Re: UBSan: Undefined Behavior in compat

syzbot

unread,

Jul 7, 2022, 10:48:12 AM7/7/22

to rias...@netbsd.org, syzkaller-...@googlegroups.com

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
UBSan: Undefined Behavior in doifioctl

[ 44.0455871] panic: UBSan: Undefined Behavior in /syzkaller/jobs/netbsd/kernel/sys/net/if.c:3454:18, member access within null pointer of type 'struct ifreq'

[ 44.0629170] cpu0: Begin traceback...
[ 44.0855771] vpanic() at netbsd:vpanic+0x2f2 sys/kern/subr_prf.c:293
[ 44.1555738] Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352
[ 44.2155734] HandleTypeMismatch() at netbsd:HandleTypeMismatch+0x1fb sys/../common/lib/libc/misc/ubsan.c:429
[ 44.2755742] doifioctl() at netbsd:doifioctl+0x2a05 sys/net/if.c:3454
[ 44.3255771] soo_ioctl() at netbsd:soo_ioctl+0x2d7 sys/kern/sys_socket.c:210
[ 44.3755709] sys_ioctl() at netbsd:sys_ioctl+0x202 sys/kern/sys_generic.c:673
[ 44.4255735] sys___syscall() at netbsd:sys___syscall+0x1e4 sy_call sys/sys/syscallvar.h:65 [inline]
[ 44.4255735] sys___syscall() at netbsd:sys___syscall+0x1e4 sys/kern/sys_syscall.c:90
[ 44.4855741] syscall() at netbsd:syscall+0x2da sy_call sys/sys/syscallvar.h:65 [inline]
[ 44.4855741] syscall() at netbsd:syscall+0x2da sy_invoke sys/sys/syscallvar.h:94 [inline]
[ 44.4855741] syscall() at netbsd:syscall+0x2da sys/arch/x86/x86/syscall.c:138
[ 44.4955721] --- syscall (number 54 via SYS_syscall) ---
[ 44.5155722] netbsd:syscall+0x2da:
[ 44.5155722] cpu0: End traceback...
[ 44.5279602] fatal breakpoint trap in supervisor mode
[ 44.5279602] trap type 1 code 0 rip 0xffffffff80221ab5 cs 0x8 rflags 0x246 cr2 0xc00038b3e0 ilevel 0 rsp 0xffffb280c8486690
[ 44.5439123] curlwp 0xffffd5607af41280 pid 1207.1242 lowest kstack 0xffffb280c84822c0
Stopped in pid 1207.1242 (syz-executor.3) at netbsd:breakpoint+0x5: leave
?
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0xec sys/ddb/db_panic.c:69
vpanic() at netbsd:vpanic+0x2f2 sys/kern/subr_prf.c:293
Report() at netbsd:Report+0x3b sys/../common/lib/libc/misc/ubsan.c:1352
HandleTypeMismatch() at netbsd:HandleTypeMismatch+0x1fb sys/../common/lib/libc/misc/ubsan.c:429
doifioctl() at netbsd:doifioctl+0x2a05 sys/net/if.c:3454
soo_ioctl() at netbsd:soo_ioctl+0x2d7 sys/kern/sys_socket.c:210
sys_ioctl() at netbsd:sys_ioctl+0x202 sys/kern/sys_generic.c:673
sys___syscall() at netbsd:sys___syscall+0x1e4 sy_call sys/sys/syscallvar.h:65 [inline]
sys___syscall() at netbsd:sys___syscall+0x1e4 sys/kern/sys_syscall.c:90
syscall() at netbsd:syscall+0x2da sy_call sys/sys/syscallvar.h:65 [inline]
syscall() at netbsd:syscall+0x2da sy_invoke sys/sys/syscallvar.h:94 [inline]
syscall() at netbsd:syscall+0x2da sys/arch/x86/x86/syscall.c:138
--- syscall (number 54 via SYS_syscall) ---
netbsd:syscall+0x2da:
Panic string: UBSan: Undefined Behavior in /syzkaller/jobs/netbsd/kernel/sys/net/if.c:3454:18, member access within null pointer of type 'struct ifreq'

PID LID S CPU FLAGS STRUCT LWP * NAME WAIT
1382 1382 2 0 0 ffffd560793b6ac0 syz-executor.0
1209 1209 2 0 0 ffffd56076f85340 syz-executor.1
1207 >1242 7 0 100 ffffd5607af41280 syz-executor.3
1207 1207 2 1 10000000 ffffd560793b6680 syz-executor.3
1196 1196 3 1 180 ffffd56076f85bc0 syz-executor.5 pipe_rd
1210 >1210 7 1 0 ffffd560793b6240 syz-executor.4
1203 1203 2 0 0 ffffd5607636db00 syz-executor.2
330 330 2 1 40140 ffffd56078adf640 syz-executor.3
827 827 2 1 40140 ffffd5607636d6c0 syz-executor.0
1233 329 2 0 100 ffffd560774f79c0 syz-execprog
1233 1069 3 1 1c0 ffffd56077e44a00 syz-execprog parked
1233 1200 3 1 180 ffffd56077e445c0 syz-execprog parked
1233 1234 3 0 180 ffffd56076c4a1c0 syz-execprog parked
1233 1387 3 0 180 ffffd5607651d2c0 syz-execprog parked
1233 1104 3 0 1c0 ffffd56078adfa80 syz-execprog parked
1233 1237 2 0 140 ffffd56078adf200 syz-execprog
1233 1233 3 0 40180 ffffd56076c4aa40 syz-execprog parked
1236 1236 3 1 180 ffffd56076c4a600 sshd select
1074 1074 3 0 180 ffffd56077142100 getty nanoslp
967 967 3 0 180 ffffd56076080200 getty nanoslp
1073 1073 3 1 180 ffffd5607636d280 getty nanoslp
1115 1115 3 1 1c0 ffffd56076085680 getty ttyraw
952 952 3 1 180 ffffd56077e44180 sshd select
942 942 3 0 180 ffffd5607696f300 powerd kqueue
687 687 3 0 180 ffffd56077142980 syslogd kqueue
547 547 3 0 180 ffffd56077227480 dhcpcd poll
546 546 3 1 180 ffffd5607651db40 dhcpcd poll
600 600 3 0 180 ffffd56077142540 dhcpcd poll
587 587 3 1 180 ffffd5606dddd300 dhcpcd poll
289 289 3 0 180 ffffd5607651d700 dhcpcd poll
288 288 3 0 180 ffffd56076085ac0 dhcpcd poll
351 351 3 0 180 ffffd5607696f740 dhcpcd poll
1 1 3 0 180 ffffd5606de66540 init wait
0 968 3 0 200 ffffd56076080640 physiod physiod
0 194 3 0 200 ffffd56076085240 ioflush syncer
0 193 3 0 200 ffffd5606dddd740 pooldrain pooldrain
0 192 3 1 200 ffffd56076080a80 pgdaemon pgdaemon
0 167 3 1 200 ffffd56073fc2a40 usb7 usbevt
0 166 3 1 200 ffffd56073fc2600 usb6 usbevt
0 165 3 1 200 ffffd56073fc21c0 usb5 usbevt
0 164 3 1 200 ffffd56070f4da00 usb4 usbevt
0 31 3 1 200 ffffd56070f4d5c0 usb3 usbevt
0 63 3 1 200 ffffd56070f4d180 usb2 usbevt
0 126 3 1 200 ffffd5606eee89c0 usb1 usbevt
0 125 3 1 200 ffffd5606eee8580 usb0 usbevt
0 124 3 1 200 ffffd5606eee8140 usbtask-dr usbtsk
0 123 3 1 200 ffffd5606de66980 usbtask-hc usbtsk
0 122 3 0 200 ffffd5606d73d6c0 npfgc0 npfgcw
0 121 3 1 200 ffffd5606de66100 rt_free rt_free
0 120 3 1 200 ffffd5606de59940 unpgc unpgc
0 119 2 0 200 ffffd5606de59500 key_timehandler
0 118 3 1 200 ffffd5606de590c0 icmp6_wqinput/1 icmp6_wqinput
0 117 3 0 200 ffffd5606de2c900 icmp6_wqinput/0 icmp6_wqinput
0 116 2 0 200 ffffd5606de2c4c0 nd6_timer
0 115 3 1 200 ffffd5606de2c080 carp6_wqinput/1 carp6_wqinput
0 114 3 0 200 ffffd5606de178c0 carp6_wqinput/0 carp6_wqinput
0 113 3 1 200 ffffd5606de17480 carp_wqinput/1 carp_wqinput
0 112 3 0 200 ffffd5606de17040 carp_wqinput/0 carp_wqinput
0 111 3 1 200 ffffd5606ddeabc0 icmp_wqinput/1 icmp_wqinput
0 110 3 0 200 ffffd5606ddea780 icmp_wqinput/0 icmp_wqinput
0 109 2 0 200 ffffd5606ddddb80 rt_timer
0 108 3 0 200 ffffd5606ddea340 vmem_rehash vmem_rehash
0 99 3 0 200 ffffd5606d74ab40 entbutler entropy
0 98 3 0 200 ffffd5606d74a700 viomb balloon
0 97 3 1 200 ffffd5606d74a2c0 vioif0_txrx/1 vioif0_txrx
0 96 3 0 200 ffffd5606d73db00 vioif0_txrx/0 vioif0_txrx
0 29 3 1 200 ffffd5606d73d280 scsibus0 sccomp
0 28 3 0 200 ffffd5606c1c3ac0 pms0 pmsreset
0 27 3 1 200 ffffd5606c1c3680 xcall/1 xcall
0 26 1 1 200 ffffd5606c1c3240 softser/1
0 25 1 1 200 ffffd5606c18ea80 softclk/1
0 24 1 1 200 ffffd5606c18e640 softbio/1
0 23 1 1 200 ffffd5606c18e200 softnet/1
0 22 1 1 201 ffffd5619b135a40 idle/1
0 21 3 1 200 ffffd5619b135600 lnxsyswq lnxsyswq
0 20 3 1 200 ffffd5619b1351c0 lnxubdwq lnxubdwq
0 19 3 0 200 ffffd5619b144a00 lnxpwrwq lnxpwrwq
0 18 3 1 200 ffffd5619b1445c0 lnxlngwq lnxlngwq
0 17 3 1 200 ffffd5619b144180 lnxhipwq lnxhipwq
0 16 3 1 200 ffffd5619b15d9c0 lnxrcugc lnxrcugc
0 15 3 0 200 ffffd5619b15d580 sysmon smtaskq
0 14 3 1 200 ffffd5619b15d140 pmfsuspend pmfsuspend
0 13 3 0 200 ffffd5619b16a980 pmfevent pmfevent
0 12 3 1 200 ffffd5619b16a540 sopendfree sopendfr
0 11 3 1 200 ffffd5619b16a100 iflnkst iflnkst
0 10 3 1 200 ffffd5619c19b940 nfssilly nfssilly
0 9 3 0 200 ffffd5619c19b500 vdrain vdrain
0 8 3 1 200 ffffd5619c19b0c0 modunload mod_unld
0 7 3 0 200 ffffd5619c1c2900 xcall/0 xcall
0 6 1 0 200 ffffd5619c1c24c0 softser/0
0 5 1 0 200 ffffd5619c1c2080 softclk/0
0 4 1 0 200 ffffd5619c1f18c0 softbio/0
0 3 1 0 200 ffffd5619c1f1480 softnet/0
0 2 1 0 201 ffffd5619c1f1040 idle/0
0 0 3 0 200 ffffffff86750a80 swapper uvm
[Locks tracked through LWPs]

****** LWP 1382.1382 (syz-executor.0) @ 0xffffd560793b6ac0, l_stat=2

*** Locks held:

* Lock 0 (initialized at amap_alloc1)
lock address : 0xffffd5607871f0c0 type : sleep/adaptive
initialized : 0xffffffff835aa59a
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffd560793b6ac0 last held: 0xffffd560793b6ac0
last locked* : 0xffffffff835ceb5e unlocked : 0xffffffff835cac2f
owner/count : 0xffffd560793b6ac0 flags : 0x0000000000000004
Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 1209.1209 (syz-executor.1) @ 0xffffd56076f85340, l_stat=2

*** Locks held:

* Lock 0 (initialized at amap_ctor)
lock address : 0xffffd5607aaee300 type : sleep/adaptive
initialized : 0xffffffff835aadf5
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffd56076f85340 last held: 0xffffd56076f85340
last locked* : 0xffffffff835ceb5e unlocked : 0xffffffff835cc4e9
owner/count : 0xffffd56076f85340 flags : 0x0000000000000004
Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 1207.1242 (syz-executor.3) @ 0xffffd5607af41280, l_stat=7

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff86beb2c0 type : sleep/adaptive
initialized : 0xffffffff8370def7
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffd5607af41280 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 546.546 (dhcpcd) @ 0xffffd5607651db40, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff86beb2c0 type : sleep/adaptive
initialized : 0xffffffff8370def7
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0
relevant lwp : 0xffffd5607651db40 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 600.600 (dhcpcd) @ 0xffffd56077142540, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff86beb2c0 type : sleep/adaptive
initialized : 0xffffffff8370def7
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffd56077142540 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 288.288 (dhcpcd) @ 0xffffd56076085ac0, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff86beb2c0 type : sleep/adaptive
initialized : 0xffffffff8370def7
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffd56076085ac0 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 351.351 (dhcpcd) @ 0xffffd5607696f740, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff86beb2c0 type : sleep/adaptive
initialized : 0xffffffff8370def7
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffd5607696f740 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.25 (softclk/1) @ 0xffffd5606c18ea80, l_stat=1

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff86beb2c0 type : sleep/adaptive
initialized : 0xffffffff8370def7
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0
relevant lwp : 0xffffd5606c18ea80 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.11 (iflnkst) @ 0xffffd5619b16a100, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff86beb2c0 type : sleep/adaptive
initialized : 0xffffffff8370def7
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0
relevant lwp : 0xffffd5619b16a100 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.0 (swapper) @ 0xffffffff86750a80, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff86beb2c0 type : sleep/adaptive
initialized : 0xffffffff8370def7
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffffff86750a80 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

[Locks tracked through CPUs]

******* Locks held on cpu0:

* Lock 0 (initialized at kprintf_init)
lock address : 0xffffffff86cce668 type : spin
initialized : 0xffffffff8385bba3
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffd5607af41280 last held: 0xffffd5607af41280
last locked* : 0xffffffff8385bc31 unlocked : 0xffffffff8385bcac
owner field : 0x0000000000000800 wait/spin: 0/1

PAGE FLAG PQ UOBJECT UANON
0xffffb28000007180 0045 00000000 0x0 0x0
0xffffb28000007200 0045 00000000 0x0 0x0
0xffffb28000007280 0045 00000000 0x0 0x0
0xffffb28000007300 0045 00000000 0x0 0x0
0xffffb28000007380 0045 00000000 0x0 0x0
0xffffb28000007400 0045 00000000 0x0 0x0
0xffffb28000007480 0045 00000000 0x0 0x0
0xffffb28000007500 0045 00000000 0x0 0x0
0xffffb28000007580 0045 00000000 0x0 0x0
0xffffb28000007600 0045 00000000 0x0 0x0
0xffffb28000007680 0041 00000000 0x0 0x0
0xffffb28000007700 0041 00000000 0x0 0x0
0xffffb28000007780 0041 00000000 0x0 0x0
0xffffb28000007800 0041 00000000 0x0 0x0
0xffffb28000007880 0041 00000000 0x0 0x0
0xffffb28000007900 0045 00000000 0x0 0x0
0xffffb28000007980 0041 00000000 0x0 0x0
0xffffb28000007a00 0041 00000000 0x0 0x0
0xffffb28000007a80 0041 00000000 0x0 0x0
0xffffb28000007b00 0041 00000000 0x0 0x0
0xffffb28000007b80 0041 00000000 0x0 0x0
0xffffb28000007c00 0041 00000000 0x0 0x0
0xffffb28000007c80 0041 00000000 0x0 0x0
0xffffb28000007d00 0041 00000000 0x0 0x0
0xffffb28000007d80 0041 00000000 0x0 0x0
0xffffb28000007e00 0041 00000000 0x0 0x0
0xffffb28000007e80 0041 00000000 0x0 0x0
0xffffb28000007f00 0041 00000000 0x0 0x0
0xffffb28000007f80 0041 00000000 0x0 0x0
0xffffb28000008000 0041 00000000 0x0 0x0
0xffffb28000008080 0041 00000000 0x0 0x0
0xffffb28000008100 0041 00000000 0x0 0x0
0xffffb28000008180 0041 00000000 0x0 0x0
0xffffb28000008200 0041 00000000 0x0 0x0
0xffffb28000008280 0041 00000000 0x0 0x0
0xffffb28000008300 0041 00000000 0x0 0x0
0xffffb28000008380 0041 00000000 0x0 0x0
0xffffb28000008400 0041 00000000 0x0 0x0
0xffffb28000008480 0041 00000000 0x0 0x0
0xffffb28000008500 0041 00000000 0x0 0x0
0xffffb28000008580 0041 00000000 0x0 0x0
0xffffb28000008600 0041 00000000 0x0 0x0
0xffffb28000008680 0041 00000000 0x0 0x0
0xffffb28000008700 0041 00000000 0x0 0x0
0xffffb28000008780 0041 00000000 0x0 0x0
0xffffb28000008800 0041 00000000 0x0 0x0
0xffffb28000008880 0041 00000000 0x0 0x0
0xffffb28000008900 0041 00000000 0x0 0x0
0xffffb28000008980 0041 00000000 0x0 0x0
0xffffb28000008a00 0041 00000000 0x0 0x0
0xffffb28000008a80 0041 00000000 0x0 0x0
0xffffb28000008b00 0041 00000000 0x0 0x0
0xffffb28000008b80 0045 00000000 0x0 0x0
0xffffb28000008c00 0045 00000000 0x0 0x0
0xffffb28000008c80 0041 00000000 0x0 0x0
0xffffb28000008d00 0041 00000000 0x0 0x0
0xffffb28000008d80 0041 00000000 0x0 0x0
0xffffb28000008e00 0041 00000000 0x0 0x0
0xffffb28000008e80 0041 00000000 0x0 0x0
0xffffb28000008f00 0041 00000000 0x0 0x0
0xffffb28000008f80 0041 00000000 0x0 0x0
0xffffb28000009000 0041 00000000 0x0 0x0
0xffffb28000009080 0045 00000000 0x0 0x0
0xffffb28000009100 0041 00000000 0x0 0x0
0xffffb28000009180 0041 00000000 0x0 0x0
0xffffb28000009200 0041 00000000 0x0 0x0
0xffffb28000009280 0041 00000000 0x0 0x0
0xffffb28000009300 0041 00000000 0x0 0x0
0xffffb28000009380 0041 00000000 0x0 0x0
0xffffb28000009400 0041 00000000 0x0 0x0
0xffffb28000009480 0041 00000000 0x0 0x0
0xffffb28000009500 0041 00000000 0x0 0x0
0xffffb28000009580 0041 00000000 0x0 0x0
0xffffb28000009600 0041 00000000 0x0 0x0
0xffffb28000009680 0041 00000000 0x0 0x0
0xffffb28000009700 0041 00000000 0x0 0x0
0xffffb28000009780 0041 00000000 0x0 0x0
0xffffb28000009800 0041 00000000 0x0 0x0
0xffffb28000009880 0041 00000000 0x0 0x0
0xffffb28000009900 0041 00000000 0x0 0x0
0xffffb28000009980 0041 00000000 0x0 0x0
0xffffb28000009a00 0041 00000000 0x0 0x0
0xffffb28000009a80 0041 00000000 0x0 0x0
0xffffb28000009b00 0041 00000000 0x0 0x0
0xffffb28000009b80 0041 00000000 0x0 0x0
0xffffb28000009c00 0041 00000000 0x0 0x0
0xffffb28000009c80 0041 00000000 0x0 0x0
0xffffb28000009d00 0041 00000000 0x0 0x0
0xffffb28000009d80 0041 00000000 0x0 0x0
0xffffb28000009e00 0041 00000000 0x0 0x0
0xffffb28000009e80 0041 00000000 0x0 0x0
0xffffb28000009f00 0041 00000000 0x0 0x0
0xffffb28000009f80 0041 00000000 0x0 0x0
0xffffb2800000a000 0041 00000000 0x0 0x0
0xffffb2800000a080 0041 00000000 0x0 0x0
0xffffb2800000a100 0041 00000000 0x0 0x0
0xffffb2800000a180 0041 00000000 0x0 0x0
0xffffb2800000a200 0041 00000000 0x0 0x0
0xffffb2800000a280 0045 00000000 0x0 0x0
0xffffb2800000a300 0041 00000000 0x0 0x0
0xffffb2800000a380 0041 00000000 0x0 0x0
0xffffb2800000a400 0041 00000000 0x0 0x0
0xffffb2800000a480 0041 00000000 0x0 0x0
0xffffb2800000a500 0041 00000000 0x0 0x0
0xffffb2800000a580 0041 00000000 0x0 0x0
0xffffb2800000a600 0045 00000000 0x0 0x0
0xffffb2800000a680 0041 00000000 0x0 0x0
0xffffb2800000a700 0041 00000000 0x0 0x0
0xffffb2800000a780 0041 00000000 0x0 0x0
0xffffb2800000a800 0041 00000000 0x0 0x0
0xffffb2800000a880 0041 00000000 0x0 0x0
0xffffb2800000a900 0041 00000000 0x0 0x0
0xffffb2800000a980 0041 00000000 0x0 0x0
0xffffb2800000aa00 0041 00000000 0x0 0x0
0xffffb2800000aa80 0041 00000000 0x0 0x0
0xffffb2800000ab00 0041 00000000 0x0 0x0
0xffffb2800000ab80 0041 00000000 0x0 0x0
0xffffb2800000ac00 0041 00000000 0x0 0x0
0xffffb2800000ac80 0041 00000000 0x0 0x0
0xffffb2800000ad00 0041 00000000 0x0 0x0
0xffffb2800000ad80 0041 00000000 0x0 0x0
0xffffb2800000ae00 0041 00000000 0x0 0x0
0xffffb2800000ae80 0045 00000000 0x0 0x0
0xffffb2800000af00 0045 00000000 0x0 0x0
0xffffb2800000af80 0041 00000000 0x0 0x0
0xffffb2800000b000 0041 00000000 0x0 0x0
0xffffb2800000b080 0041 00000000 0x0 0x0
0xffffb2800000b100 0041 00000000 0x0 0x0
0xffffb2800000b180 0045 00000000 0x0 0x0
0xffffb2800000b200 0045 00000000 0x0 0x0
0xffffb2800000b280 0045 00000000 0x0 0x0
0xffffb2800000b300 0045 00000000 0x0 0x0
0xffffb2800000b380 0045 00000000 0x0 0x0
0xffffb2800000b400 0041 00000000 0x0 0x0
0xffffb2800000b480 0041 00000000 0x0 0x0
0xffffb2800000b500 0045 00000000 0x0 0x0
0xffffb2800000b580 0045 00000000 0x0 0x0
0xffffb2800000b600 0045 00000000 0x0 0x0
0xffffb2800000b680 0045 00000000 0x0 0x0
0xffffb2800000b700 0045 00000000 0x0 0x0
0xffffb2800000b780 0045 00000000 0x0 0x0
0xffffb2800000b800 0041 00000000 0x0 0x0
0xffffb2800000b880 0041 00000000 0x0 0x0
0xffffb2800000b900 0045 00000000 0x0 0x0
0xffffb2800000b980 0045 00000000 0x0 0x0
0xffffb2800000ba00 0045 00000000 0x0 0x0
0xffffb2800000ba80 0045 00000000 0x0 0x0
0xffffb2800000bb00 0045 00000000 0x0 0x0
0xffffb2800000bb80 0045 00000000 0x0 0x0
0xffffb2800000bc00 0045 00000000 0x0 0x0
0xffffb2800000bc80 0041 00000000 0x0 0x0
0xffffb2800000bd00 0045 00000000 0x0 0x0
0xffffb2800000bd80 0045 00000000 0x0 0x0
0xffffb2800000be00 0045 00000000 0x0 0x0
0xffffb2800000be80 0045 00000000 0x0 0x0
0xffffb2800000bf00 0045 00000000 0x0 0x0
0xffffb2800000bf80 0045 00000000 0x0 0x0
0xffffb2800000c000 0045 00000000 0x0 0x0
0xffffb2800000c080 0045 00000000 0x0 0x0
0xffffb2800000c100 0045 00000000 0x0 0x0
0xffffb2800000c180 0045 00000000 0x0 0x0
0xffffb2800000c200 0045 00000000 0x0 0x0
0xffffb2800000c280 0045 00000000 0x0 0x0
0xffffb2800000c300 0045 00000000 0x0 0x0
0xffffb2800000c380 0045 00000000 0x0 0x0
0xffffb2800000c400 0045 00000000 0x0 0x0
0xffffb2800000c480 0045 00000000 0x0 0x0
0xffffb2800000c500 0045 00000000 0x0 0x0
0xffffb2800000c580 0045 00000000 0x0 0x0
0xffffb2800000c600 0045 00000000 0x0 0x0
0xffffb2800000c680 0045 00000000 0x0 0x0
0xffffb2800000c700 0041 00000000 0x0 0x0
0xffffb2800000c780 0045 00000000 0x0 0x0
0xffffb2800000c800 0045 00000000 0x0 0x0
0xffffb2800000c880 0045 00000000 0x0 0x0
0xffffb2800000c900 0045 00000000 0x0 0x0
0xffffb2800000c980 0045 00000000 0x0 0x0
0xffffb2800000ca00 0045 00000000 0x0 0x0
0xffffb2800000ca80 0041 00000000 0x0 0x0
0xffffb2800000cb00 0041 00000000 0x0 0x0
0xffffb2800000cb80 0041 00000000 0x0 0x0
0xffffb2800000cc00 0045 00000000 0x0 0x0
0xffffb2800000cc80 0045 00000000 0x0 0x0
0xffffb2800000cd00 0041 00000000 0x0 0x0
0xffffb2800000cd80 0041 00000000 0x0 0x0
0xffffb2800000ce00 0041 00000000 0x0 0x0
0xffffb2800000ce80 0041 00000000 0x0 0x0
0xffffb2800000cf00 0041 00000000 0x0 0x0
0xffffb2800000cf80 0041 00000000 0x0 0x0
0xffffb2800000d000 0045 00000000 0x0 0x0
0xffffb2800000d080 0045 00000000 0x0 0x0
0xffffb2800000d100 0041 00000000 0x0 0x0
0xffffb2800000d180 0041 00000000 0x0 0x0
0xffffb2800000d200 0041 00000000 0x0 0x0
0xffffb2800000d280 0041 00000000 0x0 0x0
0xffffb2800000d300 0045 00000000 0x0 0x0
0xffffb2800000d380 0041 00000000 0x0 0x0
0xffffb2800000d400 0041 00000000 0x0 0x0
0xffffb2800000d480 0045 00000000 0x0 0x0
0xffffb2800000d500 0041 00000000 0x0 0x0
0xffffb2800000d580 0041 00000000 0x0 0x0
0xffffb2800000d600 0041 00000000 0x0 0x0
0xffffb2800000d680 0045 00000000 0x0 0x0
0xffffb2800000d700 0041 00000000 0x0 0x0
0xffffb2800000d780 0045 00000000 0x0 0x0
0xffffb2800000d800 0041 00000000 0x0 0x0
0xffffb2800000d880 0041 00000000 0x0 0x0
0xffffb2800000d900 0041 00000000 0x0 0x0
0xffffb2800000d980 0041 00000000 0x0 0x0
0xffffb2800000da00 0041 00000000 0x0 0x0
0xffffb2800000da80 0041 00000000 0x0 0x0
0xffffb2800000db00 0045 00000000 0x0 0x0
0xffffb2800000db80 0041 00000000 0x0 0x0
0xffffb2800000dc00 0041 00000000 0x0 0x0
0xffffb2800000dc80 0041 00000000 0x0 0x0
0xffffb2800000dd00 0041 00000000 0x0 0x0
0xffffb2800000dd80 0041 00000000 0x0 0x0
0xffffb2800000de00 0041 00000000 0x0 0x0
0xffffb2800000de80 0041 00000000 0x0 0x0
0xffffb2800000df00 0045 00000000 0x0 0x0
0xffffb2800000df80 0045 00000000 0x0 0x0
0xffffb2800000e000 0045 00000000 0x0 0x0
0xffffb2800000e080 0041 00000000 0x0 0x0
0xffffb2800000e100 0045 00000000 0x0 0x0
0xffffb2800000e180 0045 00000000 0x0 0x0
0xffffb2800000e200 0045 00000000 0x0 0x0
0xffffb2800000e280 0045 00000000 0x0 0x0
0xffffb2800000e300 0045 00000000 0x0 0x0
0xffffb2800000e380 0045 00000000 0x0 0x0
0xffffb2800000e400 0041 00000000 0x0 0x0
0xffffb2800000e480 0045 00000000 0x0 0x0
0xffffb2800000e500 0041 00000000 0x0 0x0
0xffffb2800000e580 0041 00000000 0x0 0x0
0xffffb2800000e600 0041 00000000 0x0 0x0
0xffffb2800000e680 0041 00000000 0x0 0x0
0xffffb2800000e700 0041 00000000 0x0 0x0
0xffffb2800000e780 0045 00000000 0x0 0x0
0xffffb2800000e800 0045 00000000 0x0 0x0
0xffffb2800000e880 0041 00000000 0x0 0x0
0xffffb2800000e900 0041 00000000 0x0 0x0
0xffffb2800000e980 0041 00000000 0x0 0x0
0xffffb2800000ea00 0041 00000000 0x0 0x0
0xffffb2800000ea80 0045 00000000 0x0 0x0
0xffffb2800000eb00 0041 00000000 0x0 0x0
0xffffb2800000eb80 0041 00000000 0x0 0x0
0xffffb2800000ec00 0045 00000000 0x0 0x0
0xffffb2800000ec80 0045 00000000 0x0 0x0
0xffffb2800000ed00 0045 00000000 0x0 0x0
0xffffb2800000ed80 0041 00000000 0x0 0x0
0xffffb2800000ee00 0041 00000000 0x0 0x0
0xffffb2800000ee80 0041 00000000 0x0 0x0
0xffffb2800000ef00 0041 00000000 0x0 0x0
0xffffb2800000ef80 0041 00000000 0x0 0x0
0xffffb2800000f000 0045 00000000 0x0 0x0
0xffffb2800000f080 0041 00000000 0x0 0x0
0xffffb2800000f100 0041 00000000 0x0 0x0
0xffffb2800000f180 0041 00000000 0x0 0x0
0xffffb2800000f200 0041 00000000 0x0 0x0
0xffffb2800000f280 0045 00000000 0x0 0x0
0xffffb2800000f300 0041 00000000 0x0 0x0
0xffffb2800000f380 0045 00000000 0x0 0x0
0xffffb2800000f400 0041 00000000 0x0 0x0
0xffffb2800000f480 0041 00000000 0x0 0x0
0xffffb2800000f500 0041 00000000 0x0 0x0
0xffffb2800000f580 0041 00000000 0x0 0x0
0xffffb2800000f600 0041 00000000 0x0 0x0
0xffffb2800000f680 0041 00000000 0x0 0x0
0xffffb2800000f700 0041 00000000 0x0 0x0
0xffffb2800000f780 0041 00000000 0x0 0x0
0xffffb2800000f800 0041 00000000 0x0 0x0
0xffffb2800000f880 0045 00000000 0x0 0x0
0xffffb2800000f900 0041 00000000 0x0 0x0
0xffffb2800000f980 0045 00000000 0x0 0x0
0xffffb2800000fa00 0045 00000000 0x0 0x0
0xffffb2800000fa80 0041 00000000 0x0 0x0
0xffffb2800000fb00 0041 00000000 0x0 0x0
0xffffb2800000fb80 0041 00000000 0x0 0x0
0xffffb2800000fc00 0045 00000000 0x0 0x0
0xffffb2800000fc80 0041 00000000 0x0 0x0
0xffffb2800000fd00 0045 00000000 0x0 0x0
0xffffb2800000fd80 0041 00000000 0x0 0x0
0xffffb2800000fe00 0041 00000000 0x0 0x0
0xffffb2800000fe80 0041 00000000 0x0 0x0
0xffffb2800000ff00 0041 00000000 0x0 0x0
0xffffb2800000ff80 0041 00000000 0x0 0x0
0xffffb28000010000 0041 00000000 0x0 0x0
0xffffb28000010080 0041 00000000 0x0 0x0
0xffffb28000010100 0041 00000000 0x0 0x0
0xffffb28000010180 0041 00000000 0x0 0x0
0xffffb28000010200 0041 00000000 0x0 0x0
0xffffb28000010280 0041 00000000 0x0 0x0
0xffffb28000010300 0041 00000000 0x0 0x0
0xffffb28000010380 0041 00000000 0x0 0x0
0xffffb28000010400 0045 00000000 0x0 0x0
0xffffb28000010480 0045 00000000 0x0 0x0
0xffffb28000010500 0045 00000000 0x0 0x0
0xffffb28000010580 0045 00000000 0x0 0x0
0xffffb28000010600 0045 00000000 0x0 0x0
0xffffb28000010680 0041 00000000 0x0 0x0
0xffffb28000010700 0045 00000000 0x0 0x0
0xffffb28000010780 0041 00000000 0x0 0x0
0xffffb28000010800 0041 00000000 0x0 0x0
0xffffb28000010880 0041 00000000 0x0 0x0
0xffffb28000010900 0041 00000000 0x0 0x0
0xffffb28000010980 0041 00000000 0x0 0x0
0xffffb28000010a00 0041 00000000 0x0 0x0
0xffffb28000010a80 0045 00000000 0x0 0x0
0xffffb28000010b00 0041 00000000 0x0 0x0
0xffffb28000010b80 0041 00000000 0x0 0x0
0xffffb28000010c00 0041 00000000 0x0 0x0
0xffffb28000010c80 0045 00000000 0x0 0x0
0xffffb28000010d00 0041 00000000 0x0 0x0
0xffffb28000010d80 0041 00000000 0x0 0x0
0xffffb28000010e00 0045 00000000 0x0 0x0
0xffffb28000010e80 0041 00000000 0x0 0x0
0xffffb28000010f00 0041 00000000 0x0 0x0
0xffffb28000010f80 0041 00000000 0x0 0x0
0xffffb28000011000 0041 00000000 0x0 0x0
0xffffb28000011080 0041 00000000 0x0 0x0
0xffffb28000011100 0041 00000000 0x0 0x0
0xffffb28000011180 0041 00000000 0x0 0x0
0xffffb28000011200 0041 00000000 0x0 0x0
0xffffb28000011280 0041 00000000 0x0 0x0
0xffffb28000011300 0041 00000000 0x0 0x0
0xffffb28000011380 0041 00000000 0x0 0x0
0xffffb28000011400 0041 00000000 0x0 0x0
0xffffb28000011480 0041 00000000 0x0 0x0
0xffffb28000011500 0041 00000000 0x0 0x0
0xffffb28000011580 0041 00000000 0x0 0x0
0xffffb28000011600 0041 00000000 0x0 0x0
0xffffb28000011680 0041 00000000 0x0 0x0
0xffffb28000011700 0041 00000000 0x0 0x0
0xffffb28000011780 0041 00000000 0x0 0x0
0xffffb28000011800 0041 00000000 0x0 0x0
0xffffb28000011880 0041 00000000 0x0 0x0
0xffffb28000011900 0041 00000000 0x0 0x0
0xffffb28000011980 0045 00000000 0x0 0x0
0xffffb28000011a00 0041 00000000 0x0 0x0
0xffffb28000011a80 0045 00000000 0x0 0x0
0xffffb28000011b00 0045 00000000 0x0 0x0
0xffffb28000011b80 0041 00000000 0x0 0x0
0xffffb28000011c00 0041 00000000 0x0 0x0
0xffffb28000011c80 0041 00000000 0x0 0x0
0xffffb28000011d00 0045 00000000 0x0 0x0
0xffffb28000011d80 0041 00000000 0x0 0x0
0xffffb28000011e00 0045 00000000 0x0 0x0
0xffffb28000011e80 0041 00000000 0x0 0x0
0xffffb28000011f00 0041 00000000 0x0 0x0
0xffffb28000011f80 0045 00000000 0x0 0x0
0xffffb28000012000 0041 00000000 0x0 0x0
0xffffb28000012080 0041 00000000 0x0 0x0
0xffffb28000012100 0041 00000000 0x0 0x0
0xffffb28000012180 0041 00000000 0x0 0x0
0xffffb28000012200 0041 00000000 0x0 0x0
0xffffb28000012280 0041 00000000 0x0 0x0
0xffffb28000012300 0041 00000000 0x0 0x0
0xffffb28000012380 0041 00000000 0x0 0x0
0xffffb28000012400 0041 00000000 0x0 0x0
0xffffb28000012480 0041 00000000 0x0 0x0
0xffffb28000012500 0041 00000000 0x0 0x0
0xffffb28000012580 0041 00000000 0x0 0x0
0xffffb28000012600 0041 00000000 0x0 0x0
0xffffb28000012680 0041 00000000 0x0 0x0
0xffffb28000012700 0041 00000000 0x0 0x0
0xffffb28000012780 0041 00000000 0x0 0x0
0xffffb28000012800 0041 00000000 0x0 0x0
0xffffb28000012880 0041 00000000 0x0 0x0
0xffffb28000012900 0041 00000000 0x0 0x0
0xffffb28000012980 0041 00000000 0x0 0x0
0xffffb28000012a00 0041 00000000 0x0 0x0
0xffffb28000012a80 0041 00000000 0x0 0x0
0xffffb28000012b00 0041 00000000 0x0 0x0
0xffffb28000012b80 0041 00000000 0x0 0x0
0xffffb28000012c00 0041 00000000 0x0 0x0
0xffffb28000012c80 0045 00000000 0x0 0x0
0xffffb28000012d00 0001 00000000 0x0 0x0
0xffffb28000012d80 0001 00000000 0x0 0x0
0xffffb28000012e00 0001 00000000 0x0 0x0
0xffffb28000012e80 0001 00000000 0x0 0x0
0xffffb28000012f00 0001 00000000 0x0 0x0
0xffffb28000012f80 0001 00000000 0x0 0x0
0xffffb28000013000 0001 00000000 0x0 0x0
0xffffb28000013080 0001 00000000 0x0 0x0
0xffffb28000013100 0001 00000000 0x0 0x0
0xffffb28000013180 0001 00000000 0x0 0x0
0xffffb28000013200 0001 00000000 0x0 0x0
0xffffb28000013280 0001 00000000 0x0 0x0
0xffffb28000013300 0001 00000000 0x0 0x0
0xffffb28000013380 0001 00000000 0x0 0x0
0xffffb28000013400 0001 00000000 0x0 0x0
0xffffb28000013480 0001 00000000 0x0 0x0
0xffffb28000013500 0001 00000000 0x0 0x0
0xffffb28000013580 0001 00000000 0x0 0x0
0xffffb28000013600 0001 00000000 0x0 0x0
0xffffb28000013680 0001 00000000 0x0 0x0
0xffffb28000013700 0001 00000000 0x0 0x0
0xffffb28000013780 0001 00000000 0x0 0x0
0xffffb28000013800 0001 00000000 0x0 0x0
0xffffb28000013880 0001 00000000 0x0 0x0
0xffffb28000013900 0001 00000000 0x0 0x0
0xffffb28000013980 0001 00000000 0x0 0x0
0xffffb28000013a00 0001 00000000 0x0 0x0
0xffffb28000013a80 0001 00000000 0x0 0x0
0xffffb28000013b00 0001 00000000 0x0 0x0
0xffffb28000013b80 0001 00000000 0x0 0x0
0xffffb28000013c00 0001 00000000 0x0 0x0
0xffffb28000013c80 0001 00000000 0x0 0x0
0xffffb28000013d00 0001 00000000 0x0 0x0
0xffffb28000013d80 0001 00000000 0x0 0x0
0xffffb28000013e00 0001 00000000 0x0 0x0
0xffffb28000013e80 0001 00000000 0x0 0x0
0xffffb28000013f00 0001 00000000 0x0 0x0
0xffffb28000013f80 0001 00000000 0x0 0x0
0xffffb28000014000 0001 00000000 0x0 0x0
0xffffb28000014080 0001 00000000 0x0 0x0
0xffffb28000014100 0001 00000000 0x0 0x0
0xffffb28000014180 0001 00000000 0x0 0x0
0xffffb28000014200 0001 00000000 0x0 0x0
0xffffb28000014280 0001 00000000 0x0 0x0
0xffffb28000014300 0001 00000000 0x0 0x0
0xffffb28000014380 0001 00000000 0x0 0x0
0xffffb28000014400 0001 00000000 0x0 0x0
0xffffb28000014480 0001 00000000 0x0 0x0
0xffffb28000014500 0001 00000000 0x0 0x0
0xffffb28000014580 0001 00000000 0x0 0x0
0xffffb28000014600 0001 00000000 0x0 0x0
0xffffb28000014680 0001 00000000 0x0 0x0
0xffffb28000014700 0001 00000000 0x0 0x0
0xffffb28000014780 0001 00000000 0x0 0x0
0xffffb28000014800 0041 00000000 0x0 0x0
0xffffb28000014880 0041 00000000 0x0 0x0
0xffffb28000014900 0041 00000000 0x0 0x0
0xffffb28000014980 0041 00000000 0x0 0x0
0xffffb28000014a00 0041 00000000 0x0 0x0
0xffffb28000014a80 0041 00000000 0x0 0x0
0xffffb28000014b00 0041 00000000 0x0 0x0
0xffffb28000014b80 0041 00000000 0x0 0x0
0xffffb28000014c00 0041 00000000 0x0 0x0
0xffffb28000014c80 0041 00000000 0x0 0x0
0xffffb28000014d00 0041 00000000 0x0 0x0
0xffffb28000014d80 0041 00000000 0x0 0x0
0xffffb28000014e00 0041 00000000 0x0 0x0
0xffffb28000014e80 0041 00000000 0x0 0x0
0xffffb28000014f00 0041 00000000 0x0 0x0
0xffffb28000014f80 0041 00000000 0x0 0x0
0xffffb28000015000 0041 00000000 0x0 0x0
0xffffb28000015080 0041 00000000 0x0 0x0
0xffffb28000015100 0041 00000000 0x0 0x0
0xffffb28000015180 0041 00000000 0x0 0x0
0xffffb28000015200 0041 00000000 0x0 0x0
0xffffb28000015280 0041 00000000 0x0 0x0
0xffffb28000015300 0041 00000000 0x0 0x0
0xffffb28000015380 0041 00000000 0x0 0x0
0xffffb28000015400 0041 00000000 0x0 0x0
0xffffb28000015480 0041 00000000 0x0 0x0
0xffffb28000015500 0041 00000000 0x0 0x0
0xffffb28000015580 0041 00000000 0x0 0x0
0xffffb28000015600 0041 00000000 0x0 0x0
0xffffb28000015680 0041 00000000 0x0 0x0
0xffffb28000015700 0041 00000000 0x0 0x0
0xffffb28000015780 0041 00000000 0x0 0x0
0xffffb28000015800 0041 00000000 0x0 0x0
0xffffb28000015880 0041 00000000 0x0 0x0
0xffffb28000015900 0041 00000000 0x0 0x0
0xffffb28000015980 0041 00000000 0x0 0x0
0xffffb28000015a00 0041 00000000 0x0 0x0
0xffffb28000015a80 0041 00000000 0x0 0x0
0xffffb28000015b00 0041 00000000 0x0 0x0
0xffffb28000015b80 0041 00000000 0x0 0x0
0xffffb28000015c00 0041 00000000 0x0 0x0
0xffffb28000015c80 0041 00000000 0x0 0x0
0xffffb28000015d00 0001 00000000 0x0 0x0
0xffffb28000015d80 0001 00000000 0x0 0x0
0xffffb28000015e00 0001 00000000 0x0 0x0
0xffffb28000015e80 0001 00000000 0x0 0x0
0xffffb28000015f00 0001 00000000 0x0 0x0
0xffffb28000015f80 0001 00000000 0x0 0x0
0xffffb28000016000 0001 00000000 0x0 0x0
0xffffb28000016080 0001 00000000 0x0 0x0
0xffffb28000016100 0001 00000000 0x0 0x0
0xffffb28000016180 0001 00000000 0x0 0x0
0xffffb28000016200 0001 00000000 0x0 0x0
0xffffb28000016280 0001 00000000 0x0 0x0
0xffffb28000016300 0001 00000000 0x0 0x0
0xffffb28000016380 0001 00000000 0x0 0x0
0xffffb28000016400 0001 00000000 0x0 0x0
0xffffb28000016480 0001 00000000 0x0 0x0
0xffffb28000016500 0001 00000000 0x0 0x0
0xffffb28000016580 0001 00000000 0x0 0x0
0xffffb28000016600 0001 00000000 0x0 0x0
0xffffb28000016680 0001 00000000 0x0 0x0
0xffffb28000016700 0001 00000000 0x0 0x0
0xffffb28000016780 0001 00000000 0x0 0x0
0xffffb28000016800 0001 00000000 0x0 0x0
0xffffb28000016880 0001 00000000 0x0 0x0
0xffffb28000016900 0001 00000000 0x0 0x0
0xffffb28000016980 0001 00000000 0x0 0x0
0xffffb28000016a00 0001 00000000 0x0 0x0
0xffffb28000016a80 0001 00000000 0x0 0x0
0xffffb28000016b00 0001 00000000 0x0 0x0
0xffffb28000016b80 0001 00000000 0x0 0x0
0xffffb28000016c00 0001 00000000 0x0 0x0
0xffffb28000016c80 0001 00000000 0x0 0x0
0xffffb28000016d00 0001 00000000 0x0 0x0
0xffffb28000016d80 0001 00000000 0x0 0x0
0xffffb28000016e00 0001 00000000 0x0 0x0
0xffffb28000016e80 0001 00000000 0x0 0x0
0xffffb28000016f00 0001 00000000 0x0 0x0
0xffffb28000016f80 0001 00000000 0x0 0x0
0xffffb28000017000 0001 00000000 0x0 0x0
0xffffb28000017080 0001 00000000 0x0 0x0
0xffffb28000017100 0001 00000000 0x0 0x0
0xffffb28000017180 0001 00000000 0x0 0x0
0xffffb28000017200 0001 00000000 0x0 0x0
0xffffb28000017280 0001 00000000 0x0 0x0
0xffffb28000017300 0001 00000000 0x0 0x0
0xffffb28000017380 0001 00000000 0x0 0x0
0xffffb28000017400 0001 00000000 0x0 0x0
0xffffb28000017480 0001 00000000 0x0 0x0
0xffffb28000017500 0001 00000000 0x0 0x0
0xffffb28000017580 0001 00000000 0x0 0x0
0xffffb28000017600 0001 00000000 0x0 0x0
0xffffb28000017680 0001 00000000 0x0 0x0
0xffffb28000017700 0001 00000000 0x0 0x0
0xffffb28000017780 0001 00000000 0x0 0x0
0xffffb28000017800 0041 00000000 0x0 0x0
0xffffb28000017880 0041 00000000 0x0 0x0
0xffffb28000017900 0041 00000000 0x0 0x0
0xffffb28000017980 0041 00000000 0x0 0x0
0xffffb28000017a00 0041 00000000 0x0 0x0
0xffffb28000017a80 0041 00000000 0x0 0x0
0xffffb28000017b00 0041 00000000 0x0 0x0
0xffffb28000017b80 0041 00000000 0x0 0x0
0xffffb28000017c00 0041 00000000 0x0 0x0
0xffffb28000017c80 0041 00000000 0x0 0x0
0xffffb28000017d00 0041 00000000 0x0 0x0
0xffffb28000017d80 0041 00000000 0x0 0x0
0xffffb28000017e00 0041 00000000 0x0 0x0
0xffffb28000017e80 0041 00000000 0x0 0x0
0xffffb28000017f00 0041 00000000 0x0 0x0
0xffffb28000017f80 0041 00000000 0x0 0x0
0xffffb28000018000 0041 00000000 0x0 0x0
0xffffb28000018080 0041 00000000 0x0 0x0
0xffffb28000018100 0041 00000000 0x0 0x0
0xffffb28000018180 0041 00000000 0x0 0x0
0xffffb28000018200 0041 00000000 0x0 0x0
0xffffb28000018280 0041 00000000 0x0 0x0
0xffffb28000018300 0041 00000000 0x0 0x0
0xffffb28000018380 0041 00000000 0x0 0x0
0xffffb28000018400 0041 00000000 0x0 0x0
0xffffb28000018480 0041 00000000 0x0 0x0
0xffffb28000018500 0041 00000000 0x0 0x0
0xffffb28000018580 0041 00000000 0x0 0x0
0xffffb28000018600 0041 00000000 0x0 0x0
0xffffb28000018680 0041 00000000 0x0 0x0
0xffffb28000018700 0041 00000000 0x0 0x0
0xffffb28000018780 0041 00000000 0x0 0x0
0xffffb28000018800 0041 00000000 0x0 0x0
0xffffb28000018880 0041 00000000 0x0 0x0
0xffffb28000018900 0041 00000000 0x0 0x0
0xffffb28000018980 0041 00000000 0x0 0x0
0xffffb28000018a00 0041 00000000 0x0 0x0
0xffffb28000018a80 0041 00000000 0x0 0x0
0xffffb28000018b00 0041 00000000 0x0 0x0
0xffffb28000018b80 0041 00000000 0x0 0x0
0xffffb28000018c00 0041 00000000 0x0 0x0
0xffffb28000018c80 0041 00000000 0x0 0x0
0xffffb28000018d00 0001 00000000 0x0 0x0
0xffffb28000018d80 0001 00000000 0x0 0x0
0xffffb28000018e00 0001 00000000 0x0 0x0
0xffffb28000018e80 0001 00000000 0x0 0x0
0xffffb28000018f00 0001 00000000 0x0 0x0
0xffffb28000018f80 0001 00000000 0x0 0x0
0xffffb28000019000 0001 00000000 0x0 0x0
0xffffb28000019080 0001 00000000 0x0 0x0
0xffffb28000019100 0001 00000000 0x0 0x0
0xffffb28000019180 0001 00000000 0x0 0x0
0xffffb28000019200 0001 00000000 0x0 0x0
0xffffb28000019280 0001 00000000 0x0 0x0
0xffffb28000019300 0001 00000000 0x0 0x0
0xffffb28000019380 0001 00000000 0x0 0x0
0xffffb28000019400 0001 00000000 0x0 0x0
0xffffb28000019480 0001 00000000 0x0 0x0
0xffffb28000019500 0001 00000000 0x0 0x0
0xffffb28000019580 0001 00000000 0x0 0x0
0xffffb28000019600 0001 00000000 0x0 0x0
0xffffb28000019680 0001 00000000 0x0 0x0
0xffffb28000019700 0001 00000000 0x0 0x0
0xffffb28000019780 0001 00000000 0x0 0x0
0xffffb28000019800 0001 00000000 0x0 0x0
0xffffb28000019880 0001 00000000 0x0 0x0
0xffffb28000019900 0001 00000000 0x0 0x0
0xffffb28000019980 0001 00000000 0x0 0x0
0xffffb28000019a00 0001 00000000 0x0 0x0
0xffffb28000019a80 0001 00000000 0x0 0x0
0xffffb28000019b00 0001 00000000 0x0 0x0
0xffffb28000019b80 0001 00000000 0x0 0x0
0xffffb28000019c00 0001 00000000 0x0 0x0
0xffffb28000019c80 0001 00000000 0x0 0x0
0xffffb28000019d00 0001 00000000 0x0 0x0
0xffffb28000019d80 0001 00000000 0x0 0x0
0xffffb28000019e00 0001 00000000 0x0 0x0
0xffffb28000019e80 0001 00000000 0x0 0x0
0xffffb28000019f00 0001 00000000 0x0 0x0
0xffffb28000019f80 0001 00000000 0x0 0x0
0xffffb2800001a000 0001 00000000 0x0 0x0
0xffffb2800001a080 0001 00000000 0x0 0x0
0xffffb2800001a100 0001 00000000 0x0 0x0
0xffffb2800001a180 0001 00000000 0x0 0x0
0xffffb2800001a200 0001 00000000 0x0 0x0
0xffffb2800001a280 0001 00000000 0x0 0x0
0xffffb2800001a300 0001 00000000 0x0 0x0
0xffffb2800001a380 0001 00000000 0x0 0x0
0xffffb2800001a400 0001 00000000 0x0 0x0
0xffffb2800001a480 0001 00000000 0x0 0x0
0xffffb2800001a500 0001 00000000 0x0 0x0
0xffffb2800001a580 0001 00000000 0x0 0x0
0xffffb2800001a600 0001 00000000 0x0 0x0
0xffffb2800001a680 0001 00000000 0x0 0x0
0xffffb2800001a700 0001 00000000 0x0 0x0
0xffffb2800001a780 0001 00000000 0x0 0x0
0xffffb2800001a800 0041 00000000 0x0 0x0
0xffffb2800001a880 0041 00000000 0x0 0x0
0xffffb2800001a900 0041 00000000 0x0 0x0
0xffffb2800001a980 0041 00000000 0x0 0x0
0xffffb2800001aa00 0041 00000000 0x0 0x0
0xffffb2800001aa80 0041 00000000 0x0 0x0
0xffffb2800001ab00 0041 00000000 0x0 0x0
0xffffb2800001ab80 0041 00000000 0x0 0x0
0xffffb2800001ac00 0041 00000000 0x0 0x0
0xffffb2800001ac80 0041 00000000 0x0 0x0
0xffffb2800001ad00 0041 00000000 0x0 0x0
0xffffb2800001ad80 0041 00000000 0x0 0x0
0xffffb2800001ae00 0041 00000000 0x0 0x0
0xffffb2800001ae80 0041 00000000 0x0 0x0
0xffffb2800001af00 0041 00000000 0x0 0x0
0xffffb2800001af80 0041 00000000 0x0 0x0
0xffffb2800001b000 0041 00000000 0x0 0x0
0xffffb2800001b080 0041 00000000 0x0 0x0
0xffffb2800001b100 0041 00000000 0x0 0x0
0xffffb2800001b180 0041 00000000 0x0 0x0
0xffffb2800001b200 0041 00000000 0x0 0x0
0xffffb2800001b280 0041 00000000 0x0 0x0
0xffffb2800001b300 0041 00000000 0x0 0x0
0xffffb2800001b380 0041 00000000 0x0 0x0
0xffffb2800001b400 0041 00000000 0x0 0x0
0xffffb2800001b480 0041 00000000 0x0 0x0
0xffffb2800001b500 0041 00000000 0x0 0x0
0xffffb2800001b580 0041 00000000 0x0 0x0
0xffffb2800001b600 0041 00000000 0x0 0x0
0xffffb2800001b680 0041 00000000 0x0 0x0
0xffffb2800001b700 0041 00000000 0x0 0x0
0xffffb2800001b780 0041 00000000 0x0 0x0
0xffffb2800001b800 0041 00000000 0x0 0x0
0xffffb2800001b880 0041 00000000 0x0 0x0
0xffffb2800001b900 0041 00000000 0x0 0x0
0xffffb2800001b980 0045 00000000 0x0 0x0
0xffffb2800001ba00 0041 00000000 0x0 0x0
0xffffb2800001ba80 0045 00000000 0x0 0x0
0xffffb2800001bb00 0045 00000000 0x0 0x0
0xffffb2800001bb80 0041 00000000 0x0 0x0
0xffffb2800001bc00 0045 00000000 0x0 0x0
0xffffb2800001bc80 0041 00000000 0x0 0x0
0xffffb2800001bd00 0001 00000000 0x0 0x0
0xffffb2800001bd80 0001 00000000 0x0 0x0
0xffffb2800001be00 0001 00000000 0x0 0x0
0xffffb2800001be80 0001 00000000 0x0 0x0
0xffffb2800001bf00 0001 00000000 0x0 0x0
0xffffb2800001bf80 0001 00000000 0x0 0x0
0xffffb2800001c000 0001 00000000 0x0 0x0
0xffffb2800001c080 0001 00000000 0x0 0x0
0xffffb2800001c100 0001 00000000 0x0 0x0
0xffffb2800001c180 0001 00000000 0x0 0x0
0xffffb2800001c200 0001 00000000 0x0 0x0
0xffffb2800001c280 0001 00000000 0x0 0x0
0xffffb2800001c300 0001 00000000 0x0 0x0
0xffffb2800001c380 0001 00000000 0x0 0x0
0xffffb2800001c400 0001 00000000 0x0 0x0
0xffffb2800001c480 0001 00000000 0x0 0x0
0xffffb2800001c500 0001 00000000 0x0 0x0
0xffffb2800001c580 0001 00000000 0x0 0x0
0xffffb2800001c600 0001 00000000 0x0 0x0
0xffffb2800001c680 0001 00000000 0x0 0x0
0xffffb2800001c700 0001 00000000 0x0

Tested on:

commit: bd84a082 Add PRIuVSIZE
git tree: https://github.com/NetBSD/src trunk
console output: https://syzkaller.appspot.com/x/log.txt?x=16f25268080000
kernel config: https://syzkaller.appspot.com/x/.config?x=1420f906d33d9f1f
dashboard link: https://syzkaller.appspot.com/bug?extid=4c87d0cdf7025741ea7a
compiler: g++ (Debian 10.2.1-6) 10.2.1 20210110
patch: https://syzkaller.appspot.com/x/patch.diff?x=14330384080000

syzbot

unread,

Jul 7, 2022, 1:07:11 PM7/7/22

to rias...@netbsd.org, syzkaller-...@googlegroups.com

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

failed to create VM pool: failed to create GCE image: create image operation failed: &{Code:PERMISSIONS_ERROR Location: Message:Required 'read' permission for 'disks/ci2-netbsd-kubsan-test-job-test-job-image.tar.gz' ForceSendFields:[] NullFields:[]}.

syzkaller build log:
go env (err=<nil>)
GO111MODULE="auto"
GOARCH="amd64"
GOBIN=""
GOCACHE="/syzkaller/.cache/go-build"
GOENV="/syzkaller/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/syzkaller/jobs/netbsd/gopath/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/syzkaller/jobs/netbsd/gopath"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.17"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/syzkaller/jobs/netbsd/gopath/src/github.com/google/syzkaller/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build2797743485=/tmp/go-build -gno-record-gcc-switches"

git status (err=<nil>)
HEAD detached at bff65f44b
nothing to commit, working tree clean

go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
bin/syz-sysgen
touch .descriptions
GOOS=netbsd GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=bff65f44b47bd73f56c3d6a5c3899de5f5775136 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20220704-135716'" "-tags=syz_target syz_os_netbsd syz_arch_amd64 " -o ./bin/netbsd_amd64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer
GOOS=netbsd GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=bff65f44b47bd73f56c3d6a5c3899de5f5775136 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20220704-135716'" "-tags=syz_target syz_os_netbsd syz_arch_amd64 " -o ./bin/netbsd_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
GOOS=netbsd GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=bff65f44b47bd73f56c3d6a5c3899de5f5775136 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20220704-135716'" "-tags=syz_target syz_os_netbsd syz_arch_amd64 " -o ./bin/netbsd_amd64/syz-stress github.com/google/syzkaller/tools/syz-stress
mkdir -p ./bin/netbsd_amd64
/syzkaller/shared/netbsd/tools/bin/x86_64--netbsd-g++ -o ./bin/netbsd_amd64/syz-executor executor/executor.cc \
-m64 --sysroot /syzkaller/shared/netbsd/dest/ -O2 -pthread -Wall -Werror -Wparentheses -Wframe-larger-than=16384 -fpermissive -w -DGOOS_netbsd=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"bff65f44b47bd73f56c3d6a5c3899de5f5775136\"

Tested on:

commit: 2f5de0fa Convert CTASSERT(9) for PAGE_{SIZE,MASK} into..

git tree: https://github.com/NetBSD/src trunk

kernel config: https://syzkaller.appspot.com/x/.config?x=1420f906d33d9f1f
dashboard link: https://syzkaller.appspot.com/bug?extid=4c87d0cdf7025741ea7a
compiler: g++ (Debian 10.2.1-6) 10.2.1 20210110

patch: https://syzkaller.appspot.com/x/patch.diff?x=10b30384080000

syzbot

unread,

Jul 7, 2022, 2:09:07 PM7/7/22

to rias...@netbsd.org, syzkaller-...@googlegroups.com

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-and-tested-by: syzbot+4c87d0...@syzkaller.appspotmail.com

Tested on:

commit: 694b39ba uvm: CTASSERT about MIN_PAGE_SIZE, which is c..

git tree: https://github.com/NetBSD/src trunk

console output: https://syzkaller.appspot.com/x/log.txt?x=12278c10080000

kernel config: https://syzkaller.appspot.com/x/.config?x=1420f906d33d9f1f
dashboard link: https://syzkaller.appspot.com/bug?extid=4c87d0cdf7025741ea7a
compiler: g++ (Debian 10.2.1-6) 10.2.1 20210110

patch: https://syzkaller.appspot.com/x/patch.diff?x=106f4b24080000

Note: testing is done by a robot and is best-effort only.

Reply all

Reply to author

Forward

Re: UBSan: Undefined Behavior in compat_ifconf

syzbot

syzbot

syzbot