb0 0048 00000000 0x0 0x0
0xffffc0000001ec20 0048 00000000 0x0 0x0
0xffffc0000001ec90 0048 00000000 0x0 0x0
0xffffc0000001ed00 0048 00000000 0x0 0x0
0xffffc0000001ed70 0048 00000000 0x0 0x0
0xffffc0000001ede0 0048 00000000 0x0 0x0
0xffffc0000001ee50 0048 00000000 0x0 0x0
0xffffc0000001eec0 0048 00000000 0x0 0x0
0xffffc0000001ef30 0048 00000000 0x0 0x0
0xffffc0000001efa0 0048 00000000 0x0 0x0
0xffffc0000001f010 0048 00000000 0x0 0x0
0xffffc0000001f080 0048 00000000 0x0 0x0
0xffffc0000001f0f0 0048 00000000 0x0 0x0
0xffffc0000001f160 0048 00000000 0x0 0x0
0xffffc0000001f1d0 0048 00000000 0x0 0x0
0xffffc0000001f240 0048 00000000 0x0 0x0
0xffffc0000001f2b0 0048 00000000 0x0 0x0
0xffffc0000001f320 0040 00000000 0x0 0x0
0xffffc0000001f390 0048 00000000 0x0 0x0
0xffffc0000001f400 0048 00000000 0x0 0x0
0xffffc0000001f470 0048 00000000 0x0 0x0
0xffffc0000001f4e0 0048 00000000 0x0 0x0
0xffffc0000001f550 0040 00000000 0x0 0x0
0xffffc0000001f5c0 0048 00000000 0x0 0x0
0xffffc0000001f630 0048 00000000 0x0 0x0
0xffffc0000001f6a0 0040 00000000 0x0 0x0
0xffffc0000001f710 0048 00000000 0x0 0x0
0xffffc0000001f780 0048 00000000 0x0 0x0
0xffffc0000001f7f0 0048 00000000 0x0 0x0
0xffffc0000001f860 0040 00000000 0x0 0x0
0xffffc0000001f8d0 0040 00000000 0x0 0x0
0xffffc0000001f940 0040 00000000 0x0 0x0
0xffffc0000001f9b0 0040 00000000 0x0 0x0
0xffffc0000001fa20 0040 00000000 0x0 0x0
0xffffc0000001fa90 0048 00000000 0x0 0x0
0xffffc0000001fb00 0048 00000000 0x0 0x0
0xffffc0000001fb70 0048 00000000 0x0 0x0
0xffffc0000001fbe0 0008 00000000 0x0 0x0
0xffffc0000001fc50 0008 00000000 0x0 0x0
0xffffc0000001fcc0 0008 00000000 0x0 0x0
0xffffc0000001fd30 0008 00000000 0x0 0x0
0xffffc0000001fda0 0008 00000000 0x0 0x0
0xffffc0000001fe10 0008 00000000 0x0 0x0
0xffffc0000001fe80 0008 00000000 0x0 0x0
0xffffc0000001fef0 0008 00000000 0x0 0x0
0xffffc0000001ff60 0008 00000000 0x0 0x0
0xffffc0000001ffd0 0008 00000000 0x0 0x0
0xffffc00000020040 0008 00000000 0x0 0x0
0xffffc000000200b0 0008 00000000 0x0 0x0
0xffffc00000020120 0008 00000000 0x0 0x0
0xffffc00000020190 0008 00000000 0x0 0x0
0xffffc00000020200 0008 00000000 0x0 0x0
0xffffc00000020270 0008 00000000 0x0 0x0
0xffffc000000202e0 0008 00000000 0x0 0x0
0xffffc00000020350 0008 00000000 0x0 0x0
0xffffc000000203c0 0008 00000000 0x0 0x0
0xffffc00000020430 0008 00000000 0x0 0x0
0xffffc000000204a0 0008 00000000 0x0 0x0
0xffffc00000020510 0008 00000000 0x0 0x0
0xffffc00000020580 0008 00000000 0x0 0x0
0xffffc000000205f0 0008 00000000 0x0 0x0
0xffffc00000020660 0008 00000000 0x0 0x0
0xffffc000000206d0 0008 00000000 0x0 0x0
0xffffc00000020740 0008 00000000 0x0 0x0
0xffffc000000207b0 0008 00000000 0x0 0x0
0xffffc00000020820 0008 00000000 0x0 0x0
0xffffc00000020890 0008 00000000 0x0 0x0
0xffffc00000020900 0008 00000000 0x0 0x0
0xffffc00000020970 0008 00000000 0x0 0x0
0xffffc000000209e0 0008 00000000 0x0 0x0
0xffffc00000020a50 0008 00000000 0x0 0x0
0xffffc00000020ac0 0008 00000000 0x0 0x0
0xffffc00000020b30 0008 00000000 0x0 0x0
0xffffc00000020ba0 0008 00000000 0x0 0x0
0xffffc00000020c10 0008 00000000 0x0 0x0
0xffffc00000020c80 0008 00000000 0x0 0x0
0xffffc00000020cf0 0008 00000000 0x0 0x0
0xffffc00000020d60 0008 00000000 0x0 0x0
0xffffc00000020dd0 0008 00000000 0x0 0x0
0xffffc00000020e40 0008 00000000 0x0 0x0
0xffffc00000020eb0 0008 00000000 0x0 0x0
0xffffc00000020f20 0008 00000000 0x0 0x0
0xffffc00000020f90 0008 00000000 0x0 0x0
0xffffc00000021000 0008 00000000 0x0 0x0
0xffffc00000021070 0008 00000000 0x0 0x0
0xffffc000000210e0 0008 00000000 0x0 0x0
0xffffc00000021150 0008 00000000 0x0 0x0
0xffffc000000211c0 0008 00000000 0x0 0x0
0xffffc00000021230 0008 00000000 0x0 0x0
0xffffc000000212a0 0008 00000000 0x0 0x0
0xffffc00000021310 0008 00000000 0x0 0x0
0xffffc00000021380 0040 00000000 0x0 0x0
0xffffc000000213f0 0040 00000000 0x0 0x0
0xffffc00000021460 0040 00000000 0x0 0x0
0xffffc000000214d0 0040 00000000 0x0 0x0
0xffffc00000021540 0040 00000000 0x0 0x0
0xffffc000000215b0 0040 00000000 0x0 0x0
0xffffc00000021620 0040 00000000 0x0 0x0
0xffffc00000021690 0040 00000000 0x0 0x0
0xffffc00000021700 0040 00000000 0x0 0x0
0xffffc00000021770 0040 00000000 0x0 0x0
0xffffc000000217e0 0040 00000000 0x0 0x0
0xffffc00000021850 0040 00000000 0x0 0x0
0xffffc000000218c0 0040 00000000 0x0 0x0
0xffffc00000021930 0040 00000000 0x0 0x0
0xffffc000000219a0 0040 00000000 0x0 0x0
0xffffc00000021a10 0040 00000000 0x0 0x0
0xffffc00000021a80 0040 00000000 0x0 0x0
0xffffc00000021af0 0040 00000000 0x0 0x0
0xffffc00000021b60 0040 00000000 0x0 0x0
0xffffc00000021bd0 0040 00000000 0x0 0x0
0xffffc00000021c40 0040 00000000 0x0 0x0
0xffffc00000021cb0 0040 00000000 0x0 0x0
0xffffc00000021d20 0040 00000000 0x0 0x0
0xffffc00000021d90 0040 00000000 0x0 0x0
0xffffc00000021e00 0040 00000000 0x0 0x0
0xffffc00000021e70 0040 00000000 0x0 0x0
0xffffc00000021ee0 0040 00000000 0x0 0x0
0xffffc00000021f50 0040 00000000 0x0 0x0
0xffffc00000021fc0 0040 00000000 0x0 0x0
0xffffc00000022030 0040 00000000 0x0 0x0
0xffffc000000220a0 0040 00000000 0x0 0x0
0xffffc00000022110 0040 00000000 0x0 0x0
0xffffc00000022180 0040 00000000 0x0 0x0
0xffffc000000221f0 0040 00000000 0x0 0x0
0xffffc00000022260 0040 00000000 0x0 0x0
0xffffc000000222d0 0040 00000000 0x0 0x0
0xffffc00000022340 0040 00000000 0x0 0x0
0xffffc000000223b0 0040 00000000 0x0 0x0
0xffffc00000022420 0040 00000000 0x0 0x0
0xffffc00000022490 0040 00000000 0x0 0x0
0xffffc00000022500 0040 00000000 0x0 0x0
0xffffc00000022570 0040 00000000 0x0 0x0
0xffffc000000225e0 0040 00000000 0x0 0x0
0xffffc00000022650 0040 00000000 0x0 0x0
0xffffc000000226c0 0040 00000000 0x0 0x0
0xffffc00000022730 0040 00000000 0x0 0x0
0xffffc000000227a0 0048 00000000 0x0 0x0
0xffffc00000022810 0040 00000000 0x0 0x0
0xffffc00000022880 0040 00000000 0x0 0x0
0xffffc000000228f0 0040 00000000 0x0 0x0
0xffffc00000022960 0040 00000000 0x0 0x0
0xffffc000000229d0 0048 00000000 0x0 0x0
0xffffc00000022a40 0040 00000000 0x0 0x0
0xffffc00000022ab0 0040 00000000 0x0 0x0
0xffffc00000022b20 0048 00000000 0x0 0x0
0xffffc00000022b90 0040 00000000 0x0 0x0
0xffffc00000022c00 0040 00000000 0x0 0x0
0xffffc00000022c70 0040 00000000 0x0 0x0
0xffffc00000022ce0 0048 00000000 0x0 0x0
0xffffc00000022d50 0048 00000000 0x0 0x0
0xffffc00000022dc0 0048 00000000 0x0 0x0
0xffffc00000022e30 0040 00000000 0x0 0x0
0xffffc00000022ea0 0048 00000000 0x0 0x0
0xffffc00000022f10 0040 00000000 0x0 0x0
0xffffc00000022f80 0048 00000000 0x0 0x0
0xffffc00000022ff0 0048 00000000 0x0 0x0
0xffffc00000023060 0048 00000000 0x0 0x0
0xffffc000000230d0 0048 00000000 0x0 0x0
0xffffc00000023140 0048 00000000 0x0 0x0
0xffffc000000231b0 0048 00000000 0x0 0x0
0xffffc00000023220 0048 00000000 0x0 0x0
0xffffc00000023290 0048 00000000 0x0 0x0
0xffffc00000023300 0048 00000000 0x0 0x0
0xffffc00000023370 0048 00000000 0x0 0x0
0xffffc000000233e0 0048 00000000 0x0 0x0
0xffffc00000023450 0048 00000000 0x0 0x0
0xffffc000000234c0 0048 00000000 0x0 0x0
0xffffc00000023530 0048 00000000 0x0 0x0
0xffffc000000235a0 0048 00000000 0x0 0x0
0xffffc00000023610 0048 00000000 0x0 0x0
0xffffc00000023680 0048 00000000 0x0 0x0
0xffffc000000236f0 0048 00000000 0x0 0x0
0xffffc00000023760 0048 00000000 0x0 0x0
0xffffc000000237d0 0048 00000000 0x0 0x0
0xffffc00000023840 0048 00000000 0x0 0x0
0xffffc000000238b0 0048 00000000 0x0 0x0
0xffffc00000023920 0048 00000000 0x0 0x0
0xffffc00000023990 0048 00000000 0x0 0x0
0xffffc00000023a00 0048 00000000 0x0 0x0
0xffffc00000023a70 0048 00000000 0x0 0x0
0xffffc00000023ae0 0048 00000000 0x0 0x0
0xffffc00000023b50 0048 00000000 0x0 0x0
0xffffc00000023bc0 0048 00000000 0x0 0x0
0xffffc00000023c30 0048 00000000 0x0 0x0
0xffffc00000023ca0 0048 00000000 0x0 0x0
0xffffc00000023d10 0048 00000000 0x0 0x0
0xffffc00000023d80 0048 00000000 0x0 0x0
0xffffc00000023df0 0048 00000000 0x0 0x0
0xffffc00000023e60 0048 00000000 0x0 0x0
0xffffc00000023ed0 0048 00000000 0x0 0x0
0xffffc00000023f40 0048 00000000 0x0 0x0
0xffffc00000023fb0 0048 00000000 0x0 0x0
0xffffc00000024020 0048 00000000 0x0 0x0
0xffffc00000024090 0048 00000000 0x0 0x0
0xffffc00000024100 0048 00000000 0x0 0x0
0xffffc00000024170 0048 00000000 0x0 0x0
0xffffc000000241e0 0048 00000000 0x0 0x0
0xffffc00000024250 0048 00000000 0x0 0x0
0xffffc000000242c0 0048 00000000 0x0 0x0
0xffffc00000024330 0048 00000000 0x0 0x0
0xffffc000000243a0 0048 00000000 0x0 0x0
0xffffc00000024410 0048 00000000 0x0 0x0
0xffffc00000024480 0048 00000000 0x0 0x0
0xffffc000000244f0 0048 00000000 0x0 0x0
0xffffc00000024560 0048 00000000 0x0 0x0
0xffffc000000245d0 0048 00000000 0x0 0x0
0xffffc00000024640 0048 00000000 0x0 0x0
0xffffc000000246b0 0048 00000000 0x0 0x0
0xffffc00000024720 0008 00000000 0x0 0x0
0xffffc00000024790 0008 00000000 0x0 0x0
0xffffc00000024800 0008 00000000 0x0 0x0
0xffffc00000024870 0008 00000000 0x0 0x0
0xffffc000000248e0 0008 00000000 0x0 0x0
0xffffc00000024950 0008 00000000 0x0 0x0
0xffffc000000249c0 0008 00000000 0x0 0x0
0xffffc00000024a30 0008 00000000 0x0 0x0
0xffffc00000024aa0 0008 00000000 0x0 0x0
0xffffc00000024b10 0008 00000000 0x0 0x0
0xffffc00000024b80 0008 00000000 0x0 0x0
0xffffc00000024bf0 0008 00000000 0x0 0x0
0xffffc00000024c60 0008 00000000 0x0 0x0
0xffffc00000024cd0 0008 00000000 0x0 0x0
0xffffc00000024d40 0008 00000000 0x0 0x0
0xffffc00000024db0 0008 00000000 0x0 0x0
0xffffc00000024e20 0008 00000000 0x0 0x0
0xffffc00000024e90 0008 00000000 0x0 0x0
0xffffc00000024f00 0008 00000000 0x0 0x0
0xffffc00000024f70 0008 00000000 0x0 0x0
0xffffc00000024fe0 0008 00000000 0x0 0x0
0xffffc00000025050 0008 00000000 0x0 0x0
0xffffc000000250c0 0008 00000000 0x0 0x0
0xffffc00000025130 0008 00000000 0x0 0x0
0xffffc000000251a0 0008 00000000 0x0 0x0
0xffffc00000025210 0008 00000000 0x0 0x0
0xffffc00000025280 0008 00000000 0x0 0x0
0xffffc000000252f0 0008 00000000 0x0 0x0
0xffffc00000025360 0008 00000000 0x0 0x0
0xffffc000000253d0 0008 00000000 0x0 0x0
0xffffc00000025440 0008 00000000 0x0 0x0
0xffffc000000254b0 0008 00000000 0x0 0x0
0xffffc00000025520 0008 00000000 0x0 0x0
0xffffc00000025590 0008 00000000 0x0 0x0
0xffffc00000025600 0008 00000000 0x0 0x0
0xffffc00000025670 0008 00000000 0x0 0x0
0xffffc000000256e0 0008 00000000 0x0 0x0
0xffffc00000025750 0008 00000000 0x0 0x0
0xffffc000000257c0 0008 00000000 0x0 0x0
0xffffc00000025830 0008 00000000 0x0 0x0
0xffffc000000258a0 0008 00000000 0x0 0x0
0xffffc00000025910 0008 00000000 0x0 0x0
0xffffc00000025980 0008 00000000 0x0 0x0
0xffffc000000259f0 0008 00000000 0x0 0x0
0xffffc00000025a60 0008 00000000 0x0 0x0
0xffffc00000025ad0 0008 00000000 0x0 0x0
0xffffc00000025b40 0008 00000000 0x0 0x0
0xffffc00000025bb0 0008 00000000 0x0 0x0
0xffffc00000025c20 0008 00000000 0x0 0x0
0xffffc00000025c90 0008 00000000 0x0 0x0
0xffffc00000025d00 0008 00000000 0x0 0x0
0xffffc00000025d70 0008 00000000 0x0 0x0
0xffffc00000025de0 0008 00000000 0x0 0x0
0xffffc00000025e50 0008 00000000 0x0 0x0
0xffffc00000025ec0 0008 00000000 0x0 0x0
0xffffc00000025f30 0008 00000000 0x0 0x0
0xffffc00000025fa0 0008 00000000 0x0 0x0
0xffffc00000026010 0008 00000000 0x0 0x0
0xffffc00000026080 0008 00000000 0x0 0x0
0xffffc000000260f0 0008 00000000 0x0 0x0
0xffffc00000026160 0008 00000000 0x0 0x0
0xffffc000000261d0 0008 00000000 0x0 0x0
0xffffc00000026240 0008 00000000 0x0 0x0
0xffffc000000262b0 0008 00000000 0x0 0x0
0xffffc00000026320 0008 00000000 0x0 0x0
0xffffc00000026390 0008 00000000 0x0 0x0
0xffffc00000026400 0008 00000000 0x0 0x0
0xffffc00000026470 0008 00000000 0x0 0x0
0xffffc000000264e0 0008 00000000 0x0 0x0
0xffffc00000026550 0008 00000000 0x0 0x0
0xffffc000000265c0 0008 00000000 0x0 0x0
0xffffc00000026630 0008 00000000 0x0 0x0
0xffffc000000266a0 0008 00000000 0x0 0x0
0xffffc00000026710 0008 00000000 0x0 0x0
0xffffc00000026780 0008 00000000 0x0 0x0
0xffffc000000267f0 0008 00000000 0x0 0x0
0xffffc00000026860 0008 00000000 0x0 0x0
0xffffc000000268d0 0008 00000000 0x0 0x0
0xffffc00000026940 0008 00000000 0x0 0x0
0xffffc000000269b0 0008 00000000 0x0 0x0
0xffffc00000026a20 0008 00000000 0x0 0x0
0xffffc00000026a90 0008 00000000 0x0 0x0
0xffffc00000026b00 0008 00000000 0x0 0x0
0xffffc00000026b70 0008 00000000 0x0 0x0
0xffffc00000026be0 0008 00000000 0x0 0x0
0xffffc00000026c50 0008 00000000 0x0 0x0
0xffffc00000026cc0 0008 00000000 0x0 0x0
0xffffc00000026d30 0008 00000000 0x0 0x0
0xffffc00000026da0 0008 00000000 0x0 0x0
0xffffc00000026e10 0008 00000000 0x0 0x0
0xffffc00000026e80 0008 00000000 0x0 0x0
0xffffc00000026ef0 0008 00000000 0x0 0x0
0xffffc00000026f60 0008 00000000 0x0 0x0
0xffffc00000026fd0 0008 00000000 0x0 0x0
0xffffc00000027040 0008 00000000 0x0 0x0
0xffffc000000270b0 0008 00000000 0x0 0x0
0xffffc00000027120 0008 00000000 0x0 0x0
0xffffc00000027190 0008 00000000 0x0 0x0
0xffffc00000027200 0008 00000000 0x0 0x0
0xffffc00000027270 0008 00000000 0x0 0x0
0xffffc000000272e0 0008 00000000 0x0 0x0
0xffffc00000027350 0008 00000000 0x0 0x0
0xffffc000000273c0 0008 00000000 0x0 0x0
0xffffc00000027430 0008 00000000 0x0 0x0
0xffffc000000274a0 0008 00000000 0x0 0x0
0xffffc00000027510 0008 00000000 0x0 0x0
0xffffc00000027580 0008 00000000 0x0 0x0
0xffffc000000275f0 0008 00000000 0x0 0x0
0xffffc00000027660 0008 00000000 0x0 0x0
0xffffc000000276d0 0008 00000000 0x0 0x0
0xffffc00000027740 0008 00000000 0x0 0x0
0xffffc000000277b0 0008 00000000
Reply all
Reply to author
Forward
0 new messages