panic: [ 133.ADDR] vpanic() at netbsd:vpanic+0x265

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit: 59ee1e30 make(1): replace global preserveUndefined with VA..
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=1189b11f500000
kernel config: https://syzkaller.appspot.com/x/.config?x=fab579639ba4bf0a
dashboard link: https://syzkaller.appspot.com/bug?extid=f24feb723dbab3e0d879
compiler: g++ (Ubuntu 5.4.0-6ubuntu1~16.04.12) 5.4.0 20160609

Unfortunately, I don't have any reproducer for this issue yet.

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f24feb...@syzkaller.appspotmail.com

] panic: [ 133.4640454] vpanic() at netbsd:vpanic+0x265 sys/kern/subr_prf.c:290
[ 133.5140441] _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure
[ 133.5740475] namei_tryemulroot() at netbsd:namei_tryemulroot+0x1779 namei_oneroot sys/kern/vfs_lookup.c:1760 [inline]
[ 133.5740475] namei_tryemulroot() at netbsd:namei_tryemulroot+0x1779 sys/kern/vfs_lookup.c:1909
[ 133.6240537] namei() at netbsd:namei+0x6a sys/kern/vfs_lookup.c:1945
[ 133.6740445] vn_open() at netbsd:vn_open+0x193 sys/kern/vfs_vnops.c:176
[ 133.7140436] do_open() at netbsd:do_open+0x2e7 sys/kern/vfs_syscalls.c:1668
[ 133.7640436] do_sys_openat() at netbsd:do_sys_openat+0x16b sys/kern/vfs_syscalls.c:1752
[ 133.8140433] sys_open() at netbsd:sys_open+0x9a sys/kern/vfs_syscalls.c:1773
[ 133.8640457] compat_43_sys_creat() at netbsd:compat_43_sys_creat+0xdf sys/compat/common/vfs_syscalls_43.c:305
[ 133.9140441] sys___syscall() at netbsd:sys___syscall+0xff sy_call sys/sys/syscallvar.h:65 [inline]
[ 133.9140441] sys___syscall() at netbsd:sys___syscall+0xff sys/kern/sys_syscall.c:77
[ 133.9640468] syscall() at netbsd:syscall+0x259 sy_call sys/sys/syscallvar.h:65 [inline]
[ 133.9640468] syscall() at netbsd:syscall+0x259 sy_invoke sys/sys/syscallvar.h:94 [inline]
[ 133.9640468] syscall() at netbsd:syscall+0x259 sys/arch/x86/x86/syscall.c:138
[ 133.9740438] --- syscall (number 198) ---
[ 133.9940440] netbsd:syscall+0x259:
[ 133.9940440] cpu1: End traceback...
[ 133.9940440] fatal breakpoint trap in supervisor mode
[ 134.0040433] trap type 1 code 0 rip 0xffffffff80220a2d cs 0x8 rflags 0x282 cr2 0x6f951552b300 ilevel 0 rsp 0xffffde81a9cc2450
[ 134.0140422] curlwp 0xffffde8013c8f480 pid 645.3815 lowest kstack 0xffffde81a9cbb2c0
Stopped in pid 645.3815 (syz-executor.5) at netbsd:breakpoint+0x5: leave
?
breakpoint() at netbsd:breakpoint+0x5
db_panic() at netbsd:db_panic+0x105 sys/ddb/db_panic.c:67
vpanic() at netbsd:vpanic+0x265 sys/kern/subr_prf.c:290
_GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure
namei_tryemulroot() at netbsd:namei_tryemulroot+0x1779 namei_oneroot sys/kern/vfs_lookup.c:1760 [inline]
namei_tryemulroot() at netbsd:namei_tryemulroot+0x1779 sys/kern/vfs_lookup.c:1909
namei() at netbsd:namei+0x6a sys/kern/vfs_lookup.c:1945
vn_open() at netbsd:vn_open+0x193 sys/kern/vfs_vnops.c:176
do_open() at netbsd:do_open+0x2e7 sys/kern/vfs_syscalls.c:1668
do_sys_openat() at netbsd:do_sys_openat+0x16b sys/kern/vfs_syscalls.c:1752
sys_open() at netbsd:sys_open+0x9a sys/kern/vfs_syscalls.c:1773
compat_43_sys_creat() at netbsd:compat_43_sys_creat+0xdf sys/compat/common/vfs_syscalls_43.c:305
sys___syscall() at netbsd:sys___syscall+0xff sy_call sys/sys/syscallvar.h:65 [inline]
sys___syscall() at netbsd:sys___syscall+0xff sys/kern/sys_syscall.c:77
syscall() at netbsd:syscall+0x259 sy_call sys/sys/syscallvar.h:65 [inline]
syscall() at netbsd:syscall+0x259 sy_invoke sys/sys/syscallvar.h:94 [inline]
syscall() at netbsd:syscall+0x259 sys/arch/x86/x86/syscall.c:138
--- syscall (number 198) ---
netbsd:syscall+0x259:
Panic string: kernel diagnostic assertion "(cnp->cn_flags & LOCKPARENT) == 0 || searchdir == NULL || VOP_ISLOCKED(searchdir) == LK_EXCLUSIVE" failed: file "/syzkaller/managers/netbsd/kernel/sys/kern/vfs_lookup.c", line 1757
PID LID S CPU FLAGS STRUCT LWP * NAME WAIT
658 658 2 0 0 ffffde8015433480 syz-executor.3
642 642 2 1 0 ffffde8013ccc140 syz-executor.4
659 659 2 0 0 ffffde8013c63b80 syz-executor.1
645 641 3 1 180 ffffde80147fc240 syz-executor.5 parked
645 644 3 0 180 ffffde8013d6f340 syz-executor.5 parked
645 >3815 7 1 100 ffffde8013c8f480 syz-executor.5
645 647 3 0 180 ffffde8013c8f040 syz-executor.5 parked
645 645 2 1 10000000 ffffde8013b05900 syz-executor.5
4041 4041 2 1 0 ffffde801558a980 syz-executor.0
2753 4035 2 0 40100 ffffde80147ae140 syz-executor.2
2753 2753 2 1 10040000 ffffde80155ba580 syz-executor.2
3418 3418 3 0 180 ffffde801558a100 syz-executor.5 parked
3517 3517 3 0 180 ffffde8015466900 syz-executor.5 parked
3020 3020 3 0 180 ffffde801470f900 syz-executor.3 parked
3269 3269 3 0 180 ffffde801470f4c0 syz-executor.3 parked
1970 1970 3 0 180 ffffde8013d05680 syz-executor.5 parked
1223 1223 3 1 180 ffffde80147c9a00 syz-executor.5 parked
1828 1828 3 1 180 ffffde8015466080 syz-executor.2 parked
1578 1578 3 0 180 ffffde8015382680 syz-executor.2 parked
1587 1587 3 0 180 ffffde8015382240 syz-executor.2 parked
1663 1663 3 0 180 ffffde801478a980 syz-executor.1 parked
1762 1762 3 0 180 ffffde80147e8a80 syz-executor.1 parked
1346 1346 3 0 180 ffffde80148bc580 syz-executor.4 parked
1098 1098 3 1 180 ffffde8013a63780 syz-executor.4 parked
1236 1236 3 0 180 ffffde8015433040 syz-executor.1 parked
1191 1191 2 0 140 ffffde80152a3a80 syz-executor.5
1189 1189 2 1 140 ffffde80152a3640 syz-executor.3
1081 1081 2 1 140 ffffde80152a3200 syz-executor.4
1078 1078 2 0 140 ffffde801528e1c0 syz-executor.2
422 422 2 1 140 ffffde8015124a00 syz-executor.1
1084 1084 2 1 40 ffffde8013b054c0 syz-executor.0
1071 1099 3 0 180 ffffde801528ea40 syz-fuzzer parked
1071 1083 3 0 180 ffffde801528e600 syz-fuzzer parked
1071 998 3 1 180 ffffde8015124180 syz-fuzzer parked
1071 1079 3 0 180 ffffde8013be1a40 syz-fuzzer kqueue
1071 1072 3 0 180 ffffde8013be1600 syz-fuzzer parked
1071 1104 3 0 180 ffffde80147d4a40 syz-fuzzer parked
1071 1076 3 1 1c0 ffffde80147d4600 syz-fuzzer parked
1071 1077 3 1 180 ffffde80147e8640 syz-fuzzer parked
1071 1068 3 0 180 ffffde80147e8200 syz-fuzzer parked
1071 1071 3 0 180 ffffde80147ae580 syz-fuzzer parked
1069 1069 3 0 180 ffffde8013aa28c0 sshd select
1056 1056 3 0 180 ffffde80136e9700 getty nanoslp
856 856 3 1 180 ffffde80136e92c0 getty nanoslp
1121 1121 3 1 180 ffffde80148bc140 getty nanoslp
1101 1101 3 1 1c0 ffffde80148a4980 getty ttyraw
979 979 3 1 180 ffffde80147c9180 sshd select
991 991 3 1 180 ffffde8013d11b00 powerd kqueue
555 555 3 1 180 ffffde80148456c0 syslogd kqueue
598 598 3 0 180 ffffde8013c08680 dhcpcd poll
597 597 3 0 180 ffffde8013c99080 dhcpcd poll
594 594 3 0 180 ffffde8013c2ab00 dhcpcd poll
462 462 3 1 180 ffffde8013c63300 dhcpcd poll
350 350 3 0 180 ffffde8013d91480 dhcpcd poll
349 349 3 0 180 ffffde8013d91040 dhcpcd poll
348 348 3 0 180 ffffde8013d6fbc0 dhcpcd poll
1 1 3 0 180 ffffde801384e980 init wait
0 817 3 0 200 ffffde8013971a80 physiod physiod
0 192 3 0 200 ffffde801398dac0 pooldrain pooldrain
0 > 163 7 0 240 ffffde801398d680 ioflush
0 168 3 1 200 ffffde801398d240 pgdaemon pgdaemon
0 162 3 1 200 ffffde8013971200 usb7 usbevt
0 161 3 1 200 ffffde8013926a40 usb6 usbevt
0 31 3 0 200 ffffde8013926600 usb5 usbevt
0 63 3 0 200 ffffde80139261c0 usb4 usbevt
0 126 3 0 200 ffffde80138d4a00 usb3 usbevt
0 125 2 1 240 ffffde80138d45c0 usb2
0 124 3 0 200 ffffde80138d4180 usb1 usbevt
0 123 3 1 200 ffffde80138629c0 usb0 usbevt
0 122 3 0 200 ffffde8013862580 usbtask-dr usbtsk
0 121 3 0 200 ffffde8010dbbac0 usbtask-hc usbtsk
0 120 3 1 200 ffffde8013862140 npfgc0 npfgcw
0 119 3 0 200 ffffde801384e540 rt_free rt_free
0 118 3 1 200 ffffde801384e100 unpgc unpgc
0 117 3 1 200 ffffde8013845940 key_timehandler key_timehandler
0 116 3 1 200 ffffde8013845500 icmp6_wqinput/1 icmp6_wqinput
0 115 3 0 200 ffffde80138450c0 icmp6_wqinput/0 icmp6_wqinput
0 114 3 1 200 ffffde8013713900 nd6_timer nd6_timer
0 113 3 1 200 ffffde80137134c0 carp6_wqinput/1 carp6_wqinput
0 112 3 0 200 ffffde8013713080 carp6_wqinput/0 carp6_wqinput
0 111 3 1 200 ffffde80137008c0 carp_wqinput/1 carp_wqinput
0 110 3 0 200 ffffde8013700480 carp_wqinput/0 carp_wqinput
0 109 3 1 200 ffffde8013700040 icmp_wqinput/1 icmp_wqinput
0 108 3 0 200 ffffde80136edbc0 icmp_wqinput/0 icmp_wqinput
0 107 3 0 200 ffffde80136ed780 rt_timer rt_timer
0 106 3 1 200 ffffde80136ecb80 vmem_rehash vmem_rehash
0 105 3 1 200 ffffde80136ec300 entbutler entropy
0 96 3 1 200 ffffde80130c0b00 viomb balloon
0 30 3 1 200 ffffde80130c06c0 vioif0_txrx/1 vioif0_txrx
0 29 3 0 200 ffffde80130c0280 vioif0_txrx/0 vioif0_txrx
0 27 3 0 200 ffffde8010dbb680 scsibus0 sccomp
0 26 3 0 200 ffffde8010dbb240 pms0 pmsreset
0 25 3 1 200 ffffde8010d0ea80 xcall/1 xcall
0 24 1 1 200 ffffde8010d0e640 softser/1
0 23 1 1 200 ffffde8010d0e200 softclk/1
0 22 1 1 200 ffffde8010d0ca40 softbio/1
0 21 1 1 200 ffffde8010d0c600 softnet/1
0 20 1 1 201 ffffde8010d0c1c0 idle/1
0 19 3 0 200 ffffde800f77da00 lnxpwrwq lnxpwrwq
0 18 3 0 200 ffffde800f77d5c0 lnxlngwq lnxlngwq
0 17 3 0 200 ffffde800f77d180 lnxsyswq lnxsyswq
0 16 3 0 200 ffffde800f7759c0 lnxrcugc lnxrcugc
0 15 3 0 200 ffffde800f775580 sysmon smtaskq
0 14 3 0 200 ffffde800f775140 pmfsuspend pmfsuspend
0 13 3 0 200 ffffde800f771980 pmfevent pmfevent
0 12 3 0 200 ffffde800f771540 sopendfree sopendfr
0 11 3 1 200 ffffde800f771100 iflnkst iflnkst
0 10 3 0 200 ffffde800f766940 nfssilly nfssilly
0 9 3 0 200 ffffde800f766500 vdrain vdrain
0 8 3 1 200 ffffde800f7660c0 modunload mod_unld
0 7 3 0 200 ffffde800f758900 xcall/0 xcall
0 6 1 0 200 ffffde800f7584c0 softser/0
0 5 1 0 200 ffffde800f758080 softclk/0
0 4 1 0 200 ffffde800f7568c0 softbio/0
0 3 1 0 200 ffffde800f756480 softnet/0
0 2 1 0 201 ffffde800f756040 idle/0
0 0 2 1 240 ffffffff82eee940 swapper
[Locks tracked through LWPs]

****** LWP 658.658 (syz-executor.3) @ 0xffffde8015433480, l_stat=2

*** Locks held:

* Lock 0 (initialized at pmap_ctor)
lock address : 0xffffde80147b3980 type : sleep/adaptive
initialized : 0xffffffff808d4c54
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffde8015433480 last held: 0xffffde8015433480
last locked* : 0xffffffff808d68e2 unlocked : 0xffffffff808d4967
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 642.642 (syz-executor.4) @ 0xffffde8013ccc140, l_stat=2

*** Locks held:

* Lock 0 (initialized at pmap_ctor)
lock address : 0xffffde80147b3780 type : sleep/adaptive
initialized : 0xffffffff808d4c54
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 1
relevant lwp : 0xffffde8013ccc140 last held: 0xffffde8013ccc140
last locked* : 0xffffffff808d68e2 unlocked : 0xffffffff808d4967
owner field : 0xffffde8013ccc140 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 659.659 (syz-executor.1) @ 0xffffde8013c63b80, l_stat=2

*** Locks held:

* Lock 0 (initialized at uvm_map_setup)
lock address : 0xffffde8013c57a00 type : sleep/adaptive
initialized : 0xffffffff81850062
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffde8013c63b80 last held: 0xffffde8013c63b80
last locked* : 0xffffffff81849832 unlocked : 0xffffffff81839b87
owner/count : 0xffffde8013c63b80 flags : 0x0000000000000004
Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 1084.1084 (syz-executor.0) @ 0xffffde8013b054c0, l_stat=2

*** Locks held:

* Lock 0 (initialized at amap_ctor)
lock address : 0xffffde8015134c00 type : sleep/adaptive
initialized : 0xffffffff8182b7ab
shared holds : 0 exclusive: 1
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 1
relevant lwp : 0xffffde8013b054c0 last held: 0xffffde8013b054c0
last locked* : 0xffffffff8183bf9d unlocked : 0xffffffff81839b66
owner/count : 0xffffde8013b054c0 flags : 0x0000000000000004
Turnstile: no active turnstile for this lock.

*** Locks wanted: none

****** LWP 597.597 (dhcpcd) @ 0xffffde8013c99080, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff82ff68c0 type : sleep/adaptive
initialized : 0xffffffff818e1d61
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffde8013c99080 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 594.594 (dhcpcd) @ 0xffffde8013c2ab00, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff82ff68c0 type : sleep/adaptive
initialized : 0xffffffff818e1d61
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffde8013c2ab00 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 349.349 (dhcpcd) @ 0xffffde8013d91040, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff82ff68c0 type : sleep/adaptive
initialized : 0xffffffff818e1d61
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffde8013d91040 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 348.348 (dhcpcd) @ 0xffffde8013d6fbc0, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff82ff68c0 type : sleep/adaptive
initialized : 0xffffffff818e1d61
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffde8013d6fbc0 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.11 (iflnkst) @ 0xffffde800f771100, l_stat=3

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff82ff68c0 type : sleep/adaptive
initialized : 0xffffffff818e1d61
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 1 last held: 0
relevant lwp : 0xffffde800f771100 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

****** LWP 0.5 (softclk/0) @ 0xffffde800f758080, l_stat=1

*** Locks held: none

*** Locks wanted:

* Lock 0 (initialized at module_hook_init)
lock address : 0xffffffff82ff68c0 type : sleep/adaptive
initialized : 0xffffffff818e1d61
shared holds : 0 exclusive: 0
shares wanted: 0 exclusive: 0
relevant cpu : 0 last held: 0
relevant lwp : 0xffffde800f758080 last held: 000000000000000000
last locked : 000000000000000000 unlocked*: 000000000000000000
owner field : 000000000000000000 wait/spin: 0/0
Turnstile: no active turnstile for this lock.

[Locks tracked through CPUs]

PAGE FLAG PQ UOBJECT UANON
0xffffde8000017180 0041 00000000 0x0 0x0
0xffffde8000017200 0041 00000000 0x0 0x0
0xffffde8000017280 0041 00000000 0x0 0x0
0xffffde8000017300 0041 00000000 0x0 0x0
0xffffde8000017380 0041 00000000 0x0 0x0
0xffffde8000017400 0041 00000000 0x0 0x0
0xffffde8000017480 0041 00000000 0x0 0x0
0xffffde8000017500 0041 00000000 0x0 0x0
0xffffde8000017580 0041 00000000 0x0 0x0
0xffffde8000017600 0041 00000000 0x0 0x0
0xffffde8000017680 0041 00000000 0x0 0x0
0xffffde8000017700 0041 00000000 0x0 0x0
0xffffde8000017780 0041 00000000 0x0 0x0
0xffffde8000017800 0041 00000000 0x0 0x0
0xffffde8000017880 0041 00000000 0x0 0x0
0xffffde8000017900 0041 00000000 0x0 0x0
0xffffde8000017980 0041 00000000 0x0 0x0
0xffffde8000017a00 0041 00000000 0x0 0x0
0xffffde8000017a80 0041 00000000 0x0 0x0
0xffffde8000017b00 0041 00000000 0x0 0x0
0xffffde8000017b80 0041 00000000 0x0 0x0
0xffffde8000017c00 0041 00000000 0x0 0x0
0xffffde8000017c80 0041 00000000 0x0 0x0
0xffffde8000017d00 0041 00000000 0x0 0x0
0xffffde8000017d80 0041 00000000 0x0 0x0
0xffffde8000017e00 0041 00000000 0x0 0x0
0xffffde8000017e80 0041 00000000 0x0 0x0
0xffffde8000017f00 0041 00000000 0x0 0x0
0xffffde8000017f80 0041 00000000 0x0 0x0
0xffffde8000018000 0041 00000000 0x0 0x0
0xffffde8000018080 0041 00000000 0x0 0x0
0xffffde8000018100 0041 00000000 0x0 0x0
0xffffde8000018180 0041 00000000 0x0 0x0
0xffffde8000018200 0041 00000000 0x0 0x0
0xffffde8000018280 0041 00000000 0x0 0x0
0xffffde8000018300 0041 00000000 0x0 0x0
0xffffde8000018380 0041 00000000 0x0 0x0
0xffffde8000018400 0041 00000000 0x0 0x0
0xffffde8000018480 0041 00000000 0x0 0x0
0xffffde8000018500 0041 00000000 0x0 0x0
0xffffde8000018580 0041 00000000 0x0 0x0
0xffffde8000018600 0041 00000000 0x0 0x0
0xffffde8000018680 0041 00000000 0x0 0x0
0xffffde8000018700 0041 00000000 0x0 0x0
0xffffde8000018780 0041 00000000 0x0 0x0
0xffffde8000018800 0041 00000000 0x0 0x0
0xffffde8000018880 0041 00000000 0x0 0x0
0xffffde8000018900 0041 00000000 0x0 0x0
0xffffde8000018980 0041 00000000 0x0 0x0
0xffffde8000018a00 0041 00000000 0x0 0x0
0xffffde8000018a80 0041 00000000 0x0 0x0
0xffffde8000018b00 0041 00000000 0x0 0x0
0xffffde8000018b80 0041 00000000 0x0 0x0
0xffffde8000018c00 0041 00000000 0x0 0x0
0xffffde8000018c80 0041 00000000 0x0 0x0
0xffffde8000018d00 0041 00000000 0x0 0x0
0xffffde8000018d80 0041 00000000 0x0 0x0
0xffffde8000018e00 0041 00000000 0x0 0x0
0xffffde8000018e80 0041 00000000 0x0 0x0
0xffffde8000018f00 0041 00000000 0x0 0x0
0xffffde8000018f80 0041 00000000 0x0 0x0
0xffffde8000019000 0041 00000000 0x0 0x0
0xffffde8000019080 0041 00000000 0x0 0x0
0xffffde8000019100 0041 00000000 0x0 0x0
0xffffde8000019180 0041 00000000 0x0 0x0
0xffffde8000019200 0041 00000000 0x0 0x0
0xffffde8000019280 0041 00000000 0x0 0x0
0xffffde8000019300 0041 00000000 0x0 0x0
0xffffde8000019380 0041 00000000 0x0 0x0
0xffffde8000019400 0041 00000000 0x0 0x0
0xffffde8000019480 0041 00000000 0x0 0x0
0xffffde8000019500 0041 00000000 0x0 0x0
0xffffde8000019580 0041 00000000 0x0 0x0
0xffffde8000019600 0041 00000000 0x0 0x0
0xffffde8000019680 0041 00000000 0x0 0x0
0xffffde8000019700 0041 00000000 0x0 0x0
0xffffde8000019780 0041 00000000 0x0 0x0
0xffffde8000019800 0041 00000000 0x0 0x0
0xffffde8000019880 0041 00000000 0x0 0x0
0xffffde8000019900 0041 00000000 0x0 0x0
0xffffde8000019980 0041 00000000 0x0 0x0
0xffffde8000019a00 0041 00000000 0x0 0x0
0xffffde8000019a80 0041 00000000 0x0 0x0
0xffffde8000019b00 0041 00000000 0x0 0x0
0xffffde8000019b80 0041 00000000 0x0 0x0
0xffffde8000019c00 0041 00000000 0x0 0x0
0xffffde8000019c80 0041 00000000 0x0 0x0
0xffffde8000019d00 0041 00000000 0x0 0x0
0xffffde8000019d80 0041 00000000 0x0 0x0
0xffffde8000019e00 0041 00000000 0x0 0x0
0xffffde8000019e80 0041 00000000 0x0 0x0
0xffffde8000019f00 0041 00000000 0x0 0x0
0xffffde8000019f80 0041 00000000 0x0 0x0
0xffffde800001a000 0041 00000000 0x0 0x0
0xffffde800001a080 0041 00000000 0x0 0x0
0xffffde800001a100 0041 00000000 0x0 0x0
0xffffde800001a180 0041 00000000 0x0 0x0
0xffffde800001a200 0041 00000000 0x0 0x0
0xffffde800001a280 0041 00000000 0x0 0x0
0xffffde800001a300 0041 00000000 0x0 0x0
0xffffde800001a380 0041 00000000 0x0 0x0
0xffffde800001a400 0041 00000000 0x0 0x0
0xffffde800001a480 0041 00000000 0x0 0x0
0xffffde800001a500 0041 00000000 0x0 0x0
0xffffde800001a580 0041 00000000 0x0 0x0
0xffffde800001a600 0041 00000000 0x0 0x0
0xffffde800001a680 0041 00000000 0x0 0x0
0xffffde800001a700 0041 00000000 0x0 0x0
0xffffde800001a780 0041 00000000 0x0 0x0
0xffffde800001a800 0041 00000000 0x0 0x0
0xffffde800001a880 0041 00000000 0x0 0x0
0xffffde800001a900 0041 00000000 0x0 0x0
0xffffde800001a980 0041 00000000 0x0 0x0
0xffffde800001aa00 0041 00000000 0x0 0x0
0xffffde800001aa80 0041 00000000 0x0 0x0
0xffffde800001ab00 0041 00000000 0x0 0x0
0xffffde800001ab80 0001 00000000 0x0 0x0
0xffffde800001ac00 0001 00000000 0x0 0x0
0xffffde800001ac80 0001 00000000 0x0 0x0
0xffffde800001ad00 0001 00000000 0x0 0x0
0xffffde800001ad80 0001 00000000 0x0 0x0
0xffffde800001ae00 0001 00000000 0x0 0x0
0xffffde800001ae80 0001 00000000 0x0 0x0
0xffffde800001af00 0001 00000000 0x0 0x0
0xffffde800001af80 0001 00000000 0x0 0x0
0xffffde800001b000 0001 00000000 0x0 0x0
0xffffde800001b080 0001 00000000 0x0 0x0
0xffffde800001b100 0001 00000000 0x0 0x0
0xffffde800001b180 0001 00000000 0x0 0x0
0xffffde800001b200 0001 00000000 0x0 0x0
0xffffde800001b280 0001 00000000 0x0 0x0
0xffffde800001b300 0001 00000000 0x0 0x0
0xffffde800001b380 0001 00000000 0x0 0x0
0xffffde800001b400 0001 00000000 0x0 0x0
0xffffde800001b480 0001 00000000 0x0 0x0
0xffffde800001b500 0001 00000000 0x0 0x0
0xffffde800001b580 0001 00000000 0x0 0x0
0xffffde800001b600 0001 00000000 0x0 0x0
0xffffde800001b680 0001 00000000 0x0 0x0
0xffffde800001b700 0001 00000000 0x0 0x0
0xffffde800001b780 0001 00000000 0x0 0x0
0xffffde800001b800 0001 00000000 0x0 0x0
0xffffde800001b880 0001 00000000 0x0 0x0
0xffffde800001b900 0001 00000000 0x0 0x0
0xffffde800001b980 0001 00000000 0x0 0x0
0xffffde800001ba00 0001 00000000 0x0 0x0
0xffffde800001ba80 0001 00000000 0x0 0x0
0xffffde800001bb00 0001 00000000 0x0 0x0
0xffffde800001bb80 0001 00000000 0x0 0x0
0xffffde800001bc00 0001 00000000 0x0 0x0
0xffffde800001bc80 0001 00000000 0x0 0x0
0xffffde800001bd00 0001 00000000 0x0 0x0
0xffffde800001bd80 0001 00000000 0x0 0x0
0xffffde800001be00 0001 00000000 0x0 0x0
0xffffde800001be80 0001 00000000 0x0 0x0
0xffffde800001bf00 0001 00000000 0x0 0x0
0xffffde800001bf80 0001 00000000 0x0 0x0
0xffffde800001c000 0001 00000000 0x0 0x0
0xffffde800001c080 0001 00000000 0x0 0x0
0xffffde800001c100 0001 00000000 0x0 0x0
0xffffde800001c180 0001 00000000 0x0 0x0
0xffffde800001c200 0001 00000000 0x0 0x0
0xffffde800001c280 0001 00000000 0x0 0x0
0xffffde800001c300 0001 00000000 0x0 0x0
0xffffde800001c380 0001 00000000 0x0 0x0
0xffffde800001c400 0001 00000000 0x0 0x0
0xffffde800001c480 0001 00000000 0x0 0x0
0xffffde800001c500 0001 00000000 0x0 0x0
0xffffde800001c580 0001 00000000 0x0 0x0
0xffffde800001c600 0001 00000000 0x0 0x0
0xffffde800001c680 0001 00000000 0x0 0x0
0xffffde800001c700 0001 00000000 0x0 0x0
0xffffde800001c780 0001 00000000 0x0 0x0
0xffffde800001c800 0001 00000000 0x0 0x0
0xffffde800001c880 0001 00000000 0x0 0x0
0xffffde800001c900 0001 00000000 0x0 0x0
0xffffde800001c980 0001 00000000 0x0 0x0
0xffffde800001ca00 0001 00000000 0x0 0x0
0xffffde800001ca80 0001 00000000 0x0 0x0
0xffffde800001cb00 0001 00000000 0x0 0x0
0xffffde800001cb80 0001 00000000 0x0 0x0
0xffffde800001cc00 0001 00000000 0x0 0x0
0xffffde800001cc80 0001 00000000 0x0 0x0
0xffffde800001cd00 0001 00000000 0x0 0x0
0xffffde800001cd80 0001 00000000 0x0 0x0
0xffffde800001ce00 0001 00000000 0x0 0x0
0xffffde800001ce80 0001 00000000 0x0 0x0
0xffffde800001cf00 0001 00000000 0x0 0x0
0xffffde800001cf80 0001 00000000 0x0 0x0
0xffffde800001d000 0001 00000000 0x0 0x0
0xffffde800001d080 0001 00000000 0x0 0x0
0xffffde800001d100 0001 00000000 0x0 0x0
0xffffde800001d180 0001 00000000 0x0 0x0
0xffffde800001d200 0001 00000000 0x0 0x0
0xffffde800001d280 0001 00000000 0x0 0x0
0xffffde800001d300 0001 00000000 0x0 0x0
0xffffde800001d380 0001 00000000 0x0 0x0
0xffffde800001d400 0001 00000000 0x0 0x0
0xffffde800001d480 0001 00000000 0x0 0x0
0xffffde800001d500 0001 00000000 0x0 0x0
0xffffde800001d580 0001 00000000 0x0 0x0
0xffffde800001d600 0001 00000000 0x0 0x0
0xffffde800001d680 0001 00000000 0x0 0x0
0xffffde800001d700 0001 00000000 0x0 0x0
0xffffde800001d780 0001 00000000 0x0 0x0
0xffffde800001d800 0001 00000000 0x0 0x0
0xffffde800001d880 0001 00000000 0x0 0x0
0xffffde800001d900 0001 00000000 0x0 0x0
0xffffde800001d980 0001 00000000 0x0 0x0
0xffffde800001da00 0001 00000000 0x0 0x0
0xffffde800001da80 0001 00000000 0x0 0x0
0xffffde800001db00 0001 00000000 0x0 0x0
0xffffde800001db80 0001 00000000 0x0 0x0
0xffffde800001dc00 0001 00000000 0x0 0x0
0xffffde800001dc80 0001 00000000 0x0 0x0
0xffffde800001dd00 0001 00000000 0x0 0x0
0xffffde800001dd80 0001 00000000 0x0 0x0
0xffffde800001de00 0001 00000000 0x0 0x0
0xffffde800001de80 0001 00000000 0x0 0x0
0xffffde800001df00 0001 00000000 0x0 0x0
0xffffde800001df80 0001 00000000 0x0 0x0
0xffffde800001e000 0001 00000000 0x0 0x0
0xffffde800001e080 0001 00000000 0x0 0x0
0xffffde800001e100 0001 00000000 0x0 0x0
0xffffde800001e180 0001 00000000 0x0 0x0
0xffffde800001e200 0001 00000000 0x0 0x0
0xffffde800001e280 0001 00000000 0x0 0x0
0xffffde800001e300 0001 00000000 0x0 0x0
0xffffde800001e380 0001 00000000 0x0 0x0
0xffffde800001e400 0001 00000000 0x0 0x0
0xffffde800001e480 0001 00000000 0x0 0x0
0xffffde800001e500 0001 00000000 0x0 0x0
0xffffde800001e580 0001 00000000 0x0 0x0
0xffffde800001e600 0001 00000000 0x0 0x0
0xffffde800001e680 0001 00000000 0x0 0x0
0xffffde800001e700 0001 00000000 0x0 0x0
0xffffde800001e780 0001 00000000 0x0 0x0
0xffffde800001e800 0001 00000000 0x0 0x0
0xffffde800001e880 0001 00000000 0x0 0x0
0xffffde800001e900 0001 00000000 0x0 0x0
0xffffde800001e980 0001 00000000 0x0 0x0
0xffffde800001ea00 0001 00000000 0x0 0x0
0xffffde800001ea80 0001 00000000 0x0 0x0
0xffffde800001eb00 0001 00000000 0x0 0x0
0xffffde800001eb80 0001 00000000 0x0 0x0
0xffffde800001ec00 0001 00000000 0x0 0x0
0xffffde800001ec80 0001 00000000 0x0 0x0
0xffffde800001ed00 0001 00000000 0x0 0x0
0xffffde800001ed80 0001 00000000 0x0 0x0
0xffffde800001ee00 0001 00000000 0x0 0x0
0xffffde800001ee80 0001 00000000 0x0 0x0
0xffffde800001ef00 0001 00000000 0x0 0x0
0xffffde800001ef80 0001 00000000 0x0 0x0
0xffffde800001f000 0001 00000000 0x0 0x0
0xffffde800001f080 0001 00000000 0x0 0x0
0xffffde800001f100 0001 00000000 0x0 0x0
0xffffde800001f180 0001 00000000 0x0 0x0
0xffffde800001f200 0001 00000000 0x0 0x0
0xffffde800001f280 0001 00000000 0x0 0x0
0xffffde800001f300 0001 00000000 0x0 0x0
0xffffde800001f380 0001 00000000 0x0 0x0
0xffffde800001f400 0001 00000000 0x0 0x0
0xffffde800001f480 0001 00000000 0x0 0x0
0xffffde800001f500 0001 00000000 0x0 0x0
0xffffde800001f580 0001 00000000 0x0 0x0
0xffffde800001f600 0001 00000000 0x0 0x0
0xffffde800001f680 0001 00000000 0x0 0x0
0xffffde800001f700 0001 00000000 0x0 0x0
0xffffde800001f780 0001 00000000 0x0 0x0
0xffffde800001f800 0001 00000000 0x0 0x0
0xffffde800001f880 0001 00000000 0x0 0x0
0xffffde800001f900 0001 00000000 0x0 0x0
0xffffde800001f980 0001 00000000 0x0 0x0
0xffffde800001fa00 0001 00000000 0x0 0x0
0xffffde800001fa80 0001 00000000 0x0 0x0
0xffffde800001fb00 0001 00000000 0x0 0x0
0xffffde800001fb80 0001 00000000 0x0 0x0
0xffffde800001fc00 0001 00000000 0x0 0x0
0xffffde800001fc80 0001 00000000 0x0 0x0
0xffffde800001fd00 0001 00000000 0x0 0x0
0xffffde800001fd80 0001 00000000 0x0 0x0
0xffffde800001fe00 0001 00000000 0x0 0x0
0xffffde800001fe80 0001 00000000 0x0 0x0
0xffffde800001ff00 0001 00000000 0x0 0x0
0xffffde800001ff80 0001 00000000 0x0 0x0
0xffffde8000020000 0001 00000000 0x0 0x0
0xffffde8000020080 0001 00000000 0x0 0x0
0xffffde8000020100 0001 00000000 0x0 0x0
0xffffde8000020180 0001 00000000 0x0 0x0
0xffffde8000020200 0001 00000000 0x0 0x0
0xffffde8000020280 0001 00000000 0x0 0x0
0xffffde8000020300 0001 00000000 0x0 0x0
0xffffde8000020380 0001 00000000 0x0 0x0
0xffffde8000020400 0001 00000000 0x0 0x0
0xffffde8000020480 0001 00000000 0x0 0x0
0xffffde8000020500 0001 00000000 0x0 0x0
0xffffde8000020580 0001 00000000 0x0 0x0
0xffffde8000020600 0001 00000000 0x0 0x0
0xffffde8000020680 0001 00000000 0x0 0x0
0xffffde8000020700 0001 00000000 0x0 0x0
0xffffde8000020780 0001 00000000 0x0 0x0
0xffffde8000020800 0001 00000000 0x0 0x0
0xffffde8000020880 0001 00000000 0x0 0x0
0xffffde8000020900 0001 00000000 0x0 0x0
0xffffde8000020980 0001 00000000 0x0 0x0
0xffffde8000020a00 0001 00000000 0x0 0x0
0xffffde8000020a80 0001 00000000 0x0 0x0
0xffffde8000020b00 0001 00000000 0x0 0x0
0xffffde8000020b80 0001 00000000 0x0 0x0
0xffffde8000020c00 0001 00000000 0x0 0x0
0xffffde8000020c80 0001 00000000 0x0 0x0
0xffffde8000020d00 0001 00000000 0x0 0x0
0xffffde8000020d80 0001 00000000 0x0 0x0
0xffffde8000020e00 0001 00000000 0x0 0x0
0xffffde8000020e80 0001 00000000 0x0 0x0
0xffffde8000020f00 0001 00000000 0x0 0x0
0xffffde8000020f80 0001 00000000 0x0 0x0
0xffffde8000021000 0001 00000000 0x0 0x0
0xffffde8000021080 0001 00000000 0x0 0x0
0xffffde8000021100 0001 00000000 0x0 0x0
0xffffde8000021180 0001 00000000 0x0 0x0
0xffffde8000021200 0001 00000000 0x0 0x0
0xffffde8000021280 0001 00000000 0x0 0x0
0xffffde8000021300 0001 00000000 0x0 0x0
0xffffde8000021380 0001 00000000 0x0 0x0
0xffffde8000021400 0001 00000000 0x0 0x0
0xffffde8000021480 0001 00000000 0x0 0x0
0xffffde8000021500 0001 00000000 0x0 0x0
0xffffde8000021580 0001 00000000 0x0 0x0
0xffffde8000021600 0001 00000000 0x0 0x0
0xffffde8000021680 0001 00000000 0x0 0x0
0xffffde8000021700 0001 00000000 0x0 0x0
0xffffde8000021780 0001 00000000 0x0 0x0
0xffffde8000021800 0001 00000000 0x0 0x0
0xffffde8000021880 0001 00000000 0x0 0x0
0xffffde8000021900 0001 00000000 0x0 0x0
0xffffde8000021980 0001 00000000 0x0 0x0
0xffffde8000021a00 0001 00000000 0x0 0x0
0xffffde8000021a80 0001 00000000 0x0 0x0
0xffffde8000021b00 0001 00000000 0x0 0x0
0xffffde8000021b80 0001 00000000 0x0 0x0
0xffffde8000021c00 0001 00000000 0x0 0x0
0xffffde8000021c80 0001 00000000 0x0 0x0
0xffffde8000021d00 0001 00000000 0x0 0x0
0xffffde8000021d80 0001 00000000 0x0 0x0
0xffffde8000021e00 0001 00000000 0x0 0x0
0xffffde8000021e80 0001 00000000 0x0 0x0
0xffffde8000021f00 0001 00000000 0x0 0x0
0xffffde8000021f80 0001 00000000 0x0 0x0
0xffffde8000022000 0001 00000000 0x0 0x0
0xffffde8000022080 0001 00000000 0x0 0x0
0xffffde8000022100 0001 00000000 0x0 0x0
0xffffde8000022180 0001 00000000 0x0 0x0
0xffffde8000022200 0001 00000000 0x0 0x0
0xffffde8000022280 0001 00000000 0x0 0x0
0xffffde8000022300 0001 00000000 0x0 0x0
0xffffde8000022380 0001 00000000 0x0 0x0
0xffffde8000022400 0001 00000000 0x0 0x0
0xffffde8000022480 0001 00000000 0x0 0x0
0xffffde8000022500 0001 00000000 0x0 0x0
0xffffde8000022580 0001 00000000 0x0 0x0
0xffffde8000022600 0001 00000000 0x0 0x0
0xffffde8000022680 0001 00000000 0x0 0x0
0xffffde8000022700 0001 00000000 0x0 0x0
0xffffde8000022780 0001 00000000 0x0 0x0
0xffffde8000022800 0001 00000000 0x0 0x0
0xffffde8000022880 0001 00000000 0x0 0x0
0xffffde8000022900 0001 00000000 0x0 0x0
0xffffde8000022980 0001 00000000 0x0 0x0
0xffffde8000022a00 0001 00000000 0x0 0x0
0xffffde8000022a80 0001 00000000 0x0 0x0
0xffffde8000022b00 0001 00000000 0x0 0x0
0xffffde8000022b80 0001 00000000 0x0 0x0
0xffffde8000022c00 0001 00000000 0x0 0x0
0xffffde8000022c80 0001 00000000 0x0 0x0
0xffffde8000022d00 0001 00000000 0x0 0x0
0xffffde8000022d80 0001 00000000 0x0 0x0
0xffffde8000022e00 0001 00000000 0x0 0x0
0xffffde8000022e80 0001 00000000 0x0 0x0
0xffffde8000022f00 0001 00000000 0x0 0x0
0xffffde8000022f80 0001 00000000 0x0 0x0
0xffffde8000023000 0001 00000000 0x0 0x0
0xffffde8000023080 0001 00000000 0x0 0x0
0xffffde8000023100 0001 00000000 0x0 0x0
0xffffde8000023180 0001 00000000 0x0 0x0
0xffffde8000023200 0001 00000000 0x0 0x0
0xffffde8000023280 0001 00000000 0x0 0x0
0xffffde8000023300 0001 00000000 0x0 0x0
0xffffde8000023380 0001 00000000 0x0 0x0
0xffffde8000023400 0001 00000000 0x0 0x0
0xffffde8000023480 0001 00000000 0x0 0x0
0xffffde8000023500 0001 00000000 0x0 0x0
0xffffde8000023580 0001 00000000 0x0 0x0
0xffffde8000023600 0001 00000000 0x0 0x0
0xffffde8000023680 0001 00000000 0x0 0x0
0xffffde8000023700 0001 00000000 0x0 0x0
0xffffde8000023780 0001 00000000 0x0 0x0
0xffffde8000023800 0001 00000000 0x0 0x0
0xffffde8000023880 0001 00000000 0x0 0x0
0xffffde8000023900 0001 00000000 0x0 0x0
0xffffde8000023980 0001 00000000 0x0 0x0
0xffffde8000023a00 0001 00000000 0x0 0x0
0xffffde8000023a80 0001 00000000 0x0 0x0
0xffffde8000023b00 0001 00000000 0x0 0x0
0xffffde8000023b80 0001 00000000 0x0 0x0
0xffffde8000023c00 0001 00000000 0x0 0x0
0xffffde8000023c80 0001 00000000 0x0 0x0
0xffffde8000023d00 0001 00000000 0x0 0x0
0xffffde8000023d80 0001 00000000 0x0 0x0
0xffffde8000023e00 0001 00000000 0x0 0x0
0xffffde8000023e80 0001 00000000 0x0 0x0
0xffffde8000023f00 0001 00000000 0x0 0x0
0xffffde8000023f80 0001 00000000 0x0 0x0
0xffffde8000024000 0001 00000000 0x0 0x0
0xffffde8000024080 0001 00000000 0x0 0x0
0xffffde8000024100 0001 00000000 0x0 0x0
0xffffde8000024180 0001 00000000 0x0 0x0
0xffffde8000024200 0001 00000000 0x0 0x0
0xffffde8000024280 0001 00000000 0x0 0x0
0xffffde8000024300 0001 00000000 0x0 0x0
0xffffde8000024380 0001 00000000 0x0 0x0
0xffffde8000024400 0001 00000000 0x0 0x0
0xffffde8000024480 0001 00000000 0x0 0x0
0xffffde8000024500 0001 00000000 0x0 0x0
0xffffde8000024580 0001 00000000 0x0 0x0
0xffffde8000024600 0001 00000000 0x0 0x0
0xffffde8000024680 0001 00000000 0x0 0x0
0xffffde8000024700 0001 00000000 0x0 0x0
0xffffde8000024780 0001 00000000 0x0 0x0
0xffffde8000024800 0001 00000000 0x0 0x0
0xffffde8000024880 0001 00000000 0x0 0x0
0xffffde8000024900 0001 00000000 0x0 0x0
0xffffde8000024980 0001 00000000 0x0 0x0
0xffffde8000024a00 0001 00000000 0x0 0x0
0xffffde8000024a80 0001 00000000 0x0 0x0
0xffffde8000024b00 0001 00000000 0x0 0x0
0xffffde8000024b80 0001 00000000 0x0 0x0
0xffffde8000024c00 0001 00000000 0x0 0x0
0xffffde8000024c80 0001 00000000 0x0 0x0
0xffffde8000024d00 0001 00000000 0x0 0x0
0xffffde8000024d80 0001 00000000 0x0 0x0
0xffffde8000024e00 0001 00000000 0x0 0x0
0xffffde8000024e80 0001 00000000 0x0 0x0
0xffffde8000024f00 0001 00000000 0x0 0x0
0xffffde8000024f80 0001 00000000 0x0 0x0
0xffffde8000025000 0001 00000000 0x0 0x0
0xffffde8000025080 0001 00000000 0x0 0x0
0xffffde8000025100 0001 00000000 0x0 0x0
0xffffde8000025180 0001 00000000 0x0 0x0
0xffffde8000025200 0001 00000000 0x0 0x0
0xffffde8000025280 0001 00000000 0x0 0x0
0xffffde8000025300 0001 00000000 0x0 0x0
0xffffde8000025380 0001 00000000 0x0 0x0
0xffffde8000025400 0001 00000000 0x0 0x0
0xffffde8000025480 0001 00000000 0x0 0x0
0xffffde8000025500 0001 00000000 0x0 0x0
0xffffde8000025580 0001 00000000 0x0 0x0
0xffffde8000025600 0001 00000000 0x0 0x0
0xffffde8000025680 0001 00000000 0x0 0x0
0xffffde8000025700 0001 00000000 0x0 0x0
0xffffde8000025780 0001 00000000 0x0 0x0
0xffffde8000025800 0001 00000000 0x0 0x0
0xffffde8000025880 0001 00000000 0x0 0x0
0xffffde8000025900 0001 00000000 0x0 0x0
0xffffde8000025980 0001 00000000 0x0 0x0
0xffffde8000025a00 0001 00000000 0x0 0x0
0xffffde8000025a80 0001 00000000 0x0 0x0
0xffffde8000025b00 0001 00000000 0x0 0x0
0xffffde8000025b80 0001 00000000 0x0 0x0
0xffffde8000025c00 0001 00000000 0x0 0x0
0xffffde8000025c80 0001 00000000 0x0 0x0
0xffffde8000025d00 0001 00000000 0x0 0x0
0xffffde8000025d80 0001 00000000 0x0 0x0
0xffffde8000025e00 0001 00000000 0x0 0x0
0xffffde8000025e80 0001 00000000 0x0 0x0
0xffffde8000025f00 0001 00000000 0x0 0x0
0xffffde8000025f80 0001 00000000 0x0 0x0
0xffffde8000026000 0001 00000000 0x0 0x0
0xffffde8000026080 0001 00000000 0x0 0x0
0xffffde8000026100 0001 00000000 0x0 0x0
0xffffde8000026180 0001 00000000 0x0 0x0
0xffffde8000026200 0001 00000000 0x0 0x0
0xffffde8000026280 0001 00000000 0x0 0x0
0xffffde8000026300 0001 00000000 0x0 0x0
0xffffde8000026380 0001 00000000 0x0 0x0
0xffffde8000026400 0001 00000000 0x0 0x0
0xffffde8000026480 0001 00000000 0x0 0x0
0xffffde8000026500 0001 00000000 0x0 0x0
0xffffde8000026580 0001 00000000 0x0 0x0
0xffffde8000026600 0001 00000000 0x0 0x0
0xffffde8000026680 0001 00000000 0x0 0x0
0xffffde8000026700 0001 00000000 0x0 0x0
0xffffde8000026780 0001 00000000 0x0 0x0
0xffffde8000026800 0001 00000000 0x0 0x0
0xffffde8000026880 0001 00000000 0x0 0x0
0xffffde8000026900 0001 00000000 0x0 0x0
0xffffde8000026980 0001 00000000 0x0 0x0
0xffffde8000026a00 0001 00000000 0x0 0x0
0xffffde8000026a80 0001 00000000 0x0 0x0
0xffffde8000026b00 0001 00000000 0x0 0x0
0xffffde8000026b80 0001 00000000 0x0 0x0
0xffffde8000026c00 0001 00000000 0x0 0x0
0xffffde8000026c80 0001 00000000 0x0 0x0
0xffffde8000026d00 0001 00000000 0x0 0x0
0xffffde8000026d80 0001 00000000 0x0 0x0
0xffffde8000026e00 0001 00000000 0x0 0x0
0xffffde8000026e80 0001 00000000 0x0 0x0
0xffffde8000026f00 0001 00000000 0x0 0x0
0xffffde8000026f80 0001 00000000 0x0 0x0
0xffffde8000027000 0001 00000000 0x0 0x0
0xffffde8000027080 0001 00000000 0x0 0x0
0xffffde8000027100 0001 00000000 0x0 0x0
0xffffde8000027180 0001 00000000 0x0 0x0
0xffffde8000027200 0001 00000000 0x0 0x0
0xffffde8000027280 0001 00000000 0x0 0x0
0xffffde8000027300 0001 00000000 0x0 0x0
0xffffde8000027380 0001 00000000 0x0 0x0
0xffffde8000027400 0001 00000000 0x0 0x0
0xffffde8000027480 0001 00000000 0x0 0x0
0xffffde8000027500 0001 00000000 0x0 0x0
0xffffde8000027580 0001 00000000 0x0 0x0
0xffffde8000027600 0001 00000000 0x0 0x0
0xffffde8000027680 0001 00000000 0x0 0x0
0xffffde8000027700 0001 00000000 0x0 0x0
0xffffde8000027780 0001 00000000 0x0 0x0
0xffffde8000027800 0001 00000000 0x0 0x0
0xffffde8000027880 0001 00000000 0x0 0x0
0xffffde8000027900 0001 00000000 0x0 0x0
0xffffde8000027980 0001 00000000 0x0 0x0
0xffffde8000027a00 0001 00000000 0x0 0x0
0xffffde8000027a80 0001 00000000 0x0 0x0
0xffffde8000027b00 0001 00000000 0x0 0x0
0xffffde8000027b80 0001 00000000 0x0 0x0
0xffffde8000027c00 0001 00000000 0x0 0x0
0xffffde8000027c80 0001 00000000 0x0 0x0
0xffffde8000027d00 0001 00000000 0x0 0x0
0xffffde8000027d80 0001 00000000 0x0 0x0
0xffffde8000027e00 0001 00000000 0x0 0x0
0xffffde8000027e80 0001 00000000 0x0 0x0
0xffffde8000027f00 0001 00000000 0x0 0x0
0xffffde8000027f80 0001 00000000 0x0 0x0
0xffffde8000028000 0001 00000000 0x0 0x0
0xffffde8000028080 0001 00000000 0x0 0x0
0xffffde8000028100 0001 00000000 0x0 0x0
0xffffde8000028180 0001 00000000 0x0 0x0
0xffffde8000028200 0001 00000000 0x0 0x0
0xffffde8000028280 0001 00000000 0x0 0x0
0xffffde8000028300 0001 00000000 0x0 0x0
0xffffde8000028380 0001 00000000 0x0 0x0
0xffffde8000028400 0001 00000000 0x0 0x0
0xffffde8000028480 0001 00000000 0x0 0x0
0xffffde8000028500 0001 00000000 0x0 0x0
0xffffde8000028580 0001 00000000 0x0 0x0
0xffffde8000028600 0001 00000000 0x0 0x0
0xffffde8000028680 0001 00000000 0x0 0x0
0xffffde8000028700 0001 00000000 0x0 0x0
0xffffde8000028780 0001 00000000 0x0 0x0
0xffffde8000028800 0001 00000000 0x0 0x0
0xffffde8000028880 0001 00000000 0x0 0x0
0xffffde8000028900 0001 00000000 0x0 0x0
0xffffde8000028980 0001 00000000 0x0 0x0
0xffffde8000028a00 0001 00000000 0x0 0x0
0xffffde8000028a80 0001 00000000 0x0 0x0
0xffffde8000028b00 0001 00000000 0x0 0x0
0xffffde8000028b80 0001 00000000 0x0 0x0
0xffffde8000028c00 0001 00000000 0x0 0x0
0xffffde8000028c80 0001 00000000 0x0 0x0
0xffffde8000028d00 0001 00000000 0x0 0x0
0xffffde8000028d80 0001 00000000 0x0 0x0
0xffffde8000028e00 0001 00000000 0x0 0x0
0xffffde8000028e80 0001 00000000 0x0 0x0
0xffffde8000028f00 0001 00000000 0x0 0x0
0xffffde8000028f80 0001 00000000 0x0 0x0
0xffffde8000029000 0001 00000000 0x0 0x0
0xffffde8000029080 0001 00000000 0x0 0x0
0xffffde8000029100 0001 00000000 0x0 0x0
0xffffde8000029180 0001 00000000 0x0 0x0
0xffffde8000029200 0001 00000000 0x0 0x0
0xffffde8000029280 0001 00000000 0x0 0x0
0xffffde8000029300 0001 00000000 0x0 0x0
0xffffde8000029380 0001 00000000 0x0 0x0
0xffffde8000029400 0001 00000000 0x0 0x0
0xffffde8000029480 0001 00000000 0x0 0x0
0xffffde8000029500 0001 00000000 0x0 0x0
0xffffde8000029580 0001 00000000 0x0 0x0
0xffffde8000029600 0001 00000000 0x0 0x0
0xffffde8000029680 0001 00000000 0x0 0x0
0xffffde8000029700 0001 00000000 0x0 0x0
0xffffde8000029780 0001 00000000 0x0 0x0
0xffffde8000029800 0001 00000000 0x0 0x0
0xffffde8000029880 0001 00000000 0x0 0x0
0xffffde8000029900 0001 00000000 0x0 0x0
0xffffde8000029980 0001 00000000 0x0 0x0
0xffffde8000029a00 0001 00000000 0x0 0x0
0xffffde8000029a80 0001 00000000 0x0 0x0
0xffffde8000029b00 0001 00000000 0x0 0x0
0xffffde8000029b80 0001 00000000 0x0 0x0
0xffffde8000029c00 0001 00000000 0x0 0x0
0xffffde8000029c80 0001 00000000 0x0 0x0
0xffffde8000029d00 0001 00000000 0x0 0x0
0xffffde8000029d80 0001 00000000 0x0 0x0
0xffffde8000029e00 0001 00000000 0x0 0x0
0xffffde8000029e80 0001 00000000 0x0 0x0
0xffffde8000029f00 0001 00000000 0x0 0x0
0xffffde8000029f80 0001 00000000 0x0 0x0
0xffffde800002a000 0001 00000000 0x0 0x0
0xffffde800002a080 0001 00000000 0x0 0x0
0xffffde800002a100 0001 00000000 0x0 0x0
0xffffde800002a180 0001 00000000 0x0 0x0
0xffffde800002a200 0001 00000000 0x0 0x0
0xffffde800002a280 0001 00000000 0x0 0x0
0xffffde800002a300 0001 00000000 0x0 0x0
0xffffde800002a380 0001 00000000 0x0 0x0
0xffffde800002a400 0001 00000000 0x0 0x0
0xffffde800002a480 0001 00000000 0x0 0x0
0xffffde800002a500 0001 00000000 0x0 0x0
0xffffde800002a580 0001 00000000 0x0 0x0
0xffffde800002a600 0001 00000000 0x0 0x0
0xffffde800002a680 0001 00000000 0x0 0x0
0xffffde800002a700 0001 00000000 0x0 0x0
0xffffde800002a780 0001 00000000 0x0 0x0
0xffffde800002a800 0001 00000000 0x0 0x0
0xffffde800002a880 0001 00000000 0x0 0x0
0xffffde800002a900 0001 00000000 0x0 0x0
0xffffde800002a980 0001 00000000 0x0 0x0
0xffffde800002aa00 0001 00000000 0x0 0x0
0xffffde800002aa80 0001 00000000 0x0 0x0
0xffffde800002ab00 0001 00000000 0x0 0x0
0xffffde800002ab80 0001 00000000 0x0 0x0
0xffffde800002ac00 0001 00000000 0x0 0x0
0xffffde800002ac80 0001 00000000 0x0 0x0
0xffffde800002ad00 0001 00000000 0x0 0x0
0xffffde800002ad80 0001 00000000 0x0 0x0
0xffffde800002ae00 0001 00000000 0x0 0x0
0xffffde800002ae80 0001 00000000 0x0 0x0
0xffffde800002af00 0001 00000000 0x0 0x0
0xffffde800002af80 0001 00000000 0x0 0x0
0xffffde800002b000 0001 00000000 0x0 0x0
0xffffde800002b080 0001 00000000 0x0 0x0
0xffffde800002b100 0001 00000000 0x0 0x0
0xffffde800002b180 0001 00000000 0x0 0x0
0xffffde800002b200 0001 00000000 0x0 0x0
0xffffde800002b280 0001 00000000 0x0 0x0
0xffffde800002b300 0001 00000000 0x0 0x0
0xffffde800002b380 0001 00000000 0x0 0x0
0xffffde800002b400 0001 00000000 0x0 0x0
0xffffde800002b480 0001 00000000 0x0 0x0
0xffffde800002b500 0001 00000000 0x0 0x0
0xffffde800002b580 0001 00000000 0x0 0x0
0xffffde800002b600 0001 00000000 0x0 0x0
0xffffde800002b680 0001 00000000 0x0 0x0
0xffffde800002b700 0001 00000000 0x0 0x0
0xffffde800002b780 0001 00000000 0x0 0x0
0xffffde800002b800 0001 00000000 0x0 0x0
0xffffde800002b880 0001 00000000 0x0 0x0
0xffffde800002b900 0001 00000000 0x0 0x0
0xffffde800002b980 0001 00000000 0x0 0x0
0xffffde800002ba00 0001 00000000 0x0 0x0
0xffffde800002ba80 0001 00000000 0x0 0x0
0xffffde800002bb00 0001 00000000 0x0 0x0
0xffffde800002bb80 0001 00000000 0x0 0x0
0xffffde800002bc00 0001 00000

---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

[Chuck Silvers]

the dashboard page for this report says that the kernel sources were from december 28,
which explains how this was hit again after I fixed it on december 29.
is syzbot's local git repo for netbsd not being updated for some reason?

-Chuck

> --
> You received this message because you are subscribed to the Google Groups "syzkaller-netbsd-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-netbsd...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-netbsd-bugs/000000000000f0f6aa05b89fc0d4%40google.com.

[Dmitry Vyukov]

,On Fri, Jan 15, 2021 at 2:22 AM Chuck Silvers <ch...@chuq.com> wrote:
>
> the dashboard page for this report says that the kernel sources were from december 28,
> which explains how this was hit again after I fixed it on december 29.
> is syzbot's local git repo for netbsd not being updated for some reason?

Hi Chuck,

This info is always available on the main dashboard page:
https://syzkaller.appspot.com/netbsd
At the top you can see "Instances" and all have Kernel freshness 18
days and a bold red "failing" pointing to the reported build/boot
failure for newer revisions.

> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-netbsd-bugs/YADuTsGuleSTy/Fe%40spathi.chuq.com.

[Dmitry Vyukov]

On Fri, Jan 15, 2021 at 8:49 AM Dmitry Vyukov <dvy...@google.com> wrote:
>
> ,On Fri, Jan 15, 2021 at 2:22 AM Chuck Silvers <ch...@chuq.com> wrote:
> >
> > the dashboard page for this report says that the kernel sources were from december 28,
> > which explains how this was hit again after I fixed it on december 29.
> > is syzbot's local git repo for netbsd not being updated for some reason?
>
> Hi Chuck,
>
> This info is always available on the main dashboard page:
> https://syzkaller.appspot.com/netbsd
> At the top you can see "Instances" and all have Kernel freshness 18
> days and a bold red "failing" pointing to the reported build/boot
> failure for newer revisions.

NetBSD support also suffers from poor kernel oops parsing and
resulting poor deduplication.
I assume some irrelevant unique numbers in "panic: [ 133.ADDR]
vpanic() at netbsd:vpanic+0x265" has changed and syzbot wasn't able to
understand that it's the same old issues and deduplicate it properly.
This should have been parsed as something like "panic in
namei_tryemulroot" and then it would not have been reported again
until the fix is present in syzbot builds.

[Chuck Silvers]

On Fri, Jan 15, 2021 at 08:49:17AM +0100, 'Dmitry Vyukov' via syzkaller-netbsd-bugs wrote:
> ,On Fri, Jan 15, 2021 at 2:22 AM Chuck Silvers <ch...@chuq.com> wrote:
> >
> > the dashboard page for this report says that the kernel sources were from december 28,
> > which explains how this was hit again after I fixed it on december 29.
> > is syzbot's local git repo for netbsd not being updated for some reason?
>
> Hi Chuck,
>
> This info is always available on the main dashboard page:
> https://syzkaller.appspot.com/netbsd
> At the top you can see "Instances" and all have Kernel freshness 18
> days and a bold red "failing" pointing to the reported build/boot
> failure for newer revisions.

ahh, ok.

in the "netbsd build error (13)" report where it looks like the build/boot problems
are being reported:
https://syzkaller.appspot.com/bug?id=0833426cf038ffb3be8afbc0d4d3ebf10dd10d5f

it looks like the kernel in the VM is hanging while probing the PCI bus.
I tried booting a kernel that I built today under qemu and it didn't hang.

the most recent crash report in that bug report is from 2021/01/15 08:50
https://syzkaller.appspot.com/text?tag=CrashReport&x=117a5207500000

but kernel boot output in that crash report shows that the kernel trying to boot
was built last year in June:

[ 1.0000000] NetBSD 9.99.65 (GENERIC) #0: Thu Jun 11 19:20:47 UTC 2020

so I'm confused... is syzbot really booting a 7 month old kernel, or is the
crash report just including the wrong boot log? or something else?

-Chuck

[Chuck Silvers]

On Fri, Jan 15, 2021 at 08:54:21AM +0100, 'Dmitry Vyukov' via syzkaller-netbsd-bugs wrote:
> On Fri, Jan 15, 2021 at 8:49 AM Dmitry Vyukov <dvy...@google.com> wrote:
> >
> > ,On Fri, Jan 15, 2021 at 2:22 AM Chuck Silvers <ch...@chuq.com> wrote:
> > >
> > > the dashboard page for this report says that the kernel sources were from december 28,
> > > which explains how this was hit again after I fixed it on december 29.
> > > is syzbot's local git repo for netbsd not being updated for some reason?
> >
> > Hi Chuck,
> >
> > This info is always available on the main dashboard page:
> > https://syzkaller.appspot.com/netbsd
> > At the top you can see "Instances" and all have Kernel freshness 18
> > days and a bold red "failing" pointing to the reported build/boot
> > failure for newer revisions.
>
> NetBSD support also suffers from poor kernel oops parsing and
> resulting poor deduplication.
> I assume some irrelevant unique numbers in "panic: [ 133.ADDR]
> vpanic() at netbsd:vpanic+0x265" has changed and syzbot wasn't able to
> understand that it's the same old issues and deduplicate it properly.
> This should have been parsed as something like "panic in
> namei_tryemulroot" and then it would not have been reported again
> until the fix is present in syzbot builds.

yea, I asked you about that last month. I started setting up my own
instance of syzkaller so that I could work on improving that parsing code
but I hit some snag and got distracted. I'll try to get back to that soon.

-Chuck

[Dmitry Vyukov]

Own instance is not necessary for this. There is a good unit testing
infrastructure. We are adding crash samples and fix how they need to
be parsed:
https://github.com/google/syzkaller/commit/468dbb556537f9a8f1afe43d2d5f1482b73db501
I fix lots of such of cases that happen on syzbot for linux using just
these tests. Works great.

[Dmitry Vyukov]

syzbot should be testing new kernel revisions. The revision that is
specified in the Crashes/Commit column:
https://syzkaller.appspot.com/bug?id=0833426cf038ffb3be8afbc0d4d3ebf10dd10d5f
(we don't have any known issues with this for any other OSes, and this
would come up quickly).

Jun 11 looks like the date when the 'dest' (toolchain) was build that
is used to build new kernels:

$ ls -l /syzkaller/netbsd/
total 20
drwxrwxrwx 17 root root 4096 Jun 11 2020 dest
drwxrwxrwx 10 root root 4096 Jun 11 2020 tools
drwxr-xr-x 2 root root 4096 Jun 24 2020 userspace

oh, wait, something else happens
syzbot normally runs NetBSD images on GCE VMs.
However, during a build of a new image, it uses qemu to install a new
kernel into image, and this uses qemu, and this is what hangs:
https://github.com/google/syzkaller/blob/master/pkg/build/netbsd.go#L102-L163

This is why this is reported as "build" error and why there is qemu
output in the log:
WARNING: Image format was not specified for
'/syzkaller/managers/netbsd/latest.tmp/image' and probing guessed raw.
Automatically detecting the format is dangerous for raw
images, write operations on block 0 will be restricted.
Specify the 'raw' format explicitly to remove the restrictions.

Sorry I am forgetting all the differences related to different OSes.
But this thread keeps some records, and there is an image update info on Jun 11:
https://groups.google.com/g/syzkaller/c/pM5Ba5Zc3yQ/m/GZ2u_tl2AAAJ


Maybe we need another image update. But it's a bit puzzling to me
what's changed recently... the base image is old, qemu wasn't
updated... but it started to consistently time out on particular
date...

[syzbot]

Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.

[Chuck Silvers]

(finally getting back to this, and it's still broken...)

the only change to syzkaller on the date where things started failing
that looks like it would affect netbsd is this:

commit cbd0445ec3b0b184db66966d8a47e6b37d13692e
Author: Dmitry Vyukov <dvy...@google.com>
AuthorDate: Wed Nov 25 09:17:50 2020 +0100
Commit: Dmitry Vyukov <dvy...@google.com>
CommitDate: Mon Dec 28 14:22:41 2020 +0100

all: make timeouts configurable

Add sys/targets.Timeouts struct that parametrizes timeouts throughout the system.
The struct allows to control syscall/program/no output timeouts for OS/arch/VM/etc.
See comment on the struct for more details.


so maybe this change is what introduced the image-build timeout failures?
could you try increasing the timeout value for the netbsd build?

I'm not sure why netbsd is the only BSD that uses qemu as part of the build process,
neither freebsd nor openbsd do that. do you recall the reason for this?

could we change the netbsd build to work more like the other BSDs, to avoid
using qemu as part of the build, as that seems to be problematic?

-Chuck

[Dmitry Vyukov]

Oh, a change that messes with timeouts leads to timeouts... that's suspicious :)
I think I see the issue. The problem is that the code in
pkg/build/netbsd.go skips all of our verification/completion logic. As
a result the manager config has 0 timeouts and qemu immediately
timeouts.
I've created https://github.com/google/syzkaller/pull/2598 to fix this.

I've considered using the standard config loading procedure and even
wrote a test, but the problem is that it started complaining about
missing syzkaller binaries (and maybe something else after that). I
will drop the code here for future reference:
https://gist.github.com/dvyukov/a8b27dc3f9315598ef401c2e5320fe3b

> I'm not sure why netbsd is the only BSD that uses qemu as part of the build process,
> neither freebsd nor openbsd do that. do you recall the reason for this?
>
> could we change the netbsd build to work more like the other BSDs, to avoid
> using qemu as part of the build, as that seems to be problematic?

That wasn't added by me.
An alternative would be to mount the image and do the required fix ups
in the mount. That would definitely be faster/more reliable. That's
what we try to do for linux nowadays.
I think some BSDs build a complete image in their 'make' so it's not
directly comparable.

[Dmitry Vyukov]

Woohoo! We are alive and kicking again with fresh kernel builds:
https://syzkaller.appspot.com/netbsd
So that turned out to be just that silly bug...

KUBSan is broken, but that's a different issue:
https://syzkaller.appspot.com/bug?id=45ae16994ec8d7f93267596924612083802d2abf

[Chuck Silvers]

On Tue, May 25, 2021 at 08:29:18PM +0200, Dmitry Vyukov wrote:
> On Tue, May 25, 2021 at 5:29 PM Dmitry Vyukov <dvy...@google.com> wrote:
> > Oh, a change that messes with timeouts leads to timeouts... that's suspicious :)
> > I think I see the issue. The problem is that the code in
> > pkg/build/netbsd.go skips all of our verification/completion logic. As
> > a result the manager config has 0 timeouts and qemu immediately
> > timeouts.
> > I've created https://github.com/google/syzkaller/pull/2598 to fix this.
>
> Woohoo! We are alive and kicking again with fresh kernel builds:
> https://syzkaller.appspot.com/netbsd
> So that turned out to be just that silly bug...

great, I'm glad it was simple to fix.
I guess I'll just leave the image-creation stuff alone for now
since it's working at this point.

> KUBSan is broken, but that's a different issue:
> https://syzkaller.appspot.com/bug?id=45ae16994ec8d7f93267596924612083802d2abf

I fixed that just now, hopefully that's the only one that happens during boot.

thanks for your help!

-Chuck

[Dmitry Vyukov]

Cool! All 3 instances seem to be working now.