starting build "6ac703c2-2533-47d6-a88e-15316bb53404" FETCHSOURCE BUILD Starting Step #0 Step #0: Already have image (with digest): gcr.io/cloud-builders/git Step #0: Cloning into 'oss-fuzz'... Finished Step #0 Starting Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1" Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Already have image (with digest): gcr.io/cloud-builders/docker Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Sending build context to Docker daemon 5.12kB Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Step 1/5 : FROM gcr.io/oss-fuzz-base/base-builder Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": latest: Pulling from oss-fuzz-base/base-builder Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": b549f31133a9: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 331d25ff9ac6: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 7f4811f93e43: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 1449f4b02c73: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": d5f9015cdf50: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": bf9191db3d46: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": f27160af0e8a: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": ffc229321738: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 5eb6a76cbe80: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": e4f88222f8b5: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 6e3b3ba61038: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 91cc90b1221a: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 022be336536a: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 8d7517370834: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 143d14c055b2: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 563697c080f5: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": a5f2882d703b: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": ffc229321738: Waiting Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": f27160af0e8a: Waiting Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 8da8b2999c07: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 38cc6e8918e3: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 4a950f999ebb: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 152c59a4a631: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 221f4d7c2908: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 2254c1dc0a72: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 11436d2b55b1: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 1ce3f1d18760: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 4e86f2e12e91: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": f247db4944c2: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 762bd85308ec: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": ec844ac4e3d0: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 2dc59509164e: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 0cde037983b3: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 022be336536a: Waiting Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": e4f88222f8b5: Waiting Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 4e86f2e12e91: Waiting Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": ec844ac4e3d0: Waiting Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 2dc59509164e: Waiting Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 563697c080f5: Waiting Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 3ddf7ad7b27e: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 2254c1dc0a72: Waiting Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": faa202d7867d: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 152c59a4a631: Waiting Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 0cde037983b3: Waiting Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 1cf9d8798e7a: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 221f4d7c2908: Waiting Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 32059e3a3678: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 11436d2b55b1: Waiting Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 40d504b9d98a: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 16ab56a2166a: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 4e63b3bc3844: Pulling fs layer Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 1cf9d8798e7a: Waiting Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": faa202d7867d: Waiting Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 32059e3a3678: Waiting Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 40d504b9d98a: Waiting Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 16ab56a2166a: Waiting Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 762bd85308ec: Waiting Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 8d7517370834: Waiting Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": f247db4944c2: Waiting Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 38cc6e8918e3: Waiting Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 6e3b3ba61038: Waiting Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": a5f2882d703b: Waiting Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 91cc90b1221a: Waiting Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 1ce3f1d18760: Waiting Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 7f4811f93e43: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 7f4811f93e43: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": d5f9015cdf50: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": d5f9015cdf50: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": f27160af0e8a: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": ffc229321738: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": ffc229321738: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": b549f31133a9: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": b549f31133a9: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 1449f4b02c73: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 1449f4b02c73: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 6e3b3ba61038: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 6e3b3ba61038: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 91cc90b1221a: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 91cc90b1221a: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 022be336536a: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 022be336536a: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 8d7517370834: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 143d14c055b2: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 143d14c055b2: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 331d25ff9ac6: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 331d25ff9ac6: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": a5f2882d703b: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": a5f2882d703b: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 8da8b2999c07: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 8da8b2999c07: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": e4f88222f8b5: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": e4f88222f8b5: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 38cc6e8918e3: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 221f4d7c2908: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 221f4d7c2908: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 152c59a4a631: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 152c59a4a631: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 4a950f999ebb: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 4a950f999ebb: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 11436d2b55b1: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 11436d2b55b1: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 2254c1dc0a72: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 2254c1dc0a72: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 1ce3f1d18760: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 1ce3f1d18760: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 4e86f2e12e91: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 4e86f2e12e91: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": f247db4944c2: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": ec844ac4e3d0: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": ec844ac4e3d0: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 762bd85308ec: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 762bd85308ec: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 2dc59509164e: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 2dc59509164e: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 0cde037983b3: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 0cde037983b3: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 3ddf7ad7b27e: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 3ddf7ad7b27e: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": faa202d7867d: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": faa202d7867d: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": b549f31133a9: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 1cf9d8798e7a: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 1cf9d8798e7a: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 40d504b9d98a: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 40d504b9d98a: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 32059e3a3678: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 32059e3a3678: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 5eb6a76cbe80: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 5eb6a76cbe80: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 16ab56a2166a: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 16ab56a2166a: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 4e63b3bc3844: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 4e63b3bc3844: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": bf9191db3d46: Verifying Checksum Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": bf9191db3d46: Download complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 331d25ff9ac6: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 7f4811f93e43: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 1449f4b02c73: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": d5f9015cdf50: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": bf9191db3d46: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": f27160af0e8a: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": ffc229321738: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 5eb6a76cbe80: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": e4f88222f8b5: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 6e3b3ba61038: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 91cc90b1221a: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 022be336536a: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 8d7517370834: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 143d14c055b2: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 563697c080f5: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": a5f2882d703b: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 8da8b2999c07: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 38cc6e8918e3: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 4a950f999ebb: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 152c59a4a631: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 221f4d7c2908: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 2254c1dc0a72: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 11436d2b55b1: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 1ce3f1d18760: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 4e86f2e12e91: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": f247db4944c2: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 762bd85308ec: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": ec844ac4e3d0: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 2dc59509164e: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 0cde037983b3: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 3ddf7ad7b27e: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": faa202d7867d: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 1cf9d8798e7a: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 32059e3a3678: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 40d504b9d98a: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 16ab56a2166a: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 4e63b3bc3844: Pull complete Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Digest: sha256:90989baf23d72628389c79541cbd54a1a9391e4263f0dac12c6e01506d5e2df7 Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Status: Downloaded newer image for gcr.io/oss-fuzz-base/base-builder:latest Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": ---> ed2211b3bb70 Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Step 2/5 : RUN apt-get update && apt-get install -y make autoconf automake libtool python3-click Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": ---> Running in 4af7a1b2c8a0 Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Hit:1 http://security.ubuntu.com/ubuntu focal-security InRelease Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Hit:2 http://archive.ubuntu.com/ubuntu focal InRelease Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Get:3 http://archive.ubuntu.com/ubuntu focal-updates InRelease [128 kB] Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Hit:4 http://archive.ubuntu.com/ubuntu focal-backports InRelease Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Fetched 128 kB in 1s (135 kB/s) Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Reading package lists... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Reading package lists... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Building dependency tree... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Reading state information... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": make is already the newest version (4.2.1-1.2). Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": make set to manually installed. Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": The following additional packages will be installed: Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": file libltdl-dev libltdl7 libmagic-mgc libmagic1 libmpdec2 libpython3-stdlib Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": libpython3.8-minimal libpython3.8-stdlib mime-support python3 Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": python3-colorama python3-minimal python3.8 python3.8-minimal Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Suggested packages: Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": autoconf-archive gnu-standards autoconf-doc gettext libtool-doc gfortran Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": | fortran95-compiler gcj-jdk python3-doc python3-tk python3-venv Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": python3.8-venv python3.8-doc binfmt-support Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": The following NEW packages will be installed: Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": autoconf automake file libltdl-dev libltdl7 libmagic-mgc libmagic1 libmpdec2 Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": libpython3-stdlib libpython3.8-minimal libpython3.8-stdlib libtool Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": mime-support python3 python3-click python3-colorama python3-minimal Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": python3.8 python3.8-minimal Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": 0 upgraded, 19 newly installed, 0 to remove and 0 not upgraded. Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Need to get 6484 kB of archives. Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": After this operation, 32.5 MB of additional disk space will be used. Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Get:1 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 libpython3.8-minimal amd64 3.8.10-0ubuntu1~20.04.18 [721 kB] Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Get:2 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 python3.8-minimal amd64 3.8.10-0ubuntu1~20.04.18 [1900 kB] Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Get:3 http://archive.ubuntu.com/ubuntu focal/main amd64 python3-minimal amd64 3.8.2-0ubuntu2 [23.6 kB] Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Get:4 http://archive.ubuntu.com/ubuntu focal/main amd64 mime-support all 3.64ubuntu1 [30.6 kB] Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Get:5 http://archive.ubuntu.com/ubuntu focal/main amd64 libmpdec2 amd64 2.4.2-3 [81.1 kB] Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Get:6 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 libpython3.8-stdlib amd64 3.8.10-0ubuntu1~20.04.18 [1676 kB] Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Get:7 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 python3.8 amd64 3.8.10-0ubuntu1~20.04.18 [387 kB] Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Get:8 http://archive.ubuntu.com/ubuntu focal/main amd64 libpython3-stdlib amd64 3.8.2-0ubuntu2 [7068 B] Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Get:9 http://archive.ubuntu.com/ubuntu focal/main amd64 python3 amd64 3.8.2-0ubuntu2 [47.6 kB] Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Get:10 http://archive.ubuntu.com/ubuntu focal/main amd64 libmagic-mgc amd64 1:5.38-4 [218 kB] Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Get:11 http://archive.ubuntu.com/ubuntu focal/main amd64 libmagic1 amd64 1:5.38-4 [75.9 kB] Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Get:12 http://archive.ubuntu.com/ubuntu focal/main amd64 file amd64 1:5.38-4 [23.3 kB] Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Get:13 http://archive.ubuntu.com/ubuntu focal/main amd64 autoconf all 2.69-11.1 [321 kB] Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Get:14 http://archive.ubuntu.com/ubuntu focal/main amd64 automake all 1:1.16.1-4ubuntu6 [522 kB] Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Get:15 http://archive.ubuntu.com/ubuntu focal/main amd64 libltdl7 amd64 2.4.6-14 [38.5 kB] Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Get:16 http://archive.ubuntu.com/ubuntu focal/main amd64 libltdl-dev amd64 2.4.6-14 [162 kB] Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Get:17 http://archive.ubuntu.com/ubuntu focal/main amd64 libtool all 2.4.6-14 [161 kB] Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Get:18 http://archive.ubuntu.com/ubuntu focal/main amd64 python3-colorama all 0.4.3-1build1 [23.9 kB] Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Get:19 http://archive.ubuntu.com/ubuntu focal/main amd64 python3-click all 7.0-3 [64.8 kB] Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": debconf: delaying package configuration, since apt-utils is not installed Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Fetched 6484 kB in 1s (11.7 MB/s) Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Selecting previously unselected package libpython3.8-minimal:amd64. Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 17483 files and directories currently installed.) Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Preparing to unpack .../libpython3.8-minimal_3.8.10-0ubuntu1~20.04.18_amd64.deb ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Unpacking libpython3.8-minimal:amd64 (3.8.10-0ubuntu1~20.04.18) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Selecting previously unselected package python3.8-minimal. Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Preparing to unpack .../python3.8-minimal_3.8.10-0ubuntu1~20.04.18_amd64.deb ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Unpacking python3.8-minimal (3.8.10-0ubuntu1~20.04.18) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Setting up libpython3.8-minimal:amd64 (3.8.10-0ubuntu1~20.04.18) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Setting up python3.8-minimal (3.8.10-0ubuntu1~20.04.18) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Selecting previously unselected package python3-minimal. Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 17766 files and directories currently installed.) Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Preparing to unpack .../0-python3-minimal_3.8.2-0ubuntu2_amd64.deb ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Unpacking python3-minimal (3.8.2-0ubuntu2) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Selecting previously unselected package mime-support. Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Preparing to unpack .../1-mime-support_3.64ubuntu1_all.deb ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Unpacking mime-support (3.64ubuntu1) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Selecting previously unselected package libmpdec2:amd64. Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Preparing to unpack .../2-libmpdec2_2.4.2-3_amd64.deb ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Unpacking libmpdec2:amd64 (2.4.2-3) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Selecting previously unselected package libpython3.8-stdlib:amd64. Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Preparing to unpack .../3-libpython3.8-stdlib_3.8.10-0ubuntu1~20.04.18_amd64.deb ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Unpacking libpython3.8-stdlib:amd64 (3.8.10-0ubuntu1~20.04.18) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Selecting previously unselected package python3.8. Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Preparing to unpack .../4-python3.8_3.8.10-0ubuntu1~20.04.18_amd64.deb ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Unpacking python3.8 (3.8.10-0ubuntu1~20.04.18) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Selecting previously unselected package libpython3-stdlib:amd64. Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Preparing to unpack .../5-libpython3-stdlib_3.8.2-0ubuntu2_amd64.deb ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Unpacking libpython3-stdlib:amd64 (3.8.2-0ubuntu2) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Setting up python3-minimal (3.8.2-0ubuntu2) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Selecting previously unselected package python3. Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 18168 files and directories currently installed.) Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Preparing to unpack .../00-python3_3.8.2-0ubuntu2_amd64.deb ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Unpacking python3 (3.8.2-0ubuntu2) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Selecting previously unselected package libmagic-mgc. Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Preparing to unpack .../01-libmagic-mgc_1%3a5.38-4_amd64.deb ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Unpacking libmagic-mgc (1:5.38-4) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Selecting previously unselected package libmagic1:amd64. Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Preparing to unpack .../02-libmagic1_1%3a5.38-4_amd64.deb ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Unpacking libmagic1:amd64 (1:5.38-4) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Selecting previously unselected package file. Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Preparing to unpack .../03-file_1%3a5.38-4_amd64.deb ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Unpacking file (1:5.38-4) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Selecting previously unselected package autoconf. Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Preparing to unpack .../04-autoconf_2.69-11.1_all.deb ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Unpacking autoconf (2.69-11.1) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Selecting previously unselected package automake. Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Preparing to unpack .../05-automake_1%3a1.16.1-4ubuntu6_all.deb ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Unpacking automake (1:1.16.1-4ubuntu6) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Selecting previously unselected package libltdl7:amd64. Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Preparing to unpack .../06-libltdl7_2.4.6-14_amd64.deb ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Unpacking libltdl7:amd64 (2.4.6-14) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Selecting previously unselected package libltdl-dev:amd64. Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Preparing to unpack .../07-libltdl-dev_2.4.6-14_amd64.deb ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Unpacking libltdl-dev:amd64 (2.4.6-14) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Selecting previously unselected package libtool. Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Preparing to unpack .../08-libtool_2.4.6-14_all.deb ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Unpacking libtool (2.4.6-14) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Selecting previously unselected package python3-colorama. Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Preparing to unpack .../09-python3-colorama_0.4.3-1build1_all.deb ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Unpacking python3-colorama (0.4.3-1build1) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Selecting previously unselected package python3-click. Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Preparing to unpack .../10-python3-click_7.0-3_all.deb ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Unpacking python3-click (7.0-3) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Setting up mime-support (3.64ubuntu1) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Setting up libmagic-mgc (1:5.38-4) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Setting up libmagic1:amd64 (1:5.38-4) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Setting up file (1:5.38-4) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Setting up libltdl7:amd64 (2.4.6-14) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Setting up autoconf (2.69-11.1) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Setting up libmpdec2:amd64 (2.4.2-3) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Setting up libpython3.8-stdlib:amd64 (3.8.10-0ubuntu1~20.04.18) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Setting up python3.8 (3.8.10-0ubuntu1~20.04.18) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Setting up libpython3-stdlib:amd64 (3.8.2-0ubuntu2) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Setting up automake (1:1.16.1-4ubuntu6) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": update-alternatives: using /usr/bin/automake-1.16 to provide /usr/bin/automake (automake) in auto mode Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": update-alternatives: warning: skip creation of /usr/share/man/man1/automake.1.gz because associated file /usr/share/man/man1/automake-1.16.1.gz (of link group automake) doesn't exist Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": update-alternatives: warning: skip creation of /usr/share/man/man1/aclocal.1.gz because associated file /usr/share/man/man1/aclocal-1.16.1.gz (of link group automake) doesn't exist Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Setting up libtool (2.4.6-14) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Setting up python3 (3.8.2-0ubuntu2) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Setting up libltdl-dev:amd64 (2.4.6-14) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Setting up python3-colorama (0.4.3-1build1) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Setting up python3-click (7.0-3) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Processing triggers for libc-bin (2.31-0ubuntu9.18) ... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Removing intermediate container 4af7a1b2c8a0 Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": ---> 1c0caa1ea5c5 Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Step 3/5 : RUN git clone --depth 1 https://github.com/hathach/tinyusb.git tinyusb Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": ---> Running in cf3136d21bd0 Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Cloning into 'tinyusb'... Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Removing intermediate container cf3136d21bd0 Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": ---> af38e404757f Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Step 4/5 : WORKDIR tinyusb Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": ---> Running in ebf35707cf0d Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Removing intermediate container ebf35707cf0d Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": ---> 3cf416c784d3 Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Step 5/5 : COPY build.sh $SRC/ Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": ---> 73b686a26325 Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Successfully built 73b686a26325 Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Successfully tagged gcr.io/oss-fuzz/tinyusb:latest Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1": Successfully tagged us-central1-docker.pkg.dev/oss-fuzz/unsafe/tinyusb:latest Finished Step #1 - "build-6c0c198b-2eb2-4920-b6b1-7601475d00a1" Starting Step #2 - "srcmap" Step #2 - "srcmap": Already have image: gcr.io/oss-fuzz/tinyusb Step #2 - "srcmap": ++ tempfile Step #2 - "srcmap": + SRCMAP=/tmp/fileDD3UHP Step #2 - "srcmap": + echo '{}' Step #2 - "srcmap": + PATHS_TO_SCAN=/src Step #2 - "srcmap": + [[ c++ == \g\o ]] Step #2 - "srcmap": ++ find /src -name .git -type d Step #2 - "srcmap": + for DOT_GIT_DIR in $(find $PATHS_TO_SCAN -name ".git" -type d) Step #2 - "srcmap": ++ dirname /src/tinyusb/.git Step #2 - "srcmap": + GIT_DIR=/src/tinyusb Step #2 - "srcmap": + cd /src/tinyusb Step #2 - "srcmap": ++ git config --get remote.origin.url Step #2 - "srcmap": + GIT_URL=https://github.com/hathach/tinyusb.git Step #2 - "srcmap": ++ git rev-parse HEAD Step #2 - "srcmap": + GIT_REV=2656c6d91e8a544cf94247724ebf360c1b66d567 Step #2 - "srcmap": + jq_inplace /tmp/fileDD3UHP '."/src/tinyusb" = { type: "git", url: "https://github.com/hathach/tinyusb.git", rev: "2656c6d91e8a544cf94247724ebf360c1b66d567" }' Step #2 - "srcmap": ++ tempfile Step #2 - "srcmap": + F=/tmp/filenW66E9 Step #2 - "srcmap": + cat /tmp/fileDD3UHP Step #2 - "srcmap": + jq '."/src/tinyusb" = { type: "git", url: "https://github.com/hathach/tinyusb.git", rev: "2656c6d91e8a544cf94247724ebf360c1b66d567" }' Step #2 - "srcmap": + mv /tmp/filenW66E9 /tmp/fileDD3UHP Step #2 - "srcmap": ++ find /src -name .svn -type d Step #2 - "srcmap": ++ find /src -name .hg -type d Step #2 - "srcmap": + '[' '' '!=' '' ']' Step #2 - "srcmap": + cat /tmp/fileDD3UHP Step #2 - "srcmap": + rm /tmp/fileDD3UHP Step #2 - "srcmap": { Step #2 - "srcmap": "/src/tinyusb": { Step #2 - "srcmap": "type": "git", Step #2 - "srcmap": "url": "https://github.com/hathach/tinyusb.git", Step #2 - "srcmap": "rev": "2656c6d91e8a544cf94247724ebf360c1b66d567" Step #2 - "srcmap": } Step #2 - "srcmap": } Finished Step #2 - "srcmap" Starting Step #3 - "compile-libfuzzer-coverage-x86_64" Step #3 - "compile-libfuzzer-coverage-x86_64": Already have image (with digest): gcr.io/cloud-builders/docker Step #3 - "compile-libfuzzer-coverage-x86_64": --------------------------------------------------------------- Step #3 - "compile-libfuzzer-coverage-x86_64": vm.mmap_rnd_bits = 28 Step #3 - "compile-libfuzzer-coverage-x86_64": Compiling libFuzzer to /usr/lib/libFuzzingEngine.a... done. Step #3 - "compile-libfuzzer-coverage-x86_64": --------------------------------------------------------------- Step #3 - "compile-libfuzzer-coverage-x86_64": CC=clang Step #3 - "compile-libfuzzer-coverage-x86_64": CXX=clang++ Step #3 - "compile-libfuzzer-coverage-x86_64": CFLAGS=-O1 -fno-omit-frame-pointer -gline-tables-only -Wno-error=incompatible-function-pointer-types -Wno-error=int-conversion -Wno-error=deprecated-declarations -Wno-error=implicit-function-declaration -Wno-error=implicit-int -Wno-error=unknown-warning-option -Wno-error=vla-cxx-extension -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fprofile-instr-generate -fcoverage-mapping -pthread -Wl,--no-as-needed -Wl,-ldl -Wl,-lm -Wno-unused-command-line-argument Step #3 - "compile-libfuzzer-coverage-x86_64": CXXFLAGS=-O1 -fno-omit-frame-pointer -gline-tables-only -Wno-error=incompatible-function-pointer-types -Wno-error=int-conversion -Wno-error=deprecated-declarations -Wno-error=implicit-function-declaration -Wno-error=implicit-int -Wno-error=unknown-warning-option -Wno-error=vla-cxx-extension -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fprofile-instr-generate -fcoverage-mapping -pthread -Wl,--no-as-needed -Wl,-ldl -Wl,-lm -Wno-unused-command-line-argument -stdlib=libc++ Step #3 - "compile-libfuzzer-coverage-x86_64": RUSTFLAGS=--cfg fuzzing -Cdebuginfo=1 -Cforce-frame-pointers -Cinstrument-coverage -C link-arg=-lc++ Step #3 - "compile-libfuzzer-coverage-x86_64": --------------------------------------------------------------- Step #3 - "compile-libfuzzer-coverage-x86_64": + set -euxo pipefail Step #3 - "compile-libfuzzer-coverage-x86_64": + export 'CXXFLAGS=-O1 -fno-omit-frame-pointer -gline-tables-only -Wno-error=incompatible-function-pointer-types -Wno-error=int-conversion -Wno-error=deprecated-declarations -Wno-error=implicit-function-declaration -Wno-error=implicit-int -Wno-error=unknown-warning-option -Wno-error=vla-cxx-extension -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fprofile-instr-generate -fcoverage-mapping -pthread -Wl,--no-as-needed -Wl,-ldl -Wl,-lm -Wno-unused-command-line-argument -stdlib=libc++ -Wno-error=missing-field-initializers' Step #3 - "compile-libfuzzer-coverage-x86_64": + CXXFLAGS='-O1 -fno-omit-frame-pointer -gline-tables-only -Wno-error=incompatible-function-pointer-types -Wno-error=int-conversion -Wno-error=deprecated-declarations -Wno-error=implicit-function-declaration -Wno-error=implicit-int -Wno-error=unknown-warning-option -Wno-error=vla-cxx-extension -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fprofile-instr-generate -fcoverage-mapping -pthread -Wl,--no-as-needed -Wl,-ldl -Wl,-lm -Wno-unused-command-line-argument -stdlib=libc++ -Wno-error=missing-field-initializers' Step #3 - "compile-libfuzzer-coverage-x86_64": ++ ls -d test/fuzz/device/cdc/ test/fuzz/device/msc/ test/fuzz/device/net/ Step #3 - "compile-libfuzzer-coverage-x86_64": + fuzz_harness='test/fuzz/device/cdc/ Step #3 - "compile-libfuzzer-coverage-x86_64": test/fuzz/device/msc/ Step #3 - "compile-libfuzzer-coverage-x86_64": test/fuzz/device/net/' Step #3 - "compile-libfuzzer-coverage-x86_64": + for h in $fuzz_harness Step #3 - "compile-libfuzzer-coverage-x86_64": + make -C test/fuzz/device/cdc/ get-deps Step #3 - "compile-libfuzzer-coverage-x86_64": make: Entering directory '/src/tinyusb/test/fuzz/device/cdc' Step #3 - "compile-libfuzzer-coverage-x86_64": python3 /src/tinyusb/tools/get_deps.py Step #3 - "compile-libfuzzer-coverage-x86_64": cloning lib/FreeRTOS-Kernel with https://github.com/FreeRTOS/FreeRTOS-Kernel.git Step #3 - "compile-libfuzzer-coverage-x86_64": cloning lib/lwip with https://github.com/lwip-tcpip/lwip.git Step #3 - "compile-libfuzzer-coverage-x86_64": cloning tools/linkermap with https://github.com/hathach/linkermap.git Step #3 - "compile-libfuzzer-coverage-x86_64": cloning tools/uf2 with https://github.com/microsoft/uf2.git Step #3 - "compile-libfuzzer-coverage-x86_64": make: Leaving directory '/src/tinyusb/test/fuzz/device/cdc' Step #3 - "compile-libfuzzer-coverage-x86_64": + make -C test/fuzz/device/cdc/ all Step #3 - "compile-libfuzzer-coverage-x86_64": make: Entering directory '/src/tinyusb/test/fuzz/device/cdc' Step #3 - "compile-libfuzzer-coverage-x86_64": CC tusb.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC tusb_fifo.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC usbd.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC usbd_control.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC audio_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC cdc_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC dfu_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC dfu_rt_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC hid_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC midi_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC msc_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC mtp_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC ecm_rndis_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC ncm_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC usbtmc_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC video_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC vendor_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CXX usb_descriptors_cxx.o Step #3 - "compile-libfuzzer-coverage-x86_64": CXX fuzz_cxx.o Step #3 - "compile-libfuzzer-coverage-x86_64": CXX dcd_fuzz_cxx.o Step #3 - "compile-libfuzzer-coverage-x86_64": CXX fuzz_cxx.o Step #3 - "compile-libfuzzer-coverage-x86_64": CXX msc_fuzz_cxx.o Step #3 - "compile-libfuzzer-coverage-x86_64": CXX net_fuzz_cxx.o Step #3 - "compile-libfuzzer-coverage-x86_64": CXX usbd_fuzz_cxx.o Step #3 - "compile-libfuzzer-coverage-x86_64": LINK _build/cdc Step #3 - "compile-libfuzzer-coverage-x86_64": make: Leaving directory '/src/tinyusb/test/fuzz/device/cdc' Step #3 - "compile-libfuzzer-coverage-x86_64": ++ basename test/fuzz/device/cdc/ Step #3 - "compile-libfuzzer-coverage-x86_64": + cp test/fuzz/device/cdc//_build/cdc /workspace/out/libfuzzer-coverage-x86_64/ Step #3 - "compile-libfuzzer-coverage-x86_64": ++ basename test/fuzz/device/cdc/ Step #3 - "compile-libfuzzer-coverage-x86_64": + corpus=test/fuzz/device/cdc//cdc_seed_corpus.zip Step #3 - "compile-libfuzzer-coverage-x86_64": + test -f test/fuzz/device/cdc//cdc_seed_corpus.zip Step #3 - "compile-libfuzzer-coverage-x86_64": + cp test/fuzz/device/cdc//cdc_seed_corpus.zip /workspace/out/libfuzzer-coverage-x86_64/ Step #3 - "compile-libfuzzer-coverage-x86_64": + for h in $fuzz_harness Step #3 - "compile-libfuzzer-coverage-x86_64": + make -C test/fuzz/device/msc/ get-deps Step #3 - "compile-libfuzzer-coverage-x86_64": make: Entering directory '/src/tinyusb/test/fuzz/device/msc' Step #3 - "compile-libfuzzer-coverage-x86_64": python3 /src/tinyusb/tools/get_deps.py Step #3 - "compile-libfuzzer-coverage-x86_64": cloning lib/FreeRTOS-Kernel with https://github.com/FreeRTOS/FreeRTOS-Kernel.git Step #3 - "compile-libfuzzer-coverage-x86_64": cloning lib/lwip with https://github.com/lwip-tcpip/lwip.git Step #3 - "compile-libfuzzer-coverage-x86_64": cloning tools/linkermap with https://github.com/hathach/linkermap.git Step #3 - "compile-libfuzzer-coverage-x86_64": cloning tools/uf2 with https://github.com/microsoft/uf2.git Step #3 - "compile-libfuzzer-coverage-x86_64": make: Leaving directory '/src/tinyusb/test/fuzz/device/msc' Step #3 - "compile-libfuzzer-coverage-x86_64": + make -C test/fuzz/device/msc/ all Step #3 - "compile-libfuzzer-coverage-x86_64": make: Entering directory '/src/tinyusb/test/fuzz/device/msc' Step #3 - "compile-libfuzzer-coverage-x86_64": CC tusb.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC tusb_fifo.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC usbd.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC usbd_control.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC audio_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC cdc_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC dfu_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC dfu_rt_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC hid_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC midi_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC msc_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC mtp_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC ecm_rndis_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC ncm_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC usbtmc_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC video_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC vendor_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CXX usb_descriptors_cxx.o Step #3 - "compile-libfuzzer-coverage-x86_64": CXX fuzz_cxx.o Step #3 - "compile-libfuzzer-coverage-x86_64": CXX dcd_fuzz_cxx.o Step #3 - "compile-libfuzzer-coverage-x86_64": CXX fuzz_cxx.o Step #3 - "compile-libfuzzer-coverage-x86_64": CXX msc_fuzz_cxx.o Step #3 - "compile-libfuzzer-coverage-x86_64": CXX net_fuzz_cxx.o Step #3 - "compile-libfuzzer-coverage-x86_64": CXX usbd_fuzz_cxx.o Step #3 - "compile-libfuzzer-coverage-x86_64": LINK _build/msc Step #3 - "compile-libfuzzer-coverage-x86_64": make: Leaving directory '/src/tinyusb/test/fuzz/device/msc' Step #3 - "compile-libfuzzer-coverage-x86_64": ++ basename test/fuzz/device/msc/ Step #3 - "compile-libfuzzer-coverage-x86_64": + cp test/fuzz/device/msc//_build/msc /workspace/out/libfuzzer-coverage-x86_64/ Step #3 - "compile-libfuzzer-coverage-x86_64": ++ basename test/fuzz/device/msc/ Step #3 - "compile-libfuzzer-coverage-x86_64": + corpus=test/fuzz/device/msc//msc_seed_corpus.zip Step #3 - "compile-libfuzzer-coverage-x86_64": + test -f test/fuzz/device/msc//msc_seed_corpus.zip Step #3 - "compile-libfuzzer-coverage-x86_64": + cp test/fuzz/device/msc//msc_seed_corpus.zip /workspace/out/libfuzzer-coverage-x86_64/ Step #3 - "compile-libfuzzer-coverage-x86_64": + for h in $fuzz_harness Step #3 - "compile-libfuzzer-coverage-x86_64": + make -C test/fuzz/device/net/ get-deps Step #3 - "compile-libfuzzer-coverage-x86_64": make: Entering directory '/src/tinyusb/test/fuzz/device/net' Step #3 - "compile-libfuzzer-coverage-x86_64": python3 /src/tinyusb/tools/get_deps.py Step #3 - "compile-libfuzzer-coverage-x86_64": cloning lib/FreeRTOS-Kernel with https://github.com/FreeRTOS/FreeRTOS-Kernel.git Step #3 - "compile-libfuzzer-coverage-x86_64": cloning lib/lwip with https://github.com/lwip-tcpip/lwip.git Step #3 - "compile-libfuzzer-coverage-x86_64": cloning tools/linkermap with https://github.com/hathach/linkermap.git Step #3 - "compile-libfuzzer-coverage-x86_64": cloning tools/uf2 with https://github.com/microsoft/uf2.git Step #3 - "compile-libfuzzer-coverage-x86_64": make: Leaving directory '/src/tinyusb/test/fuzz/device/net' Step #3 - "compile-libfuzzer-coverage-x86_64": + make -C test/fuzz/device/net/ all Step #3 - "compile-libfuzzer-coverage-x86_64": make: Entering directory '/src/tinyusb/test/fuzz/device/net' Step #3 - "compile-libfuzzer-coverage-x86_64": CC altcp.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC altcp_alloc.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC altcp_tcp.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC def.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC dns.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC inet_chksum.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC init.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC ip.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC mem.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC memp.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC netif.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC pbuf.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC raw.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC stats.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC sys.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC tcp.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC tcp_in.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC tcp_out.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC timeouts.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC udp.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC autoip.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC dhcp.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC etharp.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC icmp.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC igmp.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC ip4.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC ip4_addr.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC ip4_frag.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC dhcp6.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC ethip6.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC icmp6.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC inet6.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC ip6.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC ip6_addr.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC ip6_frag.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC mld6.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC nd6.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC ethernet.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC slipif.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC httpd.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC fs.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC dhserver.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC dnserver.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC rndis_reports.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC tusb.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC tusb_fifo.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC usbd.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC usbd_control.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC audio_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC cdc_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC dfu_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC dfu_rt_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC hid_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC midi_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC msc_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC mtp_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC ecm_rndis_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC ncm_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC usbtmc_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC video_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CC vendor_device.o Step #3 - "compile-libfuzzer-coverage-x86_64": CXX usb_descriptors_cxx.o Step #3 - "compile-libfuzzer-coverage-x86_64": CXX fuzz_cxx.o Step #3 - "compile-libfuzzer-coverage-x86_64": CXX dcd_fuzz_cxx.o Step #3 - "compile-libfuzzer-coverage-x86_64": CXX fuzz_cxx.o Step #3 - "compile-libfuzzer-coverage-x86_64": CXX msc_fuzz_cxx.o Step #3 - "compile-libfuzzer-coverage-x86_64": CXX net_fuzz_cxx.o Step #3 - "compile-libfuzzer-coverage-x86_64": CXX usbd_fuzz_cxx.o Step #3 - "compile-libfuzzer-coverage-x86_64": LINK _build/net Step #3 - "compile-libfuzzer-coverage-x86_64": make: Leaving directory '/src/tinyusb/test/fuzz/device/net' Step #3 - "compile-libfuzzer-coverage-x86_64": ++ basename test/fuzz/device/net/ Step #3 - "compile-libfuzzer-coverage-x86_64": + cp test/fuzz/device/net//_build/net /workspace/out/libfuzzer-coverage-x86_64/ Step #3 - "compile-libfuzzer-coverage-x86_64": ++ basename test/fuzz/device/net/ Step #3 - "compile-libfuzzer-coverage-x86_64": + corpus=test/fuzz/device/net//net_seed_corpus.zip Step #3 - "compile-libfuzzer-coverage-x86_64": + test -f test/fuzz/device/net//net_seed_corpus.zip Finished Step #3 - "compile-libfuzzer-coverage-x86_64" Starting Step #4 Step #4: Pulling image: gcr.io/oss-fuzz-base/base-runner Step #4: Using default tag: latest Step #4: latest: Pulling from oss-fuzz-base/base-runner Step #4: b549f31133a9: Already exists Step #4: 331d25ff9ac6: Already exists Step #4: 7f4811f93e43: Already exists Step #4: af41fefaae93: Pulling fs layer Step #4: 4a518ae63354: Pulling fs layer Step #4: fdf6a1f3d4e9: Pulling fs layer Step #4: 421d3824bf7c: Pulling fs layer Step #4: c4d1682a255f: Pulling fs layer Step #4: de2add8be930: Pulling fs layer Step #4: 18248c285058: Pulling fs layer Step #4: 64aa356fd701: Pulling fs layer Step #4: dfe92e50c230: Pulling fs layer Step #4: 01476a19d153: Pulling fs layer Step #4: 666b86a0ef21: Pulling fs layer Step #4: 53ca1cb4e23f: Pulling fs layer Step #4: 837b61cc240b: Pulling fs layer Step #4: 0e9c18a11c6f: Pulling fs layer Step #4: 776213c12561: Pulling fs layer Step #4: 5bec4c9eb524: Pulling fs layer Step #4: ef297f2bb0bf: Pulling fs layer Step #4: 6c231c715396: Pulling fs layer Step #4: 837b61cc240b: Waiting Step #4: 0384d9df3071: Pulling fs layer Step #4: 18248c285058: Waiting Step #4: ed88f7341982: Pulling fs layer Step #4: 64aa356fd701: Waiting Step #4: 0e9c18a11c6f: Waiting Step #4: dfe92e50c230: Waiting Step #4: c43797feedc2: Pulling fs layer Step #4: 8dd4699374e0: Pulling fs layer Step #4: 2710c0ab2722: Pulling fs layer Step #4: 776213c12561: Waiting Step #4: 5bec4c9eb524: Waiting Step #4: 6c231c715396: Waiting Step #4: 9a55b5a70812: Pulling fs layer Step #4: ef297f2bb0bf: Waiting Step #4: 0384d9df3071: Waiting Step #4: ed88f7341982: Waiting Step #4: 8dd4699374e0: Waiting Step #4: 2710c0ab2722: Waiting Step #4: 01476a19d153: Waiting Step #4: 9a55b5a70812: Waiting Step #4: 666b86a0ef21: Waiting Step #4: 53ca1cb4e23f: Waiting Step #4: fdf6a1f3d4e9: Download complete Step #4: af41fefaae93: Verifying Checksum Step #4: af41fefaae93: Download complete Step #4: c4d1682a255f: Verifying Checksum Step #4: c4d1682a255f: Download complete Step #4: 18248c285058: Verifying Checksum Step #4: 18248c285058: Download complete Step #4: 421d3824bf7c: Verifying Checksum Step #4: 421d3824bf7c: Download complete Step #4: 4a518ae63354: Download complete Step #4: 64aa356fd701: Verifying Checksum Step #4: 64aa356fd701: Download complete Step #4: dfe92e50c230: Download complete Step #4: af41fefaae93: Pull complete Step #4: 53ca1cb4e23f: Download complete Step #4: 837b61cc240b: Download complete Step #4: 666b86a0ef21: Verifying Checksum Step #4: 666b86a0ef21: Download complete Step #4: 776213c12561: Download complete Step #4: ef297f2bb0bf: Verifying Checksum Step #4: ef297f2bb0bf: Download complete Step #4: 6c231c715396: Verifying Checksum Step #4: 6c231c715396: Download complete Step #4: 4a518ae63354: Pull complete Step #4: de2add8be930: Verifying Checksum Step #4: de2add8be930: Download complete Step #4: fdf6a1f3d4e9: Pull complete Step #4: c43797feedc2: Verifying Checksum Step #4: c43797feedc2: Download complete Step #4: ed88f7341982: Verifying Checksum Step #4: ed88f7341982: Download complete Step #4: 01476a19d153: Verifying Checksum Step #4: 01476a19d153: Download complete Step #4: 2710c0ab2722: Verifying Checksum Step #4: 2710c0ab2722: Download complete Step #4: 9a55b5a70812: Download complete Step #4: 421d3824bf7c: Pull complete Step #4: 8dd4699374e0: Verifying Checksum Step #4: 8dd4699374e0: Download complete Step #4: c4d1682a255f: Pull complete Step #4: 0384d9df3071: Verifying Checksum Step #4: 0384d9df3071: Download complete Step #4: 0e9c18a11c6f: Verifying Checksum Step #4: 0e9c18a11c6f: Download complete Step #4: 5bec4c9eb524: Verifying Checksum Step #4: 5bec4c9eb524: Download complete Step #4: de2add8be930: Pull complete Step #4: 18248c285058: Pull complete Step #4: 64aa356fd701: Pull complete Step #4: dfe92e50c230: Pull complete Step #4: 01476a19d153: Pull complete Step #4: 666b86a0ef21: Pull complete Step #4: 53ca1cb4e23f: Pull complete Step #4: 837b61cc240b: Pull complete Step #4: 0e9c18a11c6f: Pull complete Step #4: 776213c12561: Pull complete Step #4: 5bec4c9eb524: Pull complete Step #4: ef297f2bb0bf: Pull complete Step #4: 6c231c715396: Pull complete Step #4: 0384d9df3071: Pull complete Step #4: ed88f7341982: Pull complete Step #4: c43797feedc2: Pull complete Step #4: 8dd4699374e0: Pull complete Step #4: 2710c0ab2722: Pull complete Step #4: 9a55b5a70812: Pull complete Step #4: Digest: sha256:8236763117bccc523e675c6ecb6a1215c4fd60620d8553d02b5fac53efb8921e Step #4: Status: Downloaded newer image for gcr.io/oss-fuzz-base/base-runner:latest Step #4: gcr.io/oss-fuzz-base/base-runner:latest Finished Step #4 Starting Step #5 Step #5: Already have image (with digest): gcr.io/oss-fuzz-base/base-runner Step #5: Running cdc Step #5: Running net Step #5: Running msc Step #5: [2026-01-14 06:07:26,040 INFO] Finding shared libraries for targets (if any). Step #5: [2026-01-14 06:07:26,051 INFO] Finished finding shared libraries for targets. Step #5: Coverage error, creating log file: /workspace/out/libfuzzer-coverage-x86_64/fuzzer_stats/cdc_error.log Step #5: Error occured while running msc: Step #5: Cov returncode: 0, grep returncode: 0 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 3953163180 Step #5: MERGE-OUTER: 836 files, 0 in the initial corpus, 0 processed earlier Step #5: MERGE-OUTER: attempt 1 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 3953181985 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: 836 total files; 0 processed earlier; will process 836 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==69==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5579474089d4 (pc 0x7f601c2d198c bp 0x7fff622ac860 sp 0x7fff622ac828 T69) Step #5: ==69==The signal is caused by a WRITE memory access. Step #5: #0 0x7f601c2d198c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55794749c23d in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55794749c23d in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55794749d43c in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55794749d43c in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55794749d43c in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55794749d43c in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55794749fdad in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55794749fdad in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55794749fa05 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:59:5 Step #5: #10 0x55794743da7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x5579474468e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55794742d5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5579474592d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f601c16a082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x557947420e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==69==Register values: Step #5: rax = 0x00005579474089d4 rbx = 0x00005579474ad0b0 rcx = 0x00000000474022ab rdx = 0x0000000000000018 Step #5: rdi = 0x00005579474089d4 rsi = 0x00007fff622ac8d0 rbp = 0x00007fff622ac860 rsp = 0x00007fff622ac828 Step #5: r8 = 0x0000000000007824 r9 = 0x0000000000000000 r10 = 0x0000000000000000 r11 = 0x00007fff62343080 Step #5: r12 = 0x0000557947c79a20 r13 = 0x0000000000005579 r14 = 0x0000000000000018 r15 = 0x00005579474ad0b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==69==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x1,0x1,0x1,0x1, Step #5: \001\001\001\001 Step #5: artifact_prefix='./'; Test unit written to ./crash-a93755f8273b0e8dc4b0ecc158e5853119a24bf0 Step #5: Base64: AQEBAQ== Step #5: MERGE-OUTER: attempt 2 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 3953230856 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/a93755f8273b0e8dc4b0ecc158e5853119a24bf0' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 10 processed earlier; will process 826 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==82==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffd44eed338 (pc 0x7ffd44eed338 bp 0x7ffd44eed300 sp 0x7ffd44eed2a8 T82) Step #5: #0 0x7ffd44eed338 () Step #5: #1 0x55c44d776a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55c44d776a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55c44d714a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55c44d71d8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55c44d7045c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55c44d7302d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fd7e999e082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==82==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0xff,0xff,0xff,0xc, Step #5: \377\377\377\014 Step #5: artifact_prefix='./'; Test unit written to ./crash-e273c4e7689b9dc61a4e3d913182e6701089936b Step #5: Base64: ////DA== Step #5: MERGE-OUTER: attempt 3 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 3953276474 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/e273c4e7689b9dc61a4e3d913182e6701089936b' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 12 processed earlier; will process 824 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x6,0x31,0x0,0x20, Step #5: \0061\000 Step #5: artifact_prefix='./'; Test unit written to ./timeout-be74bb5fb2827ecef60edf14e11be4585a6ebb7a Step #5: Base64: BjEAIA== Step #5: ==93== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x55c78fb84914 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x55c78fb41a58 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x55c78fb2531b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7f786f71d08f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x55c78fb852fa in usbd_int_set /src/tinyusb/src/device/usbd.c Step #5: #5 0x55c78fb85560 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:188:3 Step #5: #6 0x55c78fb85560 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #7 0x55c78fb88a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #8 0x55c78fb88a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #9 0x55c78fb26a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #10 0x55c78fb2f8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #11 0x55c78fb165c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #12 0x55c78fb422d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #13 0x7f786f6fe082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #14 0x55c78fb09e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 4 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4055325650 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/be74bb5fb2827ecef60edf14e11be4585a6ebb7a' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 17 processed earlier; will process 819 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: #16 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==697==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55b72e390a12 (pc 0x7f1d60b4298c bp 0x7fff30c02f30 sp 0x7fff30c02ef8 T697) Step #5: ==697==The signal is caused by a WRITE memory access. Step #5: #0 0x7f1d60b4298c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55b72e42423d in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55b72e42423d in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55b72e42543c in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55b72e42543c in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55b72e42543c in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55b72e42543c in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55b72e427f40 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x55b72e427f40 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x55b72e427a05 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:59:5 Step #5: #10 0x55b72e3c5a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55b72e3ce8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55b72e3b55c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55b72e3e12d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f1d609db082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55b72e3a8e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==697==Register values: Step #5: rax = 0x000055b72e390a12 rbx = 0x000055b72e4350b0 rcx = 0x000000002e38a26d rdx = 0x0000000000000018 Step #5: rdi = 0x000055b72e390a12 rsi = 0x00007fff30c02fa0 rbp = 0x00007fff30c02f30 rsp = 0x00007fff30c02ef8 Step #5: r8 = 0x000000000000f824 r9 = 0x0000000000000000 r10 = 0x0000000000000000 r11 = 0x00007fff30c29080 Step #5: r12 = 0x00000000000000ff r13 = 0x00000000000055b7 r14 = 0x0000000000000018 r15 = 0x000055b72e4350b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==697==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x3,0x32,0x1f,0x0,0xff,0x45, Step #5: \000\0032\037\000\377E Step #5: artifact_prefix='./'; Test unit written to ./crash-cf28c596d148f9168eaa95cbc95ba03cfdf0f46b Step #5: Base64: AAMyHwD/RQ== Step #5: MERGE-OUTER: attempt 5 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4055374582 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/cf28c596d148f9168eaa95cbc95ba03cfdf0f46b' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 49 processed earlier; will process 787 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: #16 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==701==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55a6dbd911dd (pc 0x7fae8d6df98c bp 0x7ffc39a3a350 sp 0x7ffc39a3a318 T701) Step #5: ==701==The signal is caused by a WRITE memory access. Step #5: #0 0x7fae8d6df98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55a6dbe2823d in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55a6dbe2823d in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55a6dbe2943c in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55a6dbe2943c in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55a6dbe2943c in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55a6dbe2943c in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55a6dbe2bf40 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x55a6dbe2bf40 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x55a6dbe2ba05 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:59:5 Step #5: #10 0x55a6dbdc9a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55a6dbdd28e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55a6dbdb95c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55a6dbde52d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fae8d578082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55a6dbdace7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==701==Register values: Step #5: rax = 0x000055a6dbd911dd rbx = 0x000055a6dbe390b0 rcx = 0x00000000dbd91aa2 rdx = 0x0000000000000018 Step #5: rdi = 0x000055a6dbd911dd rsi = 0x00007ffc39a3a3c0 rbp = 0x00007ffc39a3a350 rsp = 0x00007ffc39a3a318 Step #5: r8 = 0x0000000000003824 r9 = 0x0000000000000000 r10 = 0x0000000000000000 r11 = 0x00007ffc39ba8080 Step #5: r12 = 0x0000000000000002 r13 = 0x00000000000055a6 r14 = 0x0000000000000018 r15 = 0x000055a6dbe390b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==701==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0x0,0x3,0xe7,0x2,0x2,0x6, Step #5: \000\006\000\003\347\002\002\006 Step #5: artifact_prefix='./'; Test unit written to ./crash-3f2162d55cb3f79bb6eed7fc6ca35d8d39ab891f Step #5: Base64: AAYAA+cCAgY= Step #5: MERGE-OUTER: attempt 6 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4055423113 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/3f2162d55cb3f79bb6eed7fc6ca35d8d39ab891f' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 78 processed earlier; will process 758 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==706==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5613c3c38a6e (pc 0x7f2fcf46d98c bp 0x7ffe87f15050 sp 0x7ffe87f15018 T706) Step #5: ==706==The signal is caused by a WRITE memory access. Step #5: #0 0x7f2fcf46d98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x5613c3ccc23d in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x5613c3ccc23d in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x5613c3ccd43c in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x5613c3ccd43c in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x5613c3ccd43c in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x5613c3ccd43c in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x5613c3ccff40 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x5613c3ccff40 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x5613c3ccfa05 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:59:5 Step #5: #10 0x5613c3c6da7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x5613c3c768e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x5613c3c5d5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5613c3c892d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f2fcf306082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x5613c3c50e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==706==Register values: Step #5: rax = 0x00005613c3c38a6e rbx = 0x00005613c3cdd0b0 rcx = 0x00000000c3c32211 rdx = 0x0000000000000018 Step #5: rdi = 0x00005613c3c38a6e rsi = 0x00007ffe87f150c0 rbp = 0x00007ffe87f15050 rsp = 0x00007ffe87f15018 Step #5: r8 = 0x0000000000007824 r9 = 0x0000000000000000 r10 = 0x0000000000000000 r11 = 0x00007ffe87f3d080 Step #5: r12 = 0x00000000000000a8 r13 = 0x0000000000005613 r14 = 0x0000000000000018 r15 = 0x00005613c3cdd0b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==706==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x3,0xe5,0xc,0xfd,0x0,0xa8,0x60, Step #5: \000\003\345\014\375\000\250` Step #5: artifact_prefix='./'; Test unit written to ./crash-b22002c30e9c749c4c96d6797f240565eabc8c2f Step #5: Base64: AAPlDP0AqGA= Step #5: MERGE-OUTER: attempt 7 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4055470614 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/b22002c30e9c749c4c96d6797f240565eabc8c2f' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 87 processed earlier; will process 749 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: #16 pulse exec/s: 0 rss: 28Mb Step #5: #32 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==713==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x56511a70a1be (pc 0x56511a748f32 bp 0x7ffea6a374f0 sp 0x7ffea6a374c0 T713) Step #5: ==713==The signal is caused by a WRITE memory access. Step #5: #0 0x56511a748f32 in correct_read_index /src/tinyusb/src/common/tusb_fifo.c:454:13 Step #5: #1 0x56511a748f32 in tu_fifo_peek_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:473:14 Step #5: #2 0x56511a74900d in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:509:15 Step #5: #3 0x56511a749552 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #4 0x56511a749552 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #5 0x56511a749552 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #6 0x56511a74ca18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #7 0x56511a74ca18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #8 0x56511a6eaa7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #9 0x56511a6f38e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #10 0x56511a6da5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #11 0x56511a7062d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #12 0x7f21f90ef082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #13 0x56511a6cde7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: correct_read_index--tu_fifo_peek_n_access_mode--tu_fifo_read_n_access_mode Step #5: ==713==Register values: Step #5: rax = 0x0000000000004ce7 rbx = 0x0000000000000018 rcx = 0x0000000000001301 rdx = 0x0000000000000018 Step #5: rdi = 0x000056511a70a1b0 rsi = 0x00007ffea6a37528 rbp = 0x00007ffea6a374f0 rsp = 0x00007ffea6a374c0 Step #5: r8 = 0x0000000000001301 r9 = 0x0000000000004ce7 r10 = 0x0000000000000000 r11 = 0x00007ffea6bcb080 Step #5: r12 = 0x000056511a6b7698 r13 = 0x000056511a70a1b0 r14 = 0x000056511cc4ae90 r15 = 0x00007ffea6a37528 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV /src/tinyusb/src/common/tusb_fifo.c:454:13 in correct_read_index Step #5: ==713==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x6e,0x6f,0x6f,0x6e,0x53,0x65,0x53,0x7b,0x7d, Step #5: noonSeS{} Step #5: artifact_prefix='./'; Test unit written to ./crash-df6c17655153290758164154a6bf7f5127e9cd4a Step #5: Base64: bm9vblNlU3t9 Step #5: MERGE-OUTER: attempt 8 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4055518983 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/df6c17655153290758164154a6bf7f5127e9cd4a' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 121 processed earlier; will process 715 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==717==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55a6c8e2f1be (pc 0x55a6c8e6df32 bp 0x7fffe29a4820 sp 0x7fffe29a47f0 T717) Step #5: ==717==The signal is caused by a WRITE memory access. Step #5: #0 0x55a6c8e6df32 in correct_read_index /src/tinyusb/src/common/tusb_fifo.c:454:13 Step #5: #1 0x55a6c8e6df32 in tu_fifo_peek_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:473:14 Step #5: #2 0x55a6c8e6e00d in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:509:15 Step #5: #3 0x55a6c8e6e552 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #4 0x55a6c8e6e552 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #5 0x55a6c8e6e552 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #6 0x55a6c8e71a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #7 0x55a6c8e71a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #8 0x55a6c8e0fa7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #9 0x55a6c8e188e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #10 0x55a6c8dff5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #11 0x55a6c8e2b2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #12 0x7f8c7f836082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #13 0x55a6c8df2e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: correct_read_index--tu_fifo_peek_n_access_mode--tu_fifo_read_n_access_mode Step #5: ==717==Register values: Step #5: rax = 0x0000000000004ce7 rbx = 0x0000000000000018 rcx = 0x0000000000001301 rdx = 0x0000000000000018 Step #5: rdi = 0x000055a6c8e2f1b0 rsi = 0x00007fffe29a4858 rbp = 0x00007fffe29a4820 rsp = 0x00007fffe29a47f0 Step #5: r8 = 0x0000000000001301 r9 = 0x0000000000004ce7 r10 = 0x0000000000000000 r11 = 0x00007fffe29e3080 Step #5: r12 = 0x000055a6c8ddc698 r13 = 0x000055a6c8e2f1b0 r14 = 0x000055a6cb0d2e90 r15 = 0x00007fffe29a4858 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV /src/tinyusb/src/common/tusb_fifo.c:454:13 in correct_read_index Step #5: ==717==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x34,0x69,0x6e,0x73,0x74,0x61,0x6e,0x63,0x65,0x6b, Step #5: 4instancek Step #5: artifact_prefix='./'; Test unit written to ./crash-15ed1955760aa2d9d530dd013ab3c5f050b487bb Step #5: Base64: NGluc3RhbmNlaw== Step #5: MERGE-OUTER: attempt 9 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4055566428 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/15ed1955760aa2d9d530dd013ab3c5f050b487bb' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 126 processed earlier; will process 710 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: #16 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==721==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffc7d1afff8 (pc 0x558cac931744 bp 0x7ffc7d9adeb0 sp 0x7ffc7d1b0000 T721) Step #5: #0 0x558cac931744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x558cac934a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x558cac934a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x558cac8d2a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x558cac8db8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x558cac8c25c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x558cac8ee2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f47b43df082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x558cac8b5e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==721==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x13,0xdd,0xfd,0x7f,0xa5,0x96,0x13,0xdd,0xfd,0x7f,0xa5,0x96, Step #5: \000\023\335\375\177\245\226\023\335\375\177\245\226 Step #5: artifact_prefix='./'; Test unit written to ./crash-eff0a5ba3e70be4dbd0bb148fcc42a73d57dea4d Step #5: Base64: ABPd/X+llhPd/X+llg== Step #5: MERGE-OUTER: attempt 10 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4055622895 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/eff0a5ba3e70be4dbd0bb148fcc42a73d57dea4d' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 158 processed earlier; will process 678 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==725==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55c023695a60 (pc 0x55c023695a60 bp 0x0000000001f4 sp 0x7ffce4839ce8 T725) Step #5: ==725==The signal is caused by a READ memory access. Step #5: ==725==Hint: PC is at a non-executable region. Maybe a wild jump? Step #5: #0 0x55c023695a60 () Step #5: Step #5: ==725==Register values: Step #5: rax = 0x000055c02260b401 rbx = 0x0000000000000001 rcx = 0x0000000000000018 rdx = 0x0000000000000180 Step #5: rdi = 0x0000000000000001 rsi = 0x0000000000000018 rbp = 0x00000000000001f4 rsp = 0x00007ffce4839ce8 Step #5: r8 = 0x0000000000000000 r9 = 0x0000000000000180 r10 = 0xfffffffffffff04a r11 = 0x00007f87003046d0 Step #5: r12 = 0x00007ffce483086d r13 = 0x000055c02260b493 r14 = 0x0000000000000001 r15 = 0x000055c023674efe Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV () Step #5: ==725==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x6,0x3,0x3,0xff,0x1,0xfc,0xf9,0xfc,0xff,0xff,0x6d,0x6d, Step #5: \200\006\003\003\377\001\374\371\374\377\377mm Step #5: artifact_prefix='./'; Test unit written to ./crash-33e09fe5d8e74ad9bab9900f4d41ed5359360990 Step #5: Base64: gAYDA/8B/Pn8//9tbQ== Step #5: MERGE-OUTER: attempt 11 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4055638501 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/33e09fe5d8e74ad9bab9900f4d41ed5359360990' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 159 processed earlier; will process 677 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==728==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffcdd03f188 (pc 0x7ffcdd03f188 bp 0x7ffcdd03f150 sp 0x7ffcdd03f0f8 T728) Step #5: #0 0x7ffcdd03f188 () Step #5: #1 0x55674301aa18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55674301aa18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x556742fb8a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x556742fc18e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x556742fa85c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x556742fd42d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f76e5e4e082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==728==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0xff,0x1f,0xff,0x1f,0xa0,0x1f,0xff,0x1f,0xa0,0x80,0xa0,0x80,0xab,0xb9, Step #5: \000\377\037\377\037\240\037\377\037\240\200\240\200\253\271 Step #5: artifact_prefix='./'; Test unit written to ./crash-dc9a3fe0a44dcd5e5652e1fd8d0c266b76a706ad Step #5: Base64: AP8f/x+gH/8foICggKu5 Step #5: MERGE-OUTER: attempt 12 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4055684628 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/dc9a3fe0a44dcd5e5652e1fd8d0c266b76a706ad' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 167 processed earlier; will process 669 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==732==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55a12951aa60 (pc 0x55a12951aa60 bp 0x0000000001f4 sp 0x7fff1a4084e8 T732) Step #5: ==732==The signal is caused by a READ memory access. Step #5: ==732==Hint: PC is at a non-executable region. Maybe a wild jump? Step #5: #0 0x55a12951aa60 () Step #5: Step #5: ==732==Register values: Step #5: rax = 0x000055a127f78401 rbx = 0x0000000000000001 rcx = 0x0000000000000018 rdx = 0x0000000000000180 Step #5: rdi = 0x0000000000000001 rsi = 0x0000000000000018 rbp = 0x00000000000001f4 rsp = 0x00007fff1a4084e8 Step #5: r8 = 0x0000000000000000 r9 = 0x0000000000000180 r10 = 0xfffffffffffff04a r11 = 0x00007f3f54fde6d0 Step #5: r12 = 0x00007fff1a4008ff r13 = 0x000055a127f78493 r14 = 0x0000000000000001 r15 = 0x000055a1294f9efe Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV () Step #5: ==732==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x21,0x0,0x0,0x8,0xf7,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xdb, Step #5: !\000\000\010\367\377\377\377\377\377\377\377\377\377\333 Step #5: artifact_prefix='./'; Test unit written to ./crash-67f7152fff6a504a1c3a9e69960bb045ac2a0512 Step #5: Base64: IQAACPf////////////b Step #5: MERGE-OUTER: attempt 13 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4055700186 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/67f7152fff6a504a1c3a9e69960bb045ac2a0512' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 168 processed earlier; will process 668 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==735==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55bd5dc281be (pc 0x55bd5dc56f32 bp 0x7ffcc800d7d0 sp 0x7ffcc800d7a0 T735) Step #5: ==735==The signal is caused by a WRITE memory access. Step #5: #0 0x55bd5dc56f32 in correct_read_index /src/tinyusb/src/common/tusb_fifo.c:454:13 Step #5: #1 0x55bd5dc56f32 in tu_fifo_peek_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:473:14 Step #5: #2 0x55bd5dc5700d in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:509:15 Step #5: #3 0x55bd5dc57552 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #4 0x55bd5dc57552 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #5 0x55bd5dc57552 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #6 0x55bd5dc5aa18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #7 0x55bd5dc5aa18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #8 0x55bd5dbf8a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #9 0x55bd5dc018e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #10 0x55bd5dbe85c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #11 0x55bd5dc142d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #12 0x7f504d756082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #13 0x55bd5dbdbe7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: correct_read_index--tu_fifo_peek_n_access_mode--tu_fifo_read_n_access_mode Step #5: ==735==Register values: Step #5: rax = 0x0000000000000f41 rbx = 0x0000000000000018 rcx = 0x0000000000003625 rdx = 0x0000000000000018 Step #5: rdi = 0x000055bd5dc281b0 rsi = 0x00007ffcc800d808 rbp = 0x00007ffcc800d7d0 rsp = 0x00007ffcc800d7a0 Step #5: r8 = 0x0000000000003625 r9 = 0x0000000000000f41 r10 = 0x0000000000000000 r11 = 0x00007ffcc8023080 Step #5: r12 = 0x000055bd5dbc5698 r13 = 0x000055bd5dc281b0 r14 = 0x000055bd5e25de90 r15 = 0x00007ffcc800d808 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV /src/tinyusb/src/common/tusb_fifo.c:454:13 in correct_read_index Step #5: ==735==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x91,0xf3,0x2e,0x95,0xae,0x95,0xae,0x9d,0xae,0x95,0xae,0x95,0x5a,0x9e,0xae,0xc5, Step #5: \221\363.\225\256\225\256\235\256\225\256\225Z\236\256\305 Step #5: artifact_prefix='./'; Test unit written to ./crash-c04da22dcac6b448c83b4273429c222a17d87966 Step #5: Base64: kfMula6Vrp2ula6VWp6uxQ== Step #5: MERGE-OUTER: attempt 14 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4055746697 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/c04da22dcac6b448c83b4273429c222a17d87966' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 170 processed earlier; will process 666 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: #16 pulse exec/s: 0 rss: 28Mb Step #5: #32 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==739==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x565553fa51be (pc 0x565553fa3f32 bp 0x7ffe1ad30ae0 sp 0x7ffe1ad30ab0 T739) Step #5: ==739==The signal is caused by a WRITE memory access. Step #5: #0 0x565553fa3f32 in correct_read_index /src/tinyusb/src/common/tusb_fifo.c:454:13 Step #5: #1 0x565553fa3f32 in tu_fifo_peek_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:473:14 Step #5: #2 0x565553fa400d in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:509:15 Step #5: #3 0x565553fa4552 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #4 0x565553fa4552 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #5 0x565553fa4552 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #6 0x565553fa7a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #7 0x565553fa7a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #8 0x565553f45a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #9 0x565553f4e8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #10 0x565553f355c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #11 0x565553f612d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #12 0x7f9dd4a47082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #13 0x565553f28e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: correct_read_index--tu_fifo_peek_n_access_mode--tu_fifo_read_n_access_mode Step #5: ==739==Register values: Step #5: rax = 0x00000000000056a3 rbx = 0x0000000000000018 rcx = 0x0000000000002d6c rdx = 0x0000000000000018 Step #5: rdi = 0x0000565553fa51b0 rsi = 0x00007ffe1ad30b18 rbp = 0x00007ffe1ad30ae0 rsp = 0x00007ffe1ad30ab0 Step #5: r8 = 0x0000000000002d6c r9 = 0x00000000000056a3 r10 = 0x0000000000000000 r11 = 0x00007ffe1ad65080 Step #5: r12 = 0x0000565553f12698 r13 = 0x0000565553fa51b0 r14 = 0x0000565555dd2e90 r15 = 0x00007ffe1ad30b18 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV /src/tinyusb/src/common/tusb_fifo.c:454:13 in correct_read_index Step #5: ==739==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x91,0xf3,0x2e,0x95,0xae,0xf3,0x2e,0x95,0xae,0xf3,0xe0,0x80,0xbf,0xf3,0xa0,0x81,0x9d,0x95,0xae,0x9d, Step #5: \221\363.\225\256\363.\225\256\363\340\200\277\363\240\201\235\225\256\235 Step #5: artifact_prefix='./'; Test unit written to ./crash-5fbab86e2b3f695d581fb822c399f1680ebc8911 Step #5: Base64: kfMula7zLpWu8+CAv/OggZ2Vrp0= Step #5: MERGE-OUTER: attempt 15 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4055795091 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/5fbab86e2b3f695d581fb822c399f1680ebc8911' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 204 processed earlier; will process 632 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==743==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5588d67589e3 (pc 0x7f7eddedd98c bp 0x7ffd1fda9b00 sp 0x7ffd1fda9ac8 T743) Step #5: ==743==The signal is caused by a WRITE memory access. Step #5: #0 0x7f7eddedd98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x5588d67ec23d in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x5588d67ec23d in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x5588d67ed43c in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x5588d67ed43c in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x5588d67ed43c in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x5588d67ed43c in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x5588d67efdad in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x5588d67efdad in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x5588d67efa05 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:59:5 Step #5: #10 0x5588d678da7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x5588d67968e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x5588d677d5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5588d67a92d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f7eddd76082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x5588d6770e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==743==Register values: Step #5: rax = 0x00005588d67589e3 rbx = 0x00005588d67fd0b0 rcx = 0x00000000d675229c rdx = 0x0000000000000018 Step #5: rdi = 0x00005588d67589e3 rsi = 0x00007ffd1fda9b70 rbp = 0x00007ffd1fda9b00 rsp = 0x00007ffd1fda9ac8 Step #5: r8 = 0x0000000000007824 r9 = 0x0000000000000000 r10 = 0x0000000000000000 r11 = 0x00007ffd1fdd0080 Step #5: r12 = 0x00005588d7432a60 r13 = 0x0000000000005588 r14 = 0x0000000000000018 r15 = 0x00005588d67fd0b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==743==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x3,0x2b,0x3,0x1,0x2c,0x7b,0x3,0x1,0x2c,0x7a,0x3,0x1,0x66,0x68,0x80,0xab,0x24,0xcd,0x41,0x96,0x10, Step #5: \003+\003\001,{\003\001,z\003\001fh\200\253$\315A\226\020 Step #5: artifact_prefix='./'; Test unit written to ./crash-a3325fee2c2412149a09d1820cc0eb2b37dafbca Step #5: Base64: AysDASx7AwEsegMBZmiAqyTNQZYQ Step #5: MERGE-OUTER: attempt 16 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4055842991 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/a3325fee2c2412149a09d1820cc0eb2b37dafbca' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 211 processed earlier; will process 625 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x5b,0x5d,0x7d,0xae,0x73,0xae,0x95,0xae,0x95,0xae,0x85,0xae,0x95,0xae,0x95,0xae,0x95,0xae,0x95,0xae,0x95,0x94,0xae,0xae,0x95, Step #5: []}\256s\256\225\256\225\256\205\256\225\256\225\256\225\256\225\256\225\224\256\256\225 Step #5: artifact_prefix='./'; Test unit written to ./timeout-3c817497f692c8dc6018449a7ef5181abb8032f9 Step #5: Base64: W119rnOula6VroWula6VrpWula6VlK6ulQ== Step #5: ==747== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x561b59474914 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x561b59431a58 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x561b5941531b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7f5e674a708f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x561b59474ff5 in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:505 Step #5: #5 0x561b59475552 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #6 0x561b59475552 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #7 0x561b59475552 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #8 0x561b59478a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #9 0x561b59478a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #10 0x561b59416a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x561b5941f8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x561b594065c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x561b594322d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f5e67488082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x561b593f9e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 17 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4157889948 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/3c817497f692c8dc6018449a7ef5181abb8032f9' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 223 processed earlier; will process 613 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==791==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55b7de4aa1be (pc 0x55b7de4d8f32 bp 0x7ffe5208cae0 sp 0x7ffe5208cab0 T791) Step #5: ==791==The signal is caused by a WRITE memory access. Step #5: #0 0x55b7de4d8f32 in correct_read_index /src/tinyusb/src/common/tusb_fifo.c:454:13 Step #5: #1 0x55b7de4d8f32 in tu_fifo_peek_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:473:14 Step #5: #2 0x55b7de4d900d in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:509:15 Step #5: #3 0x55b7de4d9552 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #4 0x55b7de4d9552 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #5 0x55b7de4d9552 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #6 0x55b7de4dca18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #7 0x55b7de4dca18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #8 0x55b7de47aa7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #9 0x55b7de4838e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #10 0x55b7de46a5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #11 0x55b7de4962d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #12 0x7fb52d683082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #13 0x55b7de45de7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: correct_read_index--tu_fifo_peek_n_access_mode--tu_fifo_read_n_access_mode Step #5: ==791==Register values: Step #5: rax = 0x0000000000000f41 rbx = 0x0000000000000018 rcx = 0x0000000000003625 rdx = 0x0000000000000018 Step #5: rdi = 0x000055b7de4aa1b0 rsi = 0x00007ffe5208cb18 rbp = 0x00007ffe5208cae0 rsp = 0x00007ffe5208cab0 Step #5: r8 = 0x0000000000003625 r9 = 0x0000000000000f41 r10 = 0x0000000000000000 r11 = 0x00007ffe5219d080 Step #5: r12 = 0x000055b7de447698 r13 = 0x000055b7de4aa1b0 r14 = 0x000055b7deb69e90 r15 = 0x00007ffe5208cb18 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV /src/tinyusb/src/common/tusb_fifo.c:454:13 in correct_read_index Step #5: ==791==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x5b,0x5d,0x7d,0xae,0x73,0xae,0x95,0xae,0x95,0xae,0x85,0xae,0x95,0xae,0x95,0xae,0x95,0xae,0x95,0x12,0x95,0x94,0xae,0xae,0x95, Step #5: []}\256s\256\225\256\225\256\205\256\225\256\225\256\225\256\225\022\225\224\256\256\225 Step #5: artifact_prefix='./'; Test unit written to ./crash-8e00bc50dc8d6c728de45c7726ba963c73e5041f Step #5: Base64: W119rnOula6VroWula6VrpWulRKVlK6ulQ== Step #5: MERGE-OUTER: attempt 18 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4157936886 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/8e00bc50dc8d6c728de45c7726ba963c73e5041f' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 225 processed earlier; will process 611 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==799==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffc12366b68 (pc 0x7ffc12366b68 bp 0x7ffc12366b30 sp 0x7ffc12366ad8 T799) Step #5: #0 0x7ffc12366b68 () Step #5: #1 0x563fdcf9fa18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x563fdcf9fa18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x563fdcf3da7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x563fdcf468e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x563fdcf2d5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x563fdcf592d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fdc9458c082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==799==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0xff,0xff,0x1f,0xa0,0x1f,0xff,0x1f,0xa0,0x1f,0x1f,0xa0,0x1f,0x1f,0xff,0x1f,0xa0,0x1f,0xff,0x1f,0xa0,0xab,0xb9,0x80,0xa0,0x80, Step #5: \000\377\377\037\240\037\377\037\240\037\037\240\037\037\377\037\240\037\377\037\240\253\271\200\240\200 Step #5: artifact_prefix='./'; Test unit written to ./crash-793f7697404901a77a56e2db25f06c1fd45abcac Step #5: Base64: AP//H6Af/x+gHx+gHx//H6Af/x+gq7mAoIA= Step #5: MERGE-OUTER: attempt 19 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4157982319 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/793f7697404901a77a56e2db25f06c1fd45abcac' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 231 processed earlier; will process 605 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==806==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe62691ff8 (pc 0x55ee11cef744 bp 0x7ffe62e90120 sp 0x7ffe62692000 T806) Step #5: #0 0x55ee11cef744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55ee11cf2a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55ee11cf2a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55ee11c90a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55ee11c998e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55ee11c805c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55ee11cac2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fe622c48082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55ee11c73e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==806==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x2,0x0,0x2c,0x0,0x0,0x6,0xc2,0x0,0x2,0x0,0xbf,0xbf,0x82,0x9f,0xff,0x0,0x2,0x7,0x12,0x3d,0x7e,0x40,0xdb,0x3d,0xff,0x81, Step #5: \002\000,\000\000\006\302\000\002\000\277\277\202\237\377\000\002\007\022=~@\333=\377\201 Step #5: artifact_prefix='./'; Test unit written to ./crash-a3489586b26f38c2ad6053e7c2796bc9ee80e978 Step #5: Base64: AgAsAAAGwgACAL+/gp//AAIHEj1+QNs9/4E= Step #5: MERGE-OUTER: attempt 20 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4158037879 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/a3489586b26f38c2ad6053e7c2796bc9ee80e978' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 233 processed earlier; will process 603 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: #16 pulse exec/s: 0 rss: 28Mb Step #5: #32 pulse exec/s: 0 rss: 28Mb Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x8,0x0,0x0,0x0,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x47,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0xcd,0x8f,0x31,0x23, Step #5: \200\010\000\000\000%F%F%F%%F%F%F%F%F%F%F%G%F%F%F%\315\2171# Step #5: artifact_prefix='./'; Test unit written to ./timeout-44cacdd7c04a92bdb95ec8e4f01ec3f89e95d804 Step #5: Base64: gAgAAAAlRiVGJUYlJUYlRiVGJUYlRiVGJUYlRyVGJUYlRiXNjzEj Step #5: ==815== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x55d3796c4914 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x55d379681a58 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x55d37966531b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7f52c298b08f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x55d3796c4f82 in idx2ptr /src/tinyusb/src/common/tusb_fifo.c Step #5: #5 0x55d3796c4f82 in tu_fifo_peek_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:481:27 Step #5: #6 0x55d3796c500d in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:509:15 Step #5: #7 0x55d3796c5552 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #8 0x55d3796c5552 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #9 0x55d3796c5552 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #10 0x55d3796c8a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #11 0x55d3796c8a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #12 0x55d379666a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #13 0x55d37966f8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #14 0x55d3796565c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #15 0x55d3796822d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #16 0x7f52c296c082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #17 0x55d379649e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 21 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4260085781 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/44cacdd7c04a92bdb95ec8e4f01ec3f89e95d804' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 285 processed earlier; will process 551 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: #16 pulse exec/s: 0 rss: 28Mb Step #5: #32 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==826==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffd491126f8 (pc 0x7ffd491126f8 bp 0x7ffd491126c0 sp 0x7ffd49112668 T826) Step #5: #0 0x7ffd491126f8 () Step #5: #1 0x55f0378daa18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55f0378daa18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55f037878a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55f0378818e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55f0378685c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55f0378942d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f7339936082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==826==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x49,0x0,0x0,0x0,0x0,0x0,0x0,0xf9,0x55,0x53,0x4c,0x54,0x0,0x0,0x0,0x5,0x0,0x11,0x0,0x0,0x0,0x0,0x0,0x0,0x9f,0x9f,0x9f,0x9f,0x9f,0x9f,0x9f,0x9f,0x9f,0x9f,0x9f,0x9f,0x9f,0x9f,0x9f,0x9f,0x9f,0x9f,0x9f,0x9f,0x9f,0x9f,0x9f,0x9f,0x9f,0x9f,0x9f,0x2d, Step #5: I\000\000\000\000\000\000\371USLT\000\000\000\005\000\021\000\000\000\000\000\000\237\237\237\237\237\237\237\237\237\237\237\237\237\237\237\237\237\237\237\237\237\237\237\237\237\237\237- Step #5: artifact_prefix='./'; Test unit written to ./crash-5f77478650420357f8bd50c41a7616e5ffebe3a3 Step #5: Base64: SQAAAAAAAPlVU0xUAAAABQARAAAAAAAAn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fLQ== Step #5: MERGE-OUTER: attempt 22 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4260134827 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/5f77478650420357f8bd50c41a7616e5ffebe3a3' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 337 processed earlier; will process 499 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==831==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5563eda0d1be (pc 0x5563eda4bf32 bp 0x7ffe13f6a5d0 sp 0x7ffe13f6a5a0 T831) Step #5: ==831==The signal is caused by a WRITE memory access. Step #5: #0 0x5563eda4bf32 in correct_read_index /src/tinyusb/src/common/tusb_fifo.c:454:13 Step #5: #1 0x5563eda4bf32 in tu_fifo_peek_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:473:14 Step #5: #2 0x5563eda4c00d in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:509:15 Step #5: #3 0x5563eda4c552 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #4 0x5563eda4c552 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #5 0x5563eda4c552 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #6 0x5563eda4fa18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #7 0x5563eda4fa18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #8 0x5563ed9eda7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #9 0x5563ed9f68e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #10 0x5563ed9dd5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #11 0x5563eda092d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #12 0x7f3ff5bb1082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #13 0x5563ed9d0e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: correct_read_index--tu_fifo_peek_n_access_mode--tu_fifo_read_n_access_mode Step #5: ==831==Register values: Step #5: rax = 0x0000000000004ce7 rbx = 0x0000000000000018 rcx = 0x0000000000001301 rdx = 0x0000000000000018 Step #5: rdi = 0x00005563eda0d1b0 rsi = 0x00007ffe13f6a608 rbp = 0x00007ffe13f6a5d0 rsp = 0x00007ffe13f6a5a0 Step #5: r8 = 0x0000000000001301 r9 = 0x0000000000004ce7 r10 = 0x0000000000000000 r11 = 0x00007f3ff5d79be0 Step #5: r12 = 0x00005563ed9ba698 r13 = 0x00005563eda0d1b0 r14 = 0x00005563ef528e90 r15 = 0x00007ffe13f6a608 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV /src/tinyusb/src/common/tusb_fifo.c:454:13 in correct_read_index Step #5: ==831==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0xd6,0x73,0xae,0x73,0xae,0x95,0xae,0x95,0xae,0x95,0xae,0x95,0xae,0x8e,0xae,0x95,0xae,0x95,0xae,0x95,0xae,0x95,0xae,0x95,0xae,0x95,0xae,0x95,0x95,0xae,0x95,0xae,0x95,0xae,0x95,0xae,0x95,0xae,0x95,0xae,0x95,0xae,0x95,0xae,0x95,0xae,0x95,0xae,0xae,0x95,0xae,0xf9, Step #5: \326s\256s\256\225\256\225\256\225\256\225\256\216\256\225\256\225\256\225\256\225\256\225\256\225\256\225\225\256\225\256\225\256\225\256\225\256\225\256\225\256\225\256\225\256\225\256\256\225\256\371 Step #5: artifact_prefix='./'; Test unit written to ./crash-f26584d2e51f8283b4f353ae2f1f4753113ae3bc Step #5: Base64: 1nOuc66VrpWula6Vro6ula6VrpWula6VrpWulZWula6VrpWula6VrpWula6VrpWurpWu+Q== Step #5: MERGE-OUTER: attempt 23 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4260182623 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/f26584d2e51f8283b4f353ae2f1f4753113ae3bc' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 341 processed earlier; will process 495 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==838==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffd2219bff8 (pc 0x5621802e9744 bp 0x7ffd229990e0 sp 0x7ffd2219c000 T838) Step #5: #0 0x5621802e9744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x5621802eca18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x5621802eca18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x56218028aa7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x5621802938e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x56218027a5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x5621802a62d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f35ab94c082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x56218026de7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==838==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0x3,0x2,0x79,0x83,0xf4,0x6,0x0,0x6,0x3,0x2,0x79,0x83,0x6,0x0,0x6,0x3,0x2,0x79,0x83,0xf4,0x26,0x0,0xc0,0x86,0x3,0x2,0xff,0x2b,0x2f,0x76,0x2f,0xe4,0xa,0x0,0x6,0xff,0x32,0x33,0x33,0x37,0x32,0x30,0x37,0x3e,0x34,0x33,0x35,0x35,0x37,0x36,0x30,0x33,0x30, Step #5: \000\006\003\002y\203\364\006\000\006\003\002y\203\006\000\006\003\002y\203\364&\000\300\206\003\002\377+/v/\344\012\000\006\3772337207>435576030 Step #5: artifact_prefix='./'; Test unit written to ./crash-7fbd73536ff3d33aa9065aaf9bbd9c2f34432e48 Step #5: Base64: AAYDAnmD9AYABgMCeYMGAAYDAnmD9CYAwIYDAv8rL3Yv5AoABv8yMzM3MjA3PjQzNTU3NjAzMA== Step #5: MERGE-OUTER: attempt 24 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4260239342 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/7fbd73536ff3d33aa9065aaf9bbd9c2f34432e48' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 347 processed earlier; will process 489 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==846==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fff00818ff8 (pc 0x55ab3a7d8744 bp 0x7fff01016b20 sp 0x7fff00819000 T846) Step #5: #0 0x55ab3a7d8744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55ab3a7dba18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55ab3a7dba18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55ab3a779a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55ab3a7828e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55ab3a7695c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55ab3a7952d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f85bdd43082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55ab3a75ce7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==846==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x1,0x0,0x0,0xe0,0xbf,0xad,0x0,0x0,0x0,0x0,0x0,0x1,0x0,0x3,0x18,0xfd,0xc0,0x0,0xf7,0x1,0x3,0xa2,0xe1,0xa0,0x8e,0x40,0xa2,0x1,0x4,0x86,0x3,0x5d,0xa2,0xa2,0xa2,0x1,0xe6,0x4,0x86,0x3,0x5d,0xa0,0x80,0x89,0xa2,0xa2,0xa2,0x1,0xe6,0x26,0x40,0x0,0x20,0x58, Step #5: \000\001\000\000\340\277\255\000\000\000\000\000\001\000\003\030\375\300\000\367\001\003\242\341\240\216@\242\001\004\206\003]\242\242\242\001\346\004\206\003]\240\200\211\242\242\242\001\346&@\000 X Step #5: artifact_prefix='./'; Test unit written to ./crash-1389112fe4f7c96111784944059d198136e38e68 Step #5: Base64: AAEAAOC/rQAAAAAAAQADGP3AAPcBA6LhoI5AogEEhgNdoqKiAeYEhgNdoICJoqKiAeYmQAAgWA== Step #5: MERGE-OUTER: attempt 25 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4260295759 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/1389112fe4f7c96111784944059d198136e38e68' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 348 processed earlier; will process 488 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==855==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x557e550891be (pc 0x557e55087f32 bp 0x7ffdfd5cf540 sp 0x7ffdfd5cf510 T855) Step #5: ==855==The signal is caused by a WRITE memory access. Step #5: #0 0x557e55087f32 in correct_read_index /src/tinyusb/src/common/tusb_fifo.c:454:13 Step #5: #1 0x557e55087f32 in tu_fifo_peek_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:473:14 Step #5: #2 0x557e5508800d in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:509:15 Step #5: #3 0x557e55088552 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #4 0x557e55088552 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #5 0x557e55088552 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #6 0x557e5508ba18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #7 0x557e5508ba18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #8 0x557e55029a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #9 0x557e550328e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #10 0x557e550195c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #11 0x557e550452d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #12 0x7f1383df9082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #13 0x557e5500ce7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: correct_read_index--tu_fifo_peek_n_access_mode--tu_fifo_read_n_access_mode Step #5: ==855==Register values: Step #5: rax = 0x00000000000056a3 rbx = 0x0000000000000018 rcx = 0x0000000000002d6c rdx = 0x0000000000000018 Step #5: rdi = 0x0000557e550891b0 rsi = 0x00007ffdfd5cf578 rbp = 0x00007ffdfd5cf540 rsp = 0x00007ffdfd5cf510 Step #5: r8 = 0x0000000000002d6c r9 = 0x00000000000056a3 r10 = 0x0000000000000000 r11 = 0x00007f1383fc1be0 Step #5: r12 = 0x0000557e54ff6698 r13 = 0x0000557e550891b0 r14 = 0x0000557e575d1e90 r15 = 0x00007ffdfd5cf578 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV /src/tinyusb/src/common/tusb_fifo.c:454:13 in correct_read_index Step #5: ==855==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0xd6,0x73,0xae,0x73,0xae,0x95,0xae,0x95,0xae,0x95,0xae,0x95,0xae,0x95,0xae,0x95,0xae,0x95,0xae,0x95,0xae,0xf3,0xa0,0x81,0x82,0x95,0xae,0x95,0xae,0x95,0xae,0x95,0x95,0xae,0x95,0xae,0x95,0xae,0x95,0xae,0x95,0xae,0x95,0xae,0x95,0xae,0x95,0xae,0x95,0xae,0x95,0xae,0xae,0x95,0xae,0x95, Step #5: \326s\256s\256\225\256\225\256\225\256\225\256\225\256\225\256\225\256\225\256\363\240\201\202\225\256\225\256\225\256\225\225\256\225\256\225\256\225\256\225\256\225\256\225\256\225\256\225\256\225\256\256\225\256\225 Step #5: artifact_prefix='./'; Test unit written to ./crash-64a6cd3b970e8d90398665d3b54ff36959ce14ab Step #5: Base64: 1nOuc66VrpWula6VrpWula6VrpWu86CBgpWula6VrpWVrpWula6VrpWula6VrpWula6Vrq6VrpU= Step #5: MERGE-OUTER: attempt 26 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4260343171 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/64a6cd3b970e8d90398665d3b54ff36959ce14ab' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 351 processed earlier; will process 485 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: #16 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==862==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fff36c29ff8 (pc 0x5604d7558744 bp 0x7fff37427030 sp 0x7fff36c2a000 T862) Step #5: #0 0x5604d7558744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x5604d755ba18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x5604d755ba18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x5604d74f9a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x5604d75028e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x5604d74e95c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x5604d75152d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f8194ae9082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x5604d74dce7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==862==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x8,0xfd,0x11,0x0,0x3,0x8f,0x6,0x3,0x82,0x0,0x6,0xf3,0xa0,0x80,0xb5,0x3,0x2,0xe2,0xf3,0xa0,0x81,0xbf,0x8c,0xff,0xfe,0x10,0xff,0xff,0xfb,0x2,0x36,0x35,0x35,0x6,0x2e,0xff,0x94,0x2,0x35,0x3,0xff,0x33,0xfb,0x0,0xd1,0x2d,0x0,0x7,0x2b,0xd3,0x2,0xff,0x2d,0x31,0xd3,0x2b,0x2,0x0,0x7,0x6,0x3,0x1,0xd1,0x2e,0x94,0x29, Step #5: \200\010\375\021\000\003\217\006\003\202\000\006\363\240\200\265\003\002\342\363\240\201\277\214\377\376\020\377\377\373\002655\006.\377\224\0025\003\3773\373\000\321-\000\007+\323\002\377-1\323+\002\000\007\006\003\001\321.\224) Step #5: artifact_prefix='./'; Test unit written to ./crash-a628bd26cf0a21fec5172b375cce39690e3f5b05 Step #5: Base64: gAj9EQADjwYDggAG86CAtQMC4vOggb+M//4Q///7AjY1NQYu/5QCNQP/M/sA0S0AByvTAv8tMdMrAgAHBgMB0S6UKQ== Step #5: MERGE-OUTER: attempt 27 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4260400471 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/a628bd26cf0a21fec5172b375cce39690e3f5b05' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 372 processed earlier; will process 464 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: #16 pulse exec/s: 0 rss: 28Mb Step #5: #32 pulse exec/s: 0 rss: 28Mb Step #5: #64 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==866==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fff6b34b5b8 (pc 0x7fff6b34b5b8 bp 0x7fff6b34b580 sp 0x7fff6b34b528 T866) Step #5: #0 0x7fff6b34b5b8 () Step #5: #1 0x559fbd912a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x559fbd912a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x559fbd8b0a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x559fbd8b98e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x559fbd8a05c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x559fbd8cc2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f8172f07082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==866==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x1,0xee,0xff,0xff,0xff,0x25,0x21,0x46,0x6f,0x6e,0x74,0x54,0x79,0x70,0x65,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x3,0x0,0x80,0x2,0x2,0x0,0x10,0x0,0x74, Step #5: \200\001\356\377\377\377%!FontType\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\003\000\200\002\002\000\020\000t Step #5: artifact_prefix='./'; Test unit written to ./crash-762d462d4cee9602855c301366ed0072f0ce88a2 Step #5: Base64: gAHu////JSFGb250VHlwZf//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////AwCAAgIAEAB0 Step #5: MERGE-OUTER: attempt 28 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4260449871 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/762d462d4cee9602855c301366ed0072f0ce88a2' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 442 processed earlier; will process 394 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==870==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fffcbb23918 (pc 0x7fffcbb23918 bp 0x7fffcbb238e0 sp 0x7fffcbb23888 T870) Step #5: #0 0x7fffcbb23918 () Step #5: #1 0x5570f7947a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x5570f7947a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x5570f78e5a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x5570f78ee8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x5570f78d55c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x5570f79012d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f9ca33b0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==870==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x1,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x27,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0x1f,0xee,0xff,0xff,0xff,0x25,0x21,0x46,0x6f,0x6e,0x74,0x54,0x79,0x70,0x65,0x3,0x0,0x80,0x2,0x2,0x0,0x10,0x0,0x74, Step #5: \200\001\037\037\037\037\037\037'\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\037\356\377\377\377%!FontType\003\000\200\002\002\000\020\000t Step #5: artifact_prefix='./'; Test unit written to ./crash-37cd331c974785906556e1e10262d12e2957f6cd Step #5: Base64: gAEfHx8fHx8nHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8f7v///yUhRm9udFR5cGUDAIACAgAQAHQ= Step #5: MERGE-OUTER: attempt 29 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4260496815 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/37cd331c974785906556e1e10262d12e2957f6cd' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 444 processed earlier; will process 392 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: #16 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==874==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffd859faff8 (pc 0x55cf1f6ee744 bp 0x7ffd861f7d20 sp 0x7ffd859fb000 T874) Step #5: #0 0x55cf1f6ee744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55cf1f6f1a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55cf1f6f1a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55cf1f68fa7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55cf1f6988e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55cf1f67f5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55cf1f6ab2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f25ef3b8082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55cf1f672e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==874==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x1,0x1,0x1,0x1,0x0,0x2,0x1,0x0,0x1,0x3,0x1,0x0,0x1,0x2e,0x1,0x0,0x1,0x81,0xce,0x3,0x0,0x1,0x21,0xff,0x1,0xf,0x1,0x1,0x1,0x1,0x2,0x0,0x1,0x1,0x1,0x0,0x0,0x1,0x1,0x0,0x1,0x57,0x1,0x0,0x1,0x70,0x1,0x0,0x1,0x81,0xcf,0x4,0x0,0x1,0x3,0x0,0x1,0x1,0xf,0x1,0x0,0x0,0x1,0x1,0x1,0x2,0x1,0x1,0x0,0x1,0x1,0x0,0x1,0x53,0xfd,0xff,0x0,0x2e,0x1,0x20,0x1,0x1,0x4,0xcf,0x9,0x0,0x60,0xf,0x1,0x1,0x1,0x0,0x5,0x1,0x1,0x1,0x81,0x45,0x0,0x0,0x9,0x1,0x1,0x0,0x1,0x53,0x1,0x0,0x1,0x2e,0x2,0x0,0x1,0x41,0x81,0x6,0x0,0x1,0x21,0x0,0x1,0xff,0xff,0xff,0x0,0xff,0x1,0xf,0x1,0x0,0x0,0x3,0x94,0xad,0x3,0x94,0xb4,0x3,0x94,0xad,0x3,0x94,0xad,0x3,0x94,0xad,0x4,0x94,0xad,0xd4,0x94,0x7b,0x74,0x43,0xd,0x0,0x23,0x20,0xff,0xef,0x0,0x1,0x3,0x94,0xad,0x3,0x94,0xac,0x3,0x94,0xbf,0x1f,0x12,0x7f,0xdd,0x50,0x0,0xdd,0x80,0xd5,0xf3,0xa0,0xe2,0x80,0x80,0x80,0xb5,0xc9,0xf3,0xa0,0x80,0xaf,0xb0, Step #5: \001\001\001\001\000\002\001\000\001\003\001\000\001.\001\000\001\201\316\003\000\001!\377\001\017\001\001\001\001\002\000\001\001\001\000\000\001\001\000\001W\001\000\001p\001\000\001\201\317\004\000\001\003\000\001\001\017\001\000\000\001\001\001\002\001\001\000\001\001\000\001S\375\377\000.\001 \001\001\004\317\011\000`\017\001\001\001\000\005\001\001\001\201E\000\000\011\001\001\000\001S\001\000\001.\002\000\001A\201\006\000\001!\000\001\377\377\377\000\377\001\017\001\000\000\003\224\255\003\224\264\003\224\255\003\224\255\003\224\255\004\224\255\324\224{tC\015\000# \377\357\000\001\003\224\255\003\224\254\003\224\277\037\022\177\335P\000\335\200\325\363\240\342\200\200\200\265\311\363\240\200\257\260 Step #5: artifact_prefix='./'; Test unit written to ./crash-0b293aa5f898d41c72e839fad06cd4267fa365d9 Step #5: Base64: AQEBAQACAQABAwEAAS4BAAGBzgMAASH/AQ8BAQEBAgABAQEAAAEBAAFXAQABcAEAAYHPBAABAwABAQ8BAAABAQECAQEAAQEAAVP9/wAuASABAQTPCQBgDwEBAQAFAQEBgUUAAAkBAQABUwEAAS4CAAFBgQYAASEAAf///wD/AQ8BAAADlK0DlLQDlK0DlK0DlK0ElK3UlHt0Qw0AIyD/7wABA5StA5SsA5S/HxJ/3VAA3YDV86DigICAtcnzoICvsA== Step #5: MERGE-OUTER: attempt 30 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4260555123 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/0b293aa5f898d41c72e839fad06cd4267fa365d9' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 464 processed earlier; will process 372 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==878==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fff39cb2ff8 (pc 0x55f7ff0bd744 bp 0x7fff3a4b02f0 sp 0x7fff39cb3000 T878) Step #5: #0 0x55f7ff0bd744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55f7ff0c0a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55f7ff0c0a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55f7ff05ea7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55f7ff0678e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55f7ff04e5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55f7ff07a2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fbc7510a082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55f7ff041e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==878==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x60,0xfe,0x26,0x0,0x0,0x0,0x4,0x3,0xdf,0x76,0x65,0xff,0x5c,0x6c,0x0,0x0,0x0,0x0,0x0,0x0,0xf5,0xb,0xfd,0xff,0x0,0x1,0x0,0x0,0xff,0x88,0x88,0x88,0x0,0x3,0xfe,0xff,0x42,0x0,0x21,0x0,0x0,0x0,0x0,0x0,0x41,0x0,0x0,0x0,0x0,0x0,0x0,0x1,0x0,0x0,0xff,0x0,0x80,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0xf5,0xb,0x4,0x0,0x1,0x3,0xff,0x0,0x0,0xfd,0xff,0x88,0x88,0x88,0xfe,0xff,0x42,0x0,0x21,0x0,0x0,0x0,0x0,0x0,0x41,0x0,0x0,0x0,0x0,0x0,0x0,0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x2,0xff,0xd5,0xff,0xff,0xff,0x74,0x7b,0x70,0x0,0x2a,0x0,0xff,0x0,0x80,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0xf5,0xb,0x1,0x0,0x0,0x1,0x0,0x0,0x0,0x3,0xff,0x88,0x88,0x88,0xfe,0xff,0x4a,0x0,0x21,0x0,0x0,0x0,0x0,0x0,0x41,0x0,0x0,0x0,0x0,0x0,0x0,0x1,0x0,0x0,0x0,0xfd,0x0,0x5,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x80,0x0,0x0,0x0,0x2,0x7f,0xd5,0xff,0xff,0xff,0xfe,0xff,0x3a,0xd6,0x9a,0x9a,0x78,0x9a,0x9a, Step #5: `\376&\000\000\000\004\003\337ve\377\\l\000\000\000\000\000\000\365\013\375\377\000\001\000\000\377\210\210\210\000\003\376\377B\000!\000\000\000\000\000A\000\000\000\000\000\000\001\000\000\377\000\200\000\000\000\000\000\000\000\365\013\004\000\001\003\377\000\000\375\377\210\210\210\376\377B\000!\000\000\000\000\000A\000\000\000\000\000\000\001\000\000\000\000\000\000\000\000\000\002\377\325\377\377\377t{p\000*\000\377\000\200\000\000\000\000\000\000\000\365\013\001\000\000\001\000\000\000\003\377\210\210\210\376\377J\000!\000\000\000\000\000A\000\000\000\000\000\000\001\000\000\000\375\000\005\000\000\000\000\000\000\000\000\000\200\000\000\000\002\177\325\377\377\377\376\377:\326\232\232x\232\232 Step #5: artifact_prefix='./'; Test unit written to ./crash-5fa6be8033466db6ae30a82e6ad4c064b98ef006 Step #5: Base64: YP4mAAAABAPfdmX/XGwAAAAAAAD1C/3/AAEAAP+IiIgAA/7/QgAhAAAAAABBAAAAAAAAAQAA/wCAAAAAAAAAAPULBAABA/8AAP3/iIiI/v9CACEAAAAAAEEAAAAAAAABAAAAAAAAAAAAAv/V////dHtwACoA/wCAAAAAAAAAAPULAQAAAQAAAAP/iIiI/v9KACEAAAAAAEEAAAAAAAABAAAA/QAFAAAAAAAAAAAAgAAAAAJ/1f////7/Otaamniamg== Step #5: MERGE-OUTER: attempt 31 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4260612532 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/5fa6be8033466db6ae30a82e6ad4c064b98ef006' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 465 processed earlier; will process 371 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==882==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fffd42e8ff8 (pc 0x55d309da4744 bp 0x7fffd4ae6620 sp 0x7fffd42e9000 T882) Step #5: #0 0x55d309da4744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55d309da7a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55d309da7a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55d309d45a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55d309d4e8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55d309d355c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55d309d612d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f1674985082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55d309d28e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==882==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0xc,0x0,0x18,0x0,0xd1,0x2e,0x80,0x9,0xd2,0xd5,0x2f,0x80,0x3a,0x0,0x80,0x9,0x2f,0xb8,0xd1,0xd0,0xd1,0x2e,0x80,0x9,0xd3,0xd1,0xd0,0xd2,0xd1,0x2e,0x80,0x9,0xc,0x2,0x18,0x0,0xd1,0x2e,0x80,0x9,0xa,0xd5,0x2f,0x80,0x6,0x0,0x80,0x9,0xd3,0xd1,0xd1,0xd0,0xd1,0x2e,0x80,0x9,0xd3,0xd1,0xd8,0x98,0x6,0xdf,0x80,0x9,0xc,0x0,0x18,0x0,0xd1,0x2e,0x80,0x9,0xd1,0x89,0x2f,0x80,0x6,0x0,0x80,0x9,0x2d,0x30,0xd1,0xd0,0xd1,0xce,0x9,0xd3,0xd1,0xc0,0xd2,0xd1,0x2e,0x80,0x9,0xc,0x0,0x18,0x0,0xd1,0x2d,0x80,0xa,0xd1,0xd5,0x2f,0x80,0x6,0x0,0x80,0x9,0xd3,0xd1,0xd1,0xd0,0xd1,0x80,0xa,0xd3,0x0,0x0,0x6,0xdf,0x3,0x80,0x9,0xc,0x0,0x18,0x0,0xd1,0x2e,0x80,0x9,0xd1,0xd5,0x2f,0x80,0x6,0x0,0x80,0x2f,0xb8,0x9,0xd1,0xd0,0xd1,0x2e,0x80,0x9,0xd3,0xd1,0xd0,0xd2,0xd1,0x2e,0x80,0xf9,0xc,0x2,0x18,0x0,0xd1,0x2d,0x80,0x9,0xd3,0xd3,0xd1,0xd0,0xd1,0x2e,0x80,0x9,0xd3,0xd1,0xd8,0x0,0x94,0xad,0x3,0x94,0xad,0x2f,0x94,0xad,0x3,0x94,0xad,0xf3,0xa0,0x80,0xa5,0xfd,0x94,0xad,0x3,0x94,0xad,0x3,0x94,0xad,0x3,0x4,0x94,0xad,0x0,0x3b,0x3,0x94,0xad,0x3,0x94,0xad,0x3,0x94,0xad,0x3,0x94,0xad,0x4,0x94,0xad,0x0,0x0,0x0,0x0,0x4e,0x3,0x94, Step #5: \200\011\014\000\030\000\321.\200\011\322\325/\200:\000\200\011/\270\321\320\321.\200\011\323\321\320\322\321.\200\011\014\002\030\000\321.\200\011\012\325/\200\006\000\200\011\323\321\321\320\321.\200\011\323\321\330\230\006\337\200\011\014\000\030\000\321.\200\011\321\211/\200\006\000\200\011-0\321\320\321\316\011\323\321\300\322\321.\200\011\014\000\030\000\321-\200\012\321\325/\200\006\000\200\011\323\321\321\320\321\200\012\323\000\000\006\337\003\200\011\014\000\030\000\321.\200\011\321\325/\200\006\000\200/\270\011\321\320\321.\200\011\323\321\320\322\321.\200\371\014\002\030\000\321-\200\011\323\323\321\320\321.\200\011\323\321\330\000\224\255\003\224\255/\224\255\003\224\255\363\240\200\245\375\224\255\003\224\255\003\224\255\003\004\224\255\000;\003\224\255\003\224\255\003\224\255\003\224\255\004\224\255\000\000\000\000N\003\224 Step #5: artifact_prefix='./'; Test unit written to ./crash-f66b5a6b8a79de07cdbd496c7bb297fa786a79a5 Step #5: Base64: gAkMABgA0S6ACdLVL4A6AIAJL7jR0NEugAnT0dDS0S6ACQwCGADRLoAJCtUvgAYAgAnT0dHQ0S6ACdPR2JgG34AJDAAYANEugAnRiS+ABgCACS0w0dDRzgnT0cDS0S6ACQwAGADRLYAK0dUvgAYAgAnT0dHQ0YAK0wAABt8DgAkMABgA0S6ACdHVL4AGAIAvuAnR0NEugAnT0dDS0S6A+QwCGADRLYAJ09PR0NEugAnT0dgAlK0DlK0vlK0DlK3zoICl/ZStA5StA5StAwSUrQA7A5StA5StA5StA5StBJStAAAAAE4DlA== Step #5: MERGE-OUTER: attempt 32 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4260670732 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/f66b5a6b8a79de07cdbd496c7bb297fa786a79a5' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 479 processed earlier; will process 357 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==886==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffcb6844ff8 (pc 0x56426fcd6744 bp 0x7ffcb7041cf0 sp 0x7ffcb6845000 T886) Step #5: #0 0x56426fcd6744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x56426fcd9a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x56426fcd9a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x56426fc77a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x56426fc808e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x56426fc675c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x56426fc932d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f9633277082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x56426fc5ae7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==886==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x9,0x0,0x64,0x7,0x0,0x7,0x46,0x0,0x64,0x0,0x0,0x0,0x9,0x0,0x64,0x7,0x0,0x0,0x9,0x0,0x64,0x7,0x0,0x0,0x8,0x0,0x64,0x7,0xf3,0xa0,0x81,0x8c,0x0,0x0,0x9,0x0,0x64,0x7,0x0,0x0,0x9,0x0,0x64,0x7,0x0,0x0,0x9,0x0,0x64,0x7,0x0,0x0,0x9,0x0,0x64,0x7,0x0,0x0,0x9,0x0,0x64,0x7,0x0,0x0,0x9,0x0,0x64,0x0,0x64,0x7,0x0,0x0,0x9,0x0,0x64,0x7,0x0,0x0,0x9,0x0,0x64,0x7,0x0,0x0,0x9,0x0,0x64,0x7,0x0,0x0,0x9,0x0,0x64,0x7,0x0,0x0,0x9,0x0,0x64,0x7,0x0,0x0,0x9,0x0,0x64,0x7,0x0,0x0,0xf7,0xff,0x9b,0xf8,0xff,0xff,0xf9,0x0,0x64,0x7,0x0,0x0,0x9,0x0,0x64,0x7,0x0,0x0,0x9,0x0,0x64,0x7,0x0,0x0,0x9,0x0,0x0,0x0,0x9,0x0,0x64,0x7,0x0,0x0,0x9,0x0,0x64,0x7,0x0,0x0,0x9,0x0,0x64,0x7,0x0,0x0,0x9,0x0,0x64,0x7,0x0,0x0,0xf7,0xff,0x9b,0xf8,0xff,0xff,0xf9,0x0,0x64,0x7,0x0,0x0,0x9,0x0,0x64,0x7,0x0,0x0,0x9,0x0,0x64,0x7,0x0,0x0,0x9,0x0,0x64,0x7,0x0,0x0,0x9,0x0,0x64,0x7,0x64,0x7,0x0,0x0,0x9,0x0,0x64,0x7,0x0,0x0,0x9,0x0,0x64,0x7,0x0,0x0,0x9,0x0,0x64,0x7,0x0,0x0,0x9,0x0,0x64,0x7,0x0,0x0,0x9,0x0,0x64,0x7,0x0,0x0,0x9,0x0,0x64,0x7,0x0,0x0,0x9,0x0,0x64,0x7,0x0,0x0,0x9,0x0,0xe3, Step #5: \000\011\000d\007\000\007F\000d\000\000\000\011\000d\007\000\000\011\000d\007\000\000\010\000d\007\363\240\201\214\000\000\011\000d\007\000\000\011\000d\007\000\000\011\000d\007\000\000\011\000d\007\000\000\011\000d\007\000\000\011\000d\000d\007\000\000\011\000d\007\000\000\011\000d\007\000\000\011\000d\007\000\000\011\000d\007\000\000\011\000d\007\000\000\011\000d\007\000\000\367\377\233\370\377\377\371\000d\007\000\000\011\000d\007\000\000\011\000d\007\000\000\011\000\000\000\011\000d\007\000\000\011\000d\007\000\000\011\000d\007\000\000\011\000d\007\000\000\367\377\233\370\377\377\371\000d\007\000\000\011\000d\007\000\000\011\000d\007\000\000\011\000d\007\000\000\011\000d\007d\007\000\000\011\000d\007\000\000\011\000d\007\000\000\011\000d\007\000\000\011\000d\007\000\000\011\000d\007\000\000\011\000d\007\000\000\011\000d\007\000\000\011\000\343 Step #5: artifact_prefix='./'; Test unit written to ./crash-d24ac6a1c57b20d1ad1124121108800d7984403b Step #5: Base64: AAkAZAcAB0YAZAAAAAkAZAcAAAkAZAcAAAgAZAfzoIGMAAAJAGQHAAAJAGQHAAAJAGQHAAAJAGQHAAAJAGQHAAAJAGQAZAcAAAkAZAcAAAkAZAcAAAkAZAcAAAkAZAcAAAkAZAcAAAkAZAcAAPf/m/j///kAZAcAAAkAZAcAAAkAZAcAAAkAAAAJAGQHAAAJAGQHAAAJAGQHAAAJAGQHAAD3/5v4///5AGQHAAAJAGQHAAAJAGQHAAAJAGQHAAAJAGQHZAcAAAkAZAcAAAkAZAcAAAkAZAcAAAkAZAcAAAkAZAcAAAkAZAcAAAkAZAcAAAkA4w== Step #5: MERGE-OUTER: attempt 33 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4260728131 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/d24ac6a1c57b20d1ad1124121108800d7984403b' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 484 processed earlier; will process 352 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==890==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5596920831be (pc 0x5596920b1f32 bp 0x7ffde2b99d30 sp 0x7ffde2b99d00 T890) Step #5: ==890==The signal is caused by a WRITE memory access. Step #5: #0 0x5596920b1f32 in correct_read_index /src/tinyusb/src/common/tusb_fifo.c:454:13 Step #5: #1 0x5596920b1f32 in tu_fifo_peek_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:473:14 Step #5: #2 0x5596920b200d in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:509:15 Step #5: #3 0x5596920b2552 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #4 0x5596920b2552 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #5 0x5596920b2552 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #6 0x5596920b5a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #7 0x5596920b5a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #8 0x559692053a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #9 0x55969205c8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #10 0x5596920435c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #11 0x55969206f2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #12 0x7f350feb4082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #13 0x559692036e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: correct_read_index--tu_fifo_peek_n_access_mode--tu_fifo_read_n_access_mode Step #5: ==890==Register values: Step #5: rax = 0x0000000000000f41 rbx = 0x0000000000000018 rcx = 0x0000000000003625 rdx = 0x0000000000000018 Step #5: rdi = 0x00005596920831b0 rsi = 0x00007ffde2b99d68 rbp = 0x00007ffde2b99d30 rsp = 0x00007ffde2b99d00 Step #5: r8 = 0x0000000000003625 r9 = 0x0000000000000f41 r10 = 0x0000000000000008 r11 = 0x00007ffde2bc6080 Step #5: r12 = 0x0000559692020698 r13 = 0x00005596920831b0 r14 = 0x0000559692864e90 r15 = 0x00007ffde2b99d68 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV /src/tinyusb/src/common/tusb_fifo.c:454:13 in correct_read_index Step #5: ==890==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x0,0x6,0x2,0x3,0x58,0x6,0x22,0x3,0x0,0x6,0x2,0x58,0x6,0x22,0x3,0x0,0x6,0x2,0x3,0x44,0x2,0xc0,0x17,0x0,0x6,0x1,0x3,0x1,0x44,0x21,0x4,0x0,0x1b,0x2,0x3,0xe3,0xa0,0xa0,0xa0,0xa0,0xa0,0xa0,0x3,0x3,0x0,0x0,0x0,0x0,0x20,0xc0,0x3,0x0,0x6,0x1,0x3,0x1,0x44,0x21,0x4,0x0,0x6,0x2,0x3,0xe3,0xa0,0x84,0x3,0x64,0x7,0x3,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x20,0x0,0x25,0x46,0x25,0x46,0x0,0x2,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x47,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x65,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x25,0x25,0x46,0x25,0x46,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x13,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x45,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46, Step #5: \000\000\006\002\003X\006\"\003\000\006\002X\006\"\003\000\006\002\003D\002\300\027\000\006\001\003\001D!\004\000\033\002\003\343\240\240\240\240\240\240\003\003\000\000\000\000 \300\003\000\006\001\003\001D!\004\000\006\002\003\343\240\204\003d\007\003\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000%F%%F%F%F% \000%F%F\000\002%F%%F%F%F%%F%F%F%F%G%%F%F%F%%F%F%F%FeF%%F%F%%%F%FF%F%F%F%%F%F%F%%F%F%F%F%F%%F\023F%F%%F%F%F%F%F%%F%F%F%%F%F%F%F%F%%F%F%F%F%F%%F%E%F%%F%F%F Step #5: artifact_prefix='./'; Test unit written to ./crash-554136d98a15c4c2fa990c484ae632748c376dca Step #5: Base64: AAAGAgNYBiIDAAYCWAYiAwAGAgNEAsAXAAYBAwFEIQQAGwID46CgoKCgoAMDAAAAACDAAwAGAQMBRCEEAAYCA+OghANkBwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACVGJSVGJUYlRiUgACVGJUYAAiVGJSVGJUYlRiUlRiVGJUYlRiVHJSVGJUYlRiUlRiVGJUYlRmVGJSVGJUYlJSVGJUZGJUYlRiVGJSVGJUYlRiUlRiVGJUYlRiVGJSVGE0YlRiUlRiVGJUYlRiVGJSVGJUYlRiUlRiVGJUYlRiVGJSVGJUYlRiVGJUYlJUYlRSVGJSVGJUYlRg== Step #5: MERGE-OUTER: attempt 34 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4260776819 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/554136d98a15c4c2fa990c484ae632748c376dca' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 487 processed earlier; will process 349 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==894==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55eeb0ab1225 (pc 0x7fd82789198c bp 0x7ffccd716f70 sp 0x7ffccd716f38 T894) Step #5: ==894==The signal is caused by a WRITE memory access. Step #5: #0 0x7fd82789198c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55eeb0b4923d in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55eeb0b4923d in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55eeb0b4a43c in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55eeb0b4a43c in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55eeb0b4a43c in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55eeb0b4a43c in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55eeb0b4cdad in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55eeb0b4cdad in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55eeb0b4ca05 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:59:5 Step #5: #10 0x55eeb0aeaa7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55eeb0af38e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55eeb0ada5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55eeb0b062d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fd82772a082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55eeb0acde7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==894==Register values: Step #5: rax = 0x000055eeb0ab1225 rbx = 0x000055eeb0b5a0b0 rcx = 0x00000000b0ab3a5a rdx = 0x0000000000000018 Step #5: rdi = 0x000055eeb0ab1225 rsi = 0x00007ffccd716fe0 rbp = 0x00007ffccd716f70 rsp = 0x00007ffccd716f38 Step #5: r8 = 0x0000000000004824 r9 = 0x0000000000004824 r10 = 0x0000000000000008 r11 = 0x00007ffccd7bb080 Step #5: r12 = 0x0000000000000000 r13 = 0x00000000000055ee r14 = 0x0000000000000018 r15 = 0x000055eeb0b5a0b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==894==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x0,0x6,0x2,0x3,0x58,0x6,0x22,0x3,0x0,0x6,0x2,0x58,0x6,0x22,0x80,0x6,0x2,0x0,0x1,0x4,0x2,0x8c,0xdf,0x0,0x0,0x6,0xdf,0x4,0x2,0x1,0xdb,0x31,0x0,0x6,0xdf,0x0,0x80,0x99,0x6a,0x24,0x0,0x1f,0x0,0x0,0x6,0xdc,0x4,0x2,0x8c,0xdf,0x0,0x0,0x6,0xdf,0x4,0x2,0x1,0xdb,0x31,0x0,0x6,0xdf,0x0,0x80,0x99,0x6a,0x24,0xe3,0xe2,0x1,0xf,0xc0,0xff,0x80,0x89,0x25,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0xfc,0xff,0xff,0xff,0x0,0x0,0x0,0x0,0x22,0xfe,0x0,0x0,0x0,0x0,0x0,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x20,0x0,0x25,0x46,0x25,0x46,0x0,0x2,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x47,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x65,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x25,0x25,0x46,0x25,0x46,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x13,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x45,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46, Step #5: \000\000\006\002\003X\006\"\003\000\006\002X\006\"\200\006\002\000\001\004\002\214\337\000\000\006\337\004\002\001\3331\000\006\337\000\200\231j$\000\037\000\000\006\334\004\002\214\337\000\000\006\337\004\002\001\3331\000\006\337\000\200\231j$\343\342\001\017\300\377\200\211%\000\000\000\000\000\000\000\000\000\000\000\374\377\377\377\000\000\000\000\"\376\000\000\000\000\000%F%%F%F%F% \000%F%F\000\002%F%%F%F%F%%F%F%F%F%G%%F%F%F%%F%F%F%FeF%%F%F%%%F%FF%F%F%F%%F%F%F%%F%F%F%F%F%%F\023F%F%%F%F%F%F%F%%F%F%F%%F%F%F%F%F%%F%F%F%F%F%%F%E%F%%F%F%F Step #5: artifact_prefix='./'; Test unit written to ./crash-3d65fc40b954248ee559f38036d09418b201bd63 Step #5: Base64: AAAGAgNYBiIDAAYCWAYigAYCAAEEAozfAAAG3wQCAdsxAAbfAICZaiQAHwAABtwEAozfAAAG3wQCAdsxAAbfAICZaiTj4gEPwP+AiSUAAAAAAAAAAAAAAPz///8AAAAAIv4AAAAAACVGJSVGJUYlRiUgACVGJUYAAiVGJSVGJUYlRiUlRiVGJUYlRiVHJSVGJUYlRiUlRiVGJUYlRmVGJSVGJUYlJSVGJUZGJUYlRiVGJSVGJUYlRiUlRiVGJUYlRiVGJSVGE0YlRiUlRiVGJUYlRiVGJSVGJUYlRiUlRiVGJUYlRiVGJSVGJUYlRiVGJUYlJUYlRSVGJSVGJUYlRg== Step #5: MERGE-OUTER: attempt 35 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4260825287 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/3d65fc40b954248ee559f38036d09418b201bd63' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 490 processed earlier; will process 346 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==898==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5649cb0a01be (pc 0x5649cb0def32 bp 0x7ffccff38520 sp 0x7ffccff384f0 T898) Step #5: ==898==The signal is caused by a WRITE memory access. Step #5: #0 0x5649cb0def32 in correct_read_index /src/tinyusb/src/common/tusb_fifo.c:454:13 Step #5: #1 0x5649cb0def32 in tu_fifo_peek_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:473:14 Step #5: #2 0x5649cb0df00d in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:509:15 Step #5: #3 0x5649cb0df552 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #4 0x5649cb0df552 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #5 0x5649cb0df552 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #6 0x5649cb0e2a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #7 0x5649cb0e2a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #8 0x5649cb080a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #9 0x5649cb0898e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #10 0x5649cb0705c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #11 0x5649cb09c2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #12 0x7f2bc3239082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #13 0x5649cb063e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: correct_read_index--tu_fifo_peek_n_access_mode--tu_fifo_read_n_access_mode Step #5: ==898==Register values: Step #5: rax = 0x0000000000004ce7 rbx = 0x0000000000000018 rcx = 0x0000000000001301 rdx = 0x0000000000000018 Step #5: rdi = 0x00005649cb0a01b0 rsi = 0x00007ffccff38558 rbp = 0x00007ffccff38520 rsp = 0x00007ffccff384f0 Step #5: r8 = 0x0000000000001301 r9 = 0x0000000000004ce7 r10 = 0x0000000000000008 r11 = 0x00007ffccffd5080 Step #5: r12 = 0x00005649cb04d698 r13 = 0x00005649cb0a01b0 r14 = 0x00005649cb71be90 r15 = 0x00007ffccff38558 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV /src/tinyusb/src/common/tusb_fifo.c:454:13 in correct_read_index Step #5: ==898==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x0,0x6,0x2,0x3,0x58,0x6,0x22,0x3,0x0,0x6,0x2,0x58,0x6,0x22,0x3,0x0,0x6,0x2,0x3,0x44,0x2,0xc0,0x17,0x0,0x6,0x1,0x3,0x1,0x44,0x21,0x4,0x0,0x1b,0x2,0x3,0xe3,0xa0,0xa0,0xa0,0xa0,0xa0,0xa0,0x3,0x3,0x80,0x0,0x0,0x0,0x20,0xc0,0x3,0x0,0x6,0x1,0x3,0x1,0x44,0x21,0x4,0x0,0x6,0x2,0x3,0xe3,0xa0,0x84,0x3,0x64,0x7,0x3,0x0,0x3,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0xfc,0xff,0xff,0xff,0x0,0x0,0x0,0x0,0x22,0xfe,0x0,0x0,0x0,0x0,0x0,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x20,0x0,0x25,0x46,0x25,0x46,0x0,0x2,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x47,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x65,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x25,0x25,0x46,0x25,0x46,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x13,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x45,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46, Step #5: \000\000\006\002\003X\006\"\003\000\006\002X\006\"\003\000\006\002\003D\002\300\027\000\006\001\003\001D!\004\000\033\002\003\343\240\240\240\240\240\240\003\003\200\000\000\000 \300\003\000\006\001\003\001D!\004\000\006\002\003\343\240\204\003d\007\003\000\003\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\374\377\377\377\000\000\000\000\"\376\000\000\000\000\000%F%%F%F%F% \000%F%F\000\002%F%%F%F%F%%F%F%F%F%G%%F%F%F%%F%F%F%FeF%%F%F%%%F%FF%F%F%F%%F%F%F%%F%F%F%F%F%%F\023F%F%%F%F%F%F%F%%F%F%F%%F%F%F%F%F%%F%F%F%F%F%%F%E%F%%F%F%F Step #5: artifact_prefix='./'; Test unit written to ./crash-060117dc0908663624f1d45d9e99e6f0fa6d62e7 Step #5: Base64: AAAGAgNYBiIDAAYCWAYiAwAGAgNEAsAXAAYBAwFEIQQAGwID46CgoKCgoAMDgAAAACDAAwAGAQMBRCEEAAYCA+OghANkBwMAAwAAAAAAAAAAAAAAAAAAAPz///8AAAAAIv4AAAAAACVGJSVGJUYlRiUgACVGJUYAAiVGJSVGJUYlRiUlRiVGJUYlRiVHJSVGJUYlRiUlRiVGJUYlRmVGJSVGJUYlJSVGJUZGJUYlRiVGJSVGJUYlRiUlRiVGJUYlRiVGJSVGE0YlRiUlRiVGJUYlRiVGJSVGJUYlRiUlRiVGJUYlRiVGJSVGJUYlRiVGJUYlJUYlRSVGJSVGJUYlRg== Step #5: MERGE-OUTER: attempt 36 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4260874707 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/060117dc0908663624f1d45d9e99e6f0fa6d62e7' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 493 processed earlier; will process 343 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==902==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55c10833aa1c (pc 0x7fcaad6d498c bp 0x7ffc3fa91b40 sp 0x7ffc3fa91b08 T902) Step #5: ==902==The signal is caused by a WRITE memory access. Step #5: #0 0x7fcaad6d498c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55c1083ce23d in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55c1083ce23d in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55c1083cf43c in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55c1083cf43c in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55c1083cf43c in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55c1083cf43c in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55c1083d1dad in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55c1083d1dad in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55c1083d1a05 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:59:5 Step #5: #10 0x55c10836fa7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55c1083788e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55c10835f5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55c10838b2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fcaad56d082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55c108352e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==902==Register values: Step #5: rax = 0x000055c10833aa1c rbx = 0x000055c1083df0b0 rcx = 0x0000000008334263 rdx = 0x0000000000000018 Step #5: rdi = 0x000055c10833aa1c rsi = 0x00007ffc3fa91bb0 rbp = 0x00007ffc3fa91b40 rsp = 0x00007ffc3fa91b08 Step #5: r8 = 0x0000000000009824 r9 = 0x0000000000009824 r10 = 0x0000000000000008 r11 = 0x00007ffc3fb02080 Step #5: r12 = 0x0000000000000000 r13 = 0x00000000000055c1 r14 = 0x0000000000000018 r15 = 0x000055c1083df0b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==902==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x0,0x6,0x2,0x3,0x58,0x6,0x22,0x3,0x0,0x6,0x2,0x58,0x6,0x22,0x3,0x0,0x6,0x2,0x3,0x44,0x2,0xc0,0x17,0x0,0x6,0x1,0x3,0x1,0x44,0x21,0x4,0x0,0x6,0x2,0x3,0xe3,0xa0,0xa0,0xa0,0xa0,0xa0,0xa0,0x3,0x3,0x0,0x0,0x0,0x0,0x20,0xc0,0x3,0x0,0x6,0x1,0x3,0x1,0xa,0x21,0x4,0x0,0x6,0x2,0x3,0xe3,0xa0,0x84,0x3,0x64,0x7,0x3,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x3b,0x2,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x13,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x46,0x25,0x25,0x46,0x25,0x45,0x25,0x46,0x25,0x25,0x46,0x25,0x46,0x25,0x46, Step #5: \000\000\006\002\003X\006\"\003\000\006\002X\006\"\003\000\006\002\003D\002\300\027\000\006\001\003\001D!\004\000\006\002\003\343\240\240\240\240\240\240\003\003\000\000\000\000 \300\003\000\006\001\003\001\012!\004\000\006\002\003\343\240\204\003d\007\003\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000%F%%F%F%F%%F%F%F;\002%F%%F%F%F%%F%F%F%F%F%%F%F%F%%F%F%F%F%F%%F%F%F%%F%F%F%F%F%%F%F%F%%F%F%F%F%F%%F\023F%F%%F%F%F%F%F%%F%F%F%%F%F%F%F%F%%F%F%F%F%F%%F%E%F%%F%F%F Step #5: artifact_prefix='./'; Test unit written to ./crash-a2893dd36fd0a9676534335ef75dfa4f34e2ef92 Step #5: Base64: AAAGAgNYBiIDAAYCWAYiAwAGAgNEAsAXAAYBAwFEIQQABgID46CgoKCgoAMDAAAAACDAAwAGAQMBCiEEAAYCA+OghANkBwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACVGJSVGJUYlRiUlRiVGJUY7AiVGJSVGJUYlRiUlRiVGJUYlRiVGJSVGJUYlRiUlRiVGJUYlRiVGJSVGJUYlRiUlRiVGJUYlRiVGJSVGJUYlRiUlRiVGJUYlRiVGJSVGE0YlRiUlRiVGJUYlRiVGJSVGJUYlRiUlRiVGJUYlRiVGJSVGJUYlRiVGJUYlJUYlRSVGJSVGJUYlRg== Step #5: MERGE-OUTER: attempt 37 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4260923862 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/a2893dd36fd0a9676534335ef75dfa4f34e2ef92' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 495 processed earlier; will process 341 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==906==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffeeacbfff8 (pc 0x55f9ca360744 bp 0x7ffeeb4bd8c0 sp 0x7ffeeacc0000 T906) Step #5: #0 0x55f9ca360744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55f9ca363a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55f9ca363a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55f9ca301a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55f9ca30a8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55f9ca2f15c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55f9ca31d2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fd9fe82d082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55f9ca2e4e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==906==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-e9a2c0cbf19b835d7cb2daf1cd118b08448465e6 Step #5: MERGE-OUTER: attempt 38 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4260980450 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/e9a2c0cbf19b835d7cb2daf1cd118b08448465e6' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 497 processed earlier; will process 339 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==910==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fffd34157d8 (pc 0x7fffd34157d8 bp 0x7fffd34157a0 sp 0x7fffd3415748 T910) Step #5: #0 0x7fffd34157d8 () Step #5: #1 0x561255bf0a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x561255bf0a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x561255b8ea7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x561255b978e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x561255b7e5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x561255baa2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fdf2d30c082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==910==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-29310a3b033c589e2bf3be3702b9e2b4c395d539 Step #5: MERGE-OUTER: attempt 39 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4261027307 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/29310a3b033c589e2bf3be3702b9e2b4c395d539' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 501 processed earlier; will process 335 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==914==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffc8b099ff8 (pc 0x556c19425744 bp 0x7ffc8b898a20 sp 0x7ffc8b09a000 T914) Step #5: #0 0x556c19425744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x556c19428a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x556c19428a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x556c193c6a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x556c193cf8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x556c193b65c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x556c193e22d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f65b7324082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x556c193a9e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==914==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-755e38da8786f6f14a1fbe345825511123b8ac78 Step #5: MERGE-OUTER: attempt 40 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4261083726 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/755e38da8786f6f14a1fbe345825511123b8ac78' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 502 processed earlier; will process 334 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==918==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe26132ff8 (pc 0x55bd302cd744 bp 0x7ffe2692fd60 sp 0x7ffe26133000 T918) Step #5: #0 0x55bd302cd744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55bd302d0a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55bd302d0a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55bd3026ea7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55bd302778e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55bd3025e5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55bd3028a2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f19f21f9082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55bd30251e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==918==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-4cbdde5caa0c12d9bf9456b3840cdcc2eeaefac0 Step #5: MERGE-OUTER: attempt 41 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4261140874 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/4cbdde5caa0c12d9bf9456b3840cdcc2eeaefac0' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 503 processed earlier; will process 333 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==922==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffffe16aff8 (pc 0x5614db46c744 bp 0x7ffffe967ce0 sp 0x7ffffe16b000 T922) Step #5: #0 0x5614db46c744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x5614db46fa18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x5614db46fa18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x5614db40da7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x5614db4168e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x5614db3fd5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x5614db4292d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f5c295b8082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x5614db3f0e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==922==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-6e82b2be6a0b6c3b3f8a8188988e1c0f637296ce Step #5: MERGE-OUTER: attempt 42 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4261197707 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/6e82b2be6a0b6c3b3f8a8188988e1c0f637296ce' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 505 processed earlier; will process 331 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==926==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x564c4c938aa7 (pc 0x7f54d4d5a98c bp 0x7fff4c2dc270 sp 0x7fff4c2dc238 T926) Step #5: ==926==The signal is caused by a WRITE memory access. Step #5: #0 0x7f54d4d5a98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x564c4c9cc23d in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x564c4c9cc23d in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x564c4c9cd43c in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x564c4c9cd43c in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x564c4c9cd43c in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x564c4c9cd43c in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x564c4c9cfdad in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x564c4c9cfdad in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x564c4c9cfa05 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:59:5 Step #5: #10 0x564c4c96da7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x564c4c9768e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x564c4c95d5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x564c4c9892d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f54d4bf3082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x564c4c950e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==926==Register values: Step #5: rax = 0x0000564c4c938aa7 rbx = 0x0000564c4c9dd0b0 rcx = 0x000000004c9321d8 rdx = 0x0000000000000018 Step #5: rdi = 0x0000564c4c938aa7 rsi = 0x00007fff4c2dc2e0 rbp = 0x00007fff4c2dc270 rsp = 0x00007fff4c2dc238 Step #5: r8 = 0x0000000000007824 r9 = 0x0000000000007824 r10 = 0x0000000000000008 r11 = 0x00007fff4c3d1080 Step #5: r12 = 0x0000000000000000 r13 = 0x000000000000564c r14 = 0x0000000000000018 r15 = 0x0000564c4c9dd0b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==926==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-65fb248a595560482f909edf5ccfaf339e58962c Step #5: MERGE-OUTER: attempt 43 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4261246235 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/65fb248a595560482f909edf5ccfaf339e58962c' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 521 processed earlier; will process 315 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==930==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x563eadf221be (pc 0x563eadf20f32 bp 0x7ffc41bce5f0 sp 0x7ffc41bce5c0 T930) Step #5: ==930==The signal is caused by a WRITE memory access. Step #5: #0 0x563eadf20f32 in correct_read_index /src/tinyusb/src/common/tusb_fifo.c:454:13 Step #5: #1 0x563eadf20f32 in tu_fifo_peek_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:473:14 Step #5: #2 0x563eadf2100d in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:509:15 Step #5: #3 0x563eadf21552 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #4 0x563eadf21552 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #5 0x563eadf21552 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #6 0x563eadf24a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #7 0x563eadf24a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #8 0x563eadec2a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #9 0x563eadecb8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #10 0x563eadeb25c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #11 0x563eadede2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #12 0x7f8931c17082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #13 0x563eadea5e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: correct_read_index--tu_fifo_peek_n_access_mode--tu_fifo_read_n_access_mode Step #5: ==930==Register values: Step #5: rax = 0x00000000000056a3 rbx = 0x0000000000000018 rcx = 0x0000000000002d6c rdx = 0x0000000000000018 Step #5: rdi = 0x0000563eadf221b0 rsi = 0x00007ffc41bce628 rbp = 0x00007ffc41bce5f0 rsp = 0x00007ffc41bce5c0 Step #5: r8 = 0x0000000000002d6c r9 = 0x00000000000056a3 r10 = 0x0000000000000008 r11 = 0x00007ffc41bd8080 Step #5: r12 = 0x0000563eade8f698 r13 = 0x0000563eadf221b0 r14 = 0x0000563eb03d0a50 r15 = 0x00007ffc41bce628 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV /src/tinyusb/src/common/tusb_fifo.c:454:13 in correct_read_index Step #5: ==930==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-1105f463d6a7bd470f2cc0a0ab14f1563942b40a Step #5: MERGE-OUTER: attempt 44 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4261294660 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/1105f463d6a7bd470f2cc0a0ab14f1563942b40a' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 523 processed earlier; will process 313 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==934==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffd8dd7aff8 (pc 0x557116e64744 bp 0x7ffd8e578280 sp 0x7ffd8dd7b000 T934) Step #5: #0 0x557116e64744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x557116e67a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x557116e67a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x557116e05a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x557116e0e8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x557116df55c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x557116e212d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f31b0a16082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x557116de8e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==934==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-d7e67abeffb193bf91a42c6acce8bff4ce8a2e34 Step #5: MERGE-OUTER: attempt 45 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4261351278 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/d7e67abeffb193bf91a42c6acce8bff4ce8a2e34' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 527 processed earlier; will process 309 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==938==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffc1e872ff8 (pc 0x5652b2e00744 bp 0x7ffc1f070ec0 sp 0x7ffc1e873000 T938) Step #5: #0 0x5652b2e00744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x5652b2e03a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x5652b2e03a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x5652b2da1a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x5652b2daa8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x5652b2d915c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x5652b2dbd2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fe2cd4b4082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x5652b2d84e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==938==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-1eebbeaa51c09b84419761f1558717bb3490bce9 Step #5: MERGE-OUTER: attempt 46 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4261408147 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/1eebbeaa51c09b84419761f1558717bb3490bce9' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 534 processed earlier; will process 302 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==942==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe754e2ff8 (pc 0x562455a35744 bp 0x7ffe75ce17f0 sp 0x7ffe754e3000 T942) Step #5: #0 0x562455a35744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x562455a38a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x562455a38a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x5624559d6a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x5624559df8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x5624559c65c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x5624559f22d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f02b4244082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x5624559b9e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==942==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-4767c88580bc4ff01303d88cee2af4a311e1b4fb Step #5: MERGE-OUTER: attempt 47 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4261464427 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/4767c88580bc4ff01303d88cee2af4a311e1b4fb' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 536 processed earlier; will process 300 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==946==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55e3e75e7a3e (pc 0x7ffb8828f98c bp 0x7ffdfb227a60 sp 0x7ffdfb227a28 T946) Step #5: ==946==The signal is caused by a WRITE memory access. Step #5: #0 0x7ffb8828f98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55e3e767b23d in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55e3e767b23d in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55e3e767c43c in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55e3e767c43c in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55e3e767c43c in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55e3e767c43c in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55e3e767edad in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55e3e767edad in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55e3e767ea05 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:59:5 Step #5: #10 0x55e3e761ca7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55e3e76258e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55e3e760c5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55e3e76382d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7ffb88128082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55e3e75ffe7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==946==Register values: Step #5: rax = 0x000055e3e75e7a3e rbx = 0x000055e3e768c0b0 rcx = 0x00000000e75e1241 rdx = 0x0000000000000018 Step #5: rdi = 0x000055e3e75e7a3e rsi = 0x00007ffdfb227ad0 rbp = 0x00007ffdfb227a60 rsp = 0x00007ffdfb227a28 Step #5: r8 = 0x0000000000006824 r9 = 0x0000000000006824 r10 = 0x0000000000000008 r11 = 0x000055e3e9a823c0 Step #5: r12 = 0x0000000000000000 r13 = 0x00000000000055e3 r14 = 0x0000000000000018 r15 = 0x000055e3e768c0b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==946==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-3b249f46c35233a404085b2e6d90ac6e98908e3f Step #5: MERGE-OUTER: attempt 48 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4261511963 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/3b249f46c35233a404085b2e6d90ac6e98908e3f' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 544 processed earlier; will process 292 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==950==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe33aadff8 (pc 0x55a9cdc0d744 bp 0x7ffe342ac780 sp 0x7ffe33aae000 T950) Step #5: #0 0x55a9cdc0d744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55a9cdc10a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55a9cdc10a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55a9cdbaea7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55a9cdbb78e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55a9cdb9e5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55a9cdbca2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f4af3142082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55a9cdb91e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==950==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-9a475f8f49dcfda67a73501d3fed6836f79dff6a Step #5: MERGE-OUTER: attempt 49 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4261568883 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/9a475f8f49dcfda67a73501d3fed6836f79dff6a' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 545 processed earlier; will process 291 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==954==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffd34f0dff8 (pc 0x55e1c3122744 bp 0x7ffd3570cb10 sp 0x7ffd34f0e000 T954) Step #5: #0 0x55e1c3122744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55e1c3125a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55e1c3125a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55e1c30c3a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55e1c30cc8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55e1c30b35c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55e1c30df2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fdeb9ccc082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55e1c30a6e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==954==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-b62b125cbe579b76fc321aecc5953faf7e168dfc Step #5: MERGE-OUTER: attempt 50 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4261624985 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/b62b125cbe579b76fc321aecc5953faf7e168dfc' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 548 processed earlier; will process 288 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==958==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffc5542cff8 (pc 0x55c5edd40744 bp 0x7ffc55c2a0c0 sp 0x7ffc5542d000 T958) Step #5: #0 0x55c5edd40744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55c5edd43a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55c5edd43a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55c5edce1a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55c5edcea8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55c5edcd15c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55c5edcfd2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f64ef5fe082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55c5edcc4e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==958==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-4e2ec734789d7ff3df2c038ab1eb193eb0990686 Step #5: MERGE-OUTER: attempt 51 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4261682047 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/4e2ec734789d7ff3df2c038ab1eb193eb0990686' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 564 processed earlier; will process 272 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==962==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x564970d251be (pc 0x564970d63f32 bp 0x7ffe17f0f1e0 sp 0x7ffe17f0f1b0 T962) Step #5: ==962==The signal is caused by a WRITE memory access. Step #5: #0 0x564970d63f32 in correct_read_index /src/tinyusb/src/common/tusb_fifo.c:454:13 Step #5: #1 0x564970d63f32 in tu_fifo_peek_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:473:14 Step #5: #2 0x564970d6400d in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:509:15 Step #5: #3 0x564970d64552 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #4 0x564970d64552 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #5 0x564970d64552 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #6 0x564970d67a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #7 0x564970d67a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #8 0x564970d05a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #9 0x564970d0e8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #10 0x564970cf55c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #11 0x564970d212d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #12 0x7f7e4cabb082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #13 0x564970ce8e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: correct_read_index--tu_fifo_peek_n_access_mode--tu_fifo_read_n_access_mode Step #5: ==962==Register values: Step #5: rax = 0x0000000000004ce7 rbx = 0x0000000000000018 rcx = 0x0000000000001301 rdx = 0x0000000000000018 Step #5: rdi = 0x0000564970d251b0 rsi = 0x00007ffe17f0f218 rbp = 0x00007ffe17f0f1e0 rsp = 0x00007ffe17f0f1b0 Step #5: r8 = 0x0000000000001301 r9 = 0x0000000000004ce7 r10 = 0x0000000000000008 r11 = 0x00005649731f03c0 Step #5: r12 = 0x0000564970cd2698 r13 = 0x0000564970d251b0 r14 = 0x00005649731f1450 r15 = 0x00007ffe17f0f218 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV /src/tinyusb/src/common/tusb_fifo.c:454:13 in correct_read_index Step #5: ==962==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-d27a67487d64cf0ec542e85010b8f569f35cee71 Step #5: MERGE-OUTER: attempt 52 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4261729760 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/d27a67487d64cf0ec542e85010b8f569f35cee71' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 570 processed earlier; will process 266 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==966==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffd6c8e6ff8 (pc 0x5577348ea744 bp 0x7ffd6d0e4850 sp 0x7ffd6c8e7000 T966) Step #5: #0 0x5577348ea744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x5577348eda18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x5577348eda18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55773488ba7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x5577348948e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55773487b5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x5577348a72d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fe220beb082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55773486ee7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==966==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-032f4abb38b40886151736f9b4d6747a9a3781ef Step #5: MERGE-OUTER: attempt 53 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4261786314 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/032f4abb38b40886151736f9b4d6747a9a3781ef' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 576 processed earlier; will process 260 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==970==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe1667fff8 (pc 0x55fb41182744 bp 0x7ffe16e7dc20 sp 0x7ffe16680000 T970) Step #5: #0 0x55fb41182744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55fb41185a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55fb41185a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55fb41123a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55fb4112c8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55fb411135c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55fb4113f2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f1346722082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55fb41106e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==970==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-fea6f34be3aa3bb14d966f7f0610d8beea8ce2e1 Step #5: MERGE-OUTER: attempt 54 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4261842374 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/regressions/fea6f34be3aa3bb14d966f7f0610d8beea8ce2e1' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 578 processed earlier; will process 258 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==974==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffeb7bd1ff8 (pc 0x55f9e4b4a744 bp 0x7ffeb83d0310 sp 0x7ffeb7bd2000 T974) Step #5: #0 0x55f9e4b4a744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55f9e4b4da18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55f9e4b4da18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55f9e4aeba7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55f9e4af48e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55f9e4adb5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55f9e4b072d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f7568d95082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55f9e4acee7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==974==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-b8a6b8f35c57bfba9b2d1c0356079f492a8fe27b Step #5: MERGE-OUTER: attempt 55 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4261898472 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/b8a6b8f35c57bfba9b2d1c0356079f492a8fe27b' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 581 processed earlier; will process 255 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==978==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffda1d97ff8 (pc 0x562105120744 bp 0x7ffda25960e0 sp 0x7ffda1d98000 T978) Step #5: #0 0x562105120744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x562105123a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x562105123a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x5621050c1a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x5621050ca8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x5621050b15c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x5621050dd2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7ff672ec1082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x5621050a4e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==978==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-4a7911893a4479d210fbd23c5ce78015a526bd46 Step #5: MERGE-OUTER: attempt 56 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4261956193 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/regressions/4a7911893a4479d210fbd23c5ce78015a526bd46' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 586 processed earlier; will process 250 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==982==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffd62160ff8 (pc 0x55ea71870744 bp 0x7ffd6295e460 sp 0x7ffd62161000 T982) Step #5: #0 0x55ea71870744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55ea71873a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55ea71873a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55ea71811a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55ea7181a8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55ea718015c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55ea7182d2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f355ad6b082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55ea717f4e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==982==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-4a7911893a4479d210fbd23c5ce78015a526bd46 Step #5: MERGE-OUTER: attempt 57 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4262012983 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/4a7911893a4479d210fbd23c5ce78015a526bd46' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 587 processed earlier; will process 249 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==986==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fffba52eff8 (pc 0x564969656744 bp 0x7fffbad2cd90 sp 0x7fffba52f000 T986) Step #5: #0 0x564969656744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x564969659a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x564969659a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x5649695f7a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x5649696008e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x5649695e75c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x5649696132d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fa0359fc082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x5649695dae7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==986==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-54c2d49d6cce0bc5c719ebfd047df8d38948622a Step #5: MERGE-OUTER: attempt 58 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4262070518 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/54c2d49d6cce0bc5c719ebfd047df8d38948622a' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 598 processed earlier; will process 238 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==990==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffcc040dff8 (pc 0x55bb84fac744 bp 0x7ffcc0c0b330 sp 0x7ffcc040e000 T990) Step #5: #0 0x55bb84fac744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55bb84fafa18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55bb84fafa18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55bb84f4da7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55bb84f568e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55bb84f3d5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55bb84f692d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f80254ae082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55bb84f30e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==990==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-7db818d53acbc4e811ef4818937faf02330b3934 Step #5: MERGE-OUTER: attempt 59 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4262127141 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/7db818d53acbc4e811ef4818937faf02330b3934' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 600 processed earlier; will process 236 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==994==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55e43bf0b1be (pc 0x55e43bf39f32 bp 0x7fff387e6ff0 sp 0x7fff387e6fc0 T994) Step #5: ==994==The signal is caused by a WRITE memory access. Step #5: #0 0x55e43bf39f32 in correct_read_index /src/tinyusb/src/common/tusb_fifo.c:454:13 Step #5: #1 0x55e43bf39f32 in tu_fifo_peek_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:473:14 Step #5: #2 0x55e43bf3a00d in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:509:15 Step #5: #3 0x55e43bf3a552 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #4 0x55e43bf3a552 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #5 0x55e43bf3a552 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #6 0x55e43bf3da18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #7 0x55e43bf3da18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #8 0x55e43bedba7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #9 0x55e43bee48e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #10 0x55e43becb5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #11 0x55e43bef72d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #12 0x7fee667ca082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #13 0x55e43bebee7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: correct_read_index--tu_fifo_peek_n_access_mode--tu_fifo_read_n_access_mode Step #5: ==994==Register values: Step #5: rax = 0x0000000000000f41 rbx = 0x0000000000000018 rcx = 0x0000000000003625 rdx = 0x0000000000000018 Step #5: rdi = 0x000055e43bf0b1b0 rsi = 0x00007fff387e7028 rbp = 0x00007fff387e6ff0 rsp = 0x00007fff387e6fc0 Step #5: r8 = 0x0000000000003625 r9 = 0x0000000000000f41 r10 = 0x0000000000000008 r11 = 0x000055e43d76435b Step #5: r12 = 0x000055e43bea8698 r13 = 0x000055e43bf0b1b0 r14 = 0x000055e43d763e90 r15 = 0x00007fff387e7028 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV /src/tinyusb/src/common/tusb_fifo.c:454:13 in correct_read_index Step #5: ==994==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-64f82e32d9c6cdded7b3d2a5227dc1227efb7061 Step #5: MERGE-OUTER: attempt 60 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4262174424 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/64f82e32d9c6cdded7b3d2a5227dc1227efb7061' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 602 processed earlier; will process 234 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==998==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffcce47bff8 (pc 0x5644026cf744 bp 0x7ffccec7aaf0 sp 0x7ffcce47c000 T998) Step #5: #0 0x5644026cf744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x5644026d2a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x5644026d2a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x564402670a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x5644026798e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x5644026605c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x56440268c2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f9918cf4082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x564402653e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==998==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-ac53cb26f6214c800ece689aeea945f12fcdc846 Step #5: MERGE-OUTER: attempt 61 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4262231482 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/ac53cb26f6214c800ece689aeea945f12fcdc846' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 615 processed earlier; will process 221 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1002==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffc243cbff8 (pc 0x55ebf5660744 bp 0x7ffc24bca3b0 sp 0x7ffc243cc000 T1002) Step #5: #0 0x55ebf5660744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55ebf5663a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55ebf5663a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55ebf5601a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55ebf560a8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55ebf55f15c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55ebf561d2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f3e98a70082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55ebf55e4e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1002==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-29cb60b58b603b252346df31a2476fddf99bef4d Step #5: MERGE-OUTER: attempt 62 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4262288082 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/29cb60b58b603b252346df31a2476fddf99bef4d' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 616 processed earlier; will process 220 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1006==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffdf143aff8 (pc 0x559a69030744 bp 0x7ffdf1c37d70 sp 0x7ffdf143b000 T1006) Step #5: #0 0x559a69030744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x559a69033a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x559a69033a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x559a68fd1a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x559a68fda8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x559a68fc15c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x559a68fed2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f8ae16dd082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x559a68fb4e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1006==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-f5d21f27ec9dd9d77c62c771cdb6792a54f2edf0 Step #5: MERGE-OUTER: attempt 63 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4262344889 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/f5d21f27ec9dd9d77c62c771cdb6792a54f2edf0' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 623 processed earlier; will process 213 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1010==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffd18d55ff8 (pc 0x562a13ea7744 bp 0x7ffd195541d0 sp 0x7ffd18d56000 T1010) Step #5: #0 0x562a13ea7744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x562a13eaaa18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x562a13eaaa18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x562a13e48a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x562a13e518e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x562a13e385c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x562a13e642d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f77bffe3082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x562a13e2be7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1010==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-4c2ab2a3b3ca9d1f66e1bcc6763e6a1bf51ef869 Step #5: MERGE-OUTER: attempt 64 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4262401351 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/4c2ab2a3b3ca9d1f66e1bcc6763e6a1bf51ef869' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 625 processed earlier; will process 211 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1014==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffecdd97ff8 (pc 0x55f8532ed744 bp 0x7ffece595210 sp 0x7ffecdd98000 T1014) Step #5: #0 0x55f8532ed744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55f8532f0a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55f8532f0a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55f85328ea7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55f8532978e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55f85327e5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55f8532aa2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f37ff764082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55f853271e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1014==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-470a2828fa6272291bb9ca04552006cdbe89c228 Step #5: MERGE-OUTER: attempt 65 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4262458140 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/470a2828fa6272291bb9ca04552006cdbe89c228' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 626 processed earlier; will process 210 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1018==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x561bdc64ea60 (pc 0x561bdc64ea60 bp 0x0000000001f4 sp 0x7ffe2b5a1508 T1018) Step #5: ==1018==The signal is caused by a READ memory access. Step #5: ==1018==Hint: PC is at a non-executable region. Maybe a wild jump? Step #5: #0 0x561bdc64ea60 () Step #5: Step #5: ==1018==Register values: Step #5: rax = 0x0000561bdaee5401 rbx = 0x0000000000000001 rcx = 0x0000000000000018 rdx = 0x0000000000000180 Step #5: rdi = 0x0000000000000001 rsi = 0x0000000000000018 rbp = 0x00000000000001f4 rsp = 0x00007ffe2b5a1508 Step #5: r8 = 0x0000000000000000 r9 = 0x0000000000000180 r10 = 0xfffffffffffff04a r11 = 0x00007f914128c6d0 Step #5: r12 = 0x00007ffe2b5a08ff r13 = 0x0000561bdaee5493 r14 = 0x0000000000000001 r15 = 0x0000561bdc62e678 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV () Step #5: ==1018==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-d7e3b6fb89182c7ff500bc8dcc653e0a9f11185a Step #5: MERGE-OUTER: attempt 66 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4262474220 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/d7e3b6fb89182c7ff500bc8dcc653e0a9f11185a' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 627 processed earlier; will process 209 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1021==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffd014a0ff8 (pc 0x55b6e4291744 bp 0x7ffd01c9f640 sp 0x7ffd014a1000 T1021) Step #5: #0 0x55b6e4291744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55b6e4294a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55b6e4294a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55b6e4232a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55b6e423b8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55b6e42225c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55b6e424e2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fd0dc5dd082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55b6e4215e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1021==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-c72207ccf0f1ac862b85ce17e2703a2b24c48bfd Step #5: MERGE-OUTER: attempt 67 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4262530690 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/c72207ccf0f1ac862b85ce17e2703a2b24c48bfd' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 628 processed earlier; will process 208 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1025==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fff07404ff8 (pc 0x563e37dcf744 bp 0x7fff07c020e0 sp 0x7fff07405000 T1025) Step #5: #0 0x563e37dcf744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x563e37dd2a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x563e37dd2a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x563e37d70a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x563e37d798e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x563e37d605c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x563e37d8c2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fe72ce58082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x563e37d53e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1025==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-fefd8b78e7dec94c082720321643bbfbd041375e Step #5: MERGE-OUTER: attempt 68 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4262587587 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/fefd8b78e7dec94c082720321643bbfbd041375e' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 629 processed earlier; will process 207 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1029==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffcf3007ff8 (pc 0x55f6f5733744 bp 0x7ffcf3806320 sp 0x7ffcf3008000 T1029) Step #5: #0 0x55f6f5733744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55f6f5736a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55f6f5736a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55f6f56d4a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55f6f56dd8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55f6f56c45c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55f6f56f02d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fa1fa79f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55f6f56b7e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1029==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-bfe510836751617877970f94f1ae022a537fbd02 Step #5: MERGE-OUTER: attempt 69 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4262644567 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/bfe510836751617877970f94f1ae022a537fbd02' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 631 processed earlier; will process 205 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1033==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffda6681ff8 (pc 0x55a69d962744 bp 0x7ffda6e80c80 sp 0x7ffda6682000 T1033) Step #5: #0 0x55a69d962744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55a69d965a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55a69d965a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55a69d903a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55a69d90c8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55a69d8f35c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55a69d91f2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f3875a91082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55a69d8e6e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1033==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-6c915603609ea9511ac32749825e816546cacf36 Step #5: MERGE-OUTER: attempt 70 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4262701706 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/6c915603609ea9511ac32749825e816546cacf36' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 637 processed earlier; will process 199 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1037==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55a256c0e1be (pc 0x55a256c4cf32 bp 0x7fff9d3db230 sp 0x7fff9d3db200 T1037) Step #5: ==1037==The signal is caused by a WRITE memory access. Step #5: #0 0x55a256c4cf32 in correct_read_index /src/tinyusb/src/common/tusb_fifo.c:454:13 Step #5: #1 0x55a256c4cf32 in tu_fifo_peek_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:473:14 Step #5: #2 0x55a256c4d00d in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:509:15 Step #5: #3 0x55a256c4d552 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #4 0x55a256c4d552 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #5 0x55a256c4d552 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #6 0x55a256c50a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #7 0x55a256c50a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #8 0x55a256beea7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #9 0x55a256bf78e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #10 0x55a256bde5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #11 0x55a256c0a2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #12 0x7fae6bb45082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #13 0x55a256bd1e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: correct_read_index--tu_fifo_peek_n_access_mode--tu_fifo_read_n_access_mode Step #5: ==1037==Register values: Step #5: rax = 0x0000000000004ce7 rbx = 0x0000000000000018 rcx = 0x0000000000001301 rdx = 0x0000000000000018 Step #5: rdi = 0x000055a256c0e1b0 rsi = 0x00007fff9d3db268 rbp = 0x00007fff9d3db230 rsp = 0x00007fff9d3db200 Step #5: r8 = 0x0000000000001301 r9 = 0x0000000000004ce7 r10 = 0x0000000000000008 r11 = 0x000055a2582e8267 Step #5: r12 = 0x000055a256bbb698 r13 = 0x000055a256c0e1b0 r14 = 0x000055a2582e7a60 r15 = 0x00007fff9d3db268 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV /src/tinyusb/src/common/tusb_fifo.c:454:13 in correct_read_index Step #5: ==1037==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-0208317c98fbd71e8dd5642a7786f60ae231d385 Step #5: MERGE-OUTER: attempt 71 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4262749260 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/0208317c98fbd71e8dd5642a7786f60ae231d385' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 640 processed earlier; will process 196 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1041==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffc710d6ff8 (pc 0x55a8ed36a744 bp 0x7ffc718d5bb0 sp 0x7ffc710d7000 T1041) Step #5: #0 0x55a8ed36a744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55a8ed36da18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55a8ed36da18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55a8ed30ba7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55a8ed3148e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55a8ed2fb5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55a8ed3272d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f3d31eba082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55a8ed2eee7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1041==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-d8b1fde57a8ab068c660dbd7ca179b26ded72f35 Step #5: MERGE-OUTER: attempt 72 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4262806006 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/d8b1fde57a8ab068c660dbd7ca179b26ded72f35' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 649 processed earlier; will process 187 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1045==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fff66f64ff8 (pc 0x55d49c51d744 bp 0x7fff67762740 sp 0x7fff66f65000 T1045) Step #5: #0 0x55d49c51d744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55d49c520a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55d49c520a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55d49c4bea7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55d49c4c78e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55d49c4ae5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55d49c4da2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f262ed6e082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55d49c4a1e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1045==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-69a2ff25df46ed29e5eab11cc79f6d80829bb9e3 Step #5: MERGE-OUTER: attempt 73 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4262863391 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/69a2ff25df46ed29e5eab11cc79f6d80829bb9e3' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 660 processed earlier; will process 176 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1049==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x562b218ac1be (pc 0x562b218aaf32 bp 0x7fff28a340d0 sp 0x7fff28a340a0 T1049) Step #5: ==1049==The signal is caused by a WRITE memory access. Step #5: #0 0x562b218aaf32 in correct_read_index /src/tinyusb/src/common/tusb_fifo.c:454:13 Step #5: #1 0x562b218aaf32 in tu_fifo_peek_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:473:14 Step #5: #2 0x562b218ab00d in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:509:15 Step #5: #3 0x562b218ab552 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #4 0x562b218ab552 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #5 0x562b218ab552 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #6 0x562b218aea18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #7 0x562b218aea18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #8 0x562b2184ca7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #9 0x562b218558e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #10 0x562b2183c5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #11 0x562b218682d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #12 0x7fa0d447b082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #13 0x562b2182fe7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: correct_read_index--tu_fifo_peek_n_access_mode--tu_fifo_read_n_access_mode Step #5: ==1049==Register values: Step #5: rax = 0x00000000000056a3 rbx = 0x0000000000000018 rcx = 0x0000000000002d6c rdx = 0x0000000000000018 Step #5: rdi = 0x0000562b218ac1b0 rsi = 0x00007fff28a34108 rbp = 0x00007fff28a340d0 rsp = 0x00007fff28a340a0 Step #5: r8 = 0x0000000000002d6c r9 = 0x00000000000056a3 r10 = 0x0000000000000008 r11 = 0x0000562b23a4a8ce Step #5: r12 = 0x0000562b21819698 r13 = 0x0000562b218ac1b0 r14 = 0x0000562b23a49a60 r15 = 0x00007fff28a34108 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV /src/tinyusb/src/common/tusb_fifo.c:454:13 in correct_read_index Step #5: ==1049==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-5e0e906f026d7553c917b341ecd212e31fb91225 Step #5: MERGE-OUTER: attempt 74 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4262911174 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/5e0e906f026d7553c917b341ecd212e31fb91225' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 663 processed earlier; will process 173 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1053==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe3861a088 (pc 0x7ffe3861a088 bp 0x7ffe3861a050 sp 0x7ffe38619ff8 T1053) Step #5: #0 0x7ffe3861a088 () Step #5: #1 0x55da17b50a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55da17b50a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55da17aeea7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55da17af78e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55da17ade5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55da17b0a2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f1f07c9c082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==1053==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-d68de9c24e05516269b0a0f4fd61e9fcb8361dcd Step #5: MERGE-OUTER: attempt 75 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4262958027 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/d68de9c24e05516269b0a0f4fd61e9fcb8361dcd' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 672 processed earlier; will process 164 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1057==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55cbd6c8a1be (pc 0x55cbd6cc8f32 bp 0x7fff95fa8700 sp 0x7fff95fa86d0 T1057) Step #5: ==1057==The signal is caused by a WRITE memory access. Step #5: #0 0x55cbd6cc8f32 in correct_read_index /src/tinyusb/src/common/tusb_fifo.c:454:13 Step #5: #1 0x55cbd6cc8f32 in tu_fifo_peek_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:473:14 Step #5: #2 0x55cbd6cc900d in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:509:15 Step #5: #3 0x55cbd6cc9552 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #4 0x55cbd6cc9552 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #5 0x55cbd6cc9552 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #6 0x55cbd6ccca18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #7 0x55cbd6ccca18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #8 0x55cbd6c6aa7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #9 0x55cbd6c738e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #10 0x55cbd6c5a5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #11 0x55cbd6c862d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #12 0x7fd3b4754082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #13 0x55cbd6c4de7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: correct_read_index--tu_fifo_peek_n_access_mode--tu_fifo_read_n_access_mode Step #5: ==1057==Register values: Step #5: rax = 0x0000000000004ce7 rbx = 0x0000000000000018 rcx = 0x0000000000001301 rdx = 0x0000000000000018 Step #5: rdi = 0x000055cbd6c8a1b0 rsi = 0x00007fff95fa8738 rbp = 0x00007fff95fa8700 rsp = 0x00007fff95fa86d0 Step #5: r8 = 0x0000000000001301 r9 = 0x0000000000004ce7 r10 = 0x000055cbd9162010 r11 = 0x000055cbd91756f0 Step #5: r12 = 0x000055cbd6c37698 r13 = 0x000055cbd6c8a1b0 r14 = 0x000055cbd9195a60 r15 = 0x00007fff95fa8738 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV /src/tinyusb/src/common/tusb_fifo.c:454:13 in correct_read_index Step #5: ==1057==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-df6b9dd99aef7bedb0d0ba4013d19827a9eb6181 Step #5: MERGE-OUTER: attempt 76 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4263005364 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/df6b9dd99aef7bedb0d0ba4013d19827a9eb6181' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 679 processed earlier; will process 157 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1061==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffced395ff8 (pc 0x55db7ee6f744 bp 0x7ffcedb93630 sp 0x7ffced396000 T1061) Step #5: #0 0x55db7ee6f744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55db7ee72a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55db7ee72a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55db7ee10a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55db7ee198e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55db7ee005c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55db7ee2c2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f925aef2082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55db7edf3e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1061==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-f7c8aff5c4775378a40a936a4fc74905da933c5c Step #5: MERGE-OUTER: attempt 77 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4263061540 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/f7c8aff5c4775378a40a936a4fc74905da933c5c' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 685 processed earlier; will process 151 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1065==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffd35ab8ff8 (pc 0x556e92c9a744 bp 0x7ffd362b5e40 sp 0x7ffd35ab9000 T1065) Step #5: #0 0x556e92c9a744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x556e92c9da18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x556e92c9da18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x556e92c3ba7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x556e92c448e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x556e92c2b5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x556e92c572d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fb1c2b0b082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x556e92c1ee7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1065==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-9fd184ee94b4dd3a640da8d1893abc6379669caf Step #5: MERGE-OUTER: attempt 78 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4263117927 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/9fd184ee94b4dd3a640da8d1893abc6379669caf' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 687 processed earlier; will process 149 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1069==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffdcf205ff8 (pc 0x55dc9645f744 bp 0x7ffdcfa04090 sp 0x7ffdcf206000 T1069) Step #5: #0 0x55dc9645f744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55dc96462a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55dc96462a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55dc96400a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55dc964098e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55dc963f05c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55dc9641c2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fbd9dc24082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55dc963e3e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1069==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-e6620fb3be644f59ef8c80a8ce08dc0ddcc76a04 Step #5: MERGE-OUTER: attempt 79 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4263174566 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/e6620fb3be644f59ef8c80a8ce08dc0ddcc76a04' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 690 processed earlier; will process 146 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1073==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffc574c4ff8 (pc 0x56029f459744 bp 0x7ffc57cc2ec0 sp 0x7ffc574c5000 T1073) Step #5: #0 0x56029f459744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x56029f45ca18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x56029f45ca18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x56029f3faa7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x56029f4038e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x56029f3ea5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x56029f4162d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fc359d6c082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x56029f3dde7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1073==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-58e74df5848fb38f52ac478e5f0745e7fe1bc74d Step #5: MERGE-OUTER: attempt 80 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4263230723 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/58e74df5848fb38f52ac478e5f0745e7fe1bc74d' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 691 processed earlier; will process 145 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1077==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffd9cf36ff8 (pc 0x565286e40744 bp 0x7ffd9d7349e0 sp 0x7ffd9cf37000 T1077) Step #5: #0 0x565286e40744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x565286e43a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x565286e43a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x565286de1a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x565286dea8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x565286dd15c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x565286dfd2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f5cfc468082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x565286dc4e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1077==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-ae8db7a5b7122e552a02d023e0666de9e9920ff1 Step #5: MERGE-OUTER: attempt 81 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4263287292 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/ae8db7a5b7122e552a02d023e0666de9e9920ff1' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 697 processed earlier; will process 139 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: #16 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1081==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55fad58b6a55 (pc 0x7f7f71db098c bp 0x7ffdc3a3e120 sp 0x7ffdc3a3e0e8 T1081) Step #5: ==1081==The signal is caused by a WRITE memory access. Step #5: #0 0x7f7f71db098c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55fad594a23d in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55fad594a23d in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55fad594b43c in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55fad594b43c in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55fad594b43c in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55fad594b43c in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55fad594df40 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x55fad594df40 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x55fad594da05 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:59:5 Step #5: #10 0x55fad58eba7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55fad58f48e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55fad58db5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55fad59072d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f7f71c49082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55fad58cee7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1081==Register values: Step #5: rax = 0x000055fad58b6a55 rbx = 0x000055fad595b0b0 rcx = 0x00000000d58b022a rdx = 0x0000000000000018 Step #5: rdi = 0x000055fad58b6a55 rsi = 0x00007ffdc3a3e190 rbp = 0x00007ffdc3a3e120 rsp = 0x00007ffdc3a3e0e8 Step #5: r8 = 0x0000000000005824 r9 = 0x0000000000005824 r10 = 0x000055fad7e50010 r11 = 0x00007f7f71e11be0 Step #5: r12 = 0x0000000000000002 r13 = 0x00000000000055fa r14 = 0x0000000000000018 r15 = 0x000055fad595b0b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1081==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-a11481bba8b07cfe970f9239d7d458c79eb61c2a Step #5: MERGE-OUTER: attempt 82 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4263336800 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/a11481bba8b07cfe970f9239d7d458c79eb61c2a' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 714 processed earlier; will process 122 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1085==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe3b94bff8 (pc 0x5562166f9744 bp 0x7ffe3c149a00 sp 0x7ffe3b94c000 T1085) Step #5: #0 0x5562166f9744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x5562166fca18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x5562166fca18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55621669aa7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x5562166a38e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55621668a5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x5562166b62d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fa4a7162082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55621667de7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1085==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-cfcde6c528e97dfa3375dda027605632ea60457c Step #5: MERGE-OUTER: attempt 83 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4263394999 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/cfcde6c528e97dfa3375dda027605632ea60457c' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 721 processed earlier; will process 115 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1089==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe661eeff8 (pc 0x55aae365b744 bp 0x7ffe669ebef0 sp 0x7ffe661ef000 T1089) Step #5: #0 0x55aae365b744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55aae365ea18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55aae365ea18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55aae35fca7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55aae36058e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55aae35ec5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55aae36182d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fb71c3cb082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55aae35dfe7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1089==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-a92309619260ce6196de459463abc896284984a6 Step #5: MERGE-OUTER: attempt 84 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4263452868 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/a92309619260ce6196de459463abc896284984a6' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 722 processed earlier; will process 114 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1093==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffdca7daff8 (pc 0x5643e748e744 bp 0x7ffdcafd89d0 sp 0x7ffdca7db000 T1093) Step #5: #0 0x5643e748e744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x5643e7491a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x5643e7491a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x5643e742fa7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x5643e74388e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x5643e741f5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x5643e744b2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f9019687082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x5643e7412e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1093==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-28b7494a048e6c6623a0a8d1133f56a2b6758a94 Step #5: MERGE-OUTER: attempt 85 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4263509632 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/28b7494a048e6c6623a0a8d1133f56a2b6758a94' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 726 processed earlier; will process 110 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1097==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffecd408ff8 (pc 0x55d80b278744 bp 0x7ffecdc075f0 sp 0x7ffecd409000 T1097) Step #5: #0 0x55d80b278744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55d80b27ba18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55d80b27ba18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55d80b219a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55d80b2228e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55d80b2095c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55d80b2352d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f7c166d2082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55d80b1fce7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1097==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-25952cb049e06e41792d58c6a07dc7d98be142f3 Step #5: MERGE-OUTER: attempt 86 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4263567403 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/25952cb049e06e41792d58c6a07dc7d98be142f3' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 738 processed earlier; will process 98 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1101==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fff8e426f38 (pc 0x7fff8e426f38 bp 0x7fff8e426f00 sp 0x7fff8e426ea8 T1101) Step #5: #0 0x7fff8e426f38 () Step #5: #1 0x56240f69ca18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x56240f69ca18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x56240f63aa7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x56240f6438e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x56240f62a5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x56240f6562d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7ff8a69a2082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==1101==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-d2e64c8391c616005a37f8e3533afbbdc348193c Step #5: MERGE-OUTER: attempt 87 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4263615344 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/d2e64c8391c616005a37f8e3533afbbdc348193c' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 753 processed earlier; will process 83 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1105==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffda0151ff8 (pc 0x56329187d744 bp 0x7ffda094ef60 sp 0x7ffda0152000 T1105) Step #5: #0 0x56329187d744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x563291880a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x563291880a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x56329181ea7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x5632918278e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x56329180e5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x56329183a2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fbc47140082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x563291801e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1105==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-3a9de090d23e3794369cc6d7d7a864112800fa34 Step #5: MERGE-OUTER: attempt 88 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4263673314 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/3a9de090d23e3794369cc6d7d7a864112800fa34' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 756 processed earlier; will process 80 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1109==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffd38121ff8 (pc 0x55aaf88f6744 bp 0x7ffd38920cb0 sp 0x7ffd38122000 T1109) Step #5: #0 0x55aaf88f6744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55aaf88f9a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55aaf88f9a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55aaf8897a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55aaf88a08e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55aaf88875c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55aaf88b32d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fce289a4082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55aaf887ae7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1109==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-dc9b158ef17d5638854f48a126f1ce504112c408 Step #5: MERGE-OUTER: attempt 89 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4263730822 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/dc9b158ef17d5638854f48a126f1ce504112c408' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 766 processed earlier; will process 70 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1113==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffce73fdff8 (pc 0x55737d3f7744 bp 0x7ffce7bfc4f0 sp 0x7ffce73fe000 T1113) Step #5: #0 0x55737d3f7744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55737d3faa18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55737d3faa18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55737d398a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55737d3a18e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55737d3885c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55737d3b42d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f9ee0c8c082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55737d37be7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1113==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-c2cae913b2f0200dcc8e3ecd096e599b12c8f122 Step #5: MERGE-OUTER: attempt 90 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4263788583 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/c2cae913b2f0200dcc8e3ecd096e599b12c8f122' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 767 processed earlier; will process 69 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1117==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffec9b42ff8 (pc 0x56387b640744 bp 0x7ffeca340a40 sp 0x7ffec9b43000 T1117) Step #5: #0 0x56387b640744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x56387b643a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x56387b643a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x56387b5e1a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x56387b5ea8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x56387b5d15c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x56387b5fd2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f915c9c6082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x56387b5c4e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1117==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-261330ca61d3cfaf6b78ca10c0a2a13c2312acf4 Step #5: MERGE-OUTER: attempt 91 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4263848212 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/261330ca61d3cfaf6b78ca10c0a2a13c2312acf4' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 781 processed earlier; will process 55 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 29Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1121==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffcf51dd318 (pc 0x7ffcf51dd318 bp 0x7ffcf51dd2e0 sp 0x7ffcf51dd288 T1121) Step #5: #0 0x7ffcf51dd318 () Step #5: #1 0x562ceead3a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x562ceead3a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x562ceea71a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x562ceea7a8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x562ceea615c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x562ceea8d2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f24952da082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==1121==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-767bfc53514697b15e523e2b4cafdbf6e58b3e83 Step #5: MERGE-OUTER: attempt 92 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4263898697 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/767bfc53514697b15e523e2b4cafdbf6e58b3e83' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 790 processed earlier; will process 46 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1125==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffcd0c60ff8 (pc 0x55bfe7261744 bp 0x7ffcd145eb30 sp 0x7ffcd0c61000 T1125) Step #5: #0 0x55bfe7261744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55bfe7264a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55bfe7264a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55bfe7202a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55bfe720b8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55bfe71f25c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55bfe721e2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f987053f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55bfe71e5e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1125==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-92277c2849695dc316e8f84ee06fa3fca15c4394 Step #5: MERGE-OUTER: attempt 93 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4263957729 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/92277c2849695dc316e8f84ee06fa3fca15c4394' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 792 processed earlier; will process 44 files now Step #5: #1 pulse exec/s: 0 rss: 29Mb Step #5: #2 pulse exec/s: 0 rss: 29Mb Step #5: #4 pulse exec/s: 0 rss: 29Mb Step #5: #8 pulse exec/s: 0 rss: 29Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1129==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x555654ba01be (pc 0x555654b9ef32 bp 0x7ffef45ef3f0 sp 0x7ffef45ef3c0 T1129) Step #5: ==1129==The signal is caused by a WRITE memory access. Step #5: #0 0x555654b9ef32 in correct_read_index /src/tinyusb/src/common/tusb_fifo.c:454:13 Step #5: #1 0x555654b9ef32 in tu_fifo_peek_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:473:14 Step #5: #2 0x555654b9f00d in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:509:15 Step #5: #3 0x555654b9f552 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #4 0x555654b9f552 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #5 0x555654b9f552 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #6 0x555654ba2a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #7 0x555654ba2a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #8 0x555654b40a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #9 0x555654b498e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #10 0x555654b305c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #11 0x555654b5c2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #12 0x7fe181da9082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #13 0x555654b23e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: correct_read_index--tu_fifo_peek_n_access_mode--tu_fifo_read_n_access_mode Step #5: ==1129==Register values: Step #5: rax = 0x00000000000056a3 rbx = 0x0000000000000018 rcx = 0x0000000000002d6c rdx = 0x0000000000000018 Step #5: rdi = 0x0000555654ba01b0 rsi = 0x00007ffef45ef428 rbp = 0x00007ffef45ef3f0 rsp = 0x00007ffef45ef3c0 Step #5: r8 = 0x0000000000002d6c r9 = 0x00000000000056a3 r10 = 0x0000555656f1c000 r11 = 0xfffffffffffff000 Step #5: r12 = 0x0000555654b0d698 r13 = 0x0000555654ba01b0 r14 = 0x0000555656ebbaa0 r15 = 0x00007ffef45ef428 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV /src/tinyusb/src/common/tusb_fifo.c:454:13 in correct_read_index Step #5: ==1129==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-9ce1a9435ae338bcdb29be783463f87801749cae Step #5: MERGE-OUTER: attempt 94 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4264014792 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/9ce1a9435ae338bcdb29be783463f87801749cae' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 803 processed earlier; will process 33 files now Step #5: #1 pulse exec/s: 0 rss: 29Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1133==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55dd17e211be (pc 0x55dd17e4ff32 bp 0x7fffe54e1c20 sp 0x7fffe54e1bf0 T1133) Step #5: ==1133==The signal is caused by a WRITE memory access. Step #5: #0 0x55dd17e4ff32 in correct_read_index /src/tinyusb/src/common/tusb_fifo.c:454:13 Step #5: #1 0x55dd17e4ff32 in tu_fifo_peek_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:473:14 Step #5: #2 0x55dd17e5000d in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:509:15 Step #5: #3 0x55dd17e50552 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #4 0x55dd17e50552 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #5 0x55dd17e50552 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #6 0x55dd17e53a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #7 0x55dd17e53a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #8 0x55dd17df1a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #9 0x55dd17dfa8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #10 0x55dd17de15c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #11 0x55dd17e0d2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #12 0x7f1d8f502082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #13 0x55dd17dd4e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: correct_read_index--tu_fifo_peek_n_access_mode--tu_fifo_read_n_access_mode Step #5: ==1133==Register values: Step #5: rax = 0x0000000000000f41 rbx = 0x0000000000000018 rcx = 0x0000000000003625 rdx = 0x0000000000000018 Step #5: rdi = 0x000055dd17e211b0 rsi = 0x00007fffe54e1c58 rbp = 0x00007fffe54e1c20 rsp = 0x00007fffe54e1bf0 Step #5: r8 = 0x0000000000003625 r9 = 0x0000000000000f41 r10 = 0x0000000000000022 r11 = 0x0000000000000246 Step #5: r12 = 0x000055dd17dbe698 r13 = 0x000055dd17e211b0 r14 = 0x00007f1d8f20e010 r15 = 0x00007fffe54e1c58 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV /src/tinyusb/src/common/tusb_fifo.c:454:13 in correct_read_index Step #5: ==1133==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-4e85da5eadcd24d34ad4e53bb6e3f791a9a3b925 Step #5: MERGE-OUTER: attempt 95 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4264069916 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/4e85da5eadcd24d34ad4e53bb6e3f791a9a3b925' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 805 processed earlier; will process 31 files now Step #5: #1 pulse exec/s: 0 rss: 30Mb Step #5: #2 pulse exec/s: 0 rss: 30Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1137==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffed01b4608 (pc 0x7ffed01b4608 bp 0x7ffed01b45d0 sp 0x7ffed01b4578 T1137) Step #5: #0 0x7ffed01b4608 () Step #5: #1 0x55ee365cca18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55ee365cca18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55ee3656aa7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55ee365738e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55ee3655a5c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55ee365862d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f09d1400082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==1137==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-67fa9a91dffe994c163cccc0c13023c124e494c8 Step #5: MERGE-OUTER: attempt 96 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4264127488 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/67fa9a91dffe994c163cccc0c13023c124e494c8' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 809 processed earlier; will process 27 files now Step #5: #1 pulse exec/s: 0 rss: 29Mb Step #5: #2 pulse exec/s: 0 rss: 29Mb Step #5: #4 pulse exec/s: 0 rss: 30Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1141==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe03d314b8 (pc 0x7ffe03d314b8 bp 0x7ffe03d31480 sp 0x7ffe03d31428 T1141) Step #5: #0 0x7ffe03d314b8 () Step #5: #1 0x55f23eabba18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55f23eabba18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x55f23ea59a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55f23ea628e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55f23ea495c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55f23ea752d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f75dbe42082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==1141==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-daebe140d507a0fac8a50765d5250d7011f702b8 Step #5: MERGE-OUTER: attempt 97 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4264186821 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/daebe140d507a0fac8a50765d5250d7011f702b8' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 815 processed earlier; will process 21 files now Step #5: #1 pulse exec/s: 0 rss: 31Mb Step #5: #2 pulse exec/s: 0 rss: 31Mb Step #5: #4 pulse exec/s: 0 rss: 31Mb Step #5: #8 pulse exec/s: 0 rss: 31Mb Step #5: #16 pulse exec/s: 0 rss: 35Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1145==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffd82dd2ad8 (pc 0x7ffd82dd2ad8 bp 0x7ffd82dd2aa0 sp 0x7ffd82dd2a48 T1145) Step #5: #0 0x7ffd82dd2ad8 () Step #5: #1 0x555da71aba18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x555da71aba18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x555da7149a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x555da71528e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x555da71395c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x555da71652d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f49dcc12082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==1145==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-d2fb32ed59f2b6e10b7402bf3832ce06af391177 Step #5: MERGE-OUTER: attempt 98 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4264302271 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/4c8650a393b391b5d6be888f8430bcd5591e3758' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 834 processed earlier; will process 2 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1149==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x7f2b6acba010 (pc 0x7f2b6acba010 bp 0x0000000001f4 sp 0x7ffc183905f8 T1149) Step #5: ==1149==The signal is caused by a READ memory access. Step #5: ==1149==Hint: PC is at a non-executable region. Maybe a wild jump? Step #5: #0 0x7f2b6acba010 () Step #5: Step #5: ==1149==Register values: Step #5: rax = 0x00005634f8af9401 rbx = 0x0000000000000001 rcx = 0x0000000000000018 rdx = 0x0000000000000180 Step #5: rdi = 0x0000000000000001 rsi = 0x0000000000000018 rbp = 0x00000000000001f4 rsp = 0x00007ffc183905f8 Step #5: r8 = 0x0000000000000000 r9 = 0x0000000000000180 r10 = 0xfffffffffffff04a r11 = 0x00007f2b6d6f36d0 Step #5: r12 = 0x00007ffc183908ff r13 = 0x00005634f8af9493 r14 = 0x0000000000000001 r15 = 0x00005634fa86aa68 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV () Step #5: ==1149==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-06f6eadda3c5f731ede55550ccad320b66e05ab0 Step #5: MERGE-OUTER: attempt 99 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4264337568 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/a3c3668724a4a626387234511958031d1bc4300b' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 835 processed earlier; will process 1 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1152==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffd3e7d4ff8 (pc 0x56512f6c1744 bp 0x7ffd3efd3270 sp 0x7ffd3e7d5000 T1152) Step #5: #0 0x56512f6c1744 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x56512f6c4a18 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x56512f6c4a18 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/msc/src/fuzz.cc:60:5 Step #5: #3 0x56512f662a7d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x56512f66b8e8 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x56512f6525c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x56512f67e2d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f6678eda082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x56512f645e7d in _start (out/libfuzzer-coverage-x86_64/msc+0x31e7d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1152==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-e4bfc90e3d04214c071b3dbd4bd91c2553c68f4f Step #5: MERGE-OUTER: attempt 100 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4264412176 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge60.txt' Step #5: MERGE-INNER: '/corpus/msc/0a8ff80251bbc6d9ed0cbf5f1aa96db6be788272' caused a failure at the previous merge step Step #5: MERGE-INNER: 836 total files; 836 processed earlier; will process 0 files now Step #5: #0 DONE exec/s: 0 rss: 28Mb Step #5: MERGE-OUTER: successful in 100 attempt(s) Step #5: MERGE-OUTER: the control file has 68352 bytes Step #5: MERGE-OUTER: consumed 0Mb (28Mb rss) to parse the control file Step #5: MERGE-OUTER: 0 new files with 0 new features added; 0 new coverage edges Step #5: [2026-01-14 06:12:29,388 INFO] Finding shared libraries for targets (if any). Step #5: [2026-01-14 06:12:29,399 INFO] Finished finding shared libraries for targets. Step #5: Coverage error, creating log file: /workspace/out/libfuzzer-coverage-x86_64/fuzzer_stats/msc_error.log Step #5: Error occured while running net: Step #5: Cov returncode: 0, grep returncode: 0 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 3953154676 Step #5: MERGE-OUTER: 1056 files, 0 in the initial corpus, 0 processed earlier Step #5: MERGE-OUTER: attempt 1 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 3953173420 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: 1056 total files; 0 processed earlier; will process 1056 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: #16 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==65==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fff9c1adfc0 (pc 0x7fff9c1adfc0 bp 0x7fff9c1adf90 sp 0x7fff9c1adf38 T65) Step #5: #0 0x7fff9c1adfc0 () Step #5: #1 0x55f15ecfb0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55f15ecfb0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55f15ec9819d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55f15eca1008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55f15ec87ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55f15ecb39f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f43e1e09082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==65==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0xa7,0xa7,0xa7,0xa7, Step #5: \247\247\247\247 Step #5: artifact_prefix='./'; Test unit written to ./crash-cc34350e729ccb46c6807b4338e9ef89cf7b7837 Step #5: Base64: p6enpw== Step #5: MERGE-OUTER: attempt 2 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 3953223442 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/cc34350e729ccb46c6807b4338e9ef89cf7b7837' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 23 processed earlier; will process 1033 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: #16 pulse exec/s: 0 rss: 28Mb Step #5: #32 pulse exec/s: 0 rss: 28Mb Step #5: #64 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==78==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffc9dce9aa0 (pc 0x7ffc9dce9aa0 bp 0x7ffc9dce9a70 sp 0x7ffc9dce9a18 T78) Step #5: #0 0x7ffc9dce9aa0 () Step #5: #1 0x56534a12b0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x56534a12b0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x56534a0c819d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x56534a0d1008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x56534a0b7ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x56534a0e39f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f4744ebd082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==78==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x4f,0x3,0x0,0x27,0x4f,0x4f,0x0,0x1f,0x2b,0x27, Step #5: O\003\000'OO\000\037+' Step #5: artifact_prefix='./'; Test unit written to ./crash-771150470758ebd4b86fa0d783db2436547248e0 Step #5: Base64: TwMAJ09PAB8rJw== Step #5: MERGE-OUTER: attempt 3 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 3953275981 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/771150470758ebd4b86fa0d783db2436547248e0' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 132 processed earlier; will process 924 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: #16 pulse exec/s: 0 rss: 28Mb Step #5: #32 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==92==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffccd3e9d90 (pc 0x7ffccd3e9d90 bp 0x7ffccd3e9d60 sp 0x7ffccd3e9d08 T92) Step #5: #0 0x7ffccd3e9d90 () Step #5: #1 0x55dbc18e00b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55dbc18e00b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55dbc187d19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55dbc1886008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55dbc186cce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55dbc18989f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f73de7e1082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==92==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0xde,0x0,0x94,0xa1,0xff,0xff,0xff,0xfe,0xff,0xff,0xff,0xff,0xff,0x1f, Step #5: \200\011\336\000\224\241\377\377\377\376\377\377\377\377\377\037 Step #5: artifact_prefix='./'; Test unit written to ./crash-45e62c0978da62c4e1043035814ca784ded0bb12 Step #5: Base64: gAneAJSh/////v//////Hw== Step #5: MERGE-OUTER: attempt 4 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 3953326470 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/45e62c0978da62c4e1043035814ca784ded0bb12' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 196 processed earlier; will process 860 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==102==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffca7f2dd00 (pc 0x7ffca7f2dd00 bp 0x7ffca7f2dcd0 sp 0x7ffca7f2dc78 T102) Step #5: #0 0x7ffca7f2dd00 () Step #5: #1 0x555fb3b6c0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x555fb3b6c0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x555fb3b0919d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x555fb3b12008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x555fb3af8ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x555fb3b249f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7ff0c4d2f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==102==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0xff,0xff,0x7,0x88,0xff,0xff,0xe3,0x0,0x21,0xff,0xe3,0xa4,0x73,0x6f,0x77,0x23,0xe3, Step #5: \377\377\007\210\377\377\343\000!\377\343\244sow#\343 Step #5: artifact_prefix='./'; Test unit written to ./crash-aca5ddcc0ce23b7e8e823b9624748fe1f4941a83 Step #5: Base64: //8HiP//4wAh/+Okc293I+M= Step #5: MERGE-OUTER: attempt 5 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 3953375323 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/aca5ddcc0ce23b7e8e823b9624748fe1f4941a83' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 212 processed earlier; will process 844 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0x3,0x1,0x3,0x3,0x18,0x0,0x6,0x3,0xe7,0xff,0xfd,0xe0,0xff,0xff,0xff,0x80, Step #5: \000\006\003\001\003\003\030\000\006\003\347\377\375\340\377\377\377\200 Step #5: artifact_prefix='./'; Test unit written to ./timeout-512beb6e721a659da597f74351de23422adf67d9 Step #5: Base64: AAYDAQMDGAAGA+f//eD///+A Step #5: ==111== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x55c597c28034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x55c597be5178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x55c597bc8a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7fd20518c08f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x7fd2052d498b (/lib/x86_64-linux-gnu/libc.so.6+0x18b98b) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #5 0x55c597c2936e in ff_pull_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #6 0x55c597c2936e in tu_fifo_peek_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:490:5 Step #5: #7 0x55c597c2939d in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:509:15 Step #5: #8 0x55c597c29a49 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #9 0x55c597c29a49 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #10 0x55c597c29a49 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #11 0x55c597c2d0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #12 0x55c597c2d0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #13 0x55c597bca19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #14 0x55c597bd3008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #15 0x55c597bb9ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #16 0x55c597be59f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #17 0x7fd20516d082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #18 0x55c597bad59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 6 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4055424278 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/512beb6e721a659da597f74351de23422adf67d9' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 220 processed earlier; will process 836 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0x3,0x1,0x3,0x3,0x18,0x1,0x6,0x3,0xe7,0xff,0xfd,0xe0,0xff,0xff,0xff,0x80, Step #5: \000\006\003\001\003\003\030\001\006\003\347\377\375\340\377\377\377\200 Step #5: artifact_prefix='./'; Test unit written to ./timeout-ddc6e7c360eab8eac450b9afbd0dc5e65ab33597 Step #5: Base64: AAYDAQMDGAEGA+f//eD///+A Step #5: ==708== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x562972b47034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x562972b04178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x562972ae7a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7fae36e9b08f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x562972b4c76a in dcd_int_disable /src/tinyusb/test/fuzz/dcd_fuzz.cc Step #5: #5 0x562972b48a2a in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:186:3 Step #5: #6 0x562972b48a2a in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #7 0x562972b4c0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #8 0x562972b4c0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #9 0x562972ae919d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #10 0x562972af2008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #11 0x562972ad8ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #12 0x562972b049f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #13 0x7fae36e7c082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #14 0x562972acc59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 7 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4157472347 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/ddc6e7c360eab8eac450b9afbd0dc5e65ab33597' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 223 processed earlier; will process 833 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==751==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x56386bea7be4 (pc 0x7feb43e1f98c bp 0x7ffc337dcdd0 sp 0x7ffc337dcd98 T751) Step #5: ==751==The signal is caused by a WRITE memory access. Step #5: #0 0x7feb43e1f98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x56386bf3d5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x56386bf3d5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x56386bf3e820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x56386bf3e820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x56386bf3e820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x56386bf3e820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x56386bf416d0 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x56386bf416d0 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x56386bf410a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x56386bede19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x56386bee7008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x56386becdce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x56386bef99f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7feb43cb8082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x56386bec159d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==751==Register values: Step #5: rax = 0x000056386bea7be4 rbx = 0x000056386bf4e2b0 rcx = 0x000000006bea1293 rdx = 0x0000000000000018 Step #5: rdi = 0x000056386bea7be4 rsi = 0x00007ffc337dce40 rbp = 0x00007ffc337dcdd0 rsp = 0x00007ffc337dcd98 Step #5: r8 = 0x00000000000068cb r9 = 0x0000000000000000 r10 = 0x0000000000000000 r11 = 0x00007ffc337f2080 Step #5: r12 = 0x0000000000000039 r13 = 0x0000000000005638 r14 = 0x0000000000000018 r15 = 0x000056386bf4e2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==751==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x1,0xfd,0x1f,0x0,0xc4,0x3e,0x33,0x32,0x37,0x36,0x39,0xa4,0x32,0x38,0x33,0x38,0x38,0x39,0xd, Step #5: \000\001\375\037\000\304>32769\244283889\015 Step #5: artifact_prefix='./'; Test unit written to ./crash-6da9b3efcc31f9633e1061daa97566d47d1b8395 Step #5: Base64: AAH9HwDEPjMyNzY5pDI4Mzg4OQ0= Step #5: MERGE-OUTER: attempt 8 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4157520387 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/6da9b3efcc31f9633e1061daa97566d47d1b8395' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 236 processed earlier; will process 820 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==755==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x565227c3cbfe (pc 0x7f3c7951b98c bp 0x7ffdf930f100 sp 0x7ffdf930f0c8 T755) Step #5: ==755==The signal is caused by a WRITE memory access. Step #5: #0 0x7f3c7951b98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x565227cd25cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x565227cd25cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x565227cd3820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x565227cd3820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x565227cd3820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x565227cd3820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x565227cd66d0 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x565227cd66d0 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x565227cd60a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x565227c7319d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x565227c7c008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x565227c62ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x565227c8e9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f3c793b4082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x565227c5659d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==755==Register values: Step #5: rax = 0x0000565227c3cbfe rbx = 0x0000565227ce32b0 rcx = 0x0000000027c36279 rdx = 0x0000000000000018 Step #5: rdi = 0x0000565227c3cbfe rsi = 0x00007ffdf930f170 rbp = 0x00007ffdf930f100 rsp = 0x00007ffdf930f0c8 Step #5: r8 = 0x000000000000b8cb r9 = 0x0000000000000000 r10 = 0x0000000000000000 r11 = 0x00007ffdf93ec080 Step #5: r12 = 0x00000000000000d3 r13 = 0x0000000000005652 r14 = 0x0000000000000018 r15 = 0x0000565227ce32b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==755==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x1,0x1,0x0,0x0,0x20,0x1,0x3,0x0,0x1,0x1,0x1,0x42,0xa,0xff,0xd3,0x44,0x76,0x46,0xd3,0x7f, Step #5: \000\001\001\000\000 \001\003\000\001\001\001B\012\377\323DvF\323\177 Step #5: artifact_prefix='./'; Test unit written to ./crash-392086a464b20e846ab64de8f6c558322b1d605f Step #5: Base64: AAEBAAAgAQMAAQEBQgr/00R2RtN/ Step #5: MERGE-OUTER: attempt 9 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4157569274 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/392086a464b20e846ab64de8f6c558322b1d605f' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 250 processed earlier; will process 806 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==759==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5640aae0ebec (pc 0x7fba059fd98c bp 0x7ffe419e6e00 sp 0x7ffe419e6dc8 T759) Step #5: ==759==The signal is caused by a WRITE memory access. Step #5: #0 0x7fba059fd98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x5640aaea45cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x5640aaea45cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x5640aaea5820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x5640aaea5820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x5640aaea5820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x5640aaea5820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x5640aaea853d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x5640aaea853d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x5640aaea80a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x5640aae4519d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x5640aae4e008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x5640aae34ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5640aae609f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fba05896082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x5640aae2859d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==759==Register values: Step #5: rax = 0x00005640aae0ebec rbx = 0x00005640aaeb52b0 rcx = 0x00000000aae0828b rdx = 0x0000000000000018 Step #5: rdi = 0x00005640aae0ebec rsi = 0x00007ffe419e6e70 rbp = 0x00007ffe419e6e00 rsp = 0x00007ffe419e6dc8 Step #5: r8 = 0x000000000000d8cb r9 = 0x000000000000d8cb r10 = 0x0000000000000000 r11 = 0x00007ffe419ed080 Step #5: r12 = 0x00005640ace3f5b0 r13 = 0x0000000000005640 r14 = 0x0000000000000018 r15 = 0x00005640aaeb52b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==759==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x5d,0x61,0x26,0xfe,0x16,0x5f,0x5c,0x5f,0x5c,0xc7,0x0,0x5f,0x7c,0x5b,0xff,0x3f,0x45,0xfe,0xb1,0x27,0x4,0x53, Step #5: ]a&\376\026_\\_\\\307\000_|[\377?E\376\261'\004S Step #5: artifact_prefix='./'; Test unit written to ./crash-dfdb72e1db7fc55fe2af9b50d344d324514c47dc Step #5: Base64: XWEm/hZfXF9cxwBffFv/P0X+sScEUw== Step #5: MERGE-OUTER: attempt 10 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4157617023 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/dfdb72e1db7fc55fe2af9b50d344d324514c47dc' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 252 processed earlier; will process 804 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==763==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55f7069e8ba3 (pc 0x7f3287b8798c bp 0x7ffe32cb9640 sp 0x7ffe32cb9608 T763) Step #5: ==763==The signal is caused by a WRITE memory access. Step #5: #0 0x7f3287b8798c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55f706a7e5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55f706a7e5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55f706a7f820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55f706a7f820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55f706a7f820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55f706a7f820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55f706a8253d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55f706a8253d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55f706a820a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55f706a1f19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55f706a28008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55f706a0ece9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55f706a3a9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f3287a20082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55f706a0259d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==763==Register values: Step #5: rax = 0x000055f7069e8ba3 rbx = 0x000055f706a8f2b0 rcx = 0x00000000069e22d4 rdx = 0x0000000000000018 Step #5: rdi = 0x000055f7069e8ba3 rsi = 0x00007ffe32cb96b0 rbp = 0x00007ffe32cb9640 rsp = 0x00007ffe32cb9608 Step #5: r8 = 0x00000000000078cb r9 = 0x00000000000078cb r10 = 0x0000000000000000 r11 = 0x00007ffe32cc3080 Step #5: r12 = 0x0000000000000000 r13 = 0x00000000000055f7 r14 = 0x0000000000000018 r15 = 0x000055f706a8f2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==763==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x7,0xf9,0x2,0x0,0x6,0xf9,0x2,0xff,0x6,0xf9, Step #5: \000\006\371\002\000\006\371\002\000\006\371\002\000\007\371\002\000\006\371\002\377\006\371 Step #5: artifact_prefix='./'; Test unit written to ./crash-60a3c719871e1383d318727003723b7dd5988d4f Step #5: Base64: AAb5AgAG+QIABvkCAAf5AgAG+QL/Bvk= Step #5: MERGE-OUTER: attempt 11 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4157665652 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/60a3c719871e1383d318727003723b7dd5988d4f' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 256 processed earlier; will process 800 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==767==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5598323c1279 (pc 0x7f78eb9b798c bp 0x7ffc143780d0 sp 0x7ffc14378098 T767) Step #5: ==767==The signal is caused by a WRITE memory access. Step #5: #0 0x7f78eb9b798c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55983245a5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55983245a5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55983245b820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55983245b820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55983245b820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55983245b820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55983245e53d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55983245e53d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55983245e0a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x5598323fb19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x559832404008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x5598323eace9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5598324169f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f78eb850082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x5598323de59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==767==Register values: Step #5: rax = 0x00005598323c1279 rbx = 0x000055983246b2b0 rcx = 0x00000000323c1bfe rdx = 0x0000000000000018 Step #5: rdi = 0x00005598323c1279 rsi = 0x00007ffc14378140 rbp = 0x00007ffc143780d0 rsp = 0x00007ffc14378098 Step #5: r8 = 0x00000000000038cb r9 = 0x00005598329c62d0 r10 = 0x00005598329c62d0 r11 = 0x00007ffc14397080 Step #5: r12 = 0x0000559833487f10 r13 = 0x0000000000005598 r14 = 0x0000000000000018 r15 = 0x000055983246b2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==767==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0x3a,0x1,0xd3,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xb3,0xff,0x1e,0xff,0xe2,0x81,0xa5,0x1e,0xf0,0x90,0x80,0x80,0x93, Step #5: \000\006:\001\323\036\223F\323\036\223\346\263\377\036\377\342\201\245\036\360\220\200\200\223 Step #5: artifact_prefix='./'; Test unit written to ./crash-91fdd3eff221c4710b4912fe0df6af94acb069b2 Step #5: Base64: AAY6AdMek0bTHpPms/8e/+KBpR7wkICAkw== Step #5: MERGE-OUTER: attempt 12 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4157713951 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/91fdd3eff221c4710b4912fe0df6af94acb069b2' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 270 processed earlier; will process 786 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==771==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffee91fb670 (pc 0x7ffee91fb670 bp 0x7ffee91fb640 sp 0x7ffee91fb5e8 T771) Step #5: #0 0x7ffee91fb670 () Step #5: #1 0x560ac47b20b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x560ac47b20b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x560ac474f19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x560ac4758008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x560ac473ece9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x560ac476a9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f690a3e2082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==771==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0x0,0x3,0x7e,0xb3,0x0,0x31,0x30,0x0,0x6,0x0,0x3,0x7a,0xdf,0xd7,0xdf,0x10,0x0,0x7a,0xb3,0x0,0x0,0xa,0x3,0x7d, Step #5: \000\006\000\003~\263\00010\000\006\000\003z\337\327\337\020\000z\263\000\000\012\003} Step #5: artifact_prefix='./'; Test unit written to ./crash-940b8fcf85e2e9efe7005f178efa68941be192c1 Step #5: Base64: AAYAA36zADEwAAYAA3rf198QAHqzAAAKA30= Step #5: MERGE-OUTER: attempt 13 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4157760995 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/940b8fcf85e2e9efe7005f178efa68941be192c1' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 275 processed earlier; will process 781 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==775==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55a3f06e35b0 (pc 0x55a3f06e35b0 bp 0x7fff20ed79c0 sp 0x7fff20ed7978 T775) Step #5: ==775==The signal is caused by a READ memory access. Step #5: ==775==Hint: PC is at a non-executable region. Maybe a wild jump? Step #5: #0 0x55a3f06e35b0 () Step #5: Step #5: ==775==Register values: Step #5: rax = 0x000055a3ef2e6901 rbx = 0x0000000000000001 rcx = 0x0000000000000018 rdx = 0x0000000000000180 Step #5: rdi = 0x0000000000000001 rsi = 0x0000000000000018 rbp = 0x00007fff20ed79c0 rsp = 0x00007fff20ed7978 Step #5: r8 = 0x0000000000000000 r9 = 0x0000000000000180 r10 = 0xfffffffffffff04a r11 = 0x00007f4d2a2e26d0 Step #5: r12 = 0x00007fff20ed08ff r13 = 0x000055a3ef2e697c r14 = 0x0000000000000001 r15 = 0x000055a3f06baef8 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV () Step #5: ==775==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x82,0x0,0x20,0x6,0x2,0xff,0xfb,0xff,0x0,0x5,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xfe,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf9, Step #5: \202\000 \006\002\377\373\377\000\005\377\377\377\377\377\377\377\376\376\377\377\377\377\377\377\377\371 Step #5: artifact_prefix='./'; Test unit written to ./crash-2d0fbf490801ccb3986a146d5985287d7ceb3666 Step #5: Base64: ggAgBgL/+/8ABf/////////+/v/////////5 Step #5: MERGE-OUTER: attempt 14 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4157776790 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/2d0fbf490801ccb3986a146d5985287d7ceb3666' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 276 processed earlier; will process 780 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==778==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x561d6df36bc9 (pc 0x7f6d42be398c bp 0x7ffed9a671a0 sp 0x7ffed9a67168 T778) Step #5: ==778==The signal is caused by a WRITE memory access. Step #5: #0 0x7f6d42be398c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x561d6dfcc5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x561d6dfcc5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x561d6dfcd820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x561d6dfcd820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x561d6dfcd820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x561d6dfcd820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x561d6dfd06d0 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x561d6dfd06d0 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x561d6dfd00a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x561d6df6d19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x561d6df76008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x561d6df5cce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x561d6df889f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f6d42a7c082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x561d6df5059d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==778==Register values: Step #5: rax = 0x0000561d6df36bc9 rbx = 0x0000561d6dfdd2b0 rcx = 0x000000006df302ae rdx = 0x0000000000000018 Step #5: rdi = 0x0000561d6df36bc9 rsi = 0x00007ffed9a67210 rbp = 0x00007ffed9a671a0 rsp = 0x00007ffed9a67168 Step #5: r8 = 0x00000000000058cb r9 = 0x0000000000000000 r10 = 0x0000000000000000 r11 = 0x00007ffed9b36080 Step #5: r12 = 0x000000000000002d r13 = 0x000000000000561d r14 = 0x0000000000000018 r15 = 0x0000561d6dfdd2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==778==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x9,0x40,0x28,0x0,0xb,0x2b,0x9,0x0,0x21,0x10,0x54,0xff,0xff,0xff,0x8,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0xb8,0xe3,0xca,0x2d,0x1a, Step #5: \000\011@(\000\013+\011\000!\020T\377\377\377\010\000\000\000\000\000\000\000\270\343\312-\032 Step #5: artifact_prefix='./'; Test unit written to ./crash-c42b4c0ebbc20f30de80b6853daa0d88852cdc3f Step #5: Base64: AAlAKAALKwkAIRBU////CAAAAAAAAAC448otGg== Step #5: MERGE-OUTER: attempt 15 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4157825415 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/c42b4c0ebbc20f30de80b6853daa0d88852cdc3f' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 280 processed earlier; will process 776 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==782==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fff9e6182e0 (pc 0x7fff9e6182e0 bp 0x7fff9e6182b0 sp 0x7fff9e618258 T782) Step #5: #0 0x7fff9e6182e0 () Step #5: #1 0x56355dfc80b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x56355dfc80b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x56355df6519d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x56355df6e008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x56355df54ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x56355df809f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f2579b37082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==782==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x2,0xb,0x0,0x0,0x0,0xa9,0x94,0x80,0xb,0x8,0x80,0xc0,0x8a,0x1,0x20,0x4,0x1,0xb7,0xea,0x1,0x1,0x20,0xff,0x4f,0x0,0x2,0x2e,0x55, Step #5: \200\002\013\000\000\000\251\224\200\013\010\200\300\212\001 \004\001\267\352\001\001 \377O\000\002.U Step #5: artifact_prefix='./'; Test unit written to ./crash-685eb467f971b5eaca58bad8644b9f82185d9d44 Step #5: Base64: gAILAAAAqZSACwiAwIoBIAQBt+oBASD/TwACLlU= Step #5: MERGE-OUTER: attempt 16 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4157871922 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/685eb467f971b5eaca58bad8644b9f82185d9d44' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 283 processed earlier; will process 773 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==787==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffd61404170 (pc 0x7ffd61404170 bp 0x7ffd61404140 sp 0x7ffd614040e8 T787) Step #5: #0 0x7ffd61404170 () Step #5: #1 0x55dd5ab190b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55dd5ab190b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55dd5aab619d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55dd5aabf008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55dd5aaa5ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55dd5aad19f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fc28a118082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==787==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0xff,0xca,0xb4,0xff,0x7,0x88,0xff,0xff,0xe3,0x0,0x1c,0xff,0xe3,0xa4,0x73,0x6f,0x77,0x23,0xe3,0x0,0x21,0xff,0xe3,0xa4,0x73,0x6f,0x77,0x23,0xe3, Step #5: \377\312\264\377\007\210\377\377\343\000\034\377\343\244sow#\343\000!\377\343\244sow#\343 Step #5: artifact_prefix='./'; Test unit written to ./crash-0583e244815a2108fc8d2a683b341833016cc5af Step #5: Base64: /8q0/weI///jABz/46Rzb3cj4wAh/+Okc293I+M= Step #5: MERGE-OUTER: attempt 17 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4157919023 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/0583e244815a2108fc8d2a683b341833016cc5af' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 285 processed earlier; will process 771 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: #16 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==795==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffdab4c9350 (pc 0x7ffdab4c9350 bp 0x7ffdab4c9320 sp 0x7ffdab4c92c8 T795) Step #5: #0 0x7ffdab4c9350 () Step #5: #1 0x561ae44830b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x561ae44830b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x561ae442019d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x561ae4429008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x561ae440fce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x561ae443b9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f7c4b593082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==795==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x0,0xd8,0xd8,0xd8,0xd8,0x9,0x15,0x31,0x38,0x34,0x34,0x36,0x37,0x34,0x34,0x30,0x37,0x33,0x37,0x31,0x39,0x36,0x31,0x35,0x35,0x35,0x38,0xc0,0xc0,0x95,0x15, Step #5: \000\000\330\330\330\330\011\02518446744073719615558\300\300\225\025 Step #5: artifact_prefix='./'; Test unit written to ./crash-2f15ebc85e06e8c510b301a4be1ff7a7ae13b755 Step #5: Base64: AADY2NjYCRUxODQ0Njc0NDA3MzcxOTYxNTU1OMDAlRU= Step #5: MERGE-OUTER: attempt 18 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4157966258 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/2f15ebc85e06e8c510b301a4be1ff7a7ae13b755' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 308 processed earlier; will process 748 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==803==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fff34247ff8 (pc 0x5561dc49fb64 bp 0x7fff34a45bf0 sp 0x7fff34248000 T803) Step #5: #0 0x5561dc49fb64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x5561dc4a30b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x5561dc4a30b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x5561dc44019d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x5561dc449008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x5561dc42fce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x5561dc45b9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f5e17dbe082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x5561dc42359d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==803==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x9,0x40,0x28,0x0,0xb,0x2c,0x9,0x0,0x9,0x10,0x54,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf,0x8,0x2a,0xff,0xcb,0x91,0xfd,0x5d,0x7a,0xe3,0xca,0x2e,0x1a, Step #5: \000\011@(\000\013,\011\000\011\020T\377\377\377\377\377\377\377\017\010*\377\313\221\375]z\343\312.\032 Step #5: artifact_prefix='./'; Test unit written to ./crash-565b7957b7a52f8fe11821845b197862ec8ccdf9 Step #5: Base64: AAlAKAALLAkACRBU/////////w8IKv/Lkf1deuPKLho= Step #5: MERGE-OUTER: attempt 19 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4158023435 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/565b7957b7a52f8fe11821845b197862ec8ccdf9' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 309 processed earlier; will process 747 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==811==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x555c40727b08 (pc 0x7f196632a98c bp 0x7ffd82341470 sp 0x7ffd82341438 T811) Step #5: ==811==The signal is caused by a WRITE memory access. Step #5: #0 0x7f196632a98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x555c407bd5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x555c407bd5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x555c407be820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x555c407be820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x555c407be820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x555c407be820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x555c407c153d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x555c407c153d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x555c407c10a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x555c4075e19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x555c40767008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x555c4074dce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x555c407799f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f19661c3082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x555c4074159d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==811==Register values: Step #5: rax = 0x0000555c40727b08 rbx = 0x0000555c407ce2b0 rcx = 0x000000004072136f rdx = 0x0000000000000018 Step #5: rdi = 0x0000555c40727b08 rsi = 0x00007ffd823414e0 rbp = 0x00007ffd82341470 rsp = 0x00007ffd82341438 Step #5: r8 = 0x00000000000068cb r9 = 0x00000000000068cb r10 = 0x0000555c40711218 r11 = 0x00007f196638bbe0 Step #5: r12 = 0x0000000000000000 r13 = 0x000000000000555c r14 = 0x0000000000000018 r15 = 0x0000555c407ce2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==811==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0x0,0x3,0x81,0xff,0xfe,0xff,0xfe,0xff,0xfe,0xff,0xfe,0xff,0xfe,0xff,0xfe,0xff,0xfe,0xff,0xfe,0xff,0xfe,0xff,0xfe,0xff,0xfe,0xff,0xfe,0xff,0xfe,0xff, Step #5: \000\006\000\003\201\377\376\377\376\377\376\377\376\377\376\377\376\377\376\377\376\377\376\377\376\377\376\377\376\377\376\377 Step #5: artifact_prefix='./'; Test unit written to ./crash-1fc5a72df026f2feb20e395909b765cdd8934f35 Step #5: Base64: AAYAA4H//v/+//7//v/+//7//v/+//7//v/+//7//v8= Step #5: MERGE-OUTER: attempt 20 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4158071738 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/1fc5a72df026f2feb20e395909b765cdd8934f35' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 312 processed earlier; will process 744 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==818==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55d525a9eb81 (pc 0x7fb5f559f98c bp 0x7ffefb0f2470 sp 0x7ffefb0f2438 T818) Step #5: ==818==The signal is caused by a WRITE memory access. Step #5: #0 0x7fb5f559f98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55d525b345cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55d525b345cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55d525b35820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55d525b35820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55d525b35820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55d525b35820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55d525b3853d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55d525b3853d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55d525b380a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55d525ad519d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55d525ade008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55d525ac4ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55d525af09f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fb5f5438082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55d525ab859d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==818==Register values: Step #5: rax = 0x000055d525a9eb81 rbx = 0x000055d525b452b0 rcx = 0x0000000025a982f6 rdx = 0x0000000000000018 Step #5: rdi = 0x000055d525a9eb81 rsi = 0x00007ffefb0f24e0 rbp = 0x00007ffefb0f2470 rsp = 0x00007ffefb0f2438 Step #5: r8 = 0x000000000000d8cb r9 = 0x000000000000d8cb r10 = 0x0000000000000000 r11 = 0x00007ffefb1c2080 Step #5: r12 = 0x0000000000000000 r13 = 0x00000000000055d5 r14 = 0x0000000000000018 r15 = 0x000055d525b452b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==818==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0xf9,0x2,0x0,0x0,0x0,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x7,0xf9,0x2,0x0,0x6,0xf9,0x2,0xff,0x6,0xf9, Step #5: \000\006\371\002\000\000\000\371\002\000\006\371\002\000\006\371\002\000\006\371\002\000\007\371\002\000\006\371\002\377\006\371 Step #5: artifact_prefix='./'; Test unit written to ./crash-984950741995cf526f697b98c72d66ed28228a89 Step #5: Base64: AAb5AgAAAPkCAAb5AgAG+QIABvkCAAf5AgAG+QL/Bvk= Step #5: MERGE-OUTER: attempt 21 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4158119613 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/984950741995cf526f697b98c72d66ed28228a89' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 318 processed earlier; will process 738 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0x0,0x3,0x0,0x6,0x0,0x3,0x10,0xdc,0xff,0x3,0x0,0x0,0x3,0x10,0xfd,0x6,0x1f,0x6,0x0,0x3,0x6,0x0,0x3,0x10,0x0,0x3,0x10,0x0,0x2,0x6,0x80,0x5d, Step #5: \000\006\000\003\000\006\000\003\020\334\377\003\000\000\003\020\375\006\037\006\000\003\006\000\003\020\000\003\020\000\002\006\200] Step #5: artifact_prefix='./'; Test unit written to ./timeout-1367852affc0083ed7fb06477b7b8eea13f4aeed Step #5: Base64: AAYAAwAGAAMQ3P8DAAADEP0GHwYAAwYAAxAAAxAAAgaAXQ== Step #5: ==822== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x55a129047034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x55a129004178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x55a128fe7a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7f8df315608f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x55a1290483b8 in advance_index /src/tinyusb/src/common/tusb_fifo.c Step #5: #5 0x55a1290483b8 in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:510:15 Step #5: #6 0x55a129048a49 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #7 0x55a129048a49 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #8 0x55a129048a49 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #9 0x55a12904c0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #10 0x55a12904c0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #11 0x55a128fe919d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #12 0x55a128ff2008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #13 0x55a128fd8ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #14 0x55a1290049f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #15 0x7f8df3137082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #16 0x55a128fcc59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 22 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4260167839 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/1367852affc0083ed7fb06477b7b8eea13f4aeed' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 323 processed earlier; will process 733 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==835==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe3fe0eff8 (pc 0x558c4ef8db64 bp 0x7ffe4060c270 sp 0x7ffe3fe0f000 T835) Step #5: #0 0x558c4ef8db64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x558c4ef910b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x558c4ef910b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x558c4ef2e19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x558c4ef37008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x558c4ef1dce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x558c4ef499f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f924bc06082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x558c4ef1159d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==835==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x9,0x40,0x28,0x0,0xb,0x2c,0x9,0x0,0x9,0x10,0x54,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x24,0x8,0x2a,0xff,0xfd,0x5d,0x7a,0xe3,0xca,0x2e,0x1a, Step #5: \000\011@(\000\013,\011\000\011\020T\377\377\377\377\377\377\377\377\377\377\377\377\377$\010*\377\375]z\343\312.\032 Step #5: artifact_prefix='./'; Test unit written to ./crash-1a25cc70b13189a95179445e3692498a0cb365cb Step #5: Base64: AAlAKAALLAkACRBU/////////////////yQIKv/9XXrjyi4a Step #5: MERGE-OUTER: attempt 23 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4260226012 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/1a25cc70b13189a95179445e3692498a0cb365cb' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 328 processed earlier; will process 728 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==843==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x564405d1cbf0 (pc 0x7f751be2a98c bp 0x7fff4d8b6d50 sp 0x7fff4d8b6d18 T843) Step #5: ==843==The signal is caused by a WRITE memory access. Step #5: #0 0x7f751be2a98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x564405db25cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x564405db25cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x564405db3820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x564405db3820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x564405db3820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x564405db3820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x564405db653d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x564405db653d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x564405db60a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x564405d5319d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x564405d5c008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x564405d42ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x564405d6e9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f751bcc3082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x564405d3659d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==843==Register values: Step #5: rax = 0x0000564405d1cbf0 rbx = 0x0000564405dc32b0 rcx = 0x0000000005d16287 rdx = 0x0000000000000018 Step #5: rdi = 0x0000564405d1cbf0 rsi = 0x00007fff4d8b6dc0 rbp = 0x00007fff4d8b6d50 rsp = 0x00007fff4d8b6d18 Step #5: r8 = 0x000000000000b8cb r9 = 0x000000000000b8cb r10 = 0x0000000000000000 r11 = 0x00007fff4d9eb080 Step #5: r12 = 0x0000000000000000 r13 = 0x0000000000005644 r14 = 0x0000000000000018 r15 = 0x0000564405dc32b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==843==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0x2a,0x2,0xff,0xff,0xff,0x75,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0x2a,0x6,0xf9,0x2,0x0,0x6,0x2a,0x2,0xd3,0x66,0x66,0xd3,0x66,0x66,0x66,0x66, Step #5: \000\006*\002\377\377\377u\006\371\002\000\006\371\002\000\006\371\002\000\006*\006\371\002\000\006*\002\323ff\323ffff Step #5: artifact_prefix='./'; Test unit written to ./crash-197befd9cce71e81414c1cbae94a1db8c8c61977 Step #5: Base64: AAYqAv///3UG+QIABvkCAAb5AgAGKgb5AgAGKgLTZmbTZmZmZg== Step #5: MERGE-OUTER: attempt 24 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4260274559 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/197befd9cce71e81414c1cbae94a1db8c8c61977' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 333 processed earlier; will process 723 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==851==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x563d7136131e (pc 0x7fcb0f73698c bp 0x7fff7b22da10 sp 0x7fff7b22d9d8 T851) Step #5: ==851==The signal is caused by a WRITE memory access. Step #5: #0 0x7fcb0f73698c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x563d713fa5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x563d713fa5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x563d713fb820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x563d713fb820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x563d713fb820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x563d713fb820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x563d713fe6d0 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x563d713fe6d0 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x563d713fe0a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x563d7139b19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x563d713a4008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x563d7138ace9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x563d713b69f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fcb0f5cf082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x563d7137e59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==851==Register values: Step #5: rax = 0x0000563d7136131e rbx = 0x0000563d7140b2b0 rcx = 0x0000000071361b59 rdx = 0x0000000000000018 Step #5: rdi = 0x0000563d7136131e rsi = 0x00007fff7b22da80 rbp = 0x00007fff7b22da10 rsp = 0x00007fff7b22d9d8 Step #5: r8 = 0x00000000000038cb r9 = 0x0000000000000000 r10 = 0x0000000000000000 r11 = 0x00007fff7b3f8080 Step #5: r12 = 0x0000000000000084 r13 = 0x000000000000563d r14 = 0x0000000000000018 r15 = 0x0000563d7140b2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==851==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x22,0x73,0x2,0x2,0x2,0x6,0x87,0x9,0x84,0x42,0x7d,0x65,0x2,0x2,0x2c,0x24,0x22,0x5f,0x2,0x0,0x0,0x80,0x0,0x2c,0x22,0x65,0x6,0x45,0x9,0x10,0xff,0xb5,0x40,0x88,0xca,0xb1,0x5b,0x84,0xe9, Step #5: \"s\002\002\002\006\207\011\204B}e\002\002,$\"_\002\000\000\200\000,\"e\006E\011\020\377\265@\210\312\261[\204\351 Step #5: artifact_prefix='./'; Test unit written to ./crash-086d717a38898aca332e67b965c023b1153f4a60 Step #5: Base64: InMCAgIGhwmEQn1lAgIsJCJfAgAAgAAsImUGRQkQ/7VAiMqxW4Tp Step #5: MERGE-OUTER: attempt 25 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 4260323056 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/086d717a38898aca332e67b965c023b1153f4a60' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 335 processed earlier; will process 721 files now Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0x2,0x3,0x2,0x3,0x3,0x0,0x6,0x2,0x3,0x2,0x3,0x3,0x18,0x0,0x6,0x3,0x3,0x62,0x3,0x4,0x18,0x0,0x6,0x4,0x3,0xb8,0xf0,0x3,0x18,0x0,0x6,0x3,0x0,0x1b,0x3,0x4,0x18, Step #5: \000\006\002\003\002\003\003\000\006\002\003\002\003\003\030\000\006\003\003b\003\004\030\000\006\004\003\270\360\003\030\000\006\003\000\033\003\004\030 Step #5: artifact_prefix='./'; Test unit written to ./timeout-e720def31c758380b84546d27b7525488f3ed561 Step #5: Base64: AAYCAwIDAwAGAgMCAwMYAAYDA2IDBBgABgQDuPADGAAGAwAbAwQY Step #5: ==859== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x557a66e06034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x557a66dc3178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x557a66da6a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7f2baa06c08f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x557a66e073de in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:513:3 Step #5: #5 0x557a66e07a49 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #6 0x557a66e07a49 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #7 0x557a66e07a49 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #8 0x557a66e0b0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #9 0x557a66e0b0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #10 0x557a66da819d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x557a66db1008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x557a66d97ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x557a66dc39f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f2baa04d082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x557a66d8b59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 26 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 67404390 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/e720def31c758380b84546d27b7525488f3ed561' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 336 processed earlier; will process 720 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1212==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x564b5082ebf7 (pc 0x7fd14ae1098c bp 0x7ffd512c1060 sp 0x7ffd512c1028 T1212) Step #5: ==1212==The signal is caused by a WRITE memory access. Step #5: #0 0x7fd14ae1098c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x564b508c45cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x564b508c45cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x564b508c5820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x564b508c5820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x564b508c5820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x564b508c5820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x564b508c86d0 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x564b508c86d0 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x564b508c80a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x564b5086519d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x564b5086e008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x564b50854ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x564b508809f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fd14aca9082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x564b5084859d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1212==Register values: Step #5: rax = 0x0000564b5082ebf7 rbx = 0x0000564b508d52b0 rcx = 0x0000000050828280 rdx = 0x0000000000000018 Step #5: rdi = 0x0000564b5082ebf7 rsi = 0x00007ffd512c10d0 rbp = 0x00007ffd512c1060 rsp = 0x00007ffd512c1028 Step #5: r8 = 0x000000000000d8cb r9 = 0x0000000000000000 r10 = 0x0000000000000000 r11 = 0x00007ffd512d8080 Step #5: r12 = 0x0000000000000042 r13 = 0x000000000000564b r14 = 0x0000000000000018 r15 = 0x0000564b508d52b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1212==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x2,0x3,0x23,0x4,0x2,0x28,0xfa,0xd7,0x2,0x3,0x23,0x4,0x2,0x28,0xfa,0xd7,0x2,0x3,0x26,0x3,0x2,0x8d,0xf7,0x2,0x2,0x6d,0xe2,0x80,0x81,0x80,0xfa,0x3,0xfa,0xa0,0x42,0xff,0x2,0x42,0x99, Step #5: \002\003#\004\002(\372\327\002\003#\004\002(\372\327\002\003&\003\002\215\367\002\002m\342\200\201\200\372\003\372\240B\377\002B\231 Step #5: artifact_prefix='./'; Test unit written to ./crash-827833f9027904cb8a26ae3462635c75cd24feb1 Step #5: Base64: AgMjBAIo+tcCAyMEAij61wIDJgMCjfcCAm3igIGA+gP6oEL/AkKZ Step #5: MERGE-OUTER: attempt 27 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 67454027 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/827833f9027904cb8a26ae3462635c75cd24feb1' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 340 processed earlier; will process 716 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1216==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5613ff8945b0 (pc 0x5613ff8945b0 bp 0x7ffc9fc5f130 sp 0x7ffc9fc5f0e8 T1216) Step #5: ==1216==The signal is caused by a READ memory access. Step #5: ==1216==Hint: PC is at a non-executable region. Maybe a wild jump? Step #5: #0 0x5613ff8945b0 () Step #5: Step #5: ==1216==Register values: Step #5: rax = 0x00005613fda54901 rbx = 0x0000000000000001 rcx = 0x0000000000000018 rdx = 0x0000000000000180 Step #5: rdi = 0x0000000000000001 rsi = 0x0000000000000018 rbp = 0x00007ffc9fc5f130 rsp = 0x00007ffc9fc5f0e8 Step #5: r8 = 0x0000000000000000 r9 = 0x0000000000000180 r10 = 0x00005613fdfc0490 r11 = 0x00007f4d1e2d1be0 Step #5: r12 = 0x00007ffc9fc508f5 r13 = 0x00005613fda5497c r14 = 0x0000000000000001 r15 = 0x00005613ff86be90 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV () Step #5: ==1216==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0x21,0x6,0x1f,0xff,0xff,0xd1,0x0,0x6,0x7,0x6,0x1f,0xff,0xff,0xff,0x0,0x6,0x7,0x6,0x1f,0x60,0x23,0x7,0x6,0x9e,0xc9,0x2,0x2d,0x13,0x80,0x6,0x57,0x3,0x7f,0xff,0xff,0xf5,0x57, Step #5: \000\006!\006\037\377\377\321\000\006\007\006\037\377\377\377\000\006\007\006\037`#\007\006\236\311\002-\023\200\006W\003\177\377\377\365W Step #5: artifact_prefix='./'; Test unit written to ./crash-eb20f1a4beda17ba011e86414655fdac230e5d0d Step #5: Base64: AAYhBh///9EABgcGH////wAGBwYfYCMHBp7JAi0TgAZXA3////VX Step #5: MERGE-OUTER: attempt 28 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 67470062 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/eb20f1a4beda17ba011e86414655fdac230e5d0d' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 341 processed earlier; will process 715 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: #16 pulse exec/s: 0 rss: 28Mb Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0x2e,0x3,0x0,0x6,0x2d,0x64,0x0,0x6,0x30,0x3,0xff,0x6,0x1,0x6,0x0,0x6,0xf,0x3,0xe3,0x60,0xce,0x3f,0x5c,0xe3,0x6,0x5c,0xe3,0x60,0xd1,0x3f,0x5c,0xe3,0x6,0x5c,0xe3,0xff,0x60,0x6,0x2f,0x3,0x0,0x6,0x1,0x42,0xff,0x57, Step #5: \000\006.\003\000\006-d\000\0060\003\377\006\001\006\000\006\017\003\343`\316?\\\343\006\\\343`\321?\\\343\006\\\343\377`\006/\003\000\006\001B\377W Step #5: artifact_prefix='./'; Test unit written to ./timeout-2b2d97f8d958485c892c17143f0d18bcf91e824c Step #5: Base64: AAYuAwAGLWQABjAD/wYBBgAGDwPjYM4/XOMGXONg0T9c4wZc4/9gBi8DAAYBQv9X Step #5: ==1219== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x55c7b9b37034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x55c7b9af4178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x55c7b9ad7a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7fd546b8c08f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x55c7b9b38a0d in tud_task_ext /src/tinyusb/src/device/usbd.c Step #5: #5 0x55c7b9b3c0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #6 0x55c7b9b3c0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #7 0x55c7b9ad919d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #8 0x55c7b9ae2008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #9 0x55c7b9ac8ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #10 0x55c7b9af49f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #11 0x7fd546b6d082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #12 0x55c7b9abc59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 29 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 169517931 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/2b2d97f8d958485c892c17143f0d18bcf91e824c' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 369 processed earlier; will process 687 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1223==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x564bd5e77bf7 (pc 0x7f1303e7198c bp 0x7ffeafd64f00 sp 0x7ffeafd64ec8 T1223) Step #5: ==1223==The signal is caused by a WRITE memory access. Step #5: #0 0x7f1303e7198c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x564bd5f0d5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x564bd5f0d5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x564bd5f0e820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x564bd5f0e820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x564bd5f0e820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x564bd5f0e820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x564bd5f1153d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x564bd5f1153d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x564bd5f110a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x564bd5eae19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x564bd5eb7008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x564bd5e9dce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x564bd5ec99f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f1303d0a082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x564bd5e9159d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1223==Register values: Step #5: rax = 0x0000564bd5e77bf7 rbx = 0x0000564bd5f1e2b0 rcx = 0x00000000d5e71280 rdx = 0x0000000000000018 Step #5: rdi = 0x0000564bd5e77bf7 rsi = 0x00007ffeafd64f70 rbp = 0x00007ffeafd64f00 rsp = 0x00007ffeafd64ec8 Step #5: r8 = 0x00000000000068cb r9 = 0x0000000000000000 r10 = 0x0000000000000000 r11 = 0x00007ffeafd93080 Step #5: r12 = 0x0000564bd81735b0 r13 = 0x000000000000564b r14 = 0x0000000000000018 r15 = 0x0000564bd5f1e2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1223==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0x3,0x1,0x13,0x3,0x18,0x80,0x0,0x6,0x3,0x1,0x13,0x3,0x18,0x80,0x0,0x1,0x0,0x0,0x0,0x64,0xff,0xff,0x0,0xff,0xff,0xff,0xff,0x81,0x3,0xe7,0xff,0xfc,0xe0,0xff,0xff,0xff,0x80,0x0,0x3,0xe7,0xff,0xfc,0xe0,0xff,0xff,0xff,0x80, Step #5: \000\006\003\001\023\003\030\200\000\006\003\001\023\003\030\200\000\001\000\000\000d\377\377\000\377\377\377\377\201\003\347\377\374\340\377\377\377\200\000\003\347\377\374\340\377\377\377\200 Step #5: artifact_prefix='./'; Test unit written to ./crash-0063e27d42376296a83a8fc67c42fbf85da521c3 Step #5: Base64: AAYDARMDGIAABgMBEwMYgAABAAAAZP//AP////+BA+f//OD///+AAAPn//zg////gA== Step #5: MERGE-OUTER: attempt 30 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 169566970 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/0063e27d42376296a83a8fc67c42fbf85da521c3' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 378 processed earlier; will process 678 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1227==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffc9cdd0ff8 (pc 0x5621fb0c2b64 bp 0x7ffc9d5cf430 sp 0x7ffc9cdd1000 T1227) Step #5: #0 0x5621fb0c2b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x5621fb0c60b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x5621fb0c60b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x5621fb06319d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x5621fb06c008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x5621fb052ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x5621fb07e9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f57113f5082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x5621fb04659d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1227==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x1f,0x0,0x0,0x0,0xfd,0x18,0x20,0x21,0x3d,0xf9,0x0,0xff,0x6,0x8,0xbe,0x0,0xe,0x33,0x1f,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x87,0xff,0xff,0xff,0xff,0xe4,0x51,0x83,0x83,0xa3,0xff,0x83,0x82,0x93,0xf9,0x83,0x83,0xff,0xff,0xff,0xf5,0xf5, Step #5: \200\011\037\000\000\000\375\030 !=\371\000\377\006\010\276\000\0163\037\000\000\000\000\000\000\000\207\377\377\377\377\344Q\203\203\243\377\203\202\223\371\203\203\377\377\377\365\365 Step #5: artifact_prefix='./'; Test unit written to ./crash-c2db4c90b5f26988365feb1f00ba822c40e56419 Step #5: Base64: gAkfAAAA/RggIT35AP8GCL4ADjMfAAAAAAAAAIf/////5FGDg6P/g4KT+YOD////9fU= Step #5: MERGE-OUTER: attempt 31 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 169625451 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/c2db4c90b5f26988365feb1f00ba822c40e56419' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 382 processed earlier; will process 674 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1231==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffcddc0aff8 (pc 0x55fa7ac13b64 bp 0x7ffcde409c30 sp 0x7ffcddc0b000 T1231) Step #5: #0 0x55fa7ac13b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55fa7ac170b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55fa7ac170b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55fa7abb419d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55fa7abbd008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55fa7aba3ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55fa7abcf9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f6313954082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55fa7ab9759d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1231==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x1f,0x0,0x0,0x0,0xfd,0x18,0x20,0x21,0x3d,0xf9,0x0,0x0,0x6,0x8,0xbe,0x0,0xe,0x31,0x1f,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x87,0xff,0xff,0xff,0xff,0xff,0x51,0x83,0x83,0x83,0xe4,0xa3,0x82,0x83,0xff,0xf9,0x83,0x93,0xff,0xff,0xf5,0xf5, Step #5: \200\011\037\000\000\000\375\030 !=\371\000\000\006\010\276\000\0161\037\000\000\000\000\000\000\000\207\377\377\377\377\377Q\203\203\203\344\243\202\203\377\371\203\223\377\377\365\365 Step #5: artifact_prefix='./'; Test unit written to ./crash-9e367cede7c03a81b6bc8624e910249b7efea14f Step #5: Base64: gAkfAAAA/RggIT35AAAGCL4ADjEfAAAAAAAAAIf//////1GDg4Pko4KD//mDk///9fU= Step #5: MERGE-OUTER: attempt 32 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 169683664 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/9e367cede7c03a81b6bc8624e910249b7efea14f' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 385 processed earlier; will process 671 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1235==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffd8e036ff8 (pc 0x55e75fdc7b64 bp 0x7ffd8e834cf0 sp 0x7ffd8e037000 T1235) Step #5: #0 0x55e75fdc7b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55e75fdcb0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55e75fdcb0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55e75fd6819d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55e75fd71008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55e75fd57ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55e75fd839f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fa1f9ecb082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55e75fd4b59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1235==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x1f,0x0,0x0,0x0,0xfd,0x18,0x20,0x21,0x3d,0xf9,0x0,0xe,0x33,0x1f,0xbe,0x0,0xe,0x33,0x1f,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x87,0xff,0xff,0xff,0xff,0xff,0x51,0x83,0x83,0x83,0xe4,0xa3,0x82,0x93,0xf9,0x83,0x83,0xff,0xff,0xff,0xf5,0xf5, Step #5: \200\011\037\000\000\000\375\030 !=\371\000\0163\037\276\000\0163\037\000\000\000\000\000\000\000\207\377\377\377\377\377Q\203\203\203\344\243\202\223\371\203\203\377\377\377\365\365 Step #5: artifact_prefix='./'; Test unit written to ./crash-97ed427922fc0ff104299a5d8e322829f0ac368c Step #5: Base64: gAkfAAAA/RggIT35AA4zH74ADjMfAAAAAAAAAIf//////1GDg4Pko4KT+YOD////9fU= Step #5: MERGE-OUTER: attempt 33 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 169741992 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/97ed427922fc0ff104299a5d8e322829f0ac368c' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 386 processed earlier; will process 670 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1239==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x555a74b3cb06 (pc 0x7f0cf7d3898c bp 0x7ffe71f692b0 sp 0x7ffe71f69278 T1239) Step #5: ==1239==The signal is caused by a WRITE memory access. Step #5: #0 0x7f0cf7d3898c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x555a74bd25cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x555a74bd25cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x555a74bd3820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x555a74bd3820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x555a74bd3820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x555a74bd3820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x555a74bd66d0 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x555a74bd66d0 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x555a74bd60a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x555a74b7319d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x555a74b7c008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x555a74b62ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x555a74b8e9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f0cf7bd1082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x555a74b5659d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1239==Register values: Step #5: rax = 0x0000555a74b3cb06 rbx = 0x0000555a74be32b0 rcx = 0x0000000074b36371 rdx = 0x0000000000000018 Step #5: rdi = 0x0000555a74b3cb06 rsi = 0x00007ffe71f69320 rbp = 0x00007ffe71f692b0 rsp = 0x00007ffe71f69278 Step #5: r8 = 0x000000000000b8cb r9 = 0x0000000000000000 r10 = 0x0000000000000000 r11 = 0x00007ffe71f87080 Step #5: r12 = 0x0000000000000083 r13 = 0x000000000000555a r14 = 0x0000000000000018 r15 = 0x0000555a74be32b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1239==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0x3a,0x1,0xd3,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xb3,0xff,0x1e,0x93,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0xd3,0x1e,0x93,0xe6,0x66,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0x83,0x92, Step #5: \000\006:\001\323\036\223F\323\036\223\346\263\377\036\223\377\036\223F\323\036\223\346\377\036\223F\323\036\223\346\377\036\223\323\036\223\346f\223\346\377\036\223F\323\036\223\203\222 Step #5: artifact_prefix='./'; Test unit written to ./crash-973175103e22d8e20aee0fe7c001a53f870eafce Step #5: Base64: AAY6AdMek0bTHpPms/8ek/8ek0bTHpPm/x6TRtMek+b/HpPTHpPmZpPm/x6TRtMek4OS Step #5: MERGE-OUTER: attempt 34 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 169791303 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/973175103e22d8e20aee0fe7c001a53f870eafce' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 388 processed earlier; will process 668 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1243==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x562914b47bd5 (pc 0x7f005892298c bp 0x7fff2bd6d1f0 sp 0x7fff2bd6d1b8 T1243) Step #5: ==1243==The signal is caused by a WRITE memory access. Step #5: #0 0x7f005892298c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x562914bdd5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x562914bdd5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x562914bde820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x562914bde820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x562914bde820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x562914bde820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x562914be153d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x562914be153d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x562914be10a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x562914b7e19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x562914b87008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x562914b6dce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x562914b999f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f00587bb082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x562914b6159d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1243==Register values: Step #5: rax = 0x0000562914b47bd5 rbx = 0x0000562914bee2b0 rcx = 0x0000000014b412a2 rdx = 0x0000000000000018 Step #5: rdi = 0x0000562914b47bd5 rsi = 0x00007fff2bd6d260 rbp = 0x00007fff2bd6d1f0 rsp = 0x00007fff2bd6d1b8 Step #5: r8 = 0x00000000000068cb r9 = 0x0000000000000000 r10 = 0x0000000000000000 r11 = 0x00007f0058983be0 Step #5: r12 = 0x0000000000000001 r13 = 0x0000000000005629 r14 = 0x0000000000000018 r15 = 0x0000562914bee2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1243==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x6e,0x61,0x6e,0x3e,0x6e,0x61,0x6e,0x3e,0x6e,0x61,0x6e,0x3e,0x6e,0x61,0x6e,0x40,0x6e,0x61,0x6e,0x3e,0x6e,0x61,0x6e,0x3e,0x6e,0x61,0x6e,0x3e,0x6e,0x61,0x6e,0x3e,0x6e,0x61,0x4e,0x3e,0x6e,0x61,0x6e,0x3e,0x6e,0x61,0x6e,0x3e,0x6e,0x61,0x6e,0x3e,0x6e,0x61,0x4e, Step #5: nan>nan>nan>nan@nan>nan>nan>nan>naN>nan>nan>nan>naN Step #5: artifact_prefix='./'; Test unit written to ./crash-3f4ce664287a9d57779084a4adcf11d5e6e8e1ae Step #5: Base64: bmFuPm5hbj5uYW4+bmFuQG5hbj5uYW4+bmFuPm5hbj5uYU4+bmFuPm5hbj5uYW4+bmFO Step #5: MERGE-OUTER: attempt 35 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 169840169 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/3f4ce664287a9d57779084a4adcf11d5e6e8e1ae' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 390 processed earlier; will process 666 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1247==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5570edd5bb1c (pc 0x7f8a397ed98c bp 0x7ffe488347e0 sp 0x7ffe488347a8 T1247) Step #5: ==1247==The signal is caused by a WRITE memory access. Step #5: #0 0x7f8a397ed98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x5570eddf15cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x5570eddf15cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x5570eddf2820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x5570eddf2820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x5570eddf2820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x5570eddf2820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x5570eddf553d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x5570eddf553d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x5570eddf50a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x5570edd9219d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x5570edd9b008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x5570edd81ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5570eddad9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f8a39686082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x5570edd7559d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1247==Register values: Step #5: rax = 0x00005570edd5bb1c rbx = 0x00005570ede022b0 rcx = 0x00000000edd5535b rdx = 0x0000000000000018 Step #5: rdi = 0x00005570edd5bb1c rsi = 0x00007ffe48834850 rbp = 0x00007ffe488347e0 rsp = 0x00007ffe488347a8 Step #5: r8 = 0x000000000000a8cb r9 = 0x0000000000000000 r10 = 0x0000000000000000 r11 = 0x00007ffe4893c080 Step #5: r12 = 0x00005570ef00c5b0 r13 = 0x0000000000005570 r14 = 0x0000000000000018 r15 = 0x00005570ede022b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1247==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x44,0x0,0x0,0x0,0xa2,0x0,0xa1,0x21,0x1a,0xff,0x0,0xcc,0x18,0xfd,0x8c,0xf2,0x40,0x7f,0xcc,0x18,0xfd,0xe7,0xe5,0xc,0x2,0x25,0x6,0xf9,0x4f,0x4f,0x4f,0x72,0xff,0x6f,0x7f,0xff,0x61,0x4f,0x4f,0x7d,0x48,0x15,0x8c,0xa0,0xff,0xf0,0x0,0x70,0x60, Step #5: \200\011D\000\000\000\242\000\241!\032\377\000\314\030\375\214\362@\177\314\030\375\347\345\014\002%\006\371OOOr\377o\177\377aOO}H\025\214\240\377\360\000p` Step #5: artifact_prefix='./'; Test unit written to ./crash-a497f6a45ee50f9167c5eb244c02dfdf89aaa3e5 Step #5: Base64: gAlEAAAAogChIRr/AMwY/YzyQH/MGP3n5QwCJQb5T09Pcv9vf/9hT099SBWMoP/wAHBg Step #5: MERGE-OUTER: attempt 36 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 169889443 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/a497f6a45ee50f9167c5eb244c02dfdf89aaa3e5' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 392 processed earlier; will process 664 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x44,0x4,0x0,0x0,0xa2,0x0,0xa1,0x22,0xdf,0xff,0x0,0x5b,0x80,0x0,0x8c,0xf2,0x40,0x7f,0xcc,0x18,0x2c,0x6,0xe6,0x5,0x0,0x2,0x25,0x6,0xf9,0x63,0x4f,0x4f,0x40,0xff,0x6f,0x7f,0xff,0x61,0x4f,0x4f,0x7c,0x49,0x15,0x8c,0x2,0xff,0xf0,0x0,0x70,0x60, Step #5: \200\011D\004\000\000\242\000\241\"\337\377\000[\200\000\214\362@\177\314\030,\006\346\005\000\002%\006\371cOO@\377o\177\377aOO|I\025\214\002\377\360\000p` Step #5: artifact_prefix='./'; Test unit written to ./timeout-0cbd87fbd4aefdfdb6d3ec555e3f2a1ec0cb3afa Step #5: Base64: gAlEBAAAogChIt//AFuAAIzyQH/MGCwG5gUAAiUG+WNPT0D/b3//YU9PfEkVjAL/8ABwYA== Step #5: ==1251== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x564173b07034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x564173ac4178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x564173aa7a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7f91c332508f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x564173b08a65 in tud_task_ext /src/tinyusb/src/device/usbd.c:683:19 Step #5: #5 0x564173b0c0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #6 0x564173b0c0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #7 0x564173aa919d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #8 0x564173ab2008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #9 0x564173a98ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #10 0x564173ac49f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #11 0x7f91c3306082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #12 0x564173a8c59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 37 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 271937462 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/0cbd87fbd4aefdfdb6d3ec555e3f2a1ec0cb3afa' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 395 processed earlier; will process 661 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1255==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffdb3736ff8 (pc 0x55d881080b64 bp 0x7ffdb3f356b0 sp 0x7ffdb3737000 T1255) Step #5: #0 0x55d881080b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55d8810840b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55d8810840b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55d88102119d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55d88102a008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55d881010ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55d88103c9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f1cc4f2e082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55d88100459d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1255==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x2,0x1,0xf8,0xb7,0x24,0x2,0x96,0x2,0x87,0xff,0x2,0x2,0x2,0x2,0xff,0x7f,0xff,0x2,0x96,0xae,0xfb,0xff,0xff,0xff,0x2,0xfe,0x9,0x3c,0xf4,0xf9,0xfd,0xfd,0xff,0xfd,0x42,0x96,0xff,0xfa,0xff,0x7f,0x42,0x96,0xff,0xae,0xfb,0xff,0xff,0xff,0x2,0xff,0xfb,0x2c, Step #5: \002\001\370\267$\002\226\002\207\377\002\002\002\002\377\177\377\002\226\256\373\377\377\377\002\376\011<\364\371\375\375\377\375B\226\377\372\377\177B\226\377\256\373\377\377\377\002\377\373, Step #5: artifact_prefix='./'; Test unit written to ./crash-6883388dfa909a6b04400e5edbdd66abf2585b42 Step #5: Base64: AgH4tyQClgKH/wICAgL/f/8Clq77////Av4JPPT5/f3//UKW//r/f0KW/677////Av/7LA== Step #5: MERGE-OUTER: attempt 38 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 271996482 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/6883388dfa909a6b04400e5edbdd66abf2585b42' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 397 processed earlier; will process 659 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1259==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x557503cb1256 (pc 0x7fa9e281698c bp 0x7ffdc4010110 sp 0x7ffdc40100d8 T1259) Step #5: ==1259==The signal is caused by a WRITE memory access. Step #5: #0 0x7fa9e281698c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x557503d4a5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x557503d4a5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x557503d4b820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x557503d4b820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x557503d4b820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x557503d4b820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x557503d4e53d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x557503d4e53d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x557503d4e0a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x557503ceb19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x557503cf4008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x557503cdace9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x557503d069f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fa9e26af082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x557503cce59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1259==Register values: Step #5: rax = 0x0000557503cb1256 rbx = 0x0000557503d5b2b0 rcx = 0x0000000003cb1c21 rdx = 0x0000000000000018 Step #5: rdi = 0x0000557503cb1256 rsi = 0x00007ffdc4010180 rbp = 0x00007ffdc4010110 rsp = 0x00007ffdc40100d8 Step #5: r8 = 0x00000000000038cb r9 = 0x00000000000038cb r10 = 0x00005575042b6490 r11 = 0x00007fa9e2877be0 Step #5: r12 = 0x0000000000000000 r13 = 0x0000000000005575 r14 = 0x0000000000000018 r15 = 0x0000557503d5b2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1259==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0xff,0x6,0x3a,0x1,0xd3,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0x75,0x66,0x75,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x58,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x66,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0x83,0x92, Step #5: \377\006:\001\323\036\223F\323\036\223\346ufuufufufufufufufufXfufufufuff\223\346\377\036\223F\323\036\223\203\222 Step #5: artifact_prefix='./'; Test unit written to ./crash-0dc4a7879f80191257639bd858249fcf2a5a198d Step #5: Base64: /wY6AdMek0bTHpPmdWZ1dWZ1ZnVmdWZ1ZnVmdWZ1ZlhmdWZ1ZnVmdWZmk+b/HpNG0x6Tg5I= Step #5: MERGE-OUTER: attempt 39 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 272045455 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/0dc4a7879f80191257639bd858249fcf2a5a198d' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 398 processed earlier; will process 658 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1263==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffcdec9aff8 (pc 0x562848a64b64 bp 0x7ffcdf499200 sp 0x7ffcdec9b000 T1263) Step #5: #0 0x562848a64b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x562848a680b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x562848a680b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x562848a0519d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x562848a0e008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x5628489f4ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x562848a209f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f6696984082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x5628489e859d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1263==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x61,0x0,0xfe,0x95,0x1,0x0,0xa1,0x20,0xdf,0xff,0x0,0x0,0x0,0x0,0xa6,0xf3,0xa0,0x80,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x25,0x6,0xf9,0x4f,0x40,0xff,0x4f,0x4f,0x7f,0x7f,0xff,0x61,0x4f,0x4f,0x7d,0x48,0x7f,0x7f,0x81,0xce,0x2,0xff,0x7f,0x7f,0x7,0x7f,0x0,0x7f,0x6,0xa0, Step #5: \200\011a\000\376\225\001\000\241 \337\377\000\000\000\000\246\363\240\200\006\371\002\000\006\371\002%\006\371O@\377OO\177\177\377aOO}H\177\177\201\316\002\377\177\177\007\177\000\177\006\240 Step #5: artifact_prefix='./'; Test unit written to ./crash-74607d1d055c51e410ad7a2715d54c1d90c7b1ef Step #5: Base64: gAlhAP6VAQChIN//AAAAAKbzoIAG+QIABvkCJQb5T0D/T09/f/9hT099SH9/gc4C/39/B38Afwag Step #5: MERGE-OUTER: attempt 40 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 272105711 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/74607d1d055c51e410ad7a2715d54c1d90c7b1ef' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 402 processed earlier; will process 654 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1267==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5567aa6eab13 (pc 0x7fd84879f98c bp 0x7ffea2d6ab90 sp 0x7ffea2d6ab58 T1267) Step #5: ==1267==The signal is caused by a WRITE memory access. Step #5: #0 0x7fd84879f98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x5567aa7805cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x5567aa7805cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x5567aa781820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x5567aa781820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x5567aa781820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x5567aa781820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x5567aa78453d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x5567aa78453d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x5567aa7840a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x5567aa72119d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x5567aa72a008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x5567aa710ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5567aa73c9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fd848638082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x5567aa70459d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1267==Register values: Step #5: rax = 0x00005567aa6eab13 rbx = 0x00005567aa7912b0 rcx = 0x00000000aa6e4364 rdx = 0x0000000000000018 Step #5: rdi = 0x00005567aa6eab13 rsi = 0x00007ffea2d6ac00 rbp = 0x00007ffea2d6ab90 rsp = 0x00007ffea2d6ab58 Step #5: r8 = 0x00000000000098cb r9 = 0x00000000000098cb r10 = 0x00005567aacec2d0 r11 = 0x0000000000000001 Step #5: r12 = 0x0000000000000000 r13 = 0x0000000000005567 r14 = 0x0000000000000018 r15 = 0x00005567aa7912b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1267==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x61,0x21,0x0,0x0,0x0,0x18,0xa1,0x22,0x7f,0x80,0x0,0x0,0x80,0x0,0x0,0xf3,0xa0,0x80,0x6,0xf9,0x2,0x1c,0x46,0x7,0x2,0x25,0x6,0xf9,0x4f,0x4f,0x4f,0x40,0xff,0x7f,0x7f,0xff,0x61,0x4f,0x4f,0x7d,0x48,0x7f,0x73,0x81,0xce,0x2,0xff,0x7f,0x7f,0x7,0xa2,0x0,0x7f,0x6,0xa0, Step #5: \200\011a!\000\000\000\030\241\"\177\200\000\000\200\000\000\363\240\200\006\371\002\034F\007\002%\006\371OOO@\377\177\177\377aOO}H\177s\201\316\002\377\177\177\007\242\000\177\006\240 Step #5: artifact_prefix='./'; Test unit written to ./crash-f1c807fa210adbddc42844d0a9fd1e82846d4be2 Step #5: Base64: gAlhIQAAABihIn+AAACAAADzoIAG+QIcRgcCJQb5T09PQP9/f/9hT099SH9zgc4C/39/B6IAfwag Step #5: MERGE-OUTER: attempt 41 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 272155338 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/f1c807fa210adbddc42844d0a9fd1e82846d4be2' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 403 processed earlier; will process 653 files now Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x61,0x21,0x0,0x0,0x0,0x0,0xa1,0x23,0x0,0xff,0x0,0x0,0x0,0x0,0xe,0xf3,0xa0,0x80,0xa5,0xf9,0x1,0xf9,0x46,0x7,0x2,0x25,0x6,0xf9,0x4f,0x4f,0x4f,0x40,0xff,0x7f,0x7f,0xff,0x61,0x4f,0x4f,0x7d,0x49,0x7f,0x73,0x81,0xce,0x2,0xff,0x7f,0x7f,0x7,0xa2,0x0,0x7f,0x6,0xa0, Step #5: \200\011a!\000\000\000\000\241#\000\377\000\000\000\000\016\363\240\200\245\371\001\371F\007\002%\006\371OOO@\377\177\177\377aOO}I\177s\201\316\002\377\177\177\007\242\000\177\006\240 Step #5: artifact_prefix='./'; Test unit written to ./timeout-9aa31bf59b612380d7b0cc39f14af71adc9310eb Step #5: Base64: gAlhIQAAAAChIwD/AAAAAA7zoICl+QH5RgcCJQb5T09PQP9/f/9hT099SX9zgc4C/39/B6IAfwag Step #5: ==1271== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x5646177d6034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x564617793178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x564617776a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7fcfc618e08f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x5646177d77f9 in usbd_int_set /src/tinyusb/src/device/usbd.c:1304:21 Step #5: #5 0x5646177d7a2a in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:186:3 Step #5: #6 0x5646177d7a2a in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #7 0x5646177db0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #8 0x5646177db0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #9 0x56461777819d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #10 0x564617781008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #11 0x564617767ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #12 0x5646177939f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #13 0x7fcfc616f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #14 0x56461775b59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 42 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 374204044 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/9aa31bf59b612380d7b0cc39f14af71adc9310eb' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 404 processed earlier; will process 652 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1275==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55a18a0f1282 (pc 0x7f90784b498c bp 0x7ffe07e1a1d0 sp 0x7ffe07e1a198 T1275) Step #5: ==1275==The signal is caused by a WRITE memory access. Step #5: #0 0x7f90784b498c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55a18a18b5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55a18a18b5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55a18a18c820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55a18a18c820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55a18a18c820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55a18a18c820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55a18a18f53d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55a18a18f53d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55a18a18f0a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55a18a12c19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55a18a135008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55a18a11bce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55a18a1479f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f907834d082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55a18a10f59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1275==Register values: Step #5: rax = 0x000055a18a0f1282 rbx = 0x000055a18a19c2b0 rcx = 0x000000008a0f3bf5 rdx = 0x0000000000000018 Step #5: rdi = 0x000055a18a0f1282 rsi = 0x00007ffe07e1a240 rbp = 0x00007ffe07e1a1d0 rsp = 0x00007ffe07e1a198 Step #5: r8 = 0x00000000000048cb r9 = 0x00000000000048cb r10 = 0x000055a18a6f72d0 r11 = 0x0000000000000001 Step #5: r12 = 0x0000000000000000 r13 = 0x00000000000055a1 r14 = 0x0000000000000018 r15 = 0x000055a18a19c2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1275==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x61,0x21,0x0,0x0,0x0,0x18,0xa1,0x39,0x0,0x0,0x0,0x0,0x0,0x0,0xa6,0xf3,0xa0,0x80,0x6,0xf9,0x2,0x1c,0x46,0x7,0x2,0x25,0x6,0x96,0x4f,0x4f,0x4f,0x50,0xff,0x7f,0x7f,0xff,0x61,0x4f,0x4f,0x7d,0x48,0x7f,0x73,0x81,0xce,0x2,0xff,0x7f,0x7f,0x7,0xa2,0x0,0x7f,0x6,0xa0, Step #5: \200\011a!\000\000\000\030\2419\000\000\000\000\000\000\246\363\240\200\006\371\002\034F\007\002%\006\226OOOP\377\177\177\377aOO}H\177s\201\316\002\377\177\177\007\242\000\177\006\240 Step #5: artifact_prefix='./'; Test unit written to ./crash-48110ed9e3806270c46d5fedfb4ecefec67d7253 Step #5: Base64: gAlhIQAAABihOQAAAAAAAKbzoIAG+QIcRgcCJQaWT09PUP9/f/9hT099SH9zgc4C/39/B6IAfwag Step #5: MERGE-OUTER: attempt 43 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 374253158 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/48110ed9e3806270c46d5fedfb4ecefec67d7253' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 405 processed earlier; will process 651 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1279==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5642b16e15b0 (pc 0x5642b16e15b0 bp 0x7ffc919daff0 sp 0x7ffc919dafa8 T1279) Step #5: ==1279==The signal is caused by a READ memory access. Step #5: ==1279==Hint: PC is at a non-executable region. Maybe a wild jump? Step #5: #0 0x5642b16e15b0 () Step #5: Step #5: ==1279==Register values: Step #5: rax = 0x00005642b062d901 rbx = 0x0000000000000001 rcx = 0x0000000000000018 rdx = 0x0000000000000180 Step #5: rdi = 0x0000000000000001 rsi = 0x0000000000000018 rbp = 0x00007ffc919daff0 rsp = 0x00007ffc919dafa8 Step #5: r8 = 0x0000000000000000 r9 = 0x0000000000000180 r10 = 0x00005642b0b99490 r11 = 0x00007f714e62dbe0 Step #5: r12 = 0x00007ffc919d08f9 r13 = 0x00005642b062d97c r14 = 0x0000000000000001 r15 = 0x00005642b16b8e90 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV () Step #5: ==1279==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x61,0x21,0x0,0x0,0x0,0x0,0xa1,0x22,0xdf,0xff,0x0,0x0,0x0,0x0,0xa6,0xf3,0xa0,0x80,0x6,0xf9,0x2,0x0,0xfa,0x7,0x2,0x25,0x6,0xf9,0x4f,0x4f,0x4f,0x40,0xff,0x7f,0x7f,0xff,0x61,0x4f,0x4f,0x7d,0x4c,0x7f,0x7f,0x81,0xce,0x2,0xff,0x88,0x80,0xf8,0x80,0xff,0x80,0xf9,0x5f, Step #5: \200\011a!\000\000\000\000\241\"\337\377\000\000\000\000\246\363\240\200\006\371\002\000\372\007\002%\006\371OOO@\377\177\177\377aOO}L\177\177\201\316\002\377\210\200\370\200\377\200\371_ Step #5: artifact_prefix='./'; Test unit written to ./crash-f5c6974eb1e263b6329720df045e5d74fce36216 Step #5: Base64: gAlhIQAAAAChIt//AAAAAKbzoIAG+QIA+gcCJQb5T09PQP9/f/9hT099TH9/gc4C/4iA+ID/gPlf Step #5: MERGE-OUTER: attempt 44 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 374269299 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/f5c6974eb1e263b6329720df045e5d74fce36216' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 406 processed earlier; will process 650 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1282==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55b81be1cb64 (pc 0x7fbd9d3b398c bp 0x7ffe8187bca0 sp 0x7ffe8187bc68 T1282) Step #5: ==1282==The signal is caused by a WRITE memory access. Step #5: #0 0x7fbd9d3b398c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55b81beb25cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55b81beb25cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55b81beb3820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55b81beb3820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55b81beb3820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55b81beb3820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55b81beb653d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55b81beb653d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55b81beb60a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55b81be5319d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55b81be5c008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55b81be42ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55b81be6e9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fbd9d24c082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55b81be3659d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1282==Register values: Step #5: rax = 0x000055b81be1cb64 rbx = 0x000055b81bec32b0 rcx = 0x000000001be16313 rdx = 0x0000000000000018 Step #5: rdi = 0x000055b81be1cb64 rsi = 0x00007ffe8187bd10 rbp = 0x00007ffe8187bca0 rsp = 0x00007ffe8187bc68 Step #5: r8 = 0x000000000000b8cb r9 = 0x000000000000b8cb r10 = 0x000055b81c41e2d0 r11 = 0x0000000000000001 Step #5: r12 = 0x0000000000000000 r13 = 0x00000000000055b8 r14 = 0x0000000000000018 r15 = 0x000055b81bec32b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1282==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x61,0x0,0xfe,0x95,0x1,0x0,0x20,0x21,0xdf,0xff,0x0,0x0,0x8,0x0,0xa6,0xf3,0xa0,0x80,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x25,0x6,0xf9,0x4f,0x4f,0x4f,0x40,0xff,0x7f,0x7f,0xff,0x61,0x4f,0x4f,0x7d,0x48,0x7f,0x7f,0x81,0xce,0x2,0x0,0x7f,0x7f,0x7,0x27,0x0,0x7f,0x6,0xa0, Step #5: \200\011a\000\376\225\001\000 !\337\377\000\000\010\000\246\363\240\200\006\371\002\000\006\371\002%\006\371OOO@\377\177\177\377aOO}H\177\177\201\316\002\000\177\177\007'\000\177\006\240 Step #5: artifact_prefix='./'; Test unit written to ./crash-df00ddd3559695b683ad576f4bedf182e48d69f8 Step #5: Base64: gAlhAP6VAQAgId//AAAIAKbzoIAG+QIABvkCJQb5T09PQP9/f/9hT099SH9/gc4CAH9/BycAfwag Step #5: MERGE-OUTER: attempt 45 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 374318313 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/df00ddd3559695b683ad576f4bedf182e48d69f8' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 407 processed earlier; will process 649 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1286==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55b5a5361296 (pc 0x7f150b00698c bp 0x7fff4da9eed0 sp 0x7fff4da9ee98 T1286) Step #5: ==1286==The signal is caused by a WRITE memory access. Step #5: #0 0x7f150b00698c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55b5a53fa5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55b5a53fa5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55b5a53fb820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55b5a53fb820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55b5a53fb820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55b5a53fb820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55b5a53fe53d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55b5a53fe53d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55b5a53fe0a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55b5a539b19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55b5a53a4008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55b5a538ace9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55b5a53b69f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f150ae9f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55b5a537e59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1286==Register values: Step #5: rax = 0x000055b5a5361296 rbx = 0x000055b5a540b2b0 rcx = 0x00000000a5361be1 rdx = 0x0000000000000018 Step #5: rdi = 0x000055b5a5361296 rsi = 0x00007fff4da9ef40 rbp = 0x00007fff4da9eed0 rsp = 0x00007fff4da9ee98 Step #5: r8 = 0x00000000000038cb r9 = 0x00000000000038cb r10 = 0x000055b5a59662d0 r11 = 0x0000000000000001 Step #5: r12 = 0x0000000000000000 r13 = 0x00000000000055b5 r14 = 0x0000000000000018 r15 = 0x000055b5a540b2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1286==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x61,0x21,0x0,0x0,0x0,0x18,0xa1,0x22,0x7f,0x80,0x0,0x0,0x80,0x0,0x7e,0xf3,0xa0,0x80,0x6,0xf9,0x2,0x1c,0x46,0x7,0x2,0x25,0x6,0xf9,0x4f,0x4f,0x4f,0x40,0xff,0x7f,0x7f,0xff,0x61,0x4f,0x4f,0x7d,0x48,0x7f,0x73,0x81,0xce,0x2,0xff,0x7f,0x7f,0x7,0xa2,0x0,0x7f,0x6,0xa0, Step #5: \200\011a!\000\000\000\030\241\"\177\200\000\000\200\000~\363\240\200\006\371\002\034F\007\002%\006\371OOO@\377\177\177\377aOO}H\177s\201\316\002\377\177\177\007\242\000\177\006\240 Step #5: artifact_prefix='./'; Test unit written to ./crash-a84e42c28dd134256853ea3d690c2f51d121d9cf Step #5: Base64: gAlhIQAAABihIn+AAACAAH7zoIAG+QIcRgcCJQb5T09PQP9/f/9hT099SH9zgc4C/39/B6IAfwag Step #5: MERGE-OUTER: attempt 46 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 374367221 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/a84e42c28dd134256853ea3d690c2f51d121d9cf' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 408 processed earlier; will process 648 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1290==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x564ca7dddbf8 (pc 0x7fb9ca62898c bp 0x7ffed7b230a0 sp 0x7ffed7b23068 T1290) Step #5: ==1290==The signal is caused by a WRITE memory access. Step #5: #0 0x7fb9ca62898c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x564ca7e735cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x564ca7e735cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x564ca7e74820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x564ca7e74820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x564ca7e74820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x564ca7e74820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x564ca7e7753d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x564ca7e7753d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x564ca7e770a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x564ca7e1419d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x564ca7e1d008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x564ca7e03ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x564ca7e2f9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fb9ca4c1082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x564ca7df759d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1290==Register values: Step #5: rax = 0x0000564ca7dddbf8 rbx = 0x0000564ca7e842b0 rcx = 0x00000000a7dd727f rdx = 0x0000000000000018 Step #5: rdi = 0x0000564ca7dddbf8 rsi = 0x00007ffed7b23110 rbp = 0x00007ffed7b230a0 rsp = 0x00007ffed7b23068 Step #5: r8 = 0x000000000000c8cb r9 = 0x000000000000c8cb r10 = 0x0000564ca83df2d0 r11 = 0x0000000000000001 Step #5: r12 = 0x0000000000000000 r13 = 0x000000000000564c r14 = 0x0000000000000018 r15 = 0x0000564ca7e842b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1290==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x61,0x0,0xfe,0x95,0x1,0xff,0x20,0x21,0xdf,0xff,0x0,0x0,0x0,0x0,0xa6,0xf3,0xa0,0x80,0x6,0xf9,0x3c,0x0,0x6,0xf9,0x2,0x25,0x6,0xf9,0x4f,0x4f,0x4f,0x40,0xff,0x7f,0x7f,0x61,0xff,0x4f,0x4f,0x7d,0x48,0x7f,0x7f,0x81,0xce,0xff,0xff,0x7f,0xff,0xff,0xff,0xff,0x7f,0x6,0xa0, Step #5: \200\011a\000\376\225\001\377 !\337\377\000\000\000\000\246\363\240\200\006\371<\000\006\371\002%\006\371OOO@\377\177\177a\377OO}H\177\177\201\316\377\377\177\377\377\377\377\177\006\240 Step #5: artifact_prefix='./'; Test unit written to ./crash-1c7a9a51cefcfa68b157d7bcbfe64b9d7ca6ff26 Step #5: Base64: gAlhAP6VAf8gId//AAAAAKbzoIAG+TwABvkCJQb5T09PQP9/f2H/T099SH9/gc7//3//////fwag Step #5: MERGE-OUTER: attempt 47 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 374415957 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/1c7a9a51cefcfa68b157d7bcbfe64b9d7ca6ff26' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 409 processed earlier; will process 647 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1294==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55b08faf9b5c (pc 0x7f82af04a98c bp 0x7ffe23aee980 sp 0x7ffe23aee948 T1294) Step #5: ==1294==The signal is caused by a WRITE memory access. Step #5: #0 0x7f82af04a98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55b08fb8f5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55b08fb8f5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55b08fb90820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55b08fb90820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55b08fb90820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55b08fb90820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55b08fb9353d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55b08fb9353d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55b08fb930a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55b08fb3019d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55b08fb39008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55b08fb1fce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55b08fb4b9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f82aeee3082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55b08fb1359d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1294==Register values: Step #5: rax = 0x000055b08faf9b5c rbx = 0x000055b08fba02b0 rcx = 0x000000008faf331b rdx = 0x0000000000000018 Step #5: rdi = 0x000055b08faf9b5c rsi = 0x00007ffe23aee9f0 rbp = 0x00007ffe23aee980 rsp = 0x00007ffe23aee948 Step #5: r8 = 0x00000000000088cb r9 = 0x00000000000088cb r10 = 0x000055b0900fb2d0 r11 = 0x0000000000000001 Step #5: r12 = 0x000055b09113f5b0 r13 = 0x00000000000055b0 r14 = 0x0000000000000018 r15 = 0x000055b08fba02b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1294==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x61,0x23,0xfe,0x95,0x1,0x0,0x20,0x21,0xdf,0xff,0x0,0x0,0x0,0x0,0x0,0xff,0xa0,0x80,0x6,0xf9,0x2,0x0,0xe3,0xf9,0x2,0x25,0x6,0xf9,0x4f,0x4f,0x4f,0x40,0xff,0x7f,0x7f,0xff,0x61,0x4f,0x4f,0x7d,0x48,0x7f,0x7f,0x81,0xce,0x2,0xff,0x7f,0x7f,0x7,0x27,0x0,0x7f,0x6,0xa0, Step #5: \200\011a#\376\225\001\000 !\337\377\000\000\000\000\000\377\240\200\006\371\002\000\343\371\002%\006\371OOO@\377\177\177\377aOO}H\177\177\201\316\002\377\177\177\007'\000\177\006\240 Step #5: artifact_prefix='./'; Test unit written to ./crash-15f3f3295aaa0d93db0906dab00d10b906a9b669 Step #5: Base64: gAlhI/6VAQAgId//AAAAAAD/oIAG+QIA4/kCJQb5T09PQP9/f/9hT099SH9/gc4C/39/BycAfwag Step #5: MERGE-OUTER: attempt 48 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 374464385 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/15f3f3295aaa0d93db0906dab00d10b906a9b669' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 410 processed earlier; will process 646 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1298==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x564de3ad9bf9 (pc 0x7f2c8b48c98c bp 0x7ffd85bce150 sp 0x7ffd85bce118 T1298) Step #5: ==1298==The signal is caused by a WRITE memory access. Step #5: #0 0x7f2c8b48c98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x564de3b6f5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x564de3b6f5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x564de3b70820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x564de3b70820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x564de3b70820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x564de3b70820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x564de3b7353d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x564de3b7353d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x564de3b730a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x564de3b1019d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x564de3b19008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x564de3affce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x564de3b2b9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f2c8b325082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x564de3af359d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1298==Register values: Step #5: rax = 0x0000564de3ad9bf9 rbx = 0x0000564de3b802b0 rcx = 0x00000000e3ad327e rdx = 0x0000000000000018 Step #5: rdi = 0x0000564de3ad9bf9 rsi = 0x00007ffd85bce1c0 rbp = 0x00007ffd85bce150 rsp = 0x00007ffd85bce118 Step #5: r8 = 0x00000000000088cb r9 = 0x00000000000088cb r10 = 0x0000564de40db2d0 r11 = 0x0000000000000001 Step #5: r12 = 0x0000000000000000 r13 = 0x000000000000564d r14 = 0x0000000000000018 r15 = 0x0000564de3b802b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1298==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x61,0x0,0xfe,0x95,0x1,0x0,0x20,0x20,0xde,0xff,0x0,0x0,0x1,0x20,0x20,0x20,0xde,0xff,0x0,0x0,0x0,0x0,0xa6,0xf3,0xa0,0x2f,0x6,0xfb,0xe9,0xff,0x5,0xf8,0xff,0x7f,0x7f,0xdf,0x61,0x4f,0x4f,0x7c,0x48,0x7f,0x7f,0x81,0xff,0x5,0xf8,0xff,0x7f,0x7f,0xdf,0x0,0x7f,0x6,0xa0, Step #5: \200\011a\000\376\225\001\000 \336\377\000\000\001 \336\377\000\000\000\000\246\363\240/\006\373\351\377\005\370\377\177\177\337aOO|H\177\177\201\377\005\370\377\177\177\337\000\177\006\240 Step #5: artifact_prefix='./'; Test unit written to ./crash-7e08fa24ecf149ca229211f0bb167f7274d4b625 Step #5: Base64: gAlhAP6VAQAgIN7/AAABICAg3v8AAAAApvOgLwb76f8F+P9/f99hT098SH9/gf8F+P9/f98Afwag Step #5: MERGE-OUTER: attempt 49 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 374513348 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/7e08fa24ecf149ca229211f0bb167f7274d4b625' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 411 processed earlier; will process 645 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1302==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5646c78d8bf2 (pc 0x7f63d4d3398c bp 0x7ffc0c48e080 sp 0x7ffc0c48e048 T1302) Step #5: ==1302==The signal is caused by a WRITE memory access. Step #5: #0 0x7f63d4d3398c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x5646c796e5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x5646c796e5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x5646c796f820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x5646c796f820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x5646c796f820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x5646c796f820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x5646c797253d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x5646c797253d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x5646c79720a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x5646c790f19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x5646c7918008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x5646c78fece9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5646c792a9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f63d4bcc082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x5646c78f259d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1302==Register values: Step #5: rax = 0x00005646c78d8bf2 rbx = 0x00005646c797f2b0 rcx = 0x00000000c78d2285 rdx = 0x0000000000000018 Step #5: rdi = 0x00005646c78d8bf2 rsi = 0x00007ffc0c48e0f0 rbp = 0x00007ffc0c48e080 rsp = 0x00007ffc0c48e048 Step #5: r8 = 0x00000000000078cb r9 = 0x00000000000078cb r10 = 0x00005646c7eda2d0 r11 = 0x0000000000000001 Step #5: r12 = 0x0000000000000000 r13 = 0x0000000000005646 r14 = 0x0000000000000018 r15 = 0x00005646c797f2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1302==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x60,0xe6,0x7e,0x6c,0x95,0x1,0x0,0xa1,0x22,0xe0,0x14,0x0,0x0,0x0,0x0,0x7f,0x0,0x0,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x25,0x6,0xf9,0x4f,0x4f,0x4f,0x40,0xff,0x7f,0x7f,0xff,0x61,0x4f,0x4f,0x7d,0x48,0x7f,0x7f,0x81,0x2,0xff,0x7f,0x7f,0x7,0x7f,0x0,0x7f,0x6,0xa0, Step #5: \200\011`\346~l\225\001\000\241\"\340\024\000\000\000\000\177\000\000\000\006\371\002\000\006\371\002%\006\371OOO@\377\177\177\377aOO}H\177\177\201\002\377\177\177\007\177\000\177\006\240 Step #5: artifact_prefix='./'; Test unit written to ./crash-2dcc5ad0d060f346789fc1ae21f8d01c95704a7e Step #5: Base64: gAlg5n5slQEAoSLgFAAAAAB/AAAABvkCAAb5AiUG+U9PT0D/f3//YU9PfUh/f4EC/39/B38Afwag Step #5: MERGE-OUTER: attempt 50 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 374562257 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/2dcc5ad0d060f346789fc1ae21f8d01c95704a7e' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 412 processed earlier; will process 644 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1306==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x558ab84c0b36 (pc 0x7fdc3d7c898c bp 0x7fff1486a800 sp 0x7fff1486a7c8 T1306) Step #5: ==1306==The signal is caused by a WRITE memory access. Step #5: #0 0x7fdc3d7c898c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x558ab85565cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x558ab85565cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x558ab8557820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x558ab8557820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x558ab8557820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x558ab8557820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x558ab855a53d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x558ab855a53d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x558ab855a0a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x558ab84f719d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x558ab8500008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x558ab84e6ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x558ab85129f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fdc3d661082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x558ab84da59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1306==Register values: Step #5: rax = 0x0000558ab84c0b36 rbx = 0x0000558ab85672b0 rcx = 0x00000000b84ba341 rdx = 0x0000000000000018 Step #5: rdi = 0x0000558ab84c0b36 rsi = 0x00007fff1486a870 rbp = 0x00007fff1486a800 rsp = 0x00007fff1486a7c8 Step #5: r8 = 0x000000000000f8cb r9 = 0x000000000000f8cb r10 = 0x0000558ab8ac22d0 r11 = 0x0000000000000001 Step #5: r12 = 0x0000000000000000 r13 = 0x000000000000558a r14 = 0x0000000000000018 r15 = 0x0000558ab85672b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1306==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x61,0x21,0x0,0x0,0x64,0x0,0x0,0x0,0x6a,0xff,0x0,0x0,0x0,0x0,0xa6,0x3,0xe8,0x80,0x6,0xd5,0x0,0x0,0x46,0x7,0x2,0x25,0x6,0xf9,0x4f,0x4f,0x4f,0x40,0x0,0x7f,0x7f,0xff,0x61,0x4f,0x4f,0x7d,0x48,0x7f,0x73,0x81,0xce,0x2,0xff,0x7f,0x7f,0xf8,0xa1,0x0,0x7f,0x6,0xa0, Step #5: \200\011a!\000\000d\000\000\000j\377\000\000\000\000\246\003\350\200\006\325\000\000F\007\002%\006\371OOO@\000\177\177\377aOO}H\177s\201\316\002\377\177\177\370\241\000\177\006\240 Step #5: artifact_prefix='./'; Test unit written to ./crash-2cd8c524e37628bfa760549bbdeec6027aef7be0 Step #5: Base64: gAlhIQAAZAAAAGr/AAAAAKYD6IAG1QAARgcCJQb5T09PQAB/f/9hT099SH9zgc4C/39/+KEAfwag Step #5: MERGE-OUTER: attempt 51 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 374611621 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/2cd8c524e37628bfa760549bbdeec6027aef7be0' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 413 processed earlier; will process 643 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1310==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5645a1ecdbf1 (pc 0x7feb4540b98c bp 0x7ffce1e23dd0 sp 0x7ffce1e23d98 T1310) Step #5: ==1310==The signal is caused by a WRITE memory access. Step #5: #0 0x7feb4540b98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x5645a1f635cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x5645a1f635cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x5645a1f64820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x5645a1f64820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x5645a1f64820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x5645a1f64820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x5645a1f6753d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x5645a1f6753d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x5645a1f670a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x5645a1f0419d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x5645a1f0d008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x5645a1ef3ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5645a1f1f9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7feb452a4082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x5645a1ee759d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1310==Register values: Step #5: rax = 0x00005645a1ecdbf1 rbx = 0x00005645a1f742b0 rcx = 0x00000000a1ec7286 rdx = 0x0000000000000018 Step #5: rdi = 0x00005645a1ecdbf1 rsi = 0x00007ffce1e23e40 rbp = 0x00007ffce1e23dd0 rsp = 0x00007ffce1e23d98 Step #5: r8 = 0x000000000000c8cb r9 = 0x0000000000000000 r10 = 0x0000000000000000 r11 = 0x00007ffce1ed9080 Step #5: r12 = 0x00005645a26f95b0 r13 = 0x0000000000005645 r14 = 0x0000000000000018 r15 = 0x00005645a1f742b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1310==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x61,0x0,0xfe,0x95,0x1,0x0,0xa1,0x20,0xdf,0xff,0x0,0x0,0x0,0x0,0xa6,0xf3,0xa0,0x80,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x25,0x6,0xf9,0x4f,0x4f,0x4f,0x40,0xff,0x7f,0x7f,0xff,0x61,0x4f,0x4f,0x7d,0x48,0x7f,0x7f,0x81,0xce,0x2,0xff,0x7f,0x7f,0x7,0x7f,0x0,0x7f,0x6,0xa0, Step #5: \200\011a\000\376\225\001\000\241 \337\377\000\000\000\000\246\363\240\200\006\371\002\000\006\371\002%\006\371OOO@\377\177\177\377aOO}H\177\177\201\316\002\377\177\177\007\177\000\177\006\240 Step #5: artifact_prefix='./'; Test unit written to ./crash-276eb3a8de3ac30ad686a3373cfc608054d26cf3 Step #5: Base64: gAlhAP6VAQChIN//AAAAAKbzoIAG+QIABvkCJQb5T09PQP9/f/9hT099SH9/gc4C/39/B38Afwag Step #5: MERGE-OUTER: attempt 52 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 374660184 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/276eb3a8de3ac30ad686a3373cfc608054d26cf3' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 415 processed earlier; will process 641 files now Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x61,0x0,0xfe,0x95,0x1,0x0,0x21,0x20,0xdf,0xff,0x0,0x0,0x0,0x0,0x7f,0x0,0x0,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x25,0x6,0xf9,0x4f,0x4f,0x4f,0x40,0xff,0x7f,0x7f,0xff,0x61,0x4f,0x4f,0x7d,0x48,0x7f,0x7f,0x81,0xce,0x2,0xff,0x7f,0x7f,0x7,0x7f,0x0,0x7f,0x6,0xa0, Step #5: \200\011a\000\376\225\001\000! \337\377\000\000\000\000\177\000\000\000\006\371\002\000\006\371\002%\006\371OOO@\377\177\177\377aOO}H\177\177\201\316\002\377\177\177\007\177\000\177\006\240 Step #5: artifact_prefix='./'; Test unit written to ./timeout-324a1eb6bf03994ac544335221e0497164a621f8 Step #5: Base64: gAlhAP6VAQAhIN//AAAAAH8AAAAG+QIABvkCJQb5T09PQP9/f/9hT099SH9/gc4C/39/B38Afwag Step #5: ==1314== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x556e32056034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x556e32013178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x556e31ff6a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7fca9846408f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x556e32057245 in tu_fifo_peek_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:465 Step #5: #5 0x556e3205739d in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:509:15 Step #5: #6 0x556e32057a49 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #7 0x556e32057a49 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #8 0x556e32057a49 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #9 0x556e3205b0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #10 0x556e3205b0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #11 0x556e31ff819d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #12 0x556e32001008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #13 0x556e31fe7ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #14 0x556e320139f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #15 0x7fca98445082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #16 0x556e31fdb59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 53 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 476708697 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/324a1eb6bf03994ac544335221e0497164a621f8' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 416 processed earlier; will process 640 files now Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x61,0x21,0x0,0x0,0x0,0x0,0xa1,0x23,0x0,0xff,0x0,0x0,0x0,0x0,0xa6,0xf3,0xa0,0x80,0x6,0x20,0x0,0x0,0xfa,0x7,0x2,0x25,0x6,0xf9,0x4f,0x4f,0x4f,0x40,0xff,0x7f,0x7f,0xff,0x61,0x4f,0x4f,0x7d,0x48,0x7f,0x73,0x81,0xce,0x2,0xff,0x7f,0x7f,0x7,0xa2,0x0,0x7f,0x6,0xa0, Step #5: \200\011a!\000\000\000\000\241#\000\377\000\000\000\000\246\363\240\200\006 \000\000\372\007\002%\006\371OOO@\377\177\177\377aOO}H\177s\201\316\002\377\177\177\007\242\000\177\006\240 Step #5: artifact_prefix='./'; Test unit written to ./timeout-eb39c1dd2c21a668a1dbd826903190f449ec3f68 Step #5: Base64: gAlhIQAAAAChIwD/AAAAAKbzoIAGIAAA+gcCJQb5T09PQP9/f/9hT099SH9zgc4C/39/B6IAfwag Step #5: ==1318== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x55b216518034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x55b2164d5178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x55b2164b8a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7efd5d50308f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x55b216519359 in ff_pull_n /src/tinyusb/src/common/tusb_fifo.c:412:5 Step #5: #5 0x55b216519359 in tu_fifo_peek_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:490:5 Step #5: #6 0x55b21651939d in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:509:15 Step #5: #7 0x55b216519a49 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #8 0x55b216519a49 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #9 0x55b216519a49 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #10 0x55b21651d0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #11 0x55b21651d0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #12 0x55b2164ba19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #13 0x55b2164c3008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #14 0x55b2164a9ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #15 0x55b2164d59f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #16 0x7efd5d4e4082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #17 0x55b21649d59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 54 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 578757475 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/eb39c1dd2c21a668a1dbd826903190f449ec3f68' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 417 processed earlier; will process 639 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1322==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x561e031dabca (pc 0x7f4d9d7f298c bp 0x7ffc076c22f0 sp 0x7ffc076c22b8 T1322) Step #5: ==1322==The signal is caused by a WRITE memory access. Step #5: #0 0x7f4d9d7f298c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x561e032705cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x561e032705cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x561e03271820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x561e03271820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x561e03271820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x561e03271820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x561e0327453d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x561e0327453d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x561e032740a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x561e0321119d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x561e0321a008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x561e03200ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x561e0322c9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f4d9d68b082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x561e031f459d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1322==Register values: Step #5: rax = 0x0000561e031dabca rbx = 0x0000561e032812b0 rcx = 0x00000000031d42ad rdx = 0x0000000000000018 Step #5: rdi = 0x0000561e031dabca rsi = 0x00007ffc076c2360 rbp = 0x00007ffc076c22f0 rsp = 0x00007ffc076c22b8 Step #5: r8 = 0x00000000000098cb r9 = 0x00000000000098cb r10 = 0x0000561e037dc2d0 r11 = 0x0000000000000001 Step #5: r12 = 0x0000000000000000 r13 = 0x000000000000561e r14 = 0x0000000000000018 r15 = 0x0000561e032812b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1322==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x61,0x0,0xfe,0x95,0x1,0x0,0xa1,0x20,0xdf,0xff,0x0,0x0,0x0,0x0,0x7f,0x0,0x0,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x25,0x6,0xf9,0x4f,0x4f,0x4f,0x40,0xff,0x7f,0x7f,0xff,0x61,0x4f,0x4f,0x7d,0x48,0x7f,0x7f,0x81,0xce,0x2,0xff,0x7f,0x7f,0x7,0x7f,0x0,0x7f,0x6,0xa0, Step #5: \200\011a\000\376\225\001\000\241 \337\377\000\000\000\000\177\000\000\000\006\371\002\000\006\371\002%\006\371OOO@\377\177\177\377aOO}H\177\177\201\316\002\377\177\177\007\177\000\177\006\240 Step #5: artifact_prefix='./'; Test unit written to ./crash-d1741aeb3dfb4301cc3a9c9cedca256f939c5604 Step #5: Base64: gAlhAP6VAQChIN//AAAAAH8AAAAG+QIABvkCJQb5T09PQP9/f/9hT099SH9/gc4C/39/B38Afwag Step #5: MERGE-OUTER: attempt 55 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 578807282 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/d1741aeb3dfb4301cc3a9c9cedca256f939c5604' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 418 processed earlier; will process 638 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1326==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55a12107eb4d (pc 0x7fd79f1a098c bp 0x7ffe9e09d1a0 sp 0x7ffe9e09d168 T1326) Step #5: ==1326==The signal is caused by a WRITE memory access. Step #5: #0 0x7fd79f1a098c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55a1211145cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55a1211145cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55a121115820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55a121115820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55a121115820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55a121115820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55a12111853d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55a12111853d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55a1211180a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55a1210b519d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55a1210be008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55a1210a4ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55a1210d09f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fd79f039082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55a12109859d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1326==Register values: Step #5: rax = 0x000055a12107eb4d rbx = 0x000055a1211252b0 rcx = 0x000000002107832a rdx = 0x0000000000000018 Step #5: rdi = 0x000055a12107eb4d rsi = 0x00007ffe9e09d210 rbp = 0x00007ffe9e09d1a0 rsp = 0x00007ffe9e09d168 Step #5: r8 = 0x000000000000d8cb r9 = 0x000000000000d8cb r10 = 0x000055a1216802d0 r11 = 0x0000000000000001 Step #5: r12 = 0x0000000000000000 r13 = 0x00000000000055a1 r14 = 0x0000000000000018 r15 = 0x000055a1211252b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1326==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x61,0x21,0x0,0x0,0x0,0x0,0xa1,0x23,0x0,0xff,0x0,0x0,0x0,0x0,0xa6,0xf3,0xa0,0x80,0x6,0xf9,0x2,0x0,0xfa,0x7,0x2,0x25,0x6,0xf9,0x4f,0x4f,0x4f,0x40,0xff,0x7f,0x7f,0xff,0x61,0x4f,0x4f,0x7d,0x48,0x7f,0x73,0x81,0xce,0x2,0xff,0x7f,0x7f,0x7,0xa2,0x0,0x7f,0x6,0xa0, Step #5: \200\011a!\000\000\000\000\241#\000\377\000\000\000\000\246\363\240\200\006\371\002\000\372\007\002%\006\371OOO@\377\177\177\377aOO}H\177s\201\316\002\377\177\177\007\242\000\177\006\240 Step #5: artifact_prefix='./'; Test unit written to ./crash-77dccdd9a6598fab56d693da6df565daad05b380 Step #5: Base64: gAlhIQAAAAChIwD/AAAAAKbzoIAG+QIA+gcCJQb5T09PQP9/f/9hT099SH9zgc4C/39/B6IAfwag Step #5: MERGE-OUTER: attempt 56 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 578856523 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/77dccdd9a6598fab56d693da6df565daad05b380' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 419 processed earlier; will process 637 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1330==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55998409127a (pc 0x7f8e2743398c bp 0x7fff629cf870 sp 0x7fff629cf838 T1330) Step #5: ==1330==The signal is caused by a WRITE memory access. Step #5: #0 0x7f8e2743398c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55998412b5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55998412b5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55998412c820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55998412c820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55998412c820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55998412c820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55998412f53d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55998412f53d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55998412f0a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x5599840cc19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x5599840d5008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x5599840bbce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5599840e79f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f8e272cc082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x5599840af59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1330==Register values: Step #5: rax = 0x000055998409127a rbx = 0x000055998413c2b0 rcx = 0x0000000084093bfd rdx = 0x0000000000000018 Step #5: rdi = 0x000055998409127a rsi = 0x00007fff629cf8e0 rbp = 0x00007fff629cf870 rsp = 0x00007fff629cf838 Step #5: r8 = 0x00000000000048cb r9 = 0x0000000000000000 r10 = 0x0000000000000000 r11 = 0x00007fff629e4080 Step #5: r12 = 0x000055998525f5b0 r13 = 0x0000000000005599 r14 = 0x0000000000000018 r15 = 0x000055998413c2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1330==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x22,0x53,0x2,0x1f,0x2,0x6,0x87,0x9,0x22,0x42,0x24,0x2c,0x87,0x9,0x22,0x42,0x65,0x3,0xca,0xfe,0x1e,0x65,0x87,0x9,0x22,0x42,0x65,0x3,0xca,0xff,0x1e,0x65,0x87,0x9,0x22,0x42,0x65,0x3,0xca,0xff,0x1e,0x65,0x87,0x9,0x25,0x42,0x65,0x3,0xca,0xff,0x1e,0x65,0x87,0x9,0x22,0x42,0x65, Step #5: \"S\002\037\002\006\207\011\"B$,\207\011\"Be\003\312\376\036e\207\011\"Be\003\312\377\036e\207\011\"Be\003\312\377\036e\207\011%Be\003\312\377\036e\207\011\"Be Step #5: artifact_prefix='./'; Test unit written to ./crash-fec159a2e820a93bc73c22e653f71f58ca7f574a Step #5: Base64: IlMCHwIGhwkiQiQshwkiQmUDyv4eZYcJIkJlA8r/HmWHCSJCZQPK/x5lhwklQmUDyv8eZYcJIkJl Step #5: MERGE-OUTER: attempt 57 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 578905523 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/fec159a2e820a93bc73c22e653f71f58ca7f574a' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 422 processed earlier; will process 634 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1334==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x558314931264 (pc 0x7fc719c1398c bp 0x7fff23208730 sp 0x7fff232086f8 T1334) Step #5: ==1334==The signal is caused by a WRITE memory access. Step #5: #0 0x7fc719c1398c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x5583149ca5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x5583149ca5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x5583149cb820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x5583149cb820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x5583149cb820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x5583149cb820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x5583149ce53d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x5583149ce53d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x5583149ce0a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55831496b19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x558314974008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55831495ace9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5583149869f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fc719aac082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55831494e59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1334==Register values: Step #5: rax = 0x0000558314931264 rbx = 0x00005583149db2b0 rcx = 0x0000000014931c13 rdx = 0x0000000000000018 Step #5: rdi = 0x0000558314931264 rsi = 0x00007fff232087a0 rbp = 0x00007fff23208730 rsp = 0x00007fff232086f8 Step #5: r8 = 0x00000000000038cb r9 = 0x00000000000038cb r10 = 0x0000558314f362d0 r11 = 0x0000000000000001 Step #5: r12 = 0x0000000000000000 r13 = 0x0000000000005583 r14 = 0x0000000000000018 r15 = 0x00005583149db2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1334==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x60,0xe6,0x7e,0x95,0x1e,0x0,0xa1,0x22,0xd6,0x14,0x0,0x0,0x0,0x0,0x7f,0x0,0x0,0x20,0xf0,0xf9,0x2,0x0,0x6,0xf9,0x2,0x25,0x6,0xf9,0x4f,0x4f,0x4f,0x40,0xff,0x7f,0x7f,0xff,0x61,0x4f,0x4f,0x7d,0x48,0x7f,0x7f,0x81,0xce,0x2,0xff,0x7f,0x7f,0x7,0x7f,0x0,0x7f,0x6,0xa0, Step #5: \200\011`\346~\225\036\000\241\"\326\024\000\000\000\000\177\000\000 \360\371\002\000\006\371\002%\006\371OOO@\377\177\177\377aOO}H\177\177\201\316\002\377\177\177\007\177\000\177\006\240 Step #5: artifact_prefix='./'; Test unit written to ./crash-d6f51cfbad5a8b3736945f8bed43f5d565cf48c4 Step #5: Base64: gAlg5n6VHgChItYUAAAAAH8AACDw+QIABvkCJQb5T09PQP9/f/9hT099SH9/gc4C/39/B38Afwag Step #5: MERGE-OUTER: attempt 58 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 578954637 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/d6f51cfbad5a8b3736945f8bed43f5d565cf48c4' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 423 processed earlier; will process 633 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1338==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55818e861262 (pc 0x7fcc144a698c bp 0x7ffc8ed10010 sp 0x7ffc8ed0ffd8 T1338) Step #5: ==1338==The signal is caused by a WRITE memory access. Step #5: #0 0x7fcc144a698c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55818e8fa5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55818e8fa5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55818e8fb820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55818e8fb820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55818e8fb820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55818e8fb820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55818e8fe53d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55818e8fe53d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55818e8fe0a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55818e89b19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55818e8a4008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55818e88ace9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55818e8b69f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fcc1433f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55818e87e59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1338==Register values: Step #5: rax = 0x000055818e861262 rbx = 0x000055818e90b2b0 rcx = 0x000000008e861c15 rdx = 0x0000000000000018 Step #5: rdi = 0x000055818e861262 rsi = 0x00007ffc8ed10080 rbp = 0x00007ffc8ed10010 rsp = 0x00007ffc8ed0ffd8 Step #5: r8 = 0x00000000000038cb r9 = 0x00000000000038cb r10 = 0x000055818ee662d0 r11 = 0x0000000000000001 Step #5: r12 = 0x0000000000000000 r13 = 0x0000000000005581 r14 = 0x0000000000000018 r15 = 0x000055818e90b2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1338==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x61,0x21,0x0,0x0,0x0,0x0,0xa1,0x23,0x0,0xff,0x0,0x0,0x0,0x0,0xa6,0xf3,0xa0,0x80,0x6,0xf9,0x2,0x0,0x46,0x7,0x2,0x25,0x6,0xf9,0x4f,0x4f,0x4f,0x40,0xff,0x7f,0x7f,0xff,0x61,0x4f,0x4f,0x7d,0x48,0x7f,0x73,0x81,0xce,0x2,0xff,0x7f,0x7f,0x7,0xa2,0x0,0x7f,0x6,0xa0, Step #5: \200\011a!\000\000\000\000\241#\000\377\000\000\000\000\246\363\240\200\006\371\002\000F\007\002%\006\371OOO@\377\177\177\377aOO}H\177s\201\316\002\377\177\177\007\242\000\177\006\240 Step #5: artifact_prefix='./'; Test unit written to ./crash-300a385ffa71808d6a3a5abc2a26e533626ef700 Step #5: Base64: gAlhIQAAAAChIwD/AAAAAKbzoIAG+QIARgcCJQb5T09PQP9/f/9hT099SH9zgc4C/39/B6IAfwag Step #5: MERGE-OUTER: attempt 59 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 579004779 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/300a385ffa71808d6a3a5abc2a26e533626ef700' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 425 processed earlier; will process 631 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1342==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5619c5ef9bc5 (pc 0x7f659548598c bp 0x7ffff22facc0 sp 0x7ffff22fac88 T1342) Step #5: ==1342==The signal is caused by a WRITE memory access. Step #5: #0 0x7f659548598c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x5619c5f8f5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x5619c5f8f5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x5619c5f90820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x5619c5f90820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x5619c5f90820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x5619c5f90820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x5619c5f9353d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x5619c5f9353d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x5619c5f930a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x5619c5f3019d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x5619c5f39008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x5619c5f1fce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5619c5f4b9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f659531e082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x5619c5f1359d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1342==Register values: Step #5: rax = 0x00005619c5ef9bc5 rbx = 0x00005619c5fa02b0 rcx = 0x00000000c5ef32b2 rdx = 0x0000000000000018 Step #5: rdi = 0x00005619c5ef9bc5 rsi = 0x00007ffff22fad30 rbp = 0x00007ffff22facc0 rsp = 0x00007ffff22fac88 Step #5: r8 = 0x00000000000088cb r9 = 0x00000000000088cb r10 = 0x00005619c64fb2d0 r11 = 0x0000000000000001 Step #5: r12 = 0x0000000000000000 r13 = 0x0000000000005619 r14 = 0x0000000000000018 r15 = 0x00005619c5fa02b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1342==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x61,0x21,0x0,0x0,0x0,0x0,0xcf,0x22,0xe8,0xff,0x0,0x0,0x0,0x0,0xa6,0xf3,0xa0,0x80,0x6,0xf9,0x2,0x0,0x46,0x7,0x2,0x25,0x6,0xf9,0x4f,0x4f,0x4f,0x40,0xff,0xff,0x61,0x7f,0x7f,0x4f,0x4f,0x7d,0x48,0x7f,0x73,0x81,0xce,0x2,0xff,0x7f,0x31,0x34,0x34,0x37,0x30,0x6,0xa0, Step #5: \200\011a!\000\000\000\000\317\"\350\377\000\000\000\000\246\363\240\200\006\371\002\000F\007\002%\006\371OOO@\377\377a\177\177OO}H\177s\201\316\002\377\17714470\006\240 Step #5: artifact_prefix='./'; Test unit written to ./crash-4b9745507ce286d69c5da6b8eff1946106c0b495 Step #5: Base64: gAlhIQAAAADPIuj/AAAAAKbzoIAG+QIARgcCJQb5T09PQP//YX9/T099SH9zgc4C/38xNDQ3MAag Step #5: MERGE-OUTER: attempt 60 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 579054097 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/4b9745507ce286d69c5da6b8eff1946106c0b495' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 426 processed earlier; will process 630 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1346==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x559b2bcc127c (pc 0x7fe5d986598c bp 0x7ffccc984ac0 sp 0x7ffccc984a88 T1346) Step #5: ==1346==The signal is caused by a WRITE memory access. Step #5: #0 0x7fe5d986598c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x559b2bd5b5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x559b2bd5b5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x559b2bd5c820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x559b2bd5c820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x559b2bd5c820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x559b2bd5c820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x559b2bd5f53d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x559b2bd5f53d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x559b2bd5f0a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x559b2bcfc19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x559b2bd05008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x559b2bcebce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x559b2bd179f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fe5d96fe082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x559b2bcdf59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1346==Register values: Step #5: rax = 0x0000559b2bcc127c rbx = 0x0000559b2bd6c2b0 rcx = 0x000000002bcc3bfb rdx = 0x0000000000000018 Step #5: rdi = 0x0000559b2bcc127c rsi = 0x00007ffccc984b30 rbp = 0x00007ffccc984ac0 rsp = 0x00007ffccc984a88 Step #5: r8 = 0x00000000000048cb r9 = 0x00000000000048cb r10 = 0x0000559b2c2c72d0 r11 = 0x0000000000000001 Step #5: r12 = 0x0000000000000000 r13 = 0x000000000000559b r14 = 0x0000000000000018 r15 = 0x0000559b2bd6c2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1346==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x42,0x10,0x0,0x0,0xff,0x18,0xa1,0x22,0xf1,0xff,0x0,0x40,0x0,0x0,0xa6,0xf3,0xa0,0x80,0x6,0x3,0x2,0x12,0x46,0x7,0x2,0x25,0x6,0xf9,0x4f,0x4f,0x4f,0x40,0xff,0x7f,0x7f,0xff,0x61,0x4f,0x4f,0x7d,0x48,0x7f,0x73,0x81,0xce,0x2,0xff,0x7f,0x7f,0x7,0x20,0x0,0x7f,0x6,0xa0, Step #5: \200\011B\020\000\000\377\030\241\"\361\377\000@\000\000\246\363\240\200\006\003\002\022F\007\002%\006\371OOO@\377\177\177\377aOO}H\177s\201\316\002\377\177\177\007 \000\177\006\240 Step #5: artifact_prefix='./'; Test unit written to ./crash-f98fd3f82659749954a12ce5baa6848fd41d318f Step #5: Base64: gAlCEAAA/xihIvH/AEAAAKbzoIAGAwISRgcCJQb5T09PQP9/f/9hT099SH9zgc4C/39/ByAAfwag Step #5: MERGE-OUTER: attempt 61 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 579103067 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/f98fd3f82659749954a12ce5baa6848fd41d318f' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 427 processed earlier; will process 629 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1350==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x56325fa9ebde (pc 0x7fa548be798c bp 0x7ffd8bfb1c60 sp 0x7ffd8bfb1c28 T1350) Step #5: ==1350==The signal is caused by a WRITE memory access. Step #5: #0 0x7fa548be798c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x56325fb345cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x56325fb345cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x56325fb35820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x56325fb35820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x56325fb35820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x56325fb35820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x56325fb386d0 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x56325fb386d0 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x56325fb380a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x56325fad519d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x56325fade008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x56325fac4ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x56325faf09f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fa548a80082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x56325fab859d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1350==Register values: Step #5: rax = 0x000056325fa9ebde rbx = 0x000056325fb452b0 rcx = 0x000000005fa98299 rdx = 0x0000000000000018 Step #5: rdi = 0x000056325fa9ebde rsi = 0x00007ffd8bfb1cd0 rbp = 0x00007ffd8bfb1c60 rsp = 0x00007ffd8bfb1c28 Step #5: r8 = 0x000000000000d8cb r9 = 0x000000000000d8cb r10 = 0xfffffffffffff04a r11 = 0x00007fa548af66d0 Step #5: r12 = 0x0000000000000075 r13 = 0x0000000000005632 r14 = 0x0000000000000018 r15 = 0x000056325fb452b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1350==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0xa5,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66, Step #5: ufufufufufufufufufuufufufufufufufufu\245ufufufufufufufufufuf Step #5: artifact_prefix='./'; Test unit written to ./crash-c5be6a75023c36f68accaa22974fc39131776049 Step #5: Base64: dWZ1ZnVmdWZ1ZnVmdWZ1ZnVmdXVmdWZ1ZnVmdWZ1ZnVmdWZ1pXVmdWZ1ZnVmdWZ1ZnVmdWZ1ZnVm Step #5: MERGE-OUTER: attempt 62 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 579152489 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/c5be6a75023c36f68accaa22974fc39131776049' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 428 processed earlier; will process 628 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1354==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffdd233aff8 (pc 0x56369dbcab64 bp 0x7ffdd2b37e90 sp 0x7ffdd233b000 T1354) Step #5: #0 0x56369dbcab64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x56369dbce0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x56369dbce0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x56369db6b19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x56369db74008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x56369db5ace9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x56369db869f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f5593e9b082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x56369db4e59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1354==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0xff,0xca,0xb4,0xfe,0xfe,0x88,0xff,0xff,0xe3,0x0,0x1c,0xff,0xe3,0xa4,0x73,0x6f,0x77,0x23,0xe3,0x0,0x21,0x9,0x9,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x81,0x80,0x29,0x9,0x80,0x80,0x9,0x82,0x9,0x80,0xa4,0x25,0x6f,0x77,0x23,0xe3, Step #5: \377\312\264\376\376\210\377\377\343\000\034\377\343\244sow#\343\000!\011\011\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\201\200)\011\200\200\011\202\011\200\244%ow#\343 Step #5: artifact_prefix='./'; Test unit written to ./crash-4336fce92e83f3ae1c9d2d9a2a751b77a0d19d89 Step #5: Base64: /8q0/v6I///jABz/46Rzb3cj4wAhCQn//////////////////////////4GAKQmAgAmCCYCkJW93I+M= Step #5: MERGE-OUTER: attempt 63 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 579210627 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/4336fce92e83f3ae1c9d2d9a2a751b77a0d19d89' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 429 processed earlier; will process 627 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1358==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x558d0e41fb39 (pc 0x7fd3a511598c bp 0x7fff058633b0 sp 0x7fff05863378 T1358) Step #5: ==1358==The signal is caused by a WRITE memory access. Step #5: #0 0x7fd3a511598c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x558d0e4b55cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x558d0e4b55cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x558d0e4b6820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x558d0e4b6820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x558d0e4b6820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x558d0e4b6820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x558d0e4b953d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x558d0e4b953d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x558d0e4b90a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x558d0e45619d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x558d0e45f008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x558d0e445ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x558d0e4719f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fd3a4fae082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x558d0e43959d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1358==Register values: Step #5: rax = 0x0000558d0e41fb39 rbx = 0x0000558d0e4c62b0 rcx = 0x000000000e41933e rdx = 0x0000000000000018 Step #5: rdi = 0x0000558d0e41fb39 rsi = 0x00007fff05863420 rbp = 0x00007fff058633b0 rsp = 0x00007fff05863378 Step #5: r8 = 0x000000000000e8cb r9 = 0x000000000000e8cb r10 = 0x0000000000000000 r11 = 0x00007fd3a5176be0 Step #5: r12 = 0x0000000000000000 r13 = 0x000000000000558d r14 = 0x0000000000000018 r15 = 0x0000558d0e4c62b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1358==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0xd,0x80,0x9,0x61,0x21,0xcb,0x90,0x0,0x0,0x0,0x18,0xa1,0x39,0x0,0x0,0x0,0x0,0x0,0x0,0xa6,0xf3,0xa0,0x80,0x6,0xf9,0x2,0x1c,0x46,0x7,0xcd,0x85,0x2,0x25,0x6,0x96,0x4f,0x4f,0x4f,0x50,0xff,0x7f,0x7f,0xff,0x61,0x4f,0x4f,0x7d,0x48,0x7f,0x73,0x81,0xce,0x2,0xff,0x7f,0x7f,0x7,0xa2,0x84,0x7f,0x6,0xa0, Step #5: \015\200\011a!\313\220\000\000\000\030\2419\000\000\000\000\000\000\246\363\240\200\006\371\002\034F\007\315\205\002%\006\226OOOP\377\177\177\377aOO}H\177s\201\316\002\377\177\177\007\242\204\177\006\240 Step #5: artifact_prefix='./'; Test unit written to ./crash-fe215e57cc2dce895a252eb2c92183a94f3b12a5 Step #5: Base64: DYAJYSHLkAAAABihOQAAAAAAAKbzoIAG+QIcRgfNhQIlBpZPT09Q/39//2FPT31If3OBzgL/f38HooR/BqA= Step #5: MERGE-OUTER: attempt 64 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 579260261 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/fe215e57cc2dce895a252eb2c92183a94f3b12a5' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 433 processed earlier; will process 623 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1362==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fffee91cff8 (pc 0x55a1418ceb64 bp 0x7fffef11b090 sp 0x7fffee91d000 T1362) Step #5: #0 0x55a1418ceb64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55a1418d20b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55a1418d20b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55a14186f19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55a141878008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55a14185ece9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55a14188a9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f8692790082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55a14185259d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1362==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x1,0x7,0x3,0x0,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x39,0x7, Step #5: \001\007\003\0009999999999999999999999999999999999999999999999999999999999\007 Step #5: artifact_prefix='./'; Test unit written to ./crash-ad25ecfd738487be7fa40c281dd7146e481bf69b Step #5: Base64: AQcDADk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTk5OTkH Step #5: MERGE-OUTER: attempt 65 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 579319892 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/regressions/ad25ecfd738487be7fa40c281dd7146e481bf69b' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 434 processed earlier; will process 622 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1366==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55beaadb129f (pc 0x7fbe88b3f98c bp 0x7ffcc1c634f0 sp 0x7ffcc1c634b8 T1366) Step #5: ==1366==The signal is caused by a WRITE memory access. Step #5: #0 0x7fbe88b3f98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55beaae4b5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55beaae4b5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55beaae4c820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55beaae4c820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55beaae4c820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55beaae4c820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55beaae4f53d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55beaae4f53d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55beaae4f0a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55beaadec19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55beaadf5008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55beaaddbce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55beaae079f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fbe889d8082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55beaadcf59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1366==Register values: Step #5: rax = 0x000055beaadb129f rbx = 0x000055beaae5c2b0 rcx = 0x00000000aadb3bd8 rdx = 0x0000000000000018 Step #5: rdi = 0x000055beaadb129f rsi = 0x00007ffcc1c63560 rbp = 0x00007ffcc1c634f0 rsp = 0x00007ffcc1c634b8 Step #5: r8 = 0x00000000000048cb r9 = 0x00000000000048cb r10 = 0x000055beab3b72d0 r11 = 0x00007ffcc1c68080 Step #5: r12 = 0x000055beac90c5c0 r13 = 0x00000000000055be r14 = 0x0000000000000018 r15 = 0x000055beaae5c2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1366==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0xf0,0x2,0xe9,0x3,0x4,0xc,0x0,0x6,0xfd,0x2,0x0,0x6,0x79,0xdc,0x0,0x6,0xf9,0x2,0x66,0x2,0xf9,0x93,0xa0,0x7b,0x5d,0xf3,0xa0,0x7b,0x9b,0x1,0x0,0x6,0xfd,0x2,0x0,0x6,0x79,0xdc,0x0,0x6,0xf9,0x2,0x65,0x2,0xf9,0x93,0xa0,0x7b,0x5d,0xf3,0xa0,0x7b,0x9b,0x1,0x0,0x0,0x0,0x1,0x76,0x93,0x71, Step #5: \000\006\360\002\351\003\004\014\000\006\375\002\000\006y\334\000\006\371\002f\002\371\223\240{]\363\240{\233\001\000\006\375\002\000\006y\334\000\006\371\002e\002\371\223\240{]\363\240{\233\001\000\000\000\001v\223q Step #5: artifact_prefix='./'; Test unit written to ./crash-e4ef9bcbbe2bc93091525cbddfe6c0275a4f3254 Step #5: Base64: AAbwAukDBAwABv0CAAZ53AAG+QJmAvmToHtd86B7mwEABv0CAAZ53AAG+QJlAvmToHtd86B7mwEAAAABdpNx Step #5: MERGE-OUTER: attempt 66 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 579369365 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/e4ef9bcbbe2bc93091525cbddfe6c0275a4f3254' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 437 processed earlier; will process 619 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1370==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55ba73ba129b (pc 0x7f0cd665098c bp 0x7ffe5ecff4b0 sp 0x7ffe5ecff478 T1370) Step #5: ==1370==The signal is caused by a WRITE memory access. Step #5: #0 0x7f0cd665098c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55ba73c3a5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55ba73c3a5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55ba73c3b820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55ba73c3b820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55ba73c3b820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55ba73c3b820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55ba73c3e53d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55ba73c3e53d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55ba73c3e0a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55ba73bdb19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55ba73be4008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55ba73bcace9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55ba73bf69f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f0cd64e9082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55ba73bbe59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1370==Register values: Step #5: rax = 0x000055ba73ba129b rbx = 0x000055ba73c4b2b0 rcx = 0x0000000073ba1bdc rdx = 0x0000000000000018 Step #5: rdi = 0x000055ba73ba129b rsi = 0x00007ffe5ecff520 rbp = 0x00007ffe5ecff4b0 rsp = 0x00007ffe5ecff478 Step #5: r8 = 0x00000000000038cb r9 = 0x00000000000038cb r10 = 0x0000000000000000 r11 = 0x00007f0cd66b1be0 Step #5: r12 = 0x0000000000000000 r13 = 0x00000000000055ba r14 = 0x0000000000000018 r15 = 0x000055ba73c4b2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1370==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66,0x75,0x66, Step #5: ufufufufufufufufufufufufufufufufufufufufufufufufufufufufufufufuf Step #5: artifact_prefix='./'; Test unit written to ./crash-0f04aff796584c56360eb1753b5ff6babc314bec Step #5: Base64: dWZ1ZnVmdWZ1ZnVmdWZ1ZnVmdWZ1ZnVmdWZ1ZnVmdWZ1ZnVmdWZ1ZnVmdWZ1ZnVmdWZ1ZnVmdWZ1ZnVmdWZ1Zg== Step #5: MERGE-OUTER: attempt 67 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 579418200 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/0f04aff796584c56360eb1753b5ff6babc314bec' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 442 processed earlier; will process 614 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1374==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x555f376fcb0b (pc 0x7fefae31f98c bp 0x7ffc067840f0 sp 0x7ffc067840b8 T1374) Step #5: ==1374==The signal is caused by a WRITE memory access. Step #5: #0 0x7fefae31f98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x555f377925cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x555f377925cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x555f37793820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x555f37793820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x555f37793820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x555f37793820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x555f3779653d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x555f3779653d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x555f377960a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x555f3773319d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x555f3773c008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x555f37722ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x555f3774e9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fefae1b8082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x555f3771659d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1374==Register values: Step #5: rax = 0x0000555f376fcb0b rbx = 0x0000555f377a32b0 rcx = 0x00000000376f636c rdx = 0x0000000000000018 Step #5: rdi = 0x0000555f376fcb0b rsi = 0x00007ffc06784160 rbp = 0x00007ffc067840f0 rsp = 0x00007ffc067840b8 Step #5: r8 = 0x000000000000b8cb r9 = 0x000000000000b8cb r10 = 0x0000555f37cfe2d0 r11 = 0x00007fefae380be0 Step #5: r12 = 0x0000555f383765b0 r13 = 0x000000000000555f r14 = 0x0000000000000018 r15 = 0x0000555f377a32b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1374==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0x2,0x3,0x2,0x3,0x3,0x18,0x0,0x6,0x3,0x3,0x62,0x3,0x4,0x18,0x0,0x6,0x4,0x3,0x2,0xf0,0x3,0x18,0x0,0x6,0x3,0x0,0x1b,0x3,0x4,0x18,0x0,0x6,0x4,0x3,0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0xe9,0x3,0x3,0x18,0x0,0x6,0x3,0x3,0x2,0x7,0x1,0x10,0x0,0x9,0x21,0x31,0x0,0x0,0x0,0x2b, Step #5: \000\006\002\003\002\003\003\030\000\006\003\003b\003\004\030\000\006\004\003\002\360\003\030\000\006\003\000\033\003\004\030\000\006\004\003\001\000\000\000\000\000\000\000\351\003\003\030\000\006\003\003\002\007\001\020\000\011!1\000\000\000+ Step #5: artifact_prefix='./'; Test unit written to ./crash-29a2408bb9527bd3d2dc1d9e0564da84d3a19df2 Step #5: Base64: AAYCAwIDAxgABgMDYgMEGAAGBAMC8AMYAAYDABsDBBgABgQDAQAAAAAAAADpAwMYAAYDAwIHARAACSExAAAAKw== Step #5: MERGE-OUTER: attempt 68 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 579467643 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/29a2408bb9527bd3d2dc1d9e0564da84d3a19df2' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 444 processed earlier; will process 612 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1378==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffde2b0fb90 (pc 0x7ffde2b0fb90 bp 0x7ffde2b0fb60 sp 0x7ffde2b0fb08 T1378) Step #5: #0 0x7ffde2b0fb90 () Step #5: #1 0x55c9370e20b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55c9370e20b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55c93707f19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55c937088008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55c93706ece9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55c93709a9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f4b0d282082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==1378==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0xf9,0x2,0x0,0x0,0x0,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x7,0xf9,0x2,0x0,0x6,0xf9,0x2,0xff,0x6,0xf9,0x2,0x0,0x6,0xf9,0x1f,0xff,0xff,0xff,0x0,0x6,0x7,0xc0,0x86,0x1f,0xff,0xff,0xff,0x0,0x6,0x6,0x6,0x1f,0xff,0xff,0xff,0x0,0x6,0x7,0x6,0x20,0xff,0xff,0xff, Step #5: \000\006\371\002\000\000\000\371\002\000\006\371\002\000\006\371\002\000\006\371\002\000\007\371\002\000\006\371\002\377\006\371\002\000\006\371\037\377\377\377\000\006\007\300\206\037\377\377\377\000\006\006\006\037\377\377\377\000\006\007\006 \377\377\377 Step #5: artifact_prefix='./'; Test unit written to ./crash-f1f30f26984a3e0087282ca53b6ed30feecb20a0 Step #5: Base64: AAb5AgAAAPkCAAb5AgAG+QIABvkCAAf5AgAG+QL/BvkCAAb5H////wAGB8CGH////wAGBgYf////AAYHBiD///8= Step #5: MERGE-OUTER: attempt 69 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 579515100 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/f1f30f26984a3e0087282ca53b6ed30feecb20a0' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 448 processed earlier; will process 608 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1382==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffda287ec00 (pc 0x7ffda287ec00 bp 0x7ffda287ebd0 sp 0x7ffda287eb78 T1382) Step #5: #0 0x7ffda287ec00 () Step #5: #1 0x5566f57f50b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x5566f57f50b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x5566f579219d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x5566f579b008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x5566f5781ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x5566f57ad9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f3763489082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==1382==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0xf9,0x2,0x0,0x0,0xff,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x7,0xf9,0x2,0x0,0x6,0xf9,0x2,0xff,0x6,0xf9,0x2,0xff,0x6,0xf9,0x2,0x0,0xf9,0x1f,0x0,0xff,0xff,0x0,0x6,0x7,0x6,0x1f,0xff,0xff,0xff,0x1,0x6,0x6,0x6,0x1f,0xff,0xff,0xff,0x0,0x6,0x7,0x6,0x20,0xfe,0xff,0xff, Step #5: \000\006\371\002\000\000\377\371\002\000\006\371\002\000\006\371\002\000\006\371\002\000\007\371\002\000\006\371\002\377\006\371\002\377\006\371\002\000\371\037\000\377\377\000\006\007\006\037\377\377\377\001\006\006\006\037\377\377\377\000\006\007\006 \376\377\377 Step #5: artifact_prefix='./'; Test unit written to ./crash-c3e1f638a593938aa6979e703c65602b8ddfbebd Step #5: Base64: AAb5AgAA//kCAAb5AgAG+QIABvkCAAf5AgAG+QL/BvkC/wb5AgD5HwD//wAGBwYf////AQYGBh////8ABgcGIP7//w== Step #5: MERGE-OUTER: attempt 70 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 579563493 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/c3e1f638a593938aa6979e703c65602b8ddfbebd' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 458 processed earlier; will process 598 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1386==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x564235cd6bee (pc 0x7fe980b6198c bp 0x7ffd4f3f6640 sp 0x7ffd4f3f6608 T1386) Step #5: ==1386==The signal is caused by a WRITE memory access. Step #5: #0 0x7fe980b6198c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x564235d6c5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x564235d6c5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x564235d6d820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x564235d6d820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x564235d6d820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x564235d6d820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x564235d706d0 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x564235d706d0 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x564235d700a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x564235d0d19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x564235d16008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x564235cfcce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x564235d289f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fe9809fa082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x564235cf059d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1386==Register values: Step #5: rax = 0x0000564235cd6bee rbx = 0x0000564235d7d2b0 rcx = 0x0000000035cd0289 rdx = 0x0000000000000018 Step #5: rdi = 0x0000564235cd6bee rsi = 0x00007ffd4f3f66b0 rbp = 0x00007ffd4f3f6640 rsp = 0x00007ffd4f3f6608 Step #5: r8 = 0x00000000000058cb r9 = 0x00000000000058cb r10 = 0x00005642362d82d0 r11 = 0x00007fe980bc2be0 Step #5: r12 = 0x00000000000000fe r13 = 0x0000000000005642 r14 = 0x0000000000000018 r15 = 0x0000564235d7d2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1386==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x2,0x0,0x3a,0xf9,0x2,0x0,0x6,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0xf9,0x2,0x0,0x6,0xf9,0x2,0xff,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0xe2,0x80,0x89,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x16,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0xfe,0xff,0xef,0xb7,0xbe,0xff,0xfe,0xff,0xce,0x90,0xff,0xff,0xbe,0xbd, Step #5: \002\000:\371\002\000\006\000\000\000\000\000\000\000\000\000\371\002\000\006\371\002\377\006\371\002\000\006\371\002\000\006\371\002\000\006\371\342\200\211\002\000\006\371\002\000\006\371\002\000\026\371\002\000\006\371\002\000\006\371\376\377\357\267\276\377\376\377\316\220\377\377\276\275 Step #5: artifact_prefix='./'; Test unit written to ./crash-0082886ed07beebdeaa0bc3c743a6c1ed358b5aa Step #5: Base64: AgA6+QIABgAAAAAAAAAAAPkCAAb5Av8G+QIABvkCAAb5AgAG+eKAiQIABvkCAAb5AgAW+QIABvkCAAb5/v/vt77//v/OkP//vr0= Step #5: MERGE-OUTER: attempt 71 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 579613279 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/0082886ed07beebdeaa0bc3c743a6c1ed358b5aa' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 472 processed earlier; will process 584 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1390==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x558aa066ab36 (pc 0x7f953bb9b98c bp 0x7ffc4b503aa0 sp 0x7ffc4b503a68 T1390) Step #5: ==1390==The signal is caused by a WRITE memory access. Step #5: #0 0x7f953bb9b98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x558aa07005cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x558aa07005cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x558aa0701820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x558aa0701820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x558aa0701820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x558aa0701820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x558aa070453d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x558aa070453d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x558aa07040a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x558aa06a119d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x558aa06aa008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x558aa0690ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x558aa06bc9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f953ba34082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x558aa068459d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1390==Register values: Step #5: rax = 0x0000558aa066ab36 rbx = 0x0000558aa07112b0 rcx = 0x00000000a0664341 rdx = 0x0000000000000018 Step #5: rdi = 0x0000558aa066ab36 rsi = 0x00007ffc4b503b10 rbp = 0x00007ffc4b503aa0 rsp = 0x00007ffc4b503a68 Step #5: r8 = 0x00000000000098cb r9 = 0x00000000000098cb r10 = 0x0000558aa0c6c2d0 r11 = 0x00007ffc4b59d080 Step #5: r12 = 0x0000000000000000 r13 = 0x000000000000558a r14 = 0x0000000000000018 r15 = 0x0000558aa07112b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1390==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0x3a,0x1,0xd3,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xb3,0xff,0x1e,0x93,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0xc6,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x83,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x1e,0x93,0x1e,0x46,0xd3,0x1e,0x93,0xe6,0x66,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0x83,0x92, Step #5: \000\006:\001\323\036\223F\323\036\223\346\263\377\036\223\377\036\223F\323\036\223\346\377\036\223F\323\036\223\346\377\036\223\306\323\036\223\346\377\036\223F\323\036\203\036\223\346\377\036\223F\323\036\223\346\377\036\223\036\223\036F\323\036\223\346f\223\346\377\036\223F\323\036\223\203\222 Step #5: artifact_prefix='./'; Test unit written to ./crash-647b8ab9d0242658940a6685f882d6198cde9118 Step #5: Base64: AAY6AdMek0bTHpPms/8ek/8ek0bTHpPm/x6TRtMek+b/HpPG0x6T5v8ek0bTHoMek+b/HpNG0x6T5v8ekx6THkbTHpPmZpPm/x6TRtMek4OS Step #5: MERGE-OUTER: attempt 72 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 579663404 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/647b8ab9d0242658940a6685f882d6198cde9118' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 478 processed earlier; will process 578 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1394==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe50e99ff8 (pc 0x555dfe361b64 bp 0x7ffe51697b10 sp 0x7ffe50e9a000 T1394) Step #5: #0 0x555dfe361b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x555dfe3650b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x555dfe3650b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x555dfe30219d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x555dfe30b008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x555dfe2f1ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x555dfe31d9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fa00f372082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x555dfe2e559d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1394==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x21,0x3a,0x7b,0x27,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x73,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b, Step #5: !:{'!:'{!:'{!:'{!:'{!:'{!:'{!:'{!:'{!:'{!:'s!:'{!:'{!:'{!:'{!!:'{!:'{!:'{!:'{!:'{ Step #5: artifact_prefix='./'; Test unit written to ./crash-6e800eda269fed71209b4c1d82d0cc37666bd18c Step #5: Base64: ITp7JyE6J3shOid7IToneyE6J3shOid7IToneyE6J3shOid7IToneyE6J3MhOid7IToneyE6J3shOid7ISE6J3shOid7IToneyE6J3shOid7 Step #5: MERGE-OUTER: attempt 73 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 579722185 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/6e800eda269fed71209b4c1d82d0cc37666bd18c' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 479 processed earlier; will process 577 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1398==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffc31091430 (pc 0x7ffc31091430 bp 0x7ffc31091400 sp 0x7ffc310913a8 T1398) Step #5: #0 0x7ffc31091430 () Step #5: #1 0x556e539c00b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x556e539c00b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x556e5395d19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x556e53966008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x556e5394cce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x556e539789f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f7871013082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==1398==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x60,0x0,0xfe,0x95,0x1,0x0,0x20,0x20,0xde,0xff,0xff,0x0,0x1,0x20,0x20,0xde,0xff,0x0,0x0,0x1,0x20,0x20,0x20,0xde,0xff,0x0,0x0,0x20,0x20,0xde,0xff,0xff,0x0,0x1,0x20,0x20,0xde,0xff,0x0,0x0,0x1,0x20,0x20,0x20,0xde,0xff,0x0,0x0,0x0,0x0,0xa6,0xf3,0xa0,0x2f,0x6,0xfb,0xe9,0xff,0x5,0xf8,0xff,0x7f,0x7f,0xdf,0x61,0x4f,0x4f,0x7c,0x48,0x7f,0x7f,0x81,0xff,0x5,0xf8,0xff,0x7f,0x7f,0xdf,0x0,0x7f,0x6,0xa0, Step #5: \200\011`\000\376\225\001\000 \336\377\377\000\001 \336\377\000\000\001 \336\377\000\000 \336\377\377\000\001 \336\377\000\000\001 \336\377\000\000\000\000\246\363\240/\006\373\351\377\005\370\377\177\177\337aOO|H\177\177\201\377\005\370\377\177\177\337\000\177\006\240 Step #5: artifact_prefix='./'; Test unit written to ./crash-b4377e46a5323ac1ef98523484a6eaceae8d31fc Step #5: Base64: gAlgAP6VAQAgIN7//wABICDe/wAAASAgIN7/AAAgIN7//wABICDe/wAAASAgIN7/AAAAAKbzoC8G++n/Bfj/f3/fYU9PfEh/f4H/Bfj/f3/fAH8GoA== Step #5: MERGE-OUTER: attempt 74 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 579770653 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/b4377e46a5323ac1ef98523484a6eaceae8d31fc' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 485 processed earlier; will process 571 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1402==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe66619ff8 (pc 0x5570013a3b64 bp 0x7ffe66e187f0 sp 0x7ffe6661a000 T1402) Step #5: #0 0x5570013a3b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x5570013a70b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x5570013a70b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55700134419d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55700134d008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x557001333ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55700135f9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f43c1721082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55700132759d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1402==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x6a,0x0,0x0,0x0,0xff,0xa,0x1,0xa,0xf7,0x10,0x1,0xa,0x1,0xa,0x1,0xa,0xf7,0x10,0x1,0xa,0x1,0xa,0x1,0xb,0x0,0x20,0x1,0x47,0x17,0xa,0x1,0xa,0x1,0xcd,0x1,0xa,0x33,0x32,0x37,0x36,0x38,0x21,0x2d,0xd6,0xff,0xff,0x5,0x1,0x13,0x75,0x75,0x75,0x75,0xa0,0xf5,0x75,0xf3,0x75,0x75,0x75,0x75,0x75,0x75,0x75,0x75,0x81,0xb1,0x75,0x75,0x75,0x3,0x0,0x7,0x0,0x0,0x21,0x47,0x17,0xa,0x1,0x23,0x31,0x4b, Step #5: \200\011j\000\000\000\377\012\001\012\367\020\001\012\001\012\001\012\367\020\001\012\001\012\001\013\000 \001G\027\012\001\012\001\315\001\01232768!-\326\377\377\005\001\023uuuu\240\365u\363uuuuuuuu\201\261uuu\003\000\007\000\000!G\027\012\001#1K Step #5: artifact_prefix='./'; Test unit written to ./crash-efa0266a5e9a56babe255922d21cc8112a6321fe Step #5: Base64: gAlqAAAA/woBCvcQAQoBCgEK9xABCgEKAQsAIAFHFwoBCgHNAQozMjc2OCEt1v//BQETdXV1daD1dfN1dXV1dXV1dYGxdXV1AwAHAAAhRxcKASMxSw== Step #5: MERGE-OUTER: attempt 75 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 579829393 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/efa0266a5e9a56babe255922d21cc8112a6321fe' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 487 processed earlier; will process 569 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1406==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x562f07d572d0 (pc 0x562f07d572d0 bp 0x7fff18fa37a0 sp 0x7fff18fa3758 T1406) Step #5: ==1406==The signal is caused by a READ memory access. Step #5: ==1406==Hint: PC is at a non-executable region. Maybe a wild jump? Step #5: #0 0x562f07d572d0 () Step #5: Step #5: ==1406==Register values: Step #5: rax = 0x0000562f0775c901 rbx = 0x0000000000000001 rcx = 0x0000000000000018 rdx = 0x0000000000000180 Step #5: rdi = 0x0000000000000001 rsi = 0x0000000000000018 rbp = 0x00007fff18fa37a0 rsp = 0x00007fff18fa3758 Step #5: r8 = 0x0000000000000000 r9 = 0x0000000000000180 r10 = 0xfffffffffffff04a r11 = 0x00007ff1cd3df6d0 Step #5: r12 = 0x00007fff18fa08ff r13 = 0x0000562f0775c97c r14 = 0x0000000000000001 r15 = 0x0000562f07d91668 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV () Step #5: ==1406==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x0,0x0,0x0,0xb,0x5,0x0,0x0,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x79,0x7a,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x7a,0x7a,0xff,0xff,0xff,0xff,0x7a,0x7a,0xff,0xff,0xff,0xff,0x5b,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, Step #5: \000\000\000\000\013\005\000\000\000\005\000\235\000\005\000\235\000\005\000\235\000\005\000\235\000\005\000\235\000\005\000\235\000\005\000\235\000\005\000\235\000\005\000\235\000\005\000\235yz\005\000\235\000\005\000\235\000\005\000\235zz\377\377\377\377zz\377\377\377\377[\377\377\377\377\377\377\377\377\377\377\377 Step #5: artifact_prefix='./'; Test unit written to ./crash-a7a9669dfb98e24735a2f853eb4db5fd6c5b0e5b Step #5: Base64: AAAAAAsFAAAABQCdAAUAnQAFAJ0ABQCdAAUAnQAFAJ0ABQCdAAUAnQAFAJ0ABQCdeXoFAJ0ABQCdAAUAnXp6/////3p6/////1v//////////////w== Step #5: MERGE-OUTER: attempt 76 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 579845888 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/a7a9669dfb98e24735a2f853eb4db5fd6c5b0e5b' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 488 processed earlier; will process 568 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1409==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffed937dff8 (pc 0x564de6d14b64 bp 0x7ffed9b7b970 sp 0x7ffed937e000 T1409) Step #5: #0 0x564de6d14b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x564de6d180b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x564de6d180b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x564de6cb519d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x564de6cbe008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x564de6ca4ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x564de6cd09f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fd35576d082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x564de6c9859d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1409==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x6a,0x0,0x0,0x0,0xff,0xa,0x1,0xa,0xf7,0x10,0x1,0xa,0x1,0xa,0x1,0x85,0x0,0x20,0x1,0xa,0x1,0xa,0x1,0xb,0x0,0x20,0x1,0x47,0x17,0xa,0x1,0xa,0x1,0xcd,0x1,0xa,0x33,0x32,0x37,0x36,0x38,0x21,0x2d,0xd6,0xff,0xff,0x5,0x1,0x13,0x75,0x75,0x75,0x75,0x75,0xa0,0xf5,0x75,0xf3,0x75,0x75,0x75,0x75,0x75,0x75,0x75,0x81,0xb1,0x75,0x75,0x75,0x3,0x0,0x7,0x0,0x0,0x0,0x21,0x47,0x17,0xa,0x34,0x1,0x23,0x31,0x4b, Step #5: \200\011j\000\000\000\377\012\001\012\367\020\001\012\001\012\001\205\000 \001\012\001\012\001\013\000 \001G\027\012\001\012\001\315\001\01232768!-\326\377\377\005\001\023uuuuu\240\365u\363uuuuuuu\201\261uuu\003\000\007\000\000\000!G\027\0124\001#1K Step #5: artifact_prefix='./'; Test unit written to ./crash-0b371c5cb912efd60e8eaf7b08bd35120ea79861 Step #5: Base64: gAlqAAAA/woBCvcQAQoBCgGFACABCgEKAQsAIAFHFwoBCgHNAQozMjc2OCEt1v//BQETdXV1dXWg9XXzdXV1dXV1dYGxdXV1AwAHAAAAIUcXCjQBIzFL Step #5: MERGE-OUTER: attempt 77 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 579904689 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/0b371c5cb912efd60e8eaf7b08bd35120ea79861' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 489 processed earlier; will process 567 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1413==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55f6ea98b2d0 (pc 0x55f6ea98b2d0 bp 0x7ffe5f7f8910 sp 0x7ffe5f7f88c8 T1413) Step #5: ==1413==The signal is caused by a READ memory access. Step #5: ==1413==Hint: PC is at a non-executable region. Maybe a wild jump? Step #5: #0 0x55f6ea98b2d0 () Step #5: Step #5: ==1413==Register values: Step #5: rax = 0x000055f6e8532901 rbx = 0x0000000000000001 rcx = 0x0000000000000018 rdx = 0x0000000000000180 Step #5: rdi = 0x0000000000000001 rsi = 0x0000000000000018 rbp = 0x00007ffe5f7f8910 rsp = 0x00007ffe5f7f88c8 Step #5: r8 = 0x0000000000000000 r9 = 0x0000000000000180 r10 = 0xfffffffffffff04a r11 = 0x00007fc654c5e6d0 Step #5: r12 = 0x00007ffe5f7f08ff r13 = 0x000055f6e853297c r14 = 0x0000000000000001 r15 = 0x000055f6ea9c5668 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV () Step #5: ==1413==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x0,0x0,0x0,0xb,0x5,0x0,0x0,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x7a,0x7a,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x7a,0x7a,0xff,0xff,0xff,0xff,0x7a,0x7a,0xff,0xff,0xff,0xff,0x5b,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, Step #5: \000\000\000\000\013\005\000\000\000\005\000\235\000\005\000\235\000\005\000\235\000\005\000\235\000\005\000\235\000\005\000\235\000\005\000\235\000\005\000\235\000\005\000\235\000\005\000\235zz\000\005\000\235\000\005\000\235zz\377\377\377\377zz\377\377\377\377[\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377 Step #5: artifact_prefix='./'; Test unit written to ./crash-456f297b1be07fbe68a3cea6d28bec35c5176849 Step #5: Base64: AAAAAAsFAAAABQCdAAUAnQAFAJ0ABQCdAAUAnQAFAJ0ABQCdAAUAnQAFAJ0ABQCdenoABQCdAAUAnXp6/////3p6/////1v///////////////////// Step #5: MERGE-OUTER: attempt 78 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 579921419 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/456f297b1be07fbe68a3cea6d28bec35c5176849' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 490 processed earlier; will process 566 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1416==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5643b2be9bef (pc 0x7f27d895998c bp 0x7ffe0c8d9b20 sp 0x7ffe0c8d9ae8 T1416) Step #5: ==1416==The signal is caused by a WRITE memory access. Step #5: #0 0x7f27d895998c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x5643b2c7f5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x5643b2c7f5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x5643b2c80820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x5643b2c80820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x5643b2c80820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x5643b2c80820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x5643b2c8353d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x5643b2c8353d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x5643b2c830a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x5643b2c2019d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x5643b2c29008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x5643b2c0fce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5643b2c3b9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f27d87f2082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x5643b2c0359d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1416==Register values: Step #5: rax = 0x00005643b2be9bef rbx = 0x00005643b2c902b0 rcx = 0x00000000b2be3288 rdx = 0x0000000000000018 Step #5: rdi = 0x00005643b2be9bef rsi = 0x00007ffe0c8d9b90 rbp = 0x00007ffe0c8d9b20 rsp = 0x00007ffe0c8d9ae8 Step #5: r8 = 0x00000000000088cb r9 = 0x00000000000088cb r10 = 0x00005643b31eb2d0 r11 = 0x00007f27d89babe0 Step #5: r12 = 0x0000000000000000 r13 = 0x0000000000005643 r14 = 0x0000000000000018 r15 = 0x00005643b2c902b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1416==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0x3a,0x1,0xd3,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xb3,0xff,0x1e,0x93,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0xc6,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x83,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x1e,0x93,0x1e,0x46,0xd3,0x1e,0x93,0xe6,0x66,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0x83,0x92, Step #5: \000\006:\001\323\036\223F\323\036\223\346\263\377\036\223\377\036\223F\323\036\223\346\377\036\223F\323\036\223\346\377\036\223F\323\036\223\346\377\036\223\306\323\036\223\346\377\036\223F\323\036\203\036\223\346\377\036\223F\323\036\223\346\377\036\223\036\223\036F\323\036\223\346f\223\346\377\036\223F\323\036\223\203\222 Step #5: artifact_prefix='./'; Test unit written to ./crash-8848feda23bb40c4693ba9b41aa715a7a5cebb78 Step #5: Base64: AAY6AdMek0bTHpPms/8ek/8ek0bTHpPm/x6TRtMek+b/HpNG0x6T5v8ek8bTHpPm/x6TRtMegx6T5v8ek0bTHpPm/x6THpMeRtMek+Zmk+b/HpNG0x6Tg5I= Step #5: MERGE-OUTER: attempt 79 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 579970670 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/8848feda23bb40c4693ba9b41aa715a7a5cebb78' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 495 processed earlier; will process 561 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1420==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x56370499e5b0 (pc 0x56370499e5b0 bp 0x7ffdb4e85330 sp 0x7ffdb4e852e8 T1420) Step #5: ==1420==The signal is caused by a READ memory access. Step #5: ==1420==Hint: PC is at a non-executable region. Maybe a wild jump? Step #5: #0 0x56370499e5b0 () Step #5: Step #5: ==1420==Register values: Step #5: rax = 0x00005637026b9901 rbx = 0x0000000000000001 rcx = 0x0000000000000018 rdx = 0x0000000000000180 Step #5: rdi = 0x0000000000000001 rsi = 0x0000000000000018 rbp = 0x00007ffdb4e85330 rsp = 0x00007ffdb4e852e8 Step #5: r8 = 0x0000000000000000 r9 = 0x0000000000000180 r10 = 0xfffffffffffff04a r11 = 0x00007fe8ccf6e6d0 Step #5: r12 = 0x00007ffdb4e808ff r13 = 0x00005637026b997c r14 = 0x0000000000000001 r15 = 0x0000563704975f08 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV () Step #5: ==1420==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x0,0x0,0x0,0xb,0x5,0x0,0x0,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x79,0x7a,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x7a,0x7a,0xff,0xff,0xff,0xff,0x7a,0x7a,0xff,0xff,0xff,0xff,0x5b,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, Step #5: \000\000\000\000\013\005\000\000\000\005\000\235\000\005\000\235\000\005\000\235\000\005\000\235\000\005\000\235\000\005\000\235\000\005\000\235\000\005\000\235\000\005\000\235\000\005\000\235yz\005\000\235\000\005\000\235\000\005\000\235zz\377\377\377\377zz\377\377\377\377[\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377 Step #5: artifact_prefix='./'; Test unit written to ./crash-931cbd6e776d0a726c6b895e90cb0fbaff60e3e0 Step #5: Base64: AAAAAAsFAAAABQCdAAUAnQAFAJ0ABQCdAAUAnQAFAJ0ABQCdAAUAnQAFAJ0ABQCdeXoFAJ0ABQCdAAUAnXp6/////3p6/////1v///////////////////// Step #5: MERGE-OUTER: attempt 80 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 579987147 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/931cbd6e776d0a726c6b895e90cb0fbaff60e3e0' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 496 processed earlier; will process 560 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1423==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffec8593130 (pc 0x7ffec8593130 bp 0x7ffec8593100 sp 0x7ffec85930a8 T1423) Step #5: #0 0x7ffec8593130 () Step #5: #1 0x560265d690b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x560265d690b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x560265d0619d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x560265d0f008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x560265cf5ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x560265d219f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f85a4b76082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==1423==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x80,0x9,0x80,0x9,0x80,0x9,0x80,0x9,0x80,0x9,0x80,0x8,0x80,0x9,0x80,0x9,0x81,0x9,0x80,0x9,0x80,0x9,0x80,0xd1,0xd1,0xd1,0xd1,0xd1,0xd1,0xd1,0xd1,0xd1,0xd1,0xd1,0xd1,0xd1,0xd1,0xd1,0xd1,0xd1,0xd1,0xd1,0xd1,0x9,0x80,0x9,0x80,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x9,0x80,0x9,0x80,0x9,0x81,0x9,0x80,0x9,0x80,0x9,0x9,0x80,0xe2,0x80,0xaa,0x9,0x3a,0xa0,0x80,0x9,0x80,0x9,0x80,0x9,0x80,0xb,0x80,0x9,0x80,0x9,0x80,0x30,0xef, Step #5: \200\011\200\011\200\011\200\011\200\011\200\011\200\010\200\011\200\011\201\011\200\011\200\011\200\321\321\321\321\321\321\321\321\321\321\321\321\321\321\321\321\321\321\321\321\011\200\011\200\377\377\377\377\377\377\377\377\011\200\011\200\011\201\011\200\011\200\011\011\200\342\200\252\011:\240\200\011\200\011\200\011\200\013\200\011\200\011\2000\357 Step #5: artifact_prefix='./'; Test unit written to ./crash-e2c27e7405c922cbaed2ae50bdaee41ce4f56066 Step #5: Base64: gAmACYAJgAmACYAJgAiACYAJgQmACYAJgNHR0dHR0dHR0dHR0dHR0dHR0dHRCYAJgP//////////CYAJgAmBCYAJgAkJgOKAqgk6oIAJgAmACYALgAmACYAw7w== Step #5: MERGE-OUTER: attempt 81 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 580034672 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/e2c27e7405c922cbaed2ae50bdaee41ce4f56066' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 499 processed earlier; will process 557 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1427==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffd61cb3610 (pc 0x7ffd61cb3610 bp 0x7ffd61cb35e0 sp 0x7ffd61cb3588 T1427) Step #5: #0 0x7ffd61cb3610 () Step #5: #1 0x558f0f96a0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x558f0f96a0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x558f0f90719d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x558f0f910008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x558f0f8f6ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x558f0f9229f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f1792cdf082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==1427==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x6b,0x0,0xfe,0x0,0x0,0x1,0x0,0x0,0x0,0x0,0x0,0x88,0x0,0x61,0x20,0x0,0x19,0xcc,0x88,0xff,0xff,0xff,0xa7,0xff,0xff,0xff,0xff,0xda,0xff,0xff,0xff,0xff,0xd7,0x0,0x0,0x0,0x3,0xff,0x0,0x3,0xe6,0xff,0xff,0xb2,0x0,0x0,0xc9,0x0,0x0,0xeb,0xbd,0x20,0x0,0x19,0xcc,0x88,0xff,0xff,0xff,0xa7,0xff,0xff,0xff,0xff,0x21,0xff,0xac,0xff,0xff,0xd7,0x0,0x0,0x0,0x3,0xff,0x0,0x3,0xe6,0xff,0xff,0xb2,0x0,0x0,0xc8,0x0,0x0,0xeb,0x0,0xea,0x0,0x0,0xfe,0x1,0xff,0xff,0xff,0xff, Step #5: k\000\376\000\000\001\000\000\000\000\000\210\000a \000\031\314\210\377\377\377\247\377\377\377\377\332\377\377\377\377\327\000\000\000\003\377\000\003\346\377\377\262\000\000\311\000\000\353\275 \000\031\314\210\377\377\377\247\377\377\377\377!\377\254\377\377\327\000\000\000\003\377\000\003\346\377\377\262\000\000\310\000\000\353\000\352\000\000\376\001\377\377\377\377 Step #5: artifact_prefix='./'; Test unit written to ./crash-b7160fef291a019fadb8676c78b2c4d257d800d7 Step #5: Base64: awD+AAABAAAAAACIAGEgABnMiP///6f/////2v/////XAAAAA/8AA+b//7IAAMkAAOu9IAAZzIj///+n/////yH/rP//1wAAAAP/AAPm//+yAADIAADrAOoAAP4B/////w== Step #5: MERGE-OUTER: attempt 82 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 580082637 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/b7160fef291a019fadb8676c78b2c4d257d800d7' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 507 processed earlier; will process 549 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1431==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffde9f3dff8 (pc 0x55a00989bb64 bp 0x7ffdea73b460 sp 0x7ffde9f3e000 T1431) Step #5: #0 0x55a00989bb64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55a00989f0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55a00989f0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55a00983c19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55a009845008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55a00982bce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55a0098579f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f638c88b082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55a00981f59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1431==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0xfa,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x7,0xf8,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0x2a,0x2,0x0,0x6,0xfa,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf5,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xfa,0x2,0x0,0x6,0xf9,0xa,0x66,0x0,0x93,0x0,0x66,0xd3,0x66,0x0,0xd3,0x66,0x93,0x62,0xd3,0x7a,0xf,0xed,0xf2,0x88,0x23,0x0,0x6,0x22,0xf,0x22,0x87,0xaa,0xf,0x0,0x6,0xed,0x87,0x66,0x93,0x66,0xd3,0x66,0xd3,0x66,0xd3,0x62, Step #5: \000\006\372\002\000\006\371\002\000\006\371\002\000\007\370\002\000\006\371\002\000\006\371\002\000\006\371\002\000\006*\002\000\006\372\002\000\006\371\002\000\006\365\002\000\006\371\002\000\006\371\002\000\006\371\002\000\006\371\002\000\006\371\002\000\006\372\002\000\006\371\012f\000\223\000f\323f\000\323f\223b\323z\017\355\362\210#\000\006\"\017\"\207\252\017\000\006\355\207f\223f\323f\323f\323b Step #5: artifact_prefix='./'; Test unit written to ./crash-d61a8d2cb7907c8cfd0fcffd5cc531b73eb253e9 Step #5: Base64: AAb6AgAG+QIABvkCAAf4AgAG+QIABvkCAAb5AgAGKgIABvoCAAb5AgAG9QIABvkCAAb5AgAG+QIABvkCAAb5AgAG+gIABvkKZgCTAGbTZgDTZpNi03oP7fKIIwAGIg8ih6oPAAbth2aTZtNm02bTYg== Step #5: MERGE-OUTER: attempt 83 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 580141904 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/d61a8d2cb7907c8cfd0fcffd5cc531b73eb253e9' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 519 processed earlier; will process 537 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1435==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x555a1c68db06 (pc 0x7f10a66e998c bp 0x7ffd7c13c470 sp 0x7ffd7c13c438 T1435) Step #5: ==1435==The signal is caused by a WRITE memory access. Step #5: #0 0x7f10a66e998c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x555a1c7235cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x555a1c7235cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x555a1c724820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x555a1c724820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x555a1c724820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x555a1c724820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x555a1c72753d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x555a1c72753d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x555a1c7270a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x555a1c6c419d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x555a1c6cd008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x555a1c6b3ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x555a1c6df9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f10a6582082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x555a1c6a759d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1435==Register values: Step #5: rax = 0x0000555a1c68db06 rbx = 0x0000555a1c7342b0 rcx = 0x000000001c687371 rdx = 0x0000000000000018 Step #5: rdi = 0x0000555a1c68db06 rsi = 0x00007ffd7c13c4e0 rbp = 0x00007ffd7c13c470 rsp = 0x00007ffd7c13c438 Step #5: r8 = 0x000000000000c8cb r9 = 0x0000000000000000 r10 = 0x0000000000000000 r11 = 0x00007f10a674abe0 Step #5: r12 = 0x0000555a1dfd35b0 r13 = 0x000000000000555a r14 = 0x0000000000000018 r15 = 0x0000555a1c7342b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1435==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x9,0xff,0x8,0x80,0xb,0x2b,0x9,0x0,0x19,0x10,0xf8,0xfa,0x0,0x0,0xfa,0x80,0xa,0xff,0xc5,0xff,0xb,0x2b,0x9,0x0,0x9,0x8,0xb0,0x21,0xb,0x79,0x7a,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0xde,0x3,0x3,0x3,0x42,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0xfe,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x17,0x17,0x17,0x17,0x17,0x17,0x17,0x17,0xef,0xdf,0xdf,0xdf,0xdf,0xdf,0xdf,0xdf,0xdf,0xdf,0xdf, Step #5: \000\011\377\010\200\013+\011\000\031\020\370\372\000\000\372\200\012\377\305\377\013+\011\000\011\010\260!\013yz\003\003\003\003\003\003\003\003\003\336\003\003\003B\003\003\003\003\003\003\003\003\003\003\003\003\003\003\003\003\003\003\003\003\003\003\003\003\003\003\003\003\003\376\003\003\003\003\003\003\003\003\003\003\003\003\003\003\003\003\003\003\003\003\027\027\027\027\027\027\027\027\357\337\337\337\337\337\337\337\337\337\337 Step #5: artifact_prefix='./'; Test unit written to ./crash-e4766f1888002d5f7fa31a5e28e56482ecc98a8c Step #5: Base64: AAn/CIALKwkAGRD4+gAA+oAK/8X/CysJAAkIsCELeXoDAwMDAwMDAwPeAwMDQgMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMD/gMDAwMDAwMDAwMDAwMDAwMDAwMDFxcXFxcXFxfv39/f39/f39/f3w== Step #5: MERGE-OUTER: attempt 84 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 580191888 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/e4766f1888002d5f7fa31a5e28e56482ecc98a8c' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 521 processed earlier; will process 535 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1439==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5626287aabd2 (pc 0x7f8231e5298c bp 0x7ffeecdad8d0 sp 0x7ffeecdad898 T1439) Step #5: ==1439==The signal is caused by a WRITE memory access. Step #5: #0 0x7f8231e5298c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x5626288405cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x5626288405cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x562628841820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x562628841820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x562628841820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x562628841820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x56262884453d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x56262884453d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x5626288440a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x5626287e119d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x5626287ea008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x5626287d0ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5626287fc9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f8231ceb082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x5626287c459d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1439==Register values: Step #5: rax = 0x00005626287aabd2 rbx = 0x00005626288512b0 rcx = 0x00000000287a42a5 rdx = 0x0000000000000018 Step #5: rdi = 0x00005626287aabd2 rsi = 0x00007ffeecdad940 rbp = 0x00007ffeecdad8d0 rsp = 0x00007ffeecdad898 Step #5: r8 = 0x00000000000098cb r9 = 0x00000000000098cb r10 = 0x0000562628dac2d0 r11 = 0x00007ffeecdb7080 Step #5: r12 = 0x0000000000000000 r13 = 0x0000000000005626 r14 = 0x0000000000000018 r15 = 0x00005626288512b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1439==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0x2a,0x2,0x0,0x6,0xfa,0x2,0x2,0x0,0x6,0xf9,0x2,0x61,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x0,0x6,0xf9,0x2,0x0,0x6,0xfa,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x6,0x0,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x12,0x0,0x6,0x2a,0x2,0xd3,0xf9,0x2,0x0,0x7,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x6,0x0,0xf9,0x6,0x2,0xf9,0x2,0x0,0x0,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0x2a,0x2,0xd3,0x66,0x66,0x66, Step #5: \000\006*\002\000\006\372\002\002\000\006\371\002a\006\371\002\000\006\371\002\000\000\006\371\002\000\006\372\002\000\006\371\002\000\006\371\002\006\371\002\000\006\371\002\006\000\371\002\000\006\371\002\000\006\371\002\000\006\371\002\000\006\371\022\000\006*\002\323\371\002\000\007\371\002\000\006\371\002\000\006\371\002\000\006\371\002\000\006\371\002\000\006\371\002\006\000\371\006\002\371\002\000\000\371\002\000\006\371\002\000\006\371\002\000\006*\002\323fff Step #5: artifact_prefix='./'; Test unit written to ./crash-b0e98bf8d7d3313439755b766c53ab121bb786c6 Step #5: Base64: AAYqAgAG+gICAAb5AmEG+QIABvkCAAAG+QIABvoCAAb5AgAG+QIG+QIABvkCBgD5AgAG+QIABvkCAAb5AgAG+RIABioC0/kCAAf5AgAG+QIABvkCAAb5AgAG+QIABvkCBgD5BgL5AgAA+QIABvkCAAb5AgAGKgLTZmZm Step #5: MERGE-OUTER: attempt 85 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 580241544 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/b0e98bf8d7d3313439755b766c53ab121bb786c6' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 526 processed earlier; will process 530 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1443==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55d9a815bb85 (pc 0x7f3f22e5a98c bp 0x7ffdd5a7b3c0 sp 0x7ffdd5a7b388 T1443) Step #5: ==1443==The signal is caused by a WRITE memory access. Step #5: #0 0x7f3f22e5a98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55d9a81f15cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55d9a81f15cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55d9a81f2820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55d9a81f2820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55d9a81f2820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55d9a81f2820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55d9a81f56d0 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x55d9a81f56d0 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x55d9a81f50a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55d9a819219d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55d9a819b008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55d9a8181ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55d9a81ad9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f3f22cf3082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55d9a817559d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1443==Register values: Step #5: rax = 0x000055d9a815bb85 rbx = 0x000055d9a82022b0 rcx = 0x00000000a81552f2 rdx = 0x0000000000000018 Step #5: rdi = 0x000055d9a815bb85 rsi = 0x00007ffdd5a7b430 rbp = 0x00007ffdd5a7b3c0 rsp = 0x00007ffdd5a7b388 Step #5: r8 = 0x000000000000a8cb r9 = 0x000000000000a8cb r10 = 0x000055d9a875d2d0 r11 = 0x00007ffdd5b50080 Step #5: r12 = 0x000000000000007b r13 = 0x00000000000055d9 r14 = 0x0000000000000018 r15 = 0x000055d9a82022b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1443==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7c,0x7a,0x7a,0x7a,0x3b,0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x7d,0x25,0x7b,0x66,0x7d,0x25,0x66,0x7d,0x25,0x7b,0x66,0x7d,0x25,0x25,0x7d,0x7b,0x7d,0x25,0x25,0x7d,0x66,0x66,0x7b,0x7b,0x66,0x7b,0x7b,0x7d,0x66,0x25,0x66,0x60,0x7d,0x25,0x7b,0x66,0x7d,0x25,0x7b,0x66,0x7d,0x25,0x7b,0x66,0x7d,0x25,0x7b,0x66,0x7d,0x25,0x7b,0x66,0x7d,0x25,0x7b,0x66,0x7d,0x25,0x25,0x7b,0x66,0x83,0xdc,0x7b,0x9a,0x82,0xda,0x7a,0x66,0x7d,0x25,0x7b,0x25,0x7b,0x66,0x7b,0x66, Step #5: |zzz;\002\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000}%{f}%f}%{f}%%}{}%%}ff{{f{{}f%f`}%{f}%{f}%{f}%{f}%{f}%{f}%%{f\203\334{\232\202\332zf}%{%{f{f Step #5: artifact_prefix='./'; Test unit written to ./crash-3d751b7862e286cdc34ffbc1b76b940e0d113d1c Step #5: Base64: fHp6ejsCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB9JXtmfSVmfSV7Zn0lJX17fSUlfWZme3tme3t9ZiVmYH0le2Z9JXtmfSV7Zn0le2Z9JXtmfSV7Zn0lJXtmg9x7moLaemZ9JXsle2Z7Zg== Step #5: MERGE-OUTER: attempt 86 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 580291281 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/3d751b7862e286cdc34ffbc1b76b940e0d113d1c' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 528 processed earlier; will process 528 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1447==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffc15064ff8 (pc 0x563958c39b64 bp 0x7ffc15862e20 sp 0x7ffc15065000 T1447) Step #5: #0 0x563958c39b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x563958c3d0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x563958c3d0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x563958bda19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x563958be3008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x563958bc9ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x563958bf59f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f16b1190082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x563958bbd59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1447==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x2,0x1,0x0,0x0,0x0,0x0,0x9,0x80,0x2,0x1,0x0,0x0,0x0,0xe2,0x1d,0x0,0x2,0x1,0x0,0x0,0x0,0x0,0x9,0x80,0x2,0x1,0x0,0x0,0x0,0xe2,0x1d,0x0,0x2,0x1,0x12,0x0,0x2,0x0,0x9,0x80,0x2,0x1,0x0,0x0,0x0,0xe2,0x1d,0x0,0x2,0x1,0x0,0x0,0x2,0x0,0x9,0x80,0x4f,0x5c,0x5f,0x6,0x6,0x6,0x6,0x6,0x6,0x6,0x6b,0x6b,0x6f,0x6b,0x6b,0x6b,0x6b,0x6b,0x6,0x6,0x6,0x6,0x8b,0x0,0x3,0x0,0x9,0x80,0x2,0x1,0x0,0x0,0x0,0xe2,0x1d,0x0,0x2,0x1,0x0,0x0,0x2,0x0,0x9,0x80,0x4f,0x5c,0x5f,0x7,0x7,0x6,0x6,0x6,0x6,0x6,0x6b,0x6b,0x6f,0x6b,0x6b,0x6b,0x6b,0x6b,0x6,0x6,0x6,0x6,0xe2,0x80,0x89,0xeb, Step #5: \002\001\000\000\000\000\011\200\002\001\000\000\000\342\035\000\002\001\000\000\000\000\011\200\002\001\000\000\000\342\035\000\002\001\022\000\002\000\011\200\002\001\000\000\000\342\035\000\002\001\000\000\002\000\011\200O\\_\006\006\006\006\006\006\006kkokkkkk\006\006\006\006\213\000\003\000\011\200\002\001\000\000\000\342\035\000\002\001\000\000\002\000\011\200O\\_\007\007\006\006\006\006\006kkokkkkk\006\006\006\006\342\200\211\353 Step #5: artifact_prefix='./'; Test unit written to ./crash-59b85375ed59d323b8889159ed7c919c288c5ab1 Step #5: Base64: AgEAAAAACYACAQAAAOIdAAIBAAAAAAmAAgEAAADiHQACARIAAgAJgAIBAAAA4h0AAgEAAAIACYBPXF8GBgYGBgYGa2tva2tra2sGBgYGiwADAAmAAgEAAADiHQACAQAAAgAJgE9cXwcHBgYGBgZra29ra2trawYGBgbigInr Step #5: MERGE-OUTER: attempt 87 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 580350292 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/59b85375ed59d323b8889159ed7c919c288c5ab1' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 530 processed earlier; will process 526 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1451==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fff980dcff8 (pc 0x55ed04d02b64 bp 0x7fff988db0e0 sp 0x7fff980dd000 T1451) Step #5: #0 0x55ed04d02b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55ed04d060b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55ed04d060b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55ed04ca319d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55ed04cac008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55ed04c92ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55ed04cbe9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f01a04b0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55ed04c8659d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1451==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x1f,0x0,0x0,0x0,0x0,0x18,0x20,0x21,0x2e,0xf9,0x0,0x0,0x6,0x8,0x20,0x21,0x4b,0x10,0x0,0x0,0x0,0x18,0x20,0x21,0x2e,0xf9,0x0,0x0,0x6,0x8,0x20,0x21,0x4b,0x10,0x0,0x0,0x0,0x18,0x20,0x10,0x21,0x43,0x29,0x0,0xf3,0xf3,0xa0,0x81,0xbb,0xa0,0x80,0xb7,0x0,0xb9,0xe0,0x7,0x18,0x2e,0x0,0x8,0x21,0xf9,0x20,0x0,0x0,0x21,0x10,0x84,0x20,0x0,0x0,0x0,0x18,0x20,0x22,0xca,0xb0,0x0,0x0,0x0,0xe,0x31,0x21,0x4b,0x83,0x83,0x83,0x87,0xff,0xff,0xff,0xff,0xff,0x51,0x0,0x0,0xe,0x33,0x21,0x4b,0x83,0x83,0x83,0x87,0xff,0xff,0xff,0xff,0xff,0x51,0x83,0x83,0x83,0xe4,0xa3,0x82,0x83,0xf9,0x83,0x83,0xff,0xff,0xff,0xf5,0xf5, Step #5: \200\011\037\000\000\000\000\030 !.\371\000\000\006\010 !K\020\000\000\000\030 !.\371\000\000\006\010 !K\020\000\000\000\030 \020!C)\000\363\363\240\201\273\240\200\267\000\271\340\007\030.\000\010!\371 \000\000!\020\204 \000\000\000\030 \"\312\260\000\000\000\0161!K\203\203\203\207\377\377\377\377\377Q\000\000\0163!K\203\203\203\207\377\377\377\377\377Q\203\203\203\344\243\202\203\371\203\203\377\377\377\365\365 Step #5: artifact_prefix='./'; Test unit written to ./crash-f35b1ab45a53891c70791a1c7d7f98b86fa555b9 Step #5: Base64: gAkfAAAAABggIS75AAAGCCAhSxAAAAAYICEu+QAABgggIUsQAAAAGCAQIUMpAPPzoIG7oIC3ALngBxguAAgh+SAAACEQhCAAAAAYICLKsAAAAA4xIUuDg4OH//////9RAAAOMyFLg4ODh///////UYODg+SjgoP5g4P////19Q== Step #5: MERGE-OUTER: attempt 88 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 580409773 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/f35b1ab45a53891c70791a1c7d7f98b86fa555b9' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 531 processed earlier; will process 525 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x61,0x42,0xe2,0x80,0x8a,0x0,0xfe,0x95,0x1,0x0,0xa1,0x20,0xdf,0xff,0x0,0x0,0x0,0xff,0xf3,0xa0,0x81,0x9d,0xff,0x0,0x0,0x0,0xa6,0xf3,0xa0,0x80,0xf3,0xa0,0x81,0x85,0x6,0xf9,0x2,0xfe,0xff,0x0,0x6,0xf9,0x2,0x25,0xf3,0xa0,0x81,0x9b,0x6,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0xca,0xb6,0xdf,0xff,0x35,0x37,0x33,0x37,0x38,0x0,0x0,0x0,0xa6,0xf3,0xa0,0x80,0x6,0x53,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x25,0x25,0x25,0x6,0xf9,0x4f,0x40,0xff,0x4f,0x4f,0x7f,0x7f,0xff,0x61,0x4f,0x4f,0xca,0xb2,0x7d,0x48,0x2,0xff,0x7d,0x48,0x2,0xff,0x7f,0x7f,0xf3,0xa0,0x81,0xac,0x7,0x7f,0xe2,0x81,0xa7,0x0,0x7f,0x6,0xa0, Step #5: \200\011aB\342\200\212\000\376\225\001\000\241 \337\377\000\000\000\377\363\240\201\235\377\000\000\000\246\363\240\200\363\240\201\205\006\371\002\376\377\000\006\371\002%\363\240\201\233\006 \312\266\337\37757378\000\000\000\246\363\240\200\006S\006\371\002\000\006\371\002%%%\006\371O@\377OO\177\177\377aOO\312\262}H\002\377}H\002\377\177\177\363\240\201\254\007\177\342\201\247\000\177\006\240 Step #5: artifact_prefix='./'; Test unit written to ./timeout-22297830c44950ef979dc6436aa9f5418dc73c15 Step #5: Base64: gAlhQuKAigD+lQEAoSDf/wAAAP/zoIGd/wAAAKbzoIDzoIGFBvkC/v8ABvkCJfOggZsGICAgICAgICAgIMq23/81NzM3OAAAAKbzoIAGUwb5AgAG+QIlJSUG+U9A/09Pf3//YU9PyrJ9SAL/fUgC/39/86CBrAd/4oGnAH8GoA== Step #5: ==1455== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x55b733be6034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x55b733ba3178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x55b733b86a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7f6c27c0b08f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x55b733be7a65 in tud_task_ext /src/tinyusb/src/device/usbd.c:683:19 Step #5: #5 0x55b733beb0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #6 0x55b733beb0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #7 0x55b733b8819d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #8 0x55b733b91008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #9 0x55b733b77ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #10 0x55b733ba39f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #11 0x7f6c27bec082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #12 0x55b733b6b59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 89 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 682457982 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/22297830c44950ef979dc6436aa9f5418dc73c15' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 533 processed earlier; will process 523 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1459==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffc132cbff8 (pc 0x558a65743b64 bp 0x7ffc13ac94d0 sp 0x7ffc132cc000 T1459) Step #5: #0 0x558a65743b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x558a657470b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x558a657470b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x558a656e419d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x558a656ed008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x558a656d3ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x558a656ff9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7ff542552082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x558a656c759d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1459==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0xfc,0x98,0xe2,0x7f,0x8f,0xe2,0x80,0x8f,0xf3,0x98,0xe2,0x7f,0x8f,0xe2,0x80,0x8f,0xf3,0x98,0xe2,0x7f,0x8f,0xe2,0x80,0x8f,0xf3,0x98,0xe2,0x7f,0x8f,0xe2,0x80,0x8f,0xf3,0x98,0xe2,0x7f,0x8f,0xe2,0x80,0x8f,0xf3,0x98,0xe2,0x7f,0x8f,0xe2,0x80,0x8f,0xf3,0x98,0xe2,0x7f,0x8f,0xe2,0x80,0x8f,0xf3,0x98,0xe2,0x7f,0x8f,0xe2,0x80,0x8f,0xf3,0x98,0xe2,0x7f,0x8f,0xe2,0x80,0x8f,0xf3,0x98,0xe2,0x7f,0x8f,0xe2,0x80,0x8f,0xf3,0x98,0xe2,0x7f,0x8f,0xe2,0x80,0x8f,0xf3,0x49,0x80,0xb9,0x80,0x9e,0x9e,0x9e,0x9e,0x9e,0x9e,0x9e,0x9e,0x9e,0x9e,0x9e,0x9e,0x9e,0x9e,0x9e,0x9e,0x9e,0x9e,0x9e,0x9e,0x9e,0x9e,0x9e,0x9e,0x9e,0x9e,0x9e,0x9e,0x9e,0x9e,0x9e,0x9e,0x9e,0x9e,0xb1, Step #5: \374\230\342\177\217\342\200\217\363\230\342\177\217\342\200\217\363\230\342\177\217\342\200\217\363\230\342\177\217\342\200\217\363\230\342\177\217\342\200\217\363\230\342\177\217\342\200\217\363\230\342\177\217\342\200\217\363\230\342\177\217\342\200\217\363\230\342\177\217\342\200\217\363\230\342\177\217\342\200\217\363\230\342\177\217\342\200\217\363I\200\271\200\236\236\236\236\236\236\236\236\236\236\236\236\236\236\236\236\236\236\236\236\236\236\236\236\236\236\236\236\236\236\236\236\236\236\261 Step #5: artifact_prefix='./'; Test unit written to ./crash-dd263b4771ad79401ae27de4fc1aca6ca633f666 Step #5: Base64: /Jjif4/igI/zmOJ/j+KAj/OY4n+P4oCP85jif4/igI/zmOJ/j+KAj/OY4n+P4oCP85jif4/igI/zmOJ/j+KAj/OY4n+P4oCP85jif4/igI/zmOJ/j+KAj/NJgLmAnp6enp6enp6enp6enp6enp6enp6enp6enp6enp6enp6enrE= Step #5: MERGE-OUTER: attempt 90 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 682517347 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/dd263b4771ad79401ae27de4fc1aca6ca633f666' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 537 processed earlier; will process 519 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1463==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55bf7cfadb6b (pc 0x7f8521b5598c bp 0x7ffe2ee41340 sp 0x7ffe2ee41308 T1463) Step #5: ==1463==The signal is caused by a WRITE memory access. Step #5: #0 0x7f8521b5598c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55bf7d0435cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55bf7d0435cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55bf7d044820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55bf7d044820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55bf7d044820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55bf7d044820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55bf7d04753d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55bf7d04753d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55bf7d0470a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55bf7cfe419d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55bf7cfed008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55bf7cfd3ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55bf7cfff9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f85219ee082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55bf7cfc759d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1463==Register values: Step #5: rax = 0x000055bf7cfadb6b rbx = 0x000055bf7d0542b0 rcx = 0x000000007cfa730c rdx = 0x0000000000000018 Step #5: rdi = 0x000055bf7cfadb6b rsi = 0x00007ffe2ee413b0 rbp = 0x00007ffe2ee41340 rsp = 0x00007ffe2ee41308 Step #5: r8 = 0x000000000000c8cb r9 = 0x000000000000c8cb r10 = 0x000055bf7d5af2d0 r11 = 0x00007f8521a646d0 Step #5: r12 = 0x0000000000000000 r13 = 0x00000000000055bf r14 = 0x0000000000000018 r15 = 0x000055bf7d0542b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1463==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x8,0xb,0xc2,0xdb,0xb9,0x9c,0x2,0x0,0x80,0x8,0xff,0xff,0x0,0x0,0xb9,0xb8,0xb8,0xc6,0x0,0xf3,0xa0,0x81,0x9d,0x44,0xf3,0x80,0x8,0x7e,0x82,0xdb,0xb9,0x99,0x2,0x8,0x80,0x8,0x1,0xd,0xc6,0x44,0xb9,0xe2,0x80,0x89,0xd3,0x66,0x93,0x66,0xef,0xbb,0xbf,0x93,0x8e,0x93,0x66,0x93,0x66,0x93,0x66,0xf3,0xa0,0x81,0xa1,0x93,0x66,0x93,0xb2,0x93,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66, Step #5: \200\010\013\302\333\271\234\002\000\200\010\377\377\000\000\271\270\270\306\000\363\240\201\235D\363\200\010~\202\333\271\231\002\010\200\010\001\015\306D\271\342\200\211\323f\223f\357\273\277\223\216\223f\223f\223f\363\240\201\241\223f\223\262\223f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f Step #5: artifact_prefix='./'; Test unit written to ./crash-d2e4f59e1509fb2f3279257b7fceb76fe8a4ce54 Step #5: Base64: gAgLwtu5nAIAgAj//wAAubi4xgDzoIGdRPOACH6C27mZAgiACAENxkS54oCJ02aTZu+7v5OOk2aTZpNm86CBoZNmk7KTZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y= Step #5: MERGE-OUTER: attempt 91 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 682566604 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/d2e4f59e1509fb2f3279257b7fceb76fe8a4ce54' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 538 processed earlier; will process 518 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1467==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffc06c49ff8 (pc 0x561729018b64 bp 0x7ffc074486c0 sp 0x7ffc06c4a000 T1467) Step #5: #0 0x561729018b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x56172901c0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x56172901c0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x561728fb919d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x561728fc2008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x561728fa8ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x561728fd49f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f5224ff4082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x561728f9c59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1467==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x1f,0x0,0x0,0x0,0x0,0x18,0x20,0x21,0x2e,0xf9,0x0,0x0,0x6,0x8,0x20,0x21,0x4b,0x10,0x0,0x0,0x0,0x18,0x20,0x21,0x43,0x29,0x0,0xf3,0xa0,0x80,0xb7,0x0,0xb9,0xe0,0x7,0x18,0x2e,0x0,0x8,0x21,0xf9,0x20,0x0,0x0,0x21,0x10,0x84,0x20,0x0,0x0,0x0,0x18,0x20,0x22,0xca,0xb0,0x0,0x0,0x0,0xe,0x31,0x37,0x30,0x31,0x34,0x31,0x31,0x38,0x33,0x34,0x36,0x30,0x34,0x36,0x39,0x32,0x33,0x31,0x37,0x33,0x31,0x36,0x38,0x37,0x33,0x30,0x33,0x37,0x31,0x35,0x38,0x38,0x34,0x31,0x30,0x35,0x37,0x32,0x38,0x21,0x4b,0x83,0x83,0x83,0x87,0xff,0xff,0xff,0xff,0xff,0x51,0x83,0x83,0x83,0xe4,0xa3,0x82,0x83,0xf9,0x83,0x83,0xff,0xff,0xff,0xf5,0xf5, Step #5: \200\011\037\000\000\000\000\030 !.\371\000\000\006\010 !K\020\000\000\000\030 !C)\000\363\240\200\267\000\271\340\007\030.\000\010!\371 \000\000!\020\204 \000\000\000\030 \"\312\260\000\000\000\016170141183460469231731687303715884105728!K\203\203\203\207\377\377\377\377\377Q\203\203\203\344\243\202\203\371\203\203\377\377\377\365\365 Step #5: artifact_prefix='./'; Test unit written to ./crash-e8a705acb74af29b615feffd1295371a3173828d Step #5: Base64: gAkfAAAAABggIS75AAAGCCAhSxAAAAAYICFDKQDzoIC3ALngBxguAAgh+SAAACEQhCAAAAAYICLKsAAAAA4xNzAxNDExODM0NjA0NjkyMzE3MzE2ODczMDM3MTU4ODQxMDU3MjghS4ODg4f//////1GDg4Pko4KD+YOD////9fU= Step #5: MERGE-OUTER: attempt 92 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 682624983 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/e8a705acb74af29b615feffd1295371a3173828d' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 539 processed earlier; will process 517 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x80,0x9,0x80,0x9,0x80,0x9,0x80,0x9,0x80,0x9,0x80,0x9,0x80,0x9,0x80,0x9,0x80,0x0,0x0,0x20,0x9,0x9,0x80,0x9,0x80,0x9,0x80,0x9,0x80,0x9,0x80,0x9,0x43,0x9,0x3,0x81,0x80,0x9,0x7d,0x9,0x80,0x9,0x80,0x9,0x80,0x80,0x80,0x9,0x9,0x9,0x9,0x9,0x80,0x80,0x9,0x9,0x81,0x80,0x29,0x9,0x80,0x80,0x9,0x82,0x9,0x80,0xd0,0xb,0x7a,0xf6,0x7f,0xf6,0x9,0x80,0x9,0x80,0xf,0x80,0x80,0x9,0x80,0x9,0x9,0x80,0x9,0x80,0xf,0x80,0x9,0x82,0x9,0x80,0x2e,0x7d,0x9,0x80,0x9,0xc0,0x9,0x80,0x9,0x2d,0x31,0x9,0x80,0x9,0x90,0x9,0x80,0x9,0x3a,0xa0,0x80,0x9,0x80,0x9,0x80,0x9,0x80,0xb,0x80,0x9,0x80,0x9,0x80,0x30,0xef, Step #5: \200\011\200\011\200\011\200\011\200\011\200\011\200\011\200\011\200\011\200\000\000 \011\011\200\011\200\011\200\011\200\011\200\011C\011\003\201\200\011}\011\200\011\200\011\200\200\200\011\011\011\011\011\200\200\011\011\201\200)\011\200\200\011\202\011\200\320\013z\366\177\366\011\200\011\200\017\200\200\011\200\011\011\200\011\200\017\200\011\202\011\200.}\011\200\011\300\011\200\011-1\011\200\011\220\011\200\011:\240\200\011\200\011\200\011\200\013\200\011\200\011\2000\357 Step #5: artifact_prefix='./'; Test unit written to ./timeout-2334d4dc76b479f42376c7d7458b2bd7d687596f Step #5: Base64: gAmACYAJgAmACYAJgAmACYAJgAAAIAkJgAmACYAJgAmACUMJA4GACX0JgAmACYCAgAkJCQkJgIAJCYGAKQmAgAmCCYDQC3r2f/YJgAmAD4CACYAJCYAJgA+ACYIJgC59CYAJwAmACS0xCYAJkAmACTqggAmACYAJgAuACYAJgDDv Step #5: ==1471== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x5651a90f8034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x5651a90b5178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x5651a9098a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7f6ce107808f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x5651a90f93b8 in advance_index /src/tinyusb/src/common/tusb_fifo.c Step #5: #5 0x5651a90f93b8 in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:510:15 Step #5: #6 0x5651a90f9a49 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #7 0x5651a90f9a49 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #8 0x5651a90f9a49 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #9 0x5651a90fd0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #10 0x5651a90fd0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #11 0x5651a909a19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #12 0x5651a90a3008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #13 0x5651a9089ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #14 0x5651a90b59f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #15 0x7f6ce1059082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #16 0x5651a907d59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 93 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 784675805 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/2334d4dc76b479f42376c7d7458b2bd7d687596f' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 542 processed earlier; will process 514 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1475==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x56177dcc9bc3 (pc 0x7f4e3335198c bp 0x7ffe44749750 sp 0x7ffe44749718 T1475) Step #5: ==1475==The signal is caused by a WRITE memory access. Step #5: #0 0x7f4e3335198c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x56177dd5f5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x56177dd5f5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x56177dd60820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x56177dd60820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x56177dd60820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x56177dd60820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x56177dd636d0 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x56177dd636d0 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x56177dd630a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x56177dd0019d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x56177dd09008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x56177dcefce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x56177dd1b9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f4e331ea082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x56177dce359d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1475==Register values: Step #5: rax = 0x000056177dcc9bc3 rbx = 0x000056177dd702b0 rcx = 0x000000007dcc32b4 rdx = 0x0000000000000018 Step #5: rdi = 0x000056177dcc9bc3 rsi = 0x00007ffe447497c0 rbp = 0x00007ffe44749750 rsp = 0x00007ffe44749718 Step #5: r8 = 0x00000000000088cb r9 = 0x000056177e2cb2d0 r10 = 0x000056177e2cb2d0 r11 = 0x00007ffe4478d080 Step #5: r12 = 0x0000000000000000 r13 = 0x0000000000005617 r14 = 0x0000000000000018 r15 = 0x000056177dd702b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1475==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x3c,0x0,0x44,0x0,0x55,0x55,0xd,0x0,0x9,0x0,0xd,0x0,0x9,0x0,0xa8,0x0,0x9,0x0,0xa,0x0,0x3e,0x29,0x40,0x0,0x9,0x0,0xd,0x0,0x9,0x0,0xd,0x0,0x9,0x0,0xd,0x0,0x9,0x0,0xa,0x0,0x3e,0x29,0x40,0x0,0x9,0x0,0xd,0x0,0x9,0x0,0xd,0x0,0x9,0x0,0xd,0x0,0x9,0x0,0xa,0x0,0x3e,0x29,0x40,0x0,0x9,0x0,0xd,0x0,0x9,0x0,0xd,0x0,0xd,0x0,0x9,0x0,0x2b,0x0,0x9,0x0,0xa,0x0,0x3e,0x0,0x3e,0x29,0x40,0x0,0x9,0x0,0xd,0x0,0x9,0x0,0xd,0x0,0xd,0x0,0x9,0x0,0x2b,0x0,0x9,0x0,0xa,0x0,0x3e,0x0,0x3e,0x29,0x0,0x3c,0x0,0x6c,0x0,0x3c,0xf3,0xa0,0x81,0x96,0x0,0x6c,0x3e,0xff,0x24,0x6d,0x24,0x6c,0x6b,0x24,0x0,0x6c, Step #5: \000<\000D\000UU\015\000\011\000\015\000\011\000\250\000\011\000\012\000>)@\000\011\000\015\000\011\000\015\000\011\000\015\000\011\000\012\000>)@\000\011\000\015\000\011\000\015\000\011\000\015\000\011\000\012\000>)@\000\011\000\015\000\011\000\015\000\015\000\011\000+\000\011\000\012\000>\000>)@\000\011\000\015\000\011\000\015\000\015\000\011\000+\000\011\000\012\000>\000>)\000<\000l\000<\363\240\201\226\000l>\377$m$lk$\000l Step #5: artifact_prefix='./'; Test unit written to ./crash-36a43e97413f7acfce19a106c3276cdd2ae7b4ae Step #5: Base64: ADwARABVVQ0ACQANAAkAqAAJAAoAPilAAAkADQAJAA0ACQANAAkACgA+KUAACQANAAkADQAJAA0ACQAKAD4pQAAJAA0ACQANAA0ACQArAAkACgA+AD4pQAAJAA0ACQANAA0ACQArAAkACgA+AD4pADwAbAA886CBlgBsPv8kbSRsayQAbA== Step #5: MERGE-OUTER: attempt 94 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 784726843 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/36a43e97413f7acfce19a106c3276cdd2ae7b4ae' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 551 processed earlier; will process 505 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1479==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55ba4b2abb66 (pc 0x7f19bc95698c bp 0x7ffc98fc9580 sp 0x7ffc98fc9548 T1479) Step #5: ==1479==The signal is caused by a WRITE memory access. Step #5: #0 0x7f19bc95698c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55ba4b3415cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55ba4b3415cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55ba4b342820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55ba4b342820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55ba4b342820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55ba4b342820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55ba4b34553d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55ba4b34553d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55ba4b3450a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55ba4b2e219d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55ba4b2eb008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55ba4b2d1ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55ba4b2fd9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f19bc7ef082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55ba4b2c559d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1479==Register values: Step #5: rax = 0x000055ba4b2abb66 rbx = 0x000055ba4b3522b0 rcx = 0x000000004b2a5311 rdx = 0x0000000000000018 Step #5: rdi = 0x000055ba4b2abb66 rsi = 0x00007ffc98fc95f0 rbp = 0x00007ffc98fc9580 rsp = 0x00007ffc98fc9548 Step #5: r8 = 0x000000000000a8cb r9 = 0x000000000000a8cb r10 = 0x000055ba4b8ad490 r11 = 0x00007f19bc9b7be0 Step #5: r12 = 0x0000000000000000 r13 = 0x00000000000055ba r14 = 0x0000000000000018 r15 = 0x000055ba4b3522b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1479==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x8,0xb,0xc2,0xdb,0xb9,0x9c,0x2,0x0,0x80,0x8,0xff,0xff,0x0,0x0,0xb9,0xb8,0xb8,0xc6,0x0,0xf3,0xa0,0x81,0xa1,0x93,0x66,0x93,0xb2,0x93,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3e,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x67,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3e,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x12,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66, Step #5: \200\010\013\302\333\271\234\002\000\200\010\377\377\000\000\271\270\270\306\000\363\240\201\241\223f\223\262\223f\307f?f\307f>f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?g\307f?f\307f>f\307f?f\307f?f\307f?f\307ff?f\307f?f\307f?f\307f?\022\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f Step #5: artifact_prefix='./'; Test unit written to ./crash-4c09b8765d7901c0fd1f76c34ddc7dea5f4d31c1 Step #5: Base64: gAgLwtu5nAIAgAj//wAAubi4xgDzoIGhk2aTspNmx2Y/ZsdmPmbHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/Z8dmP2bHZj5mx2Y/ZsdmP2bHZj9mx2ZmP2bHZj9mx2Y/ZsdmPxLHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9m Step #5: MERGE-OUTER: attempt 95 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 784777367 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/4c09b8765d7901c0fd1f76c34ddc7dea5f4d31c1' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 552 processed earlier; will process 504 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1483==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5601d204cbad (pc 0x7ffa276ae98c bp 0x7fff61473850 sp 0x7fff61473818 T1483) Step #5: ==1483==The signal is caused by a WRITE memory access. Step #5: #0 0x7ffa276ae98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x5601d20e25cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x5601d20e25cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x5601d20e3820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x5601d20e3820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x5601d20e3820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x5601d20e3820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x5601d20e653d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x5601d20e653d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x5601d20e60a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x5601d208319d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x5601d208c008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x5601d2072ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5601d209e9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7ffa27547082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x5601d206659d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1483==Register values: Step #5: rax = 0x00005601d204cbad rbx = 0x00005601d20f32b0 rcx = 0x00000000d20462ca rdx = 0x0000000000000018 Step #5: rdi = 0x00005601d204cbad rsi = 0x00007fff614738c0 rbp = 0x00007fff61473850 rsp = 0x00007fff61473818 Step #5: r8 = 0x000000000000b8cb r9 = 0x000000000000b8cb r10 = 0x00005601d264e490 r11 = 0x00007ffa2770fbe0 Step #5: r12 = 0x0000000000000000 r13 = 0x0000000000005601 r14 = 0x0000000000000018 r15 = 0x00005601d20f32b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1483==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x8,0xb,0xc2,0xdb,0xb9,0x9c,0x2,0x0,0x80,0x8,0xff,0xff,0x0,0x0,0xb9,0xb8,0xb8,0xc6,0x0,0xf3,0xa0,0x81,0xa1,0x93,0x66,0x93,0xb2,0x93,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3e,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x67,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66, Step #5: \200\010\013\302\333\271\234\002\000\200\010\377\377\000\000\271\270\270\306\000\363\240\201\241\223f\223\262\223f\307f?f\307f>f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?g\307f?f\307f?f\307f?f\307f?f\307f?f\307ff?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f Step #5: artifact_prefix='./'; Test unit written to ./crash-6003e90e5e7b71c7bbe21b10d425bb7bae00c540 Step #5: Base64: gAgLwtu5nAIAgAj//wAAubi4xgDzoIGhk2aTspNmx2Y/ZsdmPmbHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/Z8dmP2bHZj9mx2Y/ZsdmP2bHZj9mx2ZmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9m Step #5: MERGE-OUTER: attempt 96 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 784827097 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/6003e90e5e7b71c7bbe21b10d425bb7bae00c540' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 553 processed earlier; will process 503 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1487==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x560456ce25b0 (pc 0x560456ce25b0 bp 0x7ffcd8ba49c0 sp 0x7ffcd8ba4978 T1487) Step #5: ==1487==The signal is caused by a READ memory access. Step #5: ==1487==Hint: PC is at a non-executable region. Maybe a wild jump? Step #5: #0 0x560456ce25b0 () Step #5: Step #5: ==1487==Register values: Step #5: rax = 0x00005604547cc901 rbx = 0x0000000000000001 rcx = 0x0000000000000018 rdx = 0x0000000000000180 Step #5: rdi = 0x0000000000000001 rsi = 0x0000000000000018 rbp = 0x00007ffcd8ba49c0 rsp = 0x00007ffcd8ba4978 Step #5: r8 = 0x0000000000000000 r9 = 0x0000000000000180 r10 = 0xfffffffffffff04a r11 = 0x00007f14f45876d0 Step #5: r12 = 0x00007ffcd8ba0827 r13 = 0x00005604547cc97c r14 = 0x0000000000000001 r15 = 0x0000560456cb9fc8 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV () Step #5: ==1487==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x21,0x3a,0x7b,0x27,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0xa1,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b,0x21,0x3a,0x27,0x7b, Step #5: !:{'!:'{!:'{!:'{!:'{!:'{!:'{!:'{!:'{!:'{!:'{!:'{!:'{!:'{!:'{!:'{!:'{!:'{!:'{!:'{!:{!:'{!:'{!:'{!:'{!:'{!:'{!:'{\241:'{!:'{!:'{!:'{!:'{!:'{!:'{ Step #5: artifact_prefix='./'; Test unit written to ./crash-c05d64e9939e90f869c633c1b4ed23ab7ec6483a Step #5: Base64: ITp7JyE6J3shOid7IToneyE6J3shOid7IToneyE6J3shOid7IToneyE6J3shOid7IToneyE6J3shOid7IToneyE6J3shOid7IToneyE6J3shOnshOid7IToneyE6J3shOid7IToneyE6J3shOid7oToneyE6J3shOid7IToneyE6J3shOid7ITonew== Step #5: MERGE-OUTER: attempt 97 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 784844191 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/c05d64e9939e90f869c633c1b4ed23ab7ec6483a' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 554 processed earlier; will process 502 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1490==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffefd028ff8 (pc 0x559c00379b64 bp 0x7ffefd826c00 sp 0x7ffefd029000 T1490) Step #5: #0 0x559c00379b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x559c0037d0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x559c0037d0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x559c0031a19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x559c00323008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x559c00309ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x559c003359f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fcbebe03082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x559c002fd59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1490==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x3,0x1,0x0,0xd2,0x0,0x5,0xc4,0x0,0x3,0x1,0x0,0xd1,0x0,0x5,0xc4,0x0,0x3,0x1,0x80,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x25,0x6,0xf9,0x4f,0x4f,0x4f,0x40,0xff,0x7f,0x7f,0xff,0x61,0x4f,0x4f,0xd2,0x0,0x5,0xc4,0x0,0x3,0x1,0x0,0xd2,0x0,0x5,0xc5,0x0,0x3,0x1,0x0,0xd2,0x0,0x0,0xc4,0x0,0x3,0x1,0x0,0xd2,0x0,0x5,0xc4,0x0,0x3,0x1,0x0,0xd2,0x0,0x5,0xc4,0x0,0x3,0x1,0x0,0x5,0xc4,0x0,0x3,0x1,0x0,0xd2,0x0,0x85,0xc4,0x0,0x0,0x5,0xc4,0x0,0x3,0x1,0x0,0xd2,0x0,0x85,0xc4,0x0,0x0,0x5,0xc4,0x0,0x3,0x11,0x0,0x3,0x3,0x3,0x3,0x3,0x3,0x0,0x0,0x0,0x0,0x0,0xd,0xb3,0x4c,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x3,0x2b,0x3,0x61,0x61, Step #5: \000\003\001\000\322\000\005\304\000\003\001\000\321\000\005\304\000\003\001\200\000\006\371\002\000\006\371\002%\006\371OOO@\377\177\177\377aOO\322\000\005\304\000\003\001\000\322\000\005\305\000\003\001\000\322\000\000\304\000\003\001\000\322\000\005\304\000\003\001\000\322\000\005\304\000\003\001\000\005\304\000\003\001\000\322\000\205\304\000\000\005\304\000\003\001\000\322\000\205\304\000\000\005\304\000\003\021\000\003\003\003\003\003\003\000\000\000\000\000\015\263L\003\003\003\003\003\003\003\003\003\003\003+\003aa Step #5: artifact_prefix='./'; Test unit written to ./crash-10c5b20061350be768b4423b874c715fed12a9e2 Step #5: Base64: AAMBANIABcQAAwEA0QAFxAADAYAABvkCAAb5AiUG+U9PT0D/f3//YU9P0gAFxAADAQDSAAXFAAMBANIAAMQAAwEA0gAFxAADAQDSAAXEAAMBAAXEAAMBANIAhcQAAAXEAAMBANIAhcQAAAXEAAMRAAMDAwMDAwAAAAAADbNMAwMDAwMDAwMDAwMrA2Fh Step #5: MERGE-OUTER: attempt 98 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 784903401 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/10c5b20061350be768b4423b874c715fed12a9e2' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 556 processed earlier; will process 500 files now Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0xbf,0x3,0x1,0x10,0x0,0x2,0xff,0xff,0xef,0x6,0xc9,0x0,0x80,0x8,0xb,0xc2,0xdb,0xb9,0xf3,0xa0,0x80,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0x61,0x61,0x61,0x61,0x61,0x61,0x61,0x61,0x61,0x61,0x61,0x61,0xc7,0x66,0x3f,0x66,0xc7,0xca,0xb2,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x26,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc9,0x66,0x3f,0x66,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xc7,0x66,0x3f,0x66,0xd7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7, Step #5: \200\011\277\003\001\020\000\002\377\377\357\006\311\000\200\010\013\302\333\271\363\240\200?f\307f?f\307f?faaaaaaaaaaaa\307f?f\307\312\262f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?&\307f?f\307f?f\307f?f\307f?f\311f?f\377\377\377\377\377\377\377\377\377\377\377\377\377\377\307f?f\327f?f\307f?f\307f?f\307f?f\307 Step #5: artifact_prefix='./'; Test unit written to ./timeout-9b4396dcb803b220a5657691ab2397f9d6c57a3e Step #5: Base64: gAm/AwEQAAL//+8GyQCACAvC27nzoIA/ZsdmP2bHZj9mYWFhYWFhYWFhYWFhx2Y/ZsfKsmY/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj8mx2Y/ZsdmP2bHZj9mx2Y/ZslmP2b//////////////////8dmP2bXZj9mx2Y/ZsdmP2bHZj9mxw== Step #5: ==1494== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x559dad8a8034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x559dad865178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x559dad848a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7f7a6bb9d08f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x559dad8a938c in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c Step #5: #5 0x559dad8a9a49 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #6 0x559dad8a9a49 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #7 0x559dad8a9a49 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #8 0x559dad8ad0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #9 0x559dad8ad0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #10 0x559dad84a19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x559dad853008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x559dad839ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x559dad8659f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f7a6bb7e082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x559dad82d59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 99 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 886951958 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/9b4396dcb803b220a5657691ab2397f9d6c57a3e' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 557 processed earlier; will process 499 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1498==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x564532806bf1 (pc 0x7f178626d98c bp 0x7fff5d60b380 sp 0x7fff5d60b348 T1498) Step #5: ==1498==The signal is caused by a WRITE memory access. Step #5: #0 0x7f178626d98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x56453289c5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x56453289c5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x56453289d820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x56453289d820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x56453289d820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x56453289d820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x5645328a053d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x5645328a053d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x5645328a00a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x56453283d19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x564532846008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x56453282cce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5645328589f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f1786106082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x56453282059d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1498==Register values: Step #5: rax = 0x0000564532806bf1 rbx = 0x00005645328ad2b0 rcx = 0x0000000032800286 rdx = 0x0000000000000018 Step #5: rdi = 0x0000564532806bf1 rsi = 0x00007fff5d60b3f0 rbp = 0x00007fff5d60b380 rsp = 0x00007fff5d60b348 Step #5: r8 = 0x00000000000058cb r9 = 0x00000000000058cb r10 = 0x0000000000000000 r11 = 0x00007fff5d7f8080 Step #5: r12 = 0x0000000000000000 r13 = 0x0000000000005645 r14 = 0x0000000000000018 r15 = 0x00005645328ad2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1498==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0xfa,0x2,0x0,0x6,0x60,0x2,0xc0,0x80,0x6,0xf5,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xfa,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xfa,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf5,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xfa,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0xf9,0x2,0x0,0x6,0x2a,0x2,0xd3,0x66,0x66,0x66,0xd3,0x66,0xd3,0x66,0x93,0x66,0xd3,0x66,0xd3,0x66,0x93,0x66,0xd3,0x66,0xd3,0x66,0x93,0x66,0xd3,0x66,0xd3,0x66,0x93,0x67,0x3d,0x66,0xd3,0xed,0x87,0x66,0x93,0x66,0xd3,0x66,0xd3,0x66,0xd3,0x62, Step #5: \000\006\372\002\000\006`\002\300\200\006\365\002\000\006\371\002\000\006\371\002\000\006\371\002\000\006\371\002\000\006\371\002\000\006\372\002\000\006\371\002\000\006\371\002\000\006\372\002\000\006\371\002\000\006\365\002\000\006\371\002\000\006\371\002\000\006\371\002\000\006\371\002\000\006\371\002\000\006\371\002\000\006\372\002\000\006\371\002\000\006\371\002\000\006\371\002\000\006\371\002\000\006*\002\323fff\323f\323f\223f\323f\323f\223f\323f\323f\223f\323f\323f\223g=f\323\355\207f\223f\323f\323f\323b Step #5: artifact_prefix='./'; Test unit written to ./crash-4b3dff22adc2973fe338c21a568da2b068084651 Step #5: Base64: AAb6AgAGYALAgAb1AgAG+QIABvkCAAb5AgAG+QIABvkCAAb6AgAG+QIABvkCAAb6AgAG+QIABvUCAAb5AgAG+QIABvkCAAb5AgAG+QIABvkCAAb6AgAG+QIABvkCAAb5AgAG+QIABioC02ZmZtNm02aTZtNm02aTZtNm02aTZtNm02aTZz1m0+2HZpNm02bTZtNi Step #5: MERGE-OUTER: attempt 100 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 887001899 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/4b3dff22adc2973fe338c21a568da2b068084651' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 561 processed earlier; will process 495 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1502==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffc263daff8 (pc 0x559c362f8b64 bp 0x7ffc26bd87e0 sp 0x7ffc263db000 T1502) Step #5: #0 0x559c362f8b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x559c362fc0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x559c362fc0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x559c3629919d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x559c362a2008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x559c36288ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x559c362b49f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f2c970be082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x559c3627c59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1502==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5a,0x5b,0x5b,0x7b,0x22,0x22,0x3a,0x5b,0x5d,0x7d,0x2c,0x7b,0x22,0x22,0x3a,0x22,0x22,0x7d,0x2c,0x7b,0x22,0x22,0x3a,0x5b,0x5d,0x7d,0x2c,0x5d,0x7d,0x2c,0x7b,0x22,0x22,0x3b,0x5b,0x7b,0x22,0x22,0x3a,0x5b,0x5d,0x7d,0x2c,0x7b,0x22,0xde,0xc5,0x2a,0x5c,0xdf,0x5c,0x27,0xc4,0x5f,0x5c,0x5f,0x5c,0x7f,0x5c,0x5,0x7c,0x5f,0x5c,0x3f,0x5c,0x25,0x5c,0x5c,0x5c,0x5f,0x5c,0xb5,0x5c,0x5f,0xf3,0xa6,0x7c,0x3f,0x5c,0xde,0xde,0xde,0xde,0xde,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x3a,0xff,0x5b,0x5d,0x7d,0x2c,0x5d,0x7d,0x2c,0x7b,0x22,0x22,0x3a,0x5b,0x7b,0x22,0x22,0x3a,0x5b,0x5d,0x7d,0x2c,0x7b,0x22,0x22,0x3a,0x5b,0x5d,0x7d,0x2c,0x7b,0x22,0x2c,0x5b,0x22,0x7b,0x3a,0x7d,0x5d,0x22,0x22,0x3a,0x5b,0x5d,0x7d,0x2c,0x7d,0x2d,0x31,0x2c,0x7b, Step #5: [[[[[[[[[[[[Z[[{\"\":[]},{\"\":\"\"},{\"\":[]},]},{\"\";[{\"\":[]},{\"\336\305*\\\337\\'\304_\\_\\\177\\\005|_\\?\\%\\\\\\_\\\265\\_\363\246|?\\\336\336\336\336\336\377\377\377\377\377\377\377:\377[]},]},{\"\":[{\"\":[]},{\"\":[]},{\",[\"{:}]\"\":[]},}-1,{ Step #5: artifact_prefix='./'; Test unit written to ./crash-004bfb76e974adf23e5746718b7f48d15b4e46b5 Step #5: Base64: W1tbW1tbW1tbW1tbWltbeyIiOltdfSx7IiI6IiJ9LHsiIjpbXX0sXX0seyIiO1t7IiI6W119LHsi3sUqXN9cJ8RfXF9cf1wFfF9cP1wlXFxcX1y1XF/zpnw/XN7e3t7e/////////zr/W119LF19LHsiIjpbeyIiOltdfSx7IiI6W119LHsiLFsiezp9XSIiOltdfSx9LTEsew== Step #5: MERGE-OUTER: attempt 101 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 887061516 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/004bfb76e974adf23e5746718b7f48d15b4e46b5' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 566 processed earlier; will process 490 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1506==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffc9cdfde50 (pc 0x7ffc9cdfde50 bp 0x7ffc9cdfde20 sp 0x7ffc9cdfddc8 T1506) Step #5: #0 0x7ffc9cdfde50 () Step #5: #1 0x55904ed1c0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55904ed1c0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55904ecb919d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55904ecc2008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55904eca8ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55904ecd49f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fbc70141082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==1506==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x6f,0xcc,0xc9,0x8,0x27,0x1b,0xa1,0x22,0xea,0xe3,0x21,0x22,0x0,0x0,0x28,0x0,0x2c,0x22,0x0,0xa1,0xe8,0x0,0x21,0x22,0x91,0x1,0x21,0x0,0x0,0xd9,0xa1,0x22,0xea,0x2,0x0,0x0,0x2e,0x1b,0xa1,0x22,0xe9,0x22,0x0,0x0,0x0,0x21,0x20,0x22,0xe8,0x2,0x0,0x0,0x2e,0x1b,0xa1,0x22,0xe9,0x22,0x0,0x0,0x0,0x21,0x21,0x22,0xe8,0x2,0x0,0xf3,0xa0,0x81,0xbe,0x0,0x0,0x21,0xa1,0x22,0x29,0x2,0x0,0x0,0xff,0xff,0xd2,0xff,0x6,0x80,0x1f,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x1,0xde,0xdf,0x18,0xfd,0xff,0xff,0xf5,0x21,0xa1,0x22,0x29,0x2,0xa0,0xff,0xff,0xff,0xff,0xff,0x0,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xdf,0xff,0xff,0x7f,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x85,0xff,0xff,0xff,0xff,0xff,0x10,0x10,0x10,0x10,0x10,0x0,0xff,0xcb,0x46,0x10,0x89, Step #5: \200\011o\314\311\010'\033\241\"\352\343!\"\000\000(\000,\"\000\241\350\000!\"\221\001!\000\000\331\241\"\352\002\000\000.\033\241\"\351\"\000\000\000! \"\350\002\000\000.\033\241\"\351\"\000\000\000!!\"\350\002\000\363\240\201\276\000\000!\241\")\002\000\000\377\377\322\377\006\200\037\377\377\377\377\377\377\377\377\001\336\337\030\375\377\377\365!\241\")\002\240\377\377\377\377\377\000\377\377\377\377\377\377\377\377\377\377\337\377\377\177\377\377\377\377\377\377\377\377\377\377\377\205\377\377\377\377\377\020\020\020\020\020\000\377\313F\020\211 Step #5: artifact_prefix='./'; Test unit written to ./crash-5e337cc243c53e9d9d66d16a3f7afbcae5a0ae11 Step #5: Base64: gAlvzMkIJxuhIurjISIAACgALCIAoegAISKRASEAANmhIuoCAAAuG6Ei6SIAAAAhICLoAgAALhuhIukiAAAAISEi6AIA86CBvgAAIaEiKQIAAP//0v8GgB///////////wHe3xj9///1IaEiKQKg//////8A/////////////9///3///////////////4X//////xAQEBAQAP/LRhCJ Step #5: MERGE-OUTER: attempt 102 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 887110173 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/5e337cc243c53e9d9d66d16a3f7afbcae5a0ae11' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 569 processed earlier; will process 487 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1510==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffdd2d81640 (pc 0x7ffdd2d81640 bp 0x7ffdd2d81610 sp 0x7ffdd2d815b8 T1510) Step #5: #0 0x7ffdd2d81640 () Step #5: #1 0x55d591d4e0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55d591d4e0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55d591ceb19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55d591cf4008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55d591cdace9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55d591d069f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fd28f972082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==1510==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x6f,0xcc,0xc9,0x8,0x27,0x1b,0xa1,0x22,0xea,0xe3,0x21,0x22,0x0,0x0,0x28,0x0,0x2c,0x22,0x0,0xa1,0xe8,0x0,0x21,0x22,0x91,0x1,0x21,0x0,0x0,0xd9,0xa1,0x22,0xea,0x2,0x0,0x0,0x2e,0x1b,0xa1,0x22,0xe9,0x22,0x0,0x0,0x0,0x21,0x21,0x22,0xe8,0x2,0x0,0x0,0x0,0x21,0xa1,0x22,0x29,0x2,0x0,0x0,0xff,0xff,0xd2,0xff,0x6,0x80,0x1f,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x1,0xde,0xdf,0x18,0xfd,0xff,0xff,0x21,0xff,0xa0,0xf5,0x29,0xff,0xa1,0x2,0x22,0x1,0xde,0xdf,0x18,0xfd,0xff,0xff,0xf5,0x21,0xa1,0x22,0x29,0x2,0xa0,0xff,0xff,0xff,0xff,0xff,0x0,0xff,0xff,0xff,0xff,0xff,0xff,0x0,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xdf,0xff,0xff,0x7f,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x85,0xff,0xff,0xff,0xff,0xff,0x10,0x10,0x10,0x10,0x0,0xff,0xcb,0x46,0x10,0x89, Step #5: \200\011o\314\311\010'\033\241\"\352\343!\"\000\000(\000,\"\000\241\350\000!\"\221\001!\000\000\331\241\"\352\002\000\000.\033\241\"\351\"\000\000\000!!\"\350\002\000\000\000!\241\")\002\000\000\377\377\322\377\006\200\037\377\377\377\377\377\377\377\377\001\336\337\030\375\377\377!\377\240\365)\377\241\002\"\001\336\337\030\375\377\377\365!\241\")\002\240\377\377\377\377\377\000\377\377\377\377\377\377\000\377\377\377\377\377\377\377\377\377\377\337\377\377\177\377\377\377\377\377\377\377\377\377\377\377\205\377\377\377\377\377\020\020\020\020\000\377\313F\020\211 Step #5: artifact_prefix='./'; Test unit written to ./crash-994cc8fb9740d9cd2877a449ca93005bb34f3d15 Step #5: Base64: gAlvzMkIJxuhIurjISIAACgALCIAoegAISKRASEAANmhIuoCAAAuG6Ei6SIAAAAhISLoAgAAACGhIikCAAD//9L/BoAf//////////8B3t8Y/f//If+g9Sn/oQIiAd7fGP3///UhoSIpAqD//////wD///////8A/////////////9///3///////////////4X//////xAQEBAA/8tGEIk= Step #5: MERGE-OUTER: attempt 103 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 887158634 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/994cc8fb9740d9cd2877a449ca93005bb34f3d15' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 572 processed earlier; will process 484 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1514==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55e680d555b0 (pc 0x55e680d555b0 bp 0x7ffcbcf43280 sp 0x7ffcbcf43238 T1514) Step #5: ==1514==The signal is caused by a READ memory access. Step #5: ==1514==Hint: PC is at a non-executable region. Maybe a wild jump? Step #5: #0 0x55e680d555b0 () Step #5: Step #5: ==1514==Register values: Step #5: rax = 0x000055e6804ad901 rbx = 0x0000000000000001 rcx = 0x0000000000000018 rdx = 0x0000000000000180 Step #5: rdi = 0x0000000000000001 rsi = 0x0000000000000018 rbp = 0x00007ffcbcf43280 rsp = 0x00007ffcbcf43238 Step #5: r8 = 0x0000000000000000 r9 = 0x0000000000000180 r10 = 0xfffffffffffff04a r11 = 0x00007f8959f166d0 Step #5: r12 = 0x00007ffcbcf40800 r13 = 0x000055e6804ad97c r14 = 0x0000000000000001 r15 = 0x000055e680d2cfd8 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV () Step #5: ==1514==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x9,0xff,0x8,0x80,0xb,0x2b,0x9,0x0,0x9,0x10,0xf8,0xfa,0x0,0x0,0xfa,0x80,0x9,0xff,0x7a,0xff,0xb,0x2b,0x9,0x0,0x9,0x8,0xb0,0x5d,0xb,0x79,0x7a,0x80,0x9,0x22,0x7f,0x2,0x2d,0x30,0x9e,0xa0,0x0,0x9,0x7f,0x8,0xff,0x12,0xf8,0xfa,0x0,0x8c,0xec,0x0,0x0,0x0,0x18,0xb1,0x0,0x23,0x3,0x2,0x3,0xff,0x7f,0xff,0x3,0x23,0x3,0x2,0x3,0xff,0x3,0x2,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0x5f,0xff,0x7f,0x7f,0xff,0xff,0x0,0x7f,0xff,0xff,0x7f,0xff,0x7f,0x7f,0xff,0xff,0x9,0x11,0xd1,0x93,0xd0,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0x5f,0xff,0x7f,0x7f,0xff,0xff,0x9,0xff,0xff,0x93,0xd0,0x7f,0xff,0xff,0x7f,0x7f,0x11,0xff,0x7f,0xd1,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xba,0xff,0x18,0x0,0x80, Step #5: \000\011\377\010\200\013+\011\000\011\020\370\372\000\000\372\200\011\377z\377\013+\011\000\011\010\260]\013yz\200\011\"\177\002-0\236\240\000\011\177\010\377\022\370\372\000\214\354\000\000\000\030\261\000#\003\002\003\377\177\377\003#\003\002\003\377\003\002\377\177\177\377\377\177\177\377\377\177\177\377\377\177\177_\377\177\177\377\377\000\177\377\377\177\377\177\177\377\377\011\021\321\223\320\177\377\377\177\177\377\377\177\177\377\377\177\177_\377\177\177\377\377\011\377\377\223\320\177\377\377\177\177\021\377\177\321\177\177\377\377\177\177\377\377\177\177\377\377\177\177\272\377\030\000\200 Step #5: artifact_prefix='./'; Test unit written to ./crash-c1b4a498f3708e1095204baa5700d46a61cffdd0 Step #5: Base64: AAn/CIALKwkACRD4+gAA+oAJ/3r/CysJAAkIsF0LeXqACSJ/Ai0wnqAACX8I/xL4+gCM7AAAABixACMDAgP/f/8DIwMCA/8DAv9/f///f3///39///9/f1//f3///wB///9//39///8JEdGT0H///39///9/f///f39f/39///8J//+T0H///39/Ef9/0X9///9/f///f3///39/uv8YAIA= Step #5: MERGE-OUTER: attempt 104 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 887175564 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/c1b4a498f3708e1095204baa5700d46a61cffdd0' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 573 processed earlier; will process 483 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1517==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55a2520b05b0 (pc 0x55a2520b05b0 bp 0x7ffe4cdd5b30 sp 0x7ffe4cdd5ae8 T1517) Step #5: ==1517==The signal is caused by a READ memory access. Step #5: ==1517==Hint: PC is at a non-executable region. Maybe a wild jump? Step #5: #0 0x55a2520b05b0 () Step #5: Step #5: ==1517==Register values: Step #5: rax = 0x000055a251527901 rbx = 0x0000000000000001 rcx = 0x0000000000000018 rdx = 0x0000000000000180 Step #5: rdi = 0x0000000000000001 rsi = 0x0000000000000018 rbp = 0x00007ffe4cdd5b30 rsp = 0x00007ffe4cdd5ae8 Step #5: r8 = 0x0000000000000000 r9 = 0x0000000000000180 r10 = 0xfffffffffffff04a r11 = 0x00007f0c770426d0 Step #5: r12 = 0x00007ffe4cdd0810 r13 = 0x000055a25152797c r14 = 0x0000000000000001 r15 = 0x000055a252087fe8 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV () Step #5: ==1517==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0x6f,0xcc,0xc9,0x8,0x27,0x1b,0xa1,0x22,0xea,0xe3,0x21,0x22,0x0,0x0,0x28,0x0,0x2c,0x22,0x0,0xa1,0xe8,0x0,0x21,0x22,0x91,0x1,0x21,0x0,0x0,0xd9,0xa1,0x22,0xea,0x2,0x0,0x0,0x2e,0x1b,0xa1,0x22,0xe9,0x22,0x0,0x0,0x0,0x21,0x21,0x22,0xe8,0x2,0x0,0x0,0x0,0x21,0xa1,0x22,0x29,0x2,0x0,0x0,0xff,0xff,0xd2,0xff,0x6,0x80,0x1f,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x1,0xde,0xdf,0x18,0xfd,0xff,0xff,0x21,0xff,0xa0,0xf5,0x29,0xff,0xa1,0x2,0x22,0x1,0xde,0xdf,0x18,0xfd,0xff,0xff,0xf5,0x21,0xa1,0x22,0x29,0x2,0xa0,0xff,0xff,0xff,0xff,0xff,0x0,0xff,0xff,0xff,0xff,0xff,0xff,0x0,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xdf,0xff,0xff,0x7f,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x85,0xff,0xff,0xff,0xff,0xff,0x10,0x10,0x10,0x10,0x10,0x0,0xff,0xcb,0x46,0x10,0x89, Step #5: \200\011o\314\311\010'\033\241\"\352\343!\"\000\000(\000,\"\000\241\350\000!\"\221\001!\000\000\331\241\"\352\002\000\000.\033\241\"\351\"\000\000\000!!\"\350\002\000\000\000!\241\")\002\000\000\377\377\322\377\006\200\037\377\377\377\377\377\377\377\377\001\336\337\030\375\377\377!\377\240\365)\377\241\002\"\001\336\337\030\375\377\377\365!\241\")\002\240\377\377\377\377\377\000\377\377\377\377\377\377\000\377\377\377\377\377\377\377\377\377\377\337\377\377\177\377\377\377\377\377\377\377\377\377\377\377\205\377\377\377\377\377\020\020\020\020\020\000\377\313F\020\211 Step #5: artifact_prefix='./'; Test unit written to ./crash-a212b8666d2b0eebdaeb2aae94ace1a0f42e2ee8 Step #5: Base64: gAlvzMkIJxuhIurjISIAACgALCIAoegAISKRASEAANmhIuoCAAAuG6Ei6SIAAAAhISLoAgAAACGhIikCAAD//9L/BoAf//////////8B3t8Y/f//If+g9Sn/oQIiAd7fGP3///UhoSIpAqD//////wD///////8A/////////////9///3///////////////4X//////xAQEBAQAP/LRhCJ Step #5: MERGE-OUTER: attempt 105 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 887192339 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/a212b8666d2b0eebdaeb2aae94ace1a0f42e2ee8' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 574 processed earlier; will process 482 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x0,0x3a,0x3a,0xfa,0xaf,0x0,0x0,0x2,0x1f,0x0,0x0,0x0,0xa0,0x81,0xb9,0xd4,0x27,0xd3,0x0,0x55,0xff,0x0,0x1e,0x1e,0x0,0x0,0x0,0x0,0x0,0x83,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0x1e,0x93,0xe6,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0xf3,0xa0,0x80,0xbe,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xcd,0x8f,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0x1e,0x93,0x1e,0x94,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0xf3,0xa0,0x80,0xa,0xa1,0x93,0xad,0x93,0xff,0xe6,0x46,0x93,0xff, Step #5: \000\000::\372\257\000\000\002\037\000\000\000\240\201\271\324'\323\000U\377\000\036\036\000\000\000\000\000\203\000\000\000\000\000\000\000\000F\323\036\223\346\377\036\223F\323\036\223\036\223\346\377\036\223F\323\036\223\346\377\036\223F\323\036\223\036\223\346\036\223F\323\036\223\346\377\036\223F\323\036\223\036\223\346\377\036\223F\323\036\223\346\377\036\223F\323\036\223\036\223\346\377\036\223F\323\363\240\200\276\036\223\346\377\036\223F\323\036\223\315\217\036\223\346\377\036\223F\323\036\223\346\036\223\036\224\346\377\036\223F\323\036\363\240\200\012\241\223\255\223\377\346F\223\377 Step #5: artifact_prefix='./'; Test unit written to ./timeout-1184239074e1c6a64a41c9c46845fb9e7acbf086 Step #5: Base64: AAA6OvqvAAACHwAAAKCBudQn0wBV/wAeHgAAAAAAgwAAAAAAAAAARtMek+b/HpNG0x6THpPm/x6TRtMek+b/HpNG0x6THpPmHpNG0x6T5v8ek0bTHpMek+b/HpNG0x6T5v8ek0bTHpMek+b/HpNG0/OggL4ek+b/HpNG0x6TzY8ek+b/HpNG0x6T5h6THpTm/x6TRtMe86CACqGTrZP/5kaT/w== Step #5: ==1520== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x55bff97e6034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x55bff97a3178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x55bff9786a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7fb4cfe8008f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x55bff97e77e5 in usbd_int_set /src/tinyusb/src/device/usbd.c Step #5: #5 0x55bff97e7a57 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:188:3 Step #5: #6 0x55bff97e7a57 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #7 0x55bff97eb0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #8 0x55bff97eb0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #9 0x55bff978819d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #10 0x55bff9791008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #11 0x55bff9777ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #12 0x55bff97a39f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #13 0x7fb4cfe61082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #14 0x55bff976b59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 106 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 989240591 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/1184239074e1c6a64a41c9c46845fb9e7acbf086' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 576 processed earlier; will process 480 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1524==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffcfea89ff8 (pc 0x5606f136cb64 bp 0x7ffcff2882f0 sp 0x7ffcfea8a000 T1524) Step #5: #0 0x5606f136cb64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x5606f13700b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x5606f13700b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x5606f130d19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x5606f1316008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x5606f12fcce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x5606f13289f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fc24feca082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x5606f12f059d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1524==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5b,0x5a,0x5b,0x5b,0x7b,0x22,0x22,0x3a,0x5b,0x5d,0x7d,0x2c,0x7b,0x22,0x22,0x3a,0x22,0x22,0x7d,0x2c,0x7b,0x22,0x22,0x3a,0x5b,0x5d,0x7d,0x2c,0x5d,0x7d,0x2c,0x7b,0x22,0x22,0x3b,0x5b,0x7b,0x22,0x22,0x3a,0x5b,0x5d,0x7d,0x2c,0x7b,0x22,0xde,0xc5,0x2a,0x5c,0xdf,0x5c,0x27,0xc4,0x5f,0x5c,0x5f,0x5c,0x7f,0x5c,0x5,0x7c,0x5f,0x5c,0x3f,0x5c,0x25,0x5c,0x5c,0x5c,0x5f,0x5c,0xb5,0x5c,0x5f,0xf3,0xa6,0x7c,0x3f,0x5c,0xde,0xde,0xde,0xde,0xde,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x3a,0xff,0x5b,0x5d,0x7d,0x2c,0x5d,0x7d,0x2c,0x7b,0x22,0x22,0x3a,0x5b,0x7b,0x22,0x22,0x3a,0x5b,0x5d,0x7d,0x2c,0x7b,0x22,0x22,0x3a,0x5b,0x5d,0x7d,0x2c,0x7b,0x22,0x22,0x3a,0x5b,0x5d,0x7d,0x2c,0x7b,0x22,0x2c,0x5b,0x22,0x7b,0x3a,0x7d,0x5d,0x22,0x22,0x3a,0x5b,0x5d,0x7d,0x2c,0x7d,0x2d,0x2d,0x33,0x2c,0x7b, Step #5: [[[[[[[[[[[[Z[[{\"\":[]},{\"\":\"\"},{\"\":[]},]},{\"\";[{\"\":[]},{\"\336\305*\\\337\\'\304_\\_\\\177\\\005|_\\?\\%\\\\\\_\\\265\\_\363\246|?\\\336\336\336\336\336\377\377\377\377\377\377\377:\377[]},]},{\"\":[{\"\":[]},{\"\":[]},{\"\":[]},{\",[\"{:}]\"\":[]},}--3,{ Step #5: artifact_prefix='./'; Test unit written to ./crash-da58d82cc5410c8ecf86c31b8601d00b44f1dbd9 Step #5: Base64: W1tbW1tbW1tbW1tbWltbeyIiOltdfSx7IiI6IiJ9LHsiIjpbXX0sXX0seyIiO1t7IiI6W119LHsi3sUqXN9cJ8RfXF9cf1wFfF9cP1wlXFxcX1y1XF/zpnw/XN7e3t7e/////////zr/W119LF19LHsiIjpbeyIiOltdfSx7IiI6W119LHsiIjpbXX0seyIsWyJ7On1dIiI6W119LH0tLTMsew== Step #5: MERGE-OUTER: attempt 107 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 989299608 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/da58d82cc5410c8ecf86c31b8601d00b44f1dbd9' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 577 processed earlier; will process 479 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1528==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe332b3ff8 (pc 0x55decc8f6b64 bp 0x7ffe33ab1620 sp 0x7ffe332b4000 T1528) Step #5: #0 0x55decc8f6b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55decc8fa0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55decc8fa0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55decc89719d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55decc8a0008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55decc886ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55decc8b29f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f2f90336082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55decc87a59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1528==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x63,0x0,0x0,0x0,0xf,0x0,0x0,0x0,0x0,0x9,0x0,0xff,0x9,0xde,0x20,0x2f,0x0,0x9,0x29,0x0,0x55,0xac,0x1f,0x1f,0x0,0x9,0xff,0x0,0xf6,0x21,0x1f,0x20,0x2f,0xb,0x1,0x29,0xef,0xa3,0xbe,0xb5,0xbe,0x41,0x41,0x41,0x41,0x41,0x1b,0x0,0xef,0xb,0xa,0x1,0xa,0x29,0x1,0x1c,0xb,0x1,0x0,0x0,0xac,0x0,0x0,0xac,0x0,0x0,0xac,0x0,0x0,0xac,0x0,0x0,0xac,0x0,0x0,0xac,0x0,0x0,0xac,0x0,0x0,0xac,0x0,0x0,0xac,0x0,0x0,0xac,0x0,0x0,0xac,0x0,0x0,0xac,0x0,0x0,0xac,0x0,0x0,0xac,0x0,0x0,0xac,0x0,0x0,0xac,0x0,0x0,0xac,0x0,0x0,0xac,0x0,0x0,0xac,0x0,0x0,0xac,0x0,0x0,0xac,0x0,0x0,0xac,0x0,0x0,0xac,0x0,0x0,0xac,0x1,0x0,0x29,0xa,0x1,0x29,0xb,0xa,0x1,0xb,0x1,0x29,0xff,0x41,0x41,0xff,0xff,0xdf,0xff,0xef,0xa,0x1,0xb,0xa,0xb,0x0,0xa,0xff,0x3,0x0,0x0,0x0,0xff,0x1,0x99, Step #5: c\000\000\000\017\000\000\000\000\011\000\377\011\336 /\000\011)\000U\254\037\037\000\011\377\000\366!\037 /\013\001)\357\243\276\265\276AAAAA\033\000\357\013\012\001\012)\001\034\013\001\000\000\254\000\000\254\000\000\254\000\000\254\000\000\254\000\000\254\000\000\254\000\000\254\000\000\254\000\000\254\000\000\254\000\000\254\000\000\254\000\000\254\000\000\254\000\000\254\000\000\254\000\000\254\000\000\254\000\000\254\000\000\254\000\000\254\000\000\254\000\000\254\001\000)\012\001)\013\012\001\013\001)\377AA\377\377\337\377\357\012\001\013\012\013\000\012\377\003\000\000\000\377\001\231 Step #5: artifact_prefix='./'; Test unit written to ./crash-18bc33a3d1450a91d98f8b825d31a34147fcf12b Step #5: Base64: YwAAAA8AAAAACQD/Cd4gLwAJKQBVrB8fAAn/APYhHyAvCwEp76O+tb5BQUFBQRsA7wsKAQopARwLAQAArAAArAAArAAArAAArAAArAAArAAArAAArAAArAAArAAArAAArAAArAAArAAArAAArAAArAAArAAArAAArAAArAAArAAArAEAKQoBKQsKAQsBKf9BQf//3//vCgELCgsACv8DAAAA/wGZ Step #5: MERGE-OUTER: attempt 108 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 989358812 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/18bc33a3d1450a91d98f8b825d31a34147fcf12b' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 578 processed earlier; will process 478 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1532==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe1099f500 (pc 0x7ffe1099f500 bp 0x7ffe1099f4d0 sp 0x7ffe1099f478 T1532) Step #5: #0 0x7ffe1099f500 () Step #5: #1 0x55da3f5ac0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55da3f5ac0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55da3f54919d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55da3f552008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55da3f538ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55da3f5649f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f40f9dad082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==1532==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x9,0xff,0x8,0x80,0xb,0x2b,0x9,0x0,0x9,0x10,0xf8,0xfa,0x0,0x0,0xfa,0x80,0x9,0xff,0x7a,0xff,0xb,0x2b,0x9,0x0,0x9,0x8,0xb0,0x5d,0xb,0x79,0x7a,0x80,0x9,0x22,0x7f,0x2,0x34,0x32,0x39,0x34,0x39,0x36,0x37,0x32,0x39,0x35,0x9e,0xa0,0x0,0x9,0x7f,0x8,0xff,0x12,0xf8,0xfa,0x0,0x9,0xec,0x0,0x0,0x0,0x18,0xb1,0x0,0x23,0x3,0x2,0x3,0xff,0x7f,0xff,0x3,0x23,0x3,0x2,0x3,0xff,0x3,0x2,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0x5f,0xff,0x7f,0x7f,0xff,0xff,0x0,0x7f,0xff,0xff,0x7f,0xff,0x7f,0x7f,0xff,0xff,0x9,0x11,0xd1,0x93,0xd0,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0x5f,0xff,0x7f,0x7f,0xff,0xff,0x9,0xff,0xff,0x93,0xd0,0x7f,0xff,0xff,0x7f,0x7f,0x11,0xff,0x7f,0xd1,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xba,0xff,0x18,0x0,0x80, Step #5: \000\011\377\010\200\013+\011\000\011\020\370\372\000\000\372\200\011\377z\377\013+\011\000\011\010\260]\013yz\200\011\"\177\0024294967295\236\240\000\011\177\010\377\022\370\372\000\011\354\000\000\000\030\261\000#\003\002\003\377\177\377\003#\003\002\003\377\003\002\377\177\177\377\377\177\177\377\377\177\177\377\377\177\177_\377\177\177\377\377\000\177\377\377\177\377\177\177\377\377\011\021\321\223\320\177\377\377\177\177\377\377\177\177\377\377\177\177_\377\177\177\377\377\011\377\377\223\320\177\377\377\177\177\021\377\177\321\177\177\377\377\177\177\377\377\177\177\377\377\177\177\272\377\030\000\200 Step #5: artifact_prefix='./'; Test unit written to ./crash-2009ae680bc346e947a69a15b21943a946b872e3 Step #5: Base64: AAn/CIALKwkACRD4+gAA+oAJ/3r/CysJAAkIsF0LeXqACSJ/AjQyOTQ5NjcyOTWeoAAJfwj/Evj6AAnsAAAAGLEAIwMCA/9//wMjAwID/wMC/39///9/f///f3///39/X/9/f///AH///3//f3///wkR0ZPQf///f3///39///9/f1//f3///wn//5PQf///f38R/3/Rf3///39///9/f///f3+6/xgAgA== Step #5: MERGE-OUTER: attempt 109 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 989407251 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/2009ae680bc346e947a69a15b21943a946b872e3' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 581 processed earlier; will process 475 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1536==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffec2a95af0 (pc 0x7ffec2a95af0 bp 0x7ffec2a95ac0 sp 0x7ffec2a95a68 T1536) Step #5: #0 0x7ffec2a95af0 () Step #5: #1 0x55c67e1170b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55c67e1170b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55c67e0b419d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55c67e0bd008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55c67e0a3ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55c67e0cf9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7ff970f53082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==1536==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x9,0xff,0x8,0x80,0xb,0x2b,0x9,0x0,0x9,0x10,0xf8,0xfa,0x0,0x0,0xfa,0x80,0x9,0xff,0x7a,0xff,0xb,0x2b,0x9,0x0,0x9,0x8,0xb0,0x5d,0xb,0x79,0x7a,0x80,0x9,0x22,0x7f,0x2,0x34,0x32,0x39,0x35,0x34,0x35,0x30,0x38,0x32,0x31,0x9e,0xa0,0x0,0x9,0x7f,0x8,0xff,0x12,0xf8,0xfa,0x0,0x9,0xec,0x0,0x0,0x0,0x18,0xb1,0x0,0x23,0x3,0x2,0x3,0xff,0x7f,0xff,0x3,0x23,0x3,0x2,0x3,0xff,0x3,0x2,0xff,0x7f,0x7a,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0x5f,0xff,0x7f,0x7f,0xff,0xff,0x0,0x7f,0xff,0xff,0x7f,0xff,0x7f,0x7f,0xff,0xff,0x9,0x11,0xd1,0x93,0xd0,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0x5f,0xff,0x7f,0x7f,0xff,0xff,0x9,0xff,0xff,0x93,0xd0,0x7f,0xff,0xff,0x7f,0x7f,0x11,0xff,0x7f,0xd1,0xc6,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xba,0xff,0x18,0x0,0x80, Step #5: \000\011\377\010\200\013+\011\000\011\020\370\372\000\000\372\200\011\377z\377\013+\011\000\011\010\260]\013yz\200\011\"\177\0024295450821\236\240\000\011\177\010\377\022\370\372\000\011\354\000\000\000\030\261\000#\003\002\003\377\177\377\003#\003\002\003\377\003\002\377\177z\377\377\177\177\377\377\177\177\377\377\177\177_\377\177\177\377\377\000\177\377\377\177\377\177\177\377\377\011\021\321\223\320\177\377\377\177\177\377\377\177\177\377\377\177\177_\377\177\177\377\377\011\377\377\223\320\177\377\377\177\177\021\377\177\321\306\177\377\377\177\177\377\377\177\177\377\377\177\177\272\377\030\000\200 Step #5: artifact_prefix='./'; Test unit written to ./crash-88b2865f4ffcf611efda7d5b329098e83ef41481 Step #5: Base64: AAn/CIALKwkACRD4+gAA+oAJ/3r/CysJAAkIsF0LeXqACSJ/AjQyOTU0NTA4MjGeoAAJfwj/Evj6AAnsAAAAGLEAIwMCA/9//wMjAwID/wMC/396//9/f///f3///39/X/9/f///AH///3//f3///wkR0ZPQf///f3///39///9/f1//f3///wn//5PQf///f38R/3/Rxn///39///9/f///f3+6/xgAgA== Step #5: MERGE-OUTER: attempt 110 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 989455715 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/88b2865f4ffcf611efda7d5b329098e83ef41481' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 583 processed earlier; will process 473 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1540==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe14bf0ff8 (pc 0x55c30cc59b64 bp 0x7ffe153ee160 sp 0x7ffe14bf1000 T1540) Step #5: #0 0x55c30cc59b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55c30cc5d0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55c30cc5d0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55c30cbfa19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55c30cc03008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55c30cbe9ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55c30cc159f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f446bbda082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55c30cbdd59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1540==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x5,0x7c,0x5f,0x1c,0x5f,0x1c,0x5f,0x5c,0x40,0x3f,0x5c,0x25,0x5c,0x5c,0x30,0x55,0x5e,0x5f,0x4c,0x5f,0x68,0x5f,0x4c,0x5f,0x5e,0xff,0xdc,0x67,0x5c,0x2d,0x5c,0x5f,0x5c,0x5f,0x5c,0x57,0x5c,0x5f,0x5c,0x5f,0x5e,0xff,0x5c,0x5f,0x5c,0x5f,0x5c,0xb5,0x5c,0x5f,0x7c,0xdf,0x5c,0x2a,0x5c,0xdf,0x5c,0x27,0xc4,0x5f,0x5c,0x5f,0x5c,0x7f,0x5c,0x5,0x7c,0x5f,0x5c,0x3f,0x5c,0x25,0x5c,0x5c,0x5c,0x5f,0x5c,0xb5,0x5c,0x5f,0xf3,0xa6,0x7c,0x3f,0x5c,0xde,0xde,0xde,0xde,0xde,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xde,0xde,0x27,0xde,0xe3,0xde,0xff,0xff,0xac,0xff,0xff,0xff,0xff,0xef,0x2f,0xff,0xff,0xff,0xfb,0xee,0x29,0xff,0xff,0xff,0xff,0x3b,0x3b,0x3b,0x3b,0x3b,0x3b,0x3b,0x3b,0x3b,0x3b,0x3b,0x3b,0x3b,0x3b,0x3b,0x3b,0x3b,0x3b,0x3b,0x3b,0x3b,0x3b,0x3b,0x3b,0x3b,0x3b,0x3b,0x3b,0x3b,0x3b,0xfb,0xff,0xff,0xff,0xff,0x66,0x67,0xff,0xff,0xff,0xff,0xff,0x66,0x5,0xca,0x2f,0x76,0x76,0x76,0x2f,0x7f, Step #5: \005|_\034_\034_\\@?\\%\\\\0U^_L_h_L_^\377\334g\\-\\_\\_\\W\\_\\_^\377\\_\\_\\\265\\_|\337\\*\\\337\\'\304_\\_\\\177\\\005|_\\?\\%\\\\\\_\\\265\\_\363\246|?\\\336\336\336\336\336\377\377\377\377\377\377\377\377\336\336'\336\343\336\377\377\254\377\377\377\377\357/\377\377\377\373\356)\377\377\377\377;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;\373\377\377\377\377fg\377\377\377\377\377f\005\312/vvv/\177 Step #5: artifact_prefix='./'; Test unit written to ./crash-fb2b91fddb3ece311f7c18f36ed83c4c08471a46 Step #5: Base64: BXxfHF8cX1xAP1wlXFwwVV5fTF9oX0xfXv/cZ1wtXF9cX1xXXF9cX17/XF9cX1y1XF9831wqXN9cJ8RfXF9cf1wFfF9cP1wlXFxcX1y1XF/zpnw/XN7e3t7e///////////e3ife497//6z/////7y/////77in/////Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7+/////9mZ///////ZgXKL3Z2di9/ Step #5: MERGE-OUTER: attempt 111 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 989514568 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/fb2b91fddb3ece311f7c18f36ed83c4c08471a46' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 585 processed earlier; will process 471 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1544==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55e0e59a12c1 (pc 0x7f37c2b1598c bp 0x7ffdbf4a0050 sp 0x7ffdbf4a0018 T1544) Step #5: ==1544==The signal is caused by a WRITE memory access. Step #5: #0 0x7f37c2b1598c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55e0e5a3b5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55e0e5a3b5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55e0e5a3c820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55e0e5a3c820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55e0e5a3c820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55e0e5a3c820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55e0e5a3f53d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55e0e5a3f53d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55e0e5a3f0a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55e0e59dc19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55e0e59e5008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55e0e59cbce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55e0e59f79f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f37c29ae082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55e0e59bf59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1544==Register values: Step #5: rax = 0x000055e0e59a12c1 rbx = 0x000055e0e5a4c2b0 rcx = 0x00000000e59a3bb6 rdx = 0x0000000000000018 Step #5: rdi = 0x000055e0e59a12c1 rsi = 0x00007ffdbf4a00c0 rbp = 0x00007ffdbf4a0050 rsp = 0x00007ffdbf4a0018 Step #5: r8 = 0x00000000000048cb r9 = 0x00000000000048cb r10 = 0x000055e0e5fa72d0 r11 = 0x00007f37c2a246d0 Step #5: r12 = 0x0000000000000000 r13 = 0x00000000000055e0 r14 = 0x0000000000000018 r15 = 0x000055e0e5a4c2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1544==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x8,0xb,0xc2,0xdb,0xb9,0x9c,0x2,0x0,0x80,0x8,0xff,0xff,0x0,0x0,0xb9,0xb8,0xb8,0xc6,0x0,0xf3,0xa0,0x81,0xa1,0x93,0x66,0x93,0xb2,0x93,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3e,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x67,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x67,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66, Step #5: \200\010\013\302\333\271\234\002\000\200\010\377\377\000\000\271\270\270\306\000\363\240\201\241\223f\223\262\223f\307f?f\307f>f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?g\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?g\307f?f\307f?f\307f?f\307f?f\307f?f\307ff?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f Step #5: artifact_prefix='./'; Test unit written to ./crash-2460c7ba91681f2891aa05cc27d73862ef36590a Step #5: Base64: gAgLwtu5nAIAgAj//wAAubi4xgDzoIGhk2aTspNmx2Y/ZsdmPmbHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/Z8dmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2fHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/Zg== Step #5: MERGE-OUTER: attempt 112 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 989564299 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/2460c7ba91681f2891aa05cc27d73862ef36590a' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 586 processed earlier; will process 470 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1548==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x558ff264db3b (pc 0x7f1cbde8498c bp 0x7ffc18001410 sp 0x7ffc180013d8 T1548) Step #5: ==1548==The signal is caused by a WRITE memory access. Step #5: #0 0x7f1cbde8498c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x558ff26e35cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x558ff26e35cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x558ff26e4820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x558ff26e4820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x558ff26e4820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x558ff26e4820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x558ff26e753d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x558ff26e753d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x558ff26e70a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x558ff268419d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x558ff268d008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x558ff2673ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x558ff269f9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f1cbdd1d082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x558ff266759d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1548==Register values: Step #5: rax = 0x0000558ff264db3b rbx = 0x0000558ff26f42b0 rcx = 0x00000000f264733c rdx = 0x0000000000000018 Step #5: rdi = 0x0000558ff264db3b rsi = 0x00007ffc18001480 rbp = 0x00007ffc18001410 rsp = 0x00007ffc180013d8 Step #5: r8 = 0x000000000000c8cb r9 = 0x000000000000c8cb r10 = 0x0000558ff34ad010 r11 = 0x00007f1cbdee5be0 Step #5: r12 = 0x0000000000000000 r13 = 0x000000000000558f r14 = 0x0000000000000018 r15 = 0x0000558ff26f42b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1548==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0xc8,0x9,0xbf,0x3,0x1,0x10,0x0,0x2,0xff,0xff,0xef,0x6,0xc9,0x0,0x80,0x8,0xb,0xc2,0xdb,0xb9,0xf3,0xa0,0x80,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0x61,0x61,0x61,0x61,0x61,0x61,0x61,0x61,0x61,0x61,0x61,0x61,0x61,0x61,0xf3,0xa0,0x81,0x89,0x61,0x61,0x61,0x61,0xc7,0x66,0x3f,0x66,0xc7,0xca,0xb2,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0xe2,0x80,0x85,0x66,0xc7,0x66,0x3f,0x26,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x46,0xc7,0x67,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0xc7,0x3f,0x66,0xc7,0x66,0x66,0x66,0x66,0x66,0x3f,0xc7,0x66,0xc7,0x66,0x66,0x3f,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x9a, Step #5: \200\310\011\277\003\001\020\000\002\377\377\357\006\311\000\200\010\013\302\333\271\363\240\200?f\307f?f\307f?faaaaaaaaaaaaaa\363\240\201\211aaaa\307f?f\307\312\262f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?\342\200\205f\307f?&\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?F\307g?f\307f?f\307f?\307?f\307fffff?\307f\307ff??f\307f?f\307\232 Step #5: artifact_prefix='./'; Test unit written to ./crash-f891d86602f3ad75782540cc409823079ccef549 Step #5: Base64: gMgJvwMBEAAC///vBskAgAgLwtu586CAP2bHZj9mx2Y/ZmFhYWFhYWFhYWFhYWFh86CBiWFhYWHHZj9mx8qyZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/4oCFZsdmPybHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9Gx2c/ZsdmP2bHZj/HP2bHZmZmZmY/x2bHZmY/P2bHZj9mx5o= Step #5: MERGE-OUTER: attempt 113 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 989614485 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/f891d86602f3ad75782540cc409823079ccef549' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 588 processed earlier; will process 468 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1552==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x563a84c7ebe6 (pc 0x7fdaaa04398c bp 0x7ffd7be44f00 sp 0x7ffd7be44ec8 T1552) Step #5: ==1552==The signal is caused by a WRITE memory access. Step #5: #0 0x7fdaaa04398c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x563a84d145cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x563a84d145cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x563a84d15820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x563a84d15820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x563a84d15820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x563a84d15820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x563a84d186d0 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x563a84d186d0 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x563a84d180a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x563a84cb519d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x563a84cbe008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x563a84ca4ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x563a84cd09f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fdaa9edc082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x563a84c9859d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1552==Register values: Step #5: rax = 0x0000563a84c7ebe6 rbx = 0x0000563a84d252b0 rcx = 0x0000000084c78291 rdx = 0x0000000000000018 Step #5: rdi = 0x0000563a84c7ebe6 rsi = 0x00007ffd7be44f70 rbp = 0x00007ffd7be44f00 rsp = 0x00007ffd7be44ec8 Step #5: r8 = 0x000000000000d8cb r9 = 0x000000000000d8cb r10 = 0x0000000000000000 r11 = 0x00007ffd7beb8080 Step #5: r12 = 0x00000000000000fe r13 = 0x000000000000563a r14 = 0x0000000000000018 r15 = 0x0000563a84d252b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1552==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x7f,0x30,0x0,0xd7,0x2,0x3,0x23,0x3,0x7e,0x55,0x7a,0xd7,0xca,0x3,0x23,0x9,0x7e,0x55,0xf2,0xd7,0x2c,0x3,0x3,0x21,0x2,0x3,0xfa,0xd7,0x2,0x3,0x23,0x3,0x7e,0x55,0x7a,0xd7,0xca,0x3,0x23,0x9,0x7e,0x55,0xf2,0xd7,0x2c,0x3,0x3,0x21,0x2,0x3,0xfa,0xd7,0x2,0x3,0x23,0x3,0x7e,0x55,0x7a,0xd7,0xca,0x3,0x23,0x9,0x7e,0x55,0xf2,0xd7,0x2c,0x3,0x3,0x21,0x2,0x3,0x23,0x3,0x7e,0x55,0x7a,0xd7,0xca,0x3,0x23,0x9,0x7e,0x55,0xf2,0xd7,0x2c,0x3,0x3,0x21,0x2,0x3,0xfa,0xd7,0x2,0x3,0x23,0x3,0x7e,0x55,0x7a,0xd7,0xca,0x3,0x23,0x9,0x7e,0x55,0xf2,0xd7,0x2c,0x3,0x3,0x21,0x2,0x3,0xfa,0xd7,0x2,0x3,0x23,0x3,0x7e,0x55,0x7a,0xd7,0xca,0x3,0x23,0x9,0x7e,0x55,0x7a,0xd7,0xca,0x3,0x23,0x9,0x7e,0x55,0xf2,0xd7,0x2c,0x3,0x3,0x21,0x2,0x3,0x23,0x3,0x7e,0x55,0x7a,0xd7,0xca,0x3,0x23,0x9,0x7e,0x55,0xf2,0xd7,0x2c,0x3,0x3,0x21,0x2,0x3,0xfa,0xd7,0x2,0xbf,0xeb,0xff,0x0,0xeb,0xff,0xef,0x79,0xbf,0x3,0xeb,0xbf,0x9e,0xfe,0x26,0xf7,0xaf,0x9c,0x82, Step #5: \1770\000\327\002\003#\003~Uz\327\312\003#\011~U\362\327,\003\003!\002\003\372\327\002\003#\003~Uz\327\312\003#\011~U\362\327,\003\003!\002\003\372\327\002\003#\003~Uz\327\312\003#\011~U\362\327,\003\003!\002\003#\003~Uz\327\312\003#\011~U\362\327,\003\003!\002\003\372\327\002\003#\003~Uz\327\312\003#\011~U\362\327,\003\003!\002\003\372\327\002\003#\003~Uz\327\312\003#\011~Uz\327\312\003#\011~U\362\327,\003\003!\002\003#\003~Uz\327\312\003#\011~U\362\327,\003\003!\002\003\372\327\002\277\353\377\000\353\377\357y\277\003\353\277\236\376&\367\257\234\202 Step #5: artifact_prefix='./'; Test unit written to ./crash-75f5e5c937d13cacd85c116129e5cc9e5ed07a1d Step #5: Base64: fzAA1wIDIwN+VXrXygMjCX5V8tcsAwMhAgP61wIDIwN+VXrXygMjCX5V8tcsAwMhAgP61wIDIwN+VXrXygMjCX5V8tcsAwMhAgMjA35VetfKAyMJflXy1ywDAyECA/rXAgMjA35VetfKAyMJflXy1ywDAyECA/rXAgMjA35VetfKAyMJflV618oDIwl+VfLXLAMDIQIDIwN+VXrXygMjCX5V8tcsAwMhAgP61wK/6/8A6//veb8D67+e/ib3r5yC Step #5: MERGE-OUTER: attempt 114 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 989664567 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/75f5e5c937d13cacd85c116129e5cc9e5ed07a1d' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 593 processed earlier; will process 463 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1556==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe4e33dff8 (pc 0x55717a2ceb64 bp 0x7ffe4eb3c3b0 sp 0x7ffe4e33e000 T1556) Step #5: #0 0x55717a2ceb64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55717a2d20b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55717a2d20b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55717a26f19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55717a278008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55717a25ece9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55717a28a9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f7a4c261082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55717a25259d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1556==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0x2,0x3,0x2,0xdd,0x1,0x9e,0x0,0x9,0xfe,0x28,0x1f,0x0,0x2e,0x1b,0x21,0x62,0xe8,0x22,0x0,0x7f,0x0,0x0,0x0,0x22,0xe8,0x2,0x0,0x0,0x0,0x21,0xa1,0x22,0x29,0x2,0x0,0x0,0xd5,0x27,0xa1,0x22,0xe8,0xfa,0x0,0x0,0xfa,0x1f,0xa1,0x24,0xea,0x2,0x0,0x0,0x2e,0x0,0xa1,0x23,0xea,0x2,0x0,0x0,0x2e,0x0,0x40,0xdd,0xe8,0x22,0x0,0xe8,0x0,0xd9,0x0,0xa1,0x2a,0xea,0x2,0x0,0x0,0x2e,0x1b,0xa1,0x22,0xe8,0x1,0xf3,0xa0,0x81,0x8d,0x0,0x0,0x0,0x21,0xa1,0x22,0xfb,0xff,0xff,0xff,0xff,0xff,0xf3,0xa0,0x81,0xb8,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0xff,0x7f,0x7f,0x3d,0xff,0xff,0x7f,0x7f,0x7f,0xff,0xff,0x13,0x13,0x2,0x2f,0x1,0x81,0xb4,0xb4,0xb4,0xb4,0x13,0x13,0x13,0x13,0x14,0x13,0x13,0x13,0x13,0xb4,0xb4,0xb4,0xb4,0xb4,0xb4, Step #5: \000\006\002\003\002\335\001\236\000\011\376(\037\000.\033!b\350\"\000\177\000\000\000\"\350\002\000\000\000!\241\")\002\000\000\325'\241\"\350\372\000\000\372\037\241$\352\002\000\000.\000\241#\352\002\000\000.\000@\335\350\"\000\350\000\331\000\241*\352\002\000\000.\033\241\"\350\001\363\240\201\215\000\000\000!\241\"\373\377\377\377\377\377\363\240\201\270\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\177\377\377\177\177\377\377\177\177\377\377\377\177\177=\377\377\177\177\177\377\377\023\023\002/\001\201\264\264\264\264\023\023\023\023\024\023\023\023\023\264\264\264\264\264\264 Step #5: artifact_prefix='./'; Test unit written to ./crash-f1ce173cb5b19513f9c4df08c0bf6d0d1179518c Step #5: Base64: AAYCAwLdAZ4ACf4oHwAuGyFi6CIAfwAAACLoAgAAACGhIikCAADVJ6Ei6PoAAPofoSTqAgAALgChI+oCAAAuAEDd6CIA6ADZAKEq6gIAAC4boSLoAfOggY0AAAAhoSL7///////zoIG4//////////////////////////////////////////////////////9///9/f///f3////9/fz3//39/f///ExMCLwGBtLS0tBMTExMUExMTE7S0tLS0tA== Step #5: MERGE-OUTER: attempt 115 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 989723760 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/f1ce173cb5b19513f9c4df08c0bf6d0d1179518c' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 594 processed earlier; will process 462 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1560==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5628483565b0 (pc 0x5628483565b0 bp 0x7ffdac384420 sp 0x7ffdac3843d8 T1560) Step #5: ==1560==The signal is caused by a READ memory access. Step #5: ==1560==Hint: PC is at a non-executable region. Maybe a wild jump? Step #5: #0 0x5628483565b0 () Step #5: Step #5: ==1560==Register values: Step #5: rax = 0x0000562847984901 rbx = 0x0000000000000001 rcx = 0x0000000000000018 rdx = 0x0000000000000180 Step #5: rdi = 0x0000000000000001 rsi = 0x0000000000000018 rbp = 0x00007ffdac384420 rsp = 0x00007ffdac3843d8 Step #5: r8 = 0x0000000000000000 r9 = 0x0000000000000180 r10 = 0xfffffffffffff04a r11 = 0x00007f6e34b846d0 Step #5: r12 = 0x00007ffdac380800 r13 = 0x000056284798497c r14 = 0x0000000000000001 r15 = 0x000056284832dff8 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV () Step #5: ==1560==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x9,0xff,0x8,0x80,0xb,0x2b,0x9,0x0,0x9,0x10,0xf8,0xfa,0x0,0x0,0xfa,0x80,0x9,0xff,0x7a,0xff,0xb,0x2b,0x9,0x0,0x9,0x8,0xb0,0x5d,0xb,0x79,0x7a,0x80,0x9,0x22,0x7f,0x2,0x34,0x32,0x39,0x34,0x39,0x36,0x37,0x32,0x39,0x35,0x9e,0xa0,0x0,0x9,0x7f,0x8,0xff,0x12,0xf8,0xfa,0x0,0x9,0xec,0x0,0x0,0x0,0x18,0xb1,0x0,0x23,0x3,0x2,0x3,0xff,0x7f,0xff,0x3,0x23,0x3,0x2,0x3,0xff,0x3,0x2,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0x5f,0xff,0x7f,0xff,0xff,0x7f,0x7e,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0x5f,0xff,0x7f,0x7f,0xff,0xff,0x0,0x7f,0xfe,0xff,0x7f,0xff,0x7f,0x7f,0xff,0xff,0x9,0x11,0xd1,0x93,0xe3,0xd0,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0x5f,0xff,0x7f,0x7f,0xff,0xff,0x9,0xfe,0xff,0x93,0xd0,0x7f,0xff,0xff,0x7f,0x7f,0x11,0xff,0x7f,0xd1,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xba,0xff,0x18,0x0,0x80, Step #5: \000\011\377\010\200\013+\011\000\011\020\370\372\000\000\372\200\011\377z\377\013+\011\000\011\010\260]\013yz\200\011\"\177\0024294967295\236\240\000\011\177\010\377\022\370\372\000\011\354\000\000\000\030\261\000#\003\002\003\377\177\377\003#\003\002\003\377\003\002\377\177\177\377\377\177\177\377\377\177\177\377\377\177\177_\377\177\377\377\177~\377\377\177\177\377\377\177\177_\377\177\177\377\377\000\177\376\377\177\377\177\177\377\377\011\021\321\223\343\320\177\377\377\177\177\377\377\177\177\377\377\177\177\377\377\177\177\377\377\177\177_\377\177\177\377\377\011\376\377\223\320\177\377\377\177\177\021\377\177\321\177\177\377\377\177\177\377\377\177\177\377\377\177\177\272\377\030\000\200 Step #5: artifact_prefix='./'; Test unit written to ./crash-1034848d3752667871e4d83f9ddc723d00f269df Step #5: Base64: AAn/CIALKwkACRD4+gAA+oAJ/3r/CysJAAkIsF0LeXqACSJ/AjQyOTQ5NjcyOTWeoAAJfwj/Evj6AAnsAAAAGLEAIwMCA/9//wMjAwID/wMC/39///9/f///f3///39/X/9///9/fv//f3///39/X/9/f///AH/+/3//f3///wkR0ZPj0H///39///9/f///f3///39///9/f1//f3///wn+/5PQf///f38R/3/Rf3///39///9/f///f3+6/xgAgA== Step #5: MERGE-OUTER: attempt 116 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 989740603 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/1034848d3752667871e4d83f9ddc723d00f269df' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 595 processed earlier; will process 461 files now Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x8,0xb,0xc2,0xdb,0xb9,0x9c,0x2,0x0,0x80,0x8,0xff,0xff,0x0,0x0,0xb9,0xb8,0xb8,0xc6,0x0,0xf3,0xa0,0x81,0xa1,0x93,0x66,0x93,0xb2,0x93,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x65,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc8,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x30,0x66,0xc7,0x66,0x3f,0x66, Step #5: \200\010\013\302\333\271\234\002\000\200\010\377\377\000\000\271\270\270\306\000\363\240\201\241\223f\223\262\223f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?e\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\310f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f0f\307f?f Step #5: artifact_prefix='./'; Test unit written to ./timeout-bbf49b9f3fe3ac728457c04173120487c841bb80 Step #5: Base64: gAgLwtu5nAIAgAj//wAAubi4xgDzoIGhk2aTspNmx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZcdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bIZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2YwZsdmP2Y= Step #5: ==1563== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x557a02cf7034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x557a02cb4178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x557a02c97a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7f60e8ca608f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x557a02cf83e0 in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:513:3 Step #5: #5 0x557a02cf8a49 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #6 0x557a02cf8a49 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #7 0x557a02cf8a49 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #8 0x557a02cfc0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #9 0x557a02cfc0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #10 0x557a02c9919d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x557a02ca2008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x557a02c88ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x557a02cb49f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f60e8c87082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x557a02c7c59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 117 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1091790247 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/bbf49b9f3fe3ac728457c04173120487c841bb80' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 596 processed earlier; will process 460 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1567==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe9e5daff8 (pc 0x55ef25805b64 bp 0x7ffe9edd8440 sp 0x7ffe9e5db000 T1567) Step #5: #0 0x55ef25805b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55ef258090b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55ef258090b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55ef257a619d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55ef257af008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55ef25795ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55ef257c19f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f44e8e4a082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55ef2578959d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1567==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x31,0x32,0x38,0x38,0x34,0x39,0xff,0x0,0x6,0x7,0x6,0x1f,0xff,0xff,0xff,0x0,0x6,0x7,0x6,0x1f,0xff,0x0,0xff,0x0,0x6,0x7,0x6,0x1f,0xff,0xff,0xff,0x0,0x6,0x7,0x6,0x1f,0xff,0xff,0xff,0xff,0x6,0x7,0x6,0x1f,0x7f,0x8,0xff,0x0,0x5,0x7,0x6,0x1f,0xff,0xff,0xff,0x0,0x6,0x7,0x6,0x20,0xff,0xff,0xff,0x0,0x6,0x0,0x6,0x7,0x6,0x1f,0xff,0xd,0x1f,0xff,0xff,0xff,0x0,0x6,0x7,0x6,0x1f,0xff,0xff,0xff,0x1,0x2,0x7,0x6,0x1f,0xff,0xff,0xff,0x0,0x6,0x7,0x6,0x1f,0x6,0x0,0x7,0x0,0xff,0x6,0xff,0x6,0xff,0x1f,0xff,0xff,0xff,0x0,0x59,0x3,0x1d,0x0,0x1,0xe2,0x80,0xad,0x0,0xe,0x57,0x56,0x56,0x57,0x56,0x7d,0x13,0x2a,0x57,0x57,0x56,0x57,0x9f,0x30,0x57,0x57,0x56,0x17,0x57,0x56,0x57,0x9f,0x30,0x56,0x57,0x56,0x62,0x57,0x56,0x57,0x9f,0x30,0x56,0x57,0x56,0x5a,0x55,0xe2,0x80,0xad,0xe0,0xb9,0x81,0x56,0x9f,0x31,0x2c,0x55,0x57,0x73,0x57,0x57,0x56,0x56,0xb7,0x56,0x57,0x56,0x9f,0x20,0x57,0xff,0x1a,0x32,0x37,0x56,0xd5,0x37,0x30,0x36,0x32,0x53,0x2f,0xff,0xff,0xdb,0xbe,0xa8, Step #5: 128849\377\000\006\007\006\037\377\377\377\000\006\007\006\037\377\000\377\000\006\007\006\037\377\377\377\000\006\007\006\037\377\377\377\377\006\007\006\037\177\010\377\000\005\007\006\037\377\377\377\000\006\007\006 \377\377\377\000\006\000\006\007\006\037\377\015\037\377\377\377\000\006\007\006\037\377\377\377\001\002\007\006\037\377\377\377\000\006\007\006\037\006\000\007\000\377\006\377\006\377\037\377\377\377\000Y\003\035\000\001\342\200\255\000\016WVVWV}\023*WWVW\2370WWV\027WVW\2370VWVbWVW\2370VWVZU\342\200\255\340\271\201V\2371,UWsWWVV\267VWV\237 W\377\03227V\3257062S/\377\377\333\276\250 Step #5: artifact_prefix='./'; Test unit written to ./crash-f4aa59e071250b159c8177850cb4a74749100053 Step #5: Base64: MTI4ODQ5/wAGBwYf////AAYHBh//AP8ABgcGH////wAGBwYf/////wYHBh9/CP8ABQcGH////wAGBwYg////AAYABgcGH/8NH////wAGBwYf////AQIHBh////8ABgcGHwYABwD/Bv8G/x////8AWQMdAAHigK0ADldWVldWfRMqV1dWV58wV1dWF1dWV58wVldWYldWV58wVldWWlXigK3guYFWnzEsVVdzV1dWVrdWV1afIFf/GjI3VtU3MDYyUy///9u+qA== Step #5: MERGE-OUTER: attempt 118 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1091850022 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/f4aa59e071250b159c8177850cb4a74749100053' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 598 processed earlier; will process 458 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1571==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5641a3a4d5b0 (pc 0x5641a3a4d5b0 bp 0x7ffc09a73750 sp 0x7ffc09a73708 T1571) Step #5: ==1571==The signal is caused by a READ memory access. Step #5: ==1571==Hint: PC is at a non-executable region. Maybe a wild jump? Step #5: #0 0x5641a3a4d5b0 () Step #5: Step #5: ==1571==Register values: Step #5: rax = 0x00005641a2ea5901 rbx = 0x0000000000000001 rcx = 0x0000000000000018 rdx = 0x0000000000000180 Step #5: rdi = 0x0000000000000001 rsi = 0x0000000000000018 rbp = 0x00007ffc09a73750 rsp = 0x00007ffc09a73708 Step #5: r8 = 0x0000000000000000 r9 = 0x0000000000000180 r10 = 0xfffffffffffff04a r11 = 0x00007f736ca786d0 Step #5: r12 = 0x00007ffc09a708b4 r13 = 0x00005641a2ea597c r14 = 0x0000000000000001 r15 = 0x00005641a3a25028 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV () Step #5: ==1571==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0x2,0x3,0x2,0xdd,0x1,0x9e,0x0,0x9,0xfe,0x28,0x1f,0x0,0x2e,0x1b,0x21,0x62,0xe8,0x22,0x0,0x7f,0x0,0x0,0x0,0x22,0xe8,0x2,0x0,0x0,0x0,0x21,0xa1,0x22,0x29,0x2,0x0,0x0,0xd5,0x27,0xa1,0x22,0xe8,0xfa,0x0,0x0,0xfa,0x1f,0xa1,0x24,0xea,0x2,0x0,0x5,0x2e,0x0,0xa1,0x23,0xea,0x2,0x0,0x0,0x2e,0x0,0x40,0xdd,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f,0xff,0xff,0x7f,0xfb,0xff,0xff,0xff,0xff,0xff,0xf3,0xa0,0x81,0xb8,0xff,0xff,0xff,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0xfc,0xff,0xff,0xff,0xff,0xff,0xff,0xfa,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0xff,0x7f,0xff,0xff,0xff,0x7f,0x7f,0x3d,0xff,0xff,0x7f,0x7f,0x7f,0xff,0xff,0x13,0x13,0x4c,0x4b,0x4b,0x4b,0xec,0xec,0xec,0xee,0x14,0x13,0x13,0x13,0x13,0xb4,0xb4,0xb4,0xb4,0xb4,0xb4, Step #5: \000\006\002\003\002\335\001\236\000\011\376(\037\000.\033!b\350\"\000\177\000\000\000\"\350\002\000\000\000!\241\")\002\000\000\325'\241\"\350\372\000\000\372\037\241$\352\002\000\005.\000\241#\352\002\000\000.\000@\335\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\177\377\377\177\373\377\377\377\377\377\363\240\201\270\377\377\377\000\000\000\000\000\000\000\374\377\377\377\377\377\377\372\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\177\377\377\177\177\377\377\177\177\377\377\377\177\377\377\377\177\177=\377\377\177\177\177\377\377\023\023LKKK\354\354\354\356\024\023\023\023\023\264\264\264\264\264\264 Step #5: artifact_prefix='./'; Test unit written to ./crash-8b57f253c46ae1c8b027b1abb43c5b6ee99ff9fb Step #5: Base64: AAYCAwLdAZ4ACf4oHwAuGyFi6CIAfwAAACLoAgAAACGhIikCAADVJ6Ei6PoAAPofoSTqAgAFLgChI+oCAAAuAEDd//////////////////////////////////////////9///9/+///////86CBuP///wAAAAAAAAD8////////+v//////////////////////////////f///f3///39/////f////39/Pf//f39///8TE0xLS0vs7OzuFBMTExO0tLS0tLQ= Step #5: MERGE-OUTER: attempt 119 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1091867645 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/8b57f253c46ae1c8b027b1abb43c5b6ee99ff9fb' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 599 processed earlier; will process 457 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1574==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55f6e4110ba2 (pc 0x7f45951fe98c bp 0x7ffe737d96d0 sp 0x7ffe737d9698 T1574) Step #5: ==1574==The signal is caused by a WRITE memory access. Step #5: #0 0x7f45951fe98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55f6e41a65cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55f6e41a65cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55f6e41a7820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55f6e41a7820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55f6e41a7820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55f6e41a7820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55f6e41aa53d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55f6e41aa53d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55f6e41aa0a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55f6e414719d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55f6e4150008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55f6e4136ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55f6e41629f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f4595097082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55f6e412a59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1574==Register values: Step #5: rax = 0x000055f6e4110ba2 rbx = 0x000055f6e41b72b0 rcx = 0x00000000e410a2d5 rdx = 0x0000000000000018 Step #5: rdi = 0x000055f6e4110ba2 rsi = 0x00007ffe737d9740 rbp = 0x00007ffe737d96d0 rsp = 0x00007ffe737d9698 Step #5: r8 = 0x000000000000f8cb r9 = 0x000000000000f8cb r10 = 0x0000000000000001 r11 = 0x0000000000000001 Step #5: r12 = 0x0000000000000000 r13 = 0x00000000000055f6 r14 = 0x0000000000000018 r15 = 0x000055f6e41b72b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1574==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0xbf,0x3,0x1,0x10,0x0,0x2,0xff,0xff,0xef,0x6,0xcb,0x0,0x80,0x8,0xb,0xc2,0xdb,0xb9,0xf3,0xa0,0x80,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0x61,0x61,0x61,0x61,0x61,0x61,0x61,0x61,0x61,0x61,0x61,0x61,0xc7,0x66,0x3f,0x66,0xc7,0xca,0xb2,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x26,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x66,0xd7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x46,0xc7,0x67,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0xc7,0x3f,0x66,0xc7,0x66,0x66,0x66,0x66,0x66,0x3f,0xc7,0x66,0xc7,0x66,0x66,0x3f,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x9a, Step #5: \200\011\277\003\001\020\000\002\377\377\357\006\313\000\200\010\013\302\333\271\363\240\200?f\307f?f\307f?faaaaaaaaaaaa\307f?f\307\312\262f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?&\307f?f\307ff\327f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?F\307g?f\307f?f\307f?\307?f\307fffff?\307f\307ff??f\307f?f\307\232 Step #5: artifact_prefix='./'; Test unit written to ./crash-954698428b915914380ed1e75a1dc9cf5dd674fd Step #5: Base64: gAm/AwEQAAL//+8GywCACAvC27nzoIA/ZsdmP2bHZj9mYWFhYWFhYWFhYWFhx2Y/ZsfKsmY/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj8mx2Y/ZsdmZtdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/RsdnP2bHZj9mx2Y/xz9mx2ZmZmZmP8dmx2ZmPz9mx2Y/Zsea Step #5: MERGE-OUTER: attempt 120 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1091918384 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/954698428b915914380ed1e75a1dc9cf5dd674fd' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 601 processed earlier; will process 455 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1578==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55976ab425b0 (pc 0x55976ab425b0 bp 0x7ffcc6fc35b0 sp 0x7ffcc6fc3568 T1578) Step #5: ==1578==The signal is caused by a READ memory access. Step #5: ==1578==Hint: PC is at a non-executable region. Maybe a wild jump? Step #5: #0 0x55976ab425b0 () Step #5: Step #5: ==1578==Register values: Step #5: rax = 0x000055976964b901 rbx = 0x0000000000000001 rcx = 0x0000000000000018 rdx = 0x0000000000000180 Step #5: rdi = 0x0000000000000001 rsi = 0x0000000000000018 rbp = 0x00007ffcc6fc35b0 rsp = 0x00007ffcc6fc3568 Step #5: r8 = 0x0000000000000000 r9 = 0x0000000000000180 r10 = 0xfffffffffffff04a r11 = 0x00007f57b9f3a6d0 Step #5: r12 = 0x00007ffcc6fc08b4 r13 = 0x000055976964b97c r14 = 0x0000000000000001 r15 = 0x000055976ab1a038 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV () Step #5: ==1578==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0x2,0x3,0x2,0xdd,0x1,0x9e,0x0,0x9,0xfe,0x28,0x1f,0x0,0x2e,0x1b,0x21,0x62,0xe8,0x22,0x0,0x7f,0x0,0x21,0x21,0x22,0xe8,0x2,0x0,0x0,0x0,0x21,0xa1,0x22,0x29,0x2,0x0,0x0,0xd5,0x27,0xa1,0x22,0xe8,0xfa,0x0,0x0,0xfa,0x1f,0xa1,0x24,0xea,0x2,0x0,0x0,0x2e,0x0,0xa1,0x23,0xea,0x2,0x0,0x0,0x2e,0x0,0x40,0xdd,0xe8,0x22,0x0,0xe8,0x0,0xa9,0x0,0x21,0x0,0x23,0x20,0x0,0xd9,0x0,0xa1,0x2a,0xea,0x2,0x0,0x0,0x2e,0x1b,0xa1,0x22,0xe8,0x1,0xf3,0xa0,0x81,0x8d,0x0,0x0,0x0,0x21,0xa1,0x22,0xfb,0xff,0xff,0xff,0xff,0xff,0xf3,0xa0,0x81,0xb8,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf3,0xa0,0x80,0xb3,0xff,0xff,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0xff,0x7f,0x7f,0x3d,0xff,0xff,0x7f,0x7f,0x7f,0xff,0xff,0x13,0x13,0x2,0x2f,0x1,0x81,0xb4,0xb4,0xb4,0xb4,0x13,0x13,0x13,0x13,0x14,0x13,0x13,0x13,0x13,0xb4,0xb4,0xb4,0xb4,0xb4,0xb4, Step #5: \000\006\002\003\002\335\001\236\000\011\376(\037\000.\033!b\350\"\000\177\000!!\"\350\002\000\000\000!\241\")\002\000\000\325'\241\"\350\372\000\000\372\037\241$\352\002\000\000.\000\241#\352\002\000\000.\000@\335\350\"\000\350\000\251\000!\000# \000\331\000\241*\352\002\000\000.\033\241\"\350\001\363\240\201\215\000\000\000!\241\"\373\377\377\377\377\377\363\240\201\270\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\363\240\200\263\377\377\177\377\377\177\177\377\377\177\177\377\377\377\177\177=\377\377\177\177\177\377\377\023\023\002/\001\201\264\264\264\264\023\023\023\023\024\023\023\023\023\264\264\264\264\264\264 Step #5: artifact_prefix='./'; Test unit written to ./crash-70bbb5fe377da4f747513118221a4e8b43aee63d Step #5: Base64: AAYCAwLdAZ4ACf4oHwAuGyFi6CIAfwAhISLoAgAAACGhIikCAADVJ6Ei6PoAAPofoSTqAgAALgChI+oCAAAuAEDd6CIA6ACpACEAIyAA2QChKuoCAAAuG6Ei6AHzoIGNAAAAIaEi+///////86CBuP////////////////////////////////////////////////////OggLP//3///39///9/f////39/Pf//f39///8TEwIvAYG0tLS0ExMTExQTExMTtLS0tLS0 Step #5: MERGE-OUTER: attempt 121 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1091936008 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/70bbb5fe377da4f747513118221a4e8b43aee63d' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 602 processed earlier; will process 454 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1581==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffc7076ba90 (pc 0x7ffc7076ba90 bp 0x7ffc7076ba60 sp 0x7ffc7076ba08 T1581) Step #5: #0 0x7ffc7076ba90 () Step #5: #1 0x562757fcc0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x562757fcc0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x562757f6919d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x562757f72008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x562757f58ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x562757f849f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f3a61e9b082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==1581==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x6,0xb1,0x2,0x19,0x0,0x1f,0x3b,0x0,0x0,0x0,0x9d,0xa,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7e,0xa0,0x2b,0x23,0x0,0x0,0x0,0x0,0x6,0x0,0x3,0x80,0x6,0x40,0x2,0x3b,0x0,0x2e,0xff,0x40,0x24,0xed,0x0,0x1,0x20,0x0,0xc0,0x83,0x0,0xd9,0x0,0x0,0x0,0x0,0x6,0x0,0x3,0x0,0x0,0x1,0x0,0x80,0x6,0x0,0x2c,0x3,0x0,0x1,0xff,0x0,0x0,0x6,0x5,0x3,0x0,0x34,0x35,0x39,0x36,0x38,0x34,0x30,0x36,0x31,0x39,0x30,0x39,0x33,0x33,0x30,0x38,0x34,0x32,0x30,0x38,0x36,0x37,0x34,0x35,0x33,0x33,0x35,0x9,0x0,0x0,0x6,0x0,0x34,0x32,0x39,0x34,0x39,0x36,0x37,0x32,0x39,0x36,0x9,0x0,0x0,0x6,0x0,0x3,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x53,0x0,0x1,0x0,0x0,0x6,0x0,0x3,0x3,0x0,0x9,0xcc,0xcc,0xcc,0x18,0xcc,0xcc,0xcc,0xcc,0xcc,0x0,0x0,0x0,0x6,0x0,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0x0,0x5,0x0,0x0,0x6,0x3,0xe8,0x89,0x0,0x0,0x5,0x0,0xff,0xff,0xff,0xca,0xb1,0xff,0xff,0xff,0xff,0xff,0xf3,0xca,0xca,0xca, Step #5: \200\006\261\002\031\000\037;\000\000\000\235\012\000\000\000\000\000\000\000\000\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377~\240+#\000\000\000\000\006\000\003\200\006@\002;\000.\377@$\355\000\001 \000\300\203\000\331\000\000\000\000\006\000\003\000\000\001\000\200\006\000,\003\000\001\377\000\000\006\005\003\000459684061909330842086745335\011\000\000\006\0004294967296\011\000\000\006\000\003\000\000\000\000\000\000\000S\000\001\000\000\006\000\003\003\000\011\314\314\314\030\314\314\314\314\314\000\000\000\006\000\377\177\177\377\377\177\177\000\005\000\000\006\003\350\211\000\000\005\000\377\377\377\312\261\377\377\377\377\377\363\312\312\312 Step #5: artifact_prefix='./'; Test unit written to ./crash-3a0921c3a396e0ea4a320764c560599cfb26cd8b Step #5: Base64: gAaxAhkAHzsAAACdCgAAAAAAAAAA/////////////////////36gKyMAAAAABgADgAZAAjsALv9AJO0AASAAwIMA2QAAAAAGAAMAAAEAgAYALAMAAf8AAAYFAwA0NTk2ODQwNjE5MDkzMzA4NDIwODY3NDUzMzUJAAAGADQyOTQ5NjcyOTYJAAAGAAMAAAAAAAAAUwABAAAGAAMDAAnMzMwYzMzMzMwAAAAGAP9/f///f38ABQAABgPoiQAABQD////Ksf//////88rKyg== Step #5: MERGE-OUTER: attempt 122 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1091984963 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/3a0921c3a396e0ea4a320764c560599cfb26cd8b' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 604 processed earlier; will process 452 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1585==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55f5645215b0 (pc 0x55f5645215b0 bp 0x7ffd99ce9220 sp 0x7ffd99ce91d8 T1585) Step #5: ==1585==The signal is caused by a READ memory access. Step #5: ==1585==Hint: PC is at a non-executable region. Maybe a wild jump? Step #5: #0 0x55f5645215b0 () Step #5: Step #5: ==1585==Register values: Step #5: rax = 0x000055f563ca1901 rbx = 0x0000000000000001 rcx = 0x0000000000000018 rdx = 0x0000000000000180 Step #5: rdi = 0x0000000000000001 rsi = 0x0000000000000018 rbp = 0x00007ffd99ce9220 rsp = 0x00007ffd99ce91d8 Step #5: r8 = 0x0000000000000000 r9 = 0x0000000000000180 r10 = 0xfffffffffffff04a r11 = 0x00007f77a41176d0 Step #5: r12 = 0x00007ffd99ce08b4 r13 = 0x000055f563ca197c r14 = 0x0000000000000001 r15 = 0x000055f5644f9038 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV () Step #5: ==1585==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0x2,0x3,0x2,0xdd,0x1,0x9e,0x0,0x9,0xfe,0x28,0x1f,0x0,0x2e,0x1b,0x21,0x62,0xe8,0x22,0x0,0x7f,0x0,0x21,0x21,0x22,0xe8,0x2,0x0,0x0,0x0,0x21,0xa1,0x22,0x29,0x2,0x0,0x0,0xd5,0x27,0xa1,0x22,0xe8,0xfa,0x0,0x0,0xfa,0x1f,0xa1,0x24,0xea,0x2,0x0,0x0,0x2e,0x0,0xa1,0x23,0xea,0x2,0x0,0x0,0x2e,0x0,0x40,0xdd,0xe8,0x22,0x0,0xe8,0x0,0xa9,0x0,0x21,0x0,0x23,0x20,0x0,0xd9,0x0,0xa1,0x2a,0xea,0x2,0x0,0x0,0x2e,0x1b,0xa1,0x22,0xe8,0x1,0x0,0x0,0x0,0x21,0xa1,0x22,0xfb,0xff,0xff,0xff,0xff,0xff,0xf3,0xa0,0x81,0xb8,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0xff,0x7f,0x7f,0x3d,0xff,0xff,0x7f,0x7f,0x7f,0xff,0xff,0x13,0x13,0x2,0x2f,0x1,0x81,0xb4,0xb4,0xb4,0xb4,0x13,0x13,0x13,0x13,0x14,0x13,0x13,0x13,0x13,0xb4,0xb4,0xb4,0xb4,0xb4,0xb4, Step #5: \000\006\002\003\002\335\001\236\000\011\376(\037\000.\033!b\350\"\000\177\000!!\"\350\002\000\000\000!\241\")\002\000\000\325'\241\"\350\372\000\000\372\037\241$\352\002\000\000.\000\241#\352\002\000\000.\000@\335\350\"\000\350\000\251\000!\000# \000\331\000\241*\352\002\000\000.\033\241\"\350\001\000\000\000!\241\"\373\377\377\377\377\377\363\240\201\270\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\177\377\377\177\177\377\377\177\177\377\377\377\177\177=\377\377\177\177\177\377\377\023\023\002/\001\201\264\264\264\264\023\023\023\023\024\023\023\023\023\264\264\264\264\264\264 Step #5: artifact_prefix='./'; Test unit written to ./crash-5f84ee6bcee02da7b49aa7737a3536c3129ba840 Step #5: Base64: AAYCAwLdAZ4ACf4oHwAuGyFi6CIAfwAhISLoAgAAACGhIikCAADVJ6Ei6PoAAPofoSTqAgAALgChI+oCAAAuAEDd6CIA6ACpACEAIyAA2QChKuoCAAAuG6Ei6AEAAAAhoSL7///////zoIG4/////////////////////////////////////////////////////////////////////3///39///9/f////39/Pf//f39///8TEwIvAYG0tLS0ExMTExQTExMTtLS0tLS0 Step #5: MERGE-OUTER: attempt 123 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1092002525 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/5f84ee6bcee02da7b49aa7737a3536c3129ba840' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 605 processed earlier; will process 451 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1588==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe9aaa6ff8 (pc 0x56421f8fcb64 bp 0x7ffe9b2a58c0 sp 0x7ffe9aaa7000 T1588) Step #5: #0 0x56421f8fcb64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x56421f9000b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x56421f9000b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x56421f89d19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x56421f8a6008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x56421f88cce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x56421f8b89f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f4f8826a082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x56421f88059d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1588==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x0,0x0,0x0,0xb,0x5,0x0,0x99,0x0,0x5,0xff,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0xc6,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9c,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0xa7,0x0,0x5,0x5,0x0,0xa7,0x9d,0x0,0x0,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0xa7,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0xd,0x0,0x9d,0x0,0x5,0x0,0x9c,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0xa7,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0xa7,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0xa7,0x0,0x5,0x0,0x5,0x0,0xa7,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0xa7,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0xd,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d,0x9d,0x0,0x9d,0x0,0x5,0x0,0x9d,0x0,0x5,0x0,0x9d, Step #5: \000\000\000\000\013\005\000\231\000\005\377\235\000\005\000\235\000\005\000\235\000\005\000\235\000\005\000\235\000\306\000\235\000\005\000\235\000\005\000\235\000\005\000\235\000\005\000\235\000\005\000\234\000\005\000\235\000\005\000\235\000\005\000\235\000\005\000\247\000\005\005\000\247\235\000\000\000\005\000\235\000\005\000\247\000\005\000\235\000\005\000\235\000\015\000\235\000\005\000\234\000\005\000\235\000\005\000\235\000\005\000\235\000\005\000\247\000\005\000\235\000\005\000\247\000\005\000\235\000\005\000\247\000\005\000\005\000\247\000\005\000\235\000\005\000\247\000\005\000\235\000\005\000\235\000\015\000\235\000\005\000\235\000\005\000\235\000\005\000\235\000\005\235\000\005\000\235\000\005\000\235\000\005\000\235\235\000\005\000\235\000\005\000\235\000\005\000\235\235\000\235\000\005\000\235\000\005\000\235 Step #5: artifact_prefix='./'; Test unit written to ./crash-1378d91ea9f252b5a1c76a869dba7e49bedebbee Step #5: Base64: AAAAAAsFAJkABf+dAAUAnQAFAJ0ABQCdAAUAnQDGAJ0ABQCdAAUAnQAFAJ0ABQCdAAUAnAAFAJ0ABQCdAAUAnQAFAKcABQUAp50AAAAFAJ0ABQCnAAUAnQAFAJ0ADQCdAAUAnAAFAJ0ABQCdAAUAnQAFAKcABQCdAAUApwAFAJ0ABQCnAAUABQCnAAUAnQAFAKcABQCdAAUAnQANAJ0ABQCdAAUAnQAFAJ0ABZ0ABQCdAAUAnQAFAJ2dAAUAnQAFAJ0ABQCdnQCdAAUAnQAFAJ0= Step #5: MERGE-OUTER: attempt 124 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1092062146 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/1378d91ea9f252b5a1c76a869dba7e49bedebbee' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 606 processed earlier; will process 450 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1592==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55e74b7a8b93 (pc 0x7fe123a2b98c bp 0x7ffe457f3c00 sp 0x7ffe457f3bc8 T1592) Step #5: ==1592==The signal is caused by a WRITE memory access. Step #5: #0 0x7fe123a2b98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55e74b83e5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55e74b83e5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55e74b83f820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55e74b83f820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55e74b83f820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55e74b83f820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55e74b84253d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55e74b84253d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55e74b8420a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55e74b7df19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55e74b7e8008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55e74b7cece9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55e74b7fa9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fe1238c4082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55e74b7c259d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1592==Register values: Step #5: rax = 0x000055e74b7a8b93 rbx = 0x000055e74b84f2b0 rcx = 0x000000004b7a22e4 rdx = 0x0000000000000018 Step #5: rdi = 0x000055e74b7a8b93 rsi = 0x00007ffe457f3c70 rbp = 0x00007ffe457f3c00 rsp = 0x00007ffe457f3bc8 Step #5: r8 = 0x00000000000078cb r9 = 0x00000000000078cb r10 = 0x000055e74c867010 r11 = 0x00007fe123a8cbe0 Step #5: r12 = 0x0000000000000000 r13 = 0x00000000000055e7 r14 = 0x0000000000000018 r15 = 0x000055e74b84f2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1592==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x80,0x9,0xbf,0x3,0x1,0x10,0x0,0x2,0xff,0xff,0xef,0x6,0xc9,0x0,0x80,0x8,0xb,0xc2,0xdb,0xb9,0xf3,0xa0,0x80,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0x61,0x61,0x61,0x61,0x61,0x61,0x61,0x61,0x61,0x61,0x61,0x61,0xc7,0x66,0x3f,0x66,0xc7,0xca,0xb2,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x26,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc9,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xd7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0x46,0xc7,0x67,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x66,0x3f,0xc7,0x3f,0x66,0xc7,0x66,0x66,0x66,0x66,0x66,0x3f,0xc7,0x66,0xc7,0x66,0x66,0x3f,0x3f,0x66,0xc7,0x66,0x3f,0x66,0xc7,0x9a, Step #5: \200\011\277\003\001\020\000\002\377\377\357\006\311\000\200\010\013\302\333\271\363\240\200?f\307f?f\307f?faaaaaaaaaaaa\307f?f\307\312\262f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?&\307f?f\307f?f\307f?f\307f?f\311f?f\307f?f\327f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?f\307f?F\307g?f\307f?f\307f?\307?f\307fffff?\307f\307ff??f\307f?f\307\232 Step #5: artifact_prefix='./'; Test unit written to ./crash-a486bddfeae2fa433b435c4ca3ec371bf51922aa Step #5: Base64: gAm/AwEQAAL//+8GyQCACAvC27nzoIA/ZsdmP2bHZj9mYWFhYWFhYWFhYWFhx2Y/ZsfKsmY/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj8mx2Y/ZsdmP2bHZj9mx2Y/ZslmP2bHZj9m12Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9mx2Y/ZsdmP2bHZj9Gx2c/ZsdmP2bHZj/HP2bHZmZmZmY/x2bHZmY/P2bHZj9mx5o= Step #5: MERGE-OUTER: attempt 125 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1092112536 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/a486bddfeae2fa433b435c4ca3ec371bf51922aa' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 608 processed earlier; will process 448 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x81,0x81,0x81,0xa0,0xa0,0x81,0xa0,0x81,0xa0,0xdb,0x1,0xa0,0xa0,0x80,0x81,0xa0,0xa0,0x81,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa0,0xf3,0xa0,0x80,0xb2,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x1,0xa0,0x82,0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x1,0xa0,0x81,0xa0,0x1,0xa0,0x81,0xa8,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x80,0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x82,0xa0,0x81,0xa0,0x81,0xa0,0x81,0x68,0xfe,0x5f,0x7e,0x57,0x7e,0x7e,0x5f,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x1,0xa0,0x7e,0x5f,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x1,0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa1,0x81,0xa0,0x3d,0xa0,0x84,0xa0,0x1,0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x81,0xa0,0x85,0xa0,0x81,0xa0,0x1,0xa0,0xf3,0xa0,0x81,0xb2,0x1f,0x0,0x81,0xa0,0x81,0xa0,0x1,0xa0,0x81,0xa0,0x81,0xa0,0x34,0x34,0x34,0x34,0x37,0x30,0x34,0xc8,0xcf,0xd0,0xd0,0xd0,0xd0,0xd0,0xd0,0xd0,0xd0,0xd0,0xd0,0xd0,0xd0,0xd0,0x50,0xc0, Step #5: \240\201\240\201\240\201\240\201\240\201\240\201\240\201\240\201\240\201\240\201\240\201\201\201\240\240\201\240\201\240\333\001\240\240\200\201\240\240\201\201\240\201\240\201\240\201\240\201\240\363\240\200\262\201\240\201\240\201\240\201\240\201\240\201\240\201\240\201\240\201\240\201\240\201\240\001\240\202\240\201\240\201\240\201\240\201\240\201\240\201\240\201\240\001\240\201\240\001\240\201\250\201\240\201\240\201\240\200\240\201\240\201\240\201\240\202\240\201\240\201\240\201h\376_~W~~_\201\240\201\240\201\240\201\240\001\240~_\201\240\201\240\201\240\201\240\001\240\201\240\201\240\201\240\201\241\201\240=\240\204\240\001\240\201\240\201\240\201\240\201\240\201\240\205\240\201\240\001\240\363\240\201\262\037\000\201\240\201\240\001\240\201\240\201\2404444704\310\317\320\320\320\320\320\320\320\320\320\320\320\320\320P\300 Step #5: artifact_prefix='./'; Test unit written to ./timeout-516e1b0062743a2320afd2d13524f2d8a363dc05 Step #5: Base64: oIGggaCBoIGggaCBoIGggaCBoIGggYGBoKCBoIGg2wGgoICBoKCBgaCBoIGggaCBoPOggLKBoIGggaCBoIGggaCBoIGggaCBoIGgAaCCoIGggaCBoIGggaCBoIGgAaCBoAGggaiBoIGggaCAoIGggaCBoIKggaCBoIFo/l9+V35+X4GggaCBoIGgAaB+X4GggaCBoIGgAaCBoIGggaCBoYGgPaCEoAGggaCBoIGggaCBoIWggaABoPOggbIfAIGggaABoIGggaA0NDQ0NzA0yM/Q0NDQ0NDQ0NDQ0NDQUMA= Step #5: ==1596== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x55c6d3488034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x55c6d3445178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x55c6d3428a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7f039a41d08f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x55c6d34897f9 in usbd_int_set /src/tinyusb/src/device/usbd.c:1304:21 Step #5: #5 0x55c6d3489a2a in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:186:3 Step #5: #6 0x55c6d3489a2a in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #7 0x55c6d348d0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #8 0x55c6d348d0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #9 0x55c6d342a19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #10 0x55c6d3433008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #11 0x55c6d3419ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #12 0x55c6d34459f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #13 0x7f039a3fe082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #14 0x55c6d340d59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 126 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1194162265 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/516e1b0062743a2320afd2d13524f2d8a363dc05' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 611 processed earlier; will process 445 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1600==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffcc115d780 (pc 0x7ffcc115d780 bp 0x7ffcc115d750 sp 0x7ffcc115d6f8 T1600) Step #5: #0 0x7ffcc115d780 () Step #5: #1 0x56188004b0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x56188004b0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x56187ffe819d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x56187fff1008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x56187ffd7ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x5618800039f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f124e842082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==1600==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0x0,0x3,0x7e,0xb3,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0xf,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x54,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x2d,0x24,0xa2,0x31,0x7,0x6,0x0,0xa,0x3,0x7d, Step #5: \000\006\000\003~\263\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\017\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377T\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000-$\2421\007\006\000\012\003} Step #5: artifact_prefix='./'; Test unit written to ./crash-9e9b83c8e82e764b95a8bb72c89e29d385958427 Step #5: Base64: AAYAA36zAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP//////////////////////////////////////////////////////////////////////////////////////////////////////9U/////////////////////////////////////////////////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALSSiMQcGAAoDfQ== Step #5: MERGE-OUTER: attempt 127 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1194211153 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/9e9b83c8e82e764b95a8bb72c89e29d385958427' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 615 processed earlier; will process 441 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1604==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x558df17d55b0 (pc 0x558df17d55b0 bp 0x7ffeef27d080 sp 0x7ffeef27d038 T1604) Step #5: ==1604==The signal is caused by a READ memory access. Step #5: ==1604==Hint: PC is at a non-executable region. Maybe a wild jump? Step #5: #0 0x558df17d55b0 () Step #5: Step #5: ==1604==Register values: Step #5: rax = 0x0000558df0dbc901 rbx = 0x0000000000000001 rcx = 0x0000000000000018 rdx = 0x0000000000000180 Step #5: rdi = 0x0000000000000001 rsi = 0x0000000000000018 rbp = 0x00007ffeef27d080 rsp = 0x00007ffeef27d038 Step #5: r8 = 0x0000000000000000 r9 = 0x0000000000000180 r10 = 0x0000558df1328490 r11 = 0x00007f0c68e01be0 Step #5: r12 = 0x00007ffeef2708ff r13 = 0x0000558df0dbc97c r14 = 0x0000000000000001 r15 = 0x0000558df17ace90 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV () Step #5: ==1604==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x9,0xff,0x8,0x80,0xb,0x2b,0x9,0x0,0x9,0x0,0x1,0x0,0x0,0x9,0x64,0xf7,0x75,0xf4,0xc0,0xb1,0x0,0x9,0x82,0x2f,0x2f,0x2f,0x7a,0x9,0x0,0x9,0x7f,0xf8,0xda,0x0,0x0,0xfa,0x80,0x9,0xff,0x77,0xff,0xb,0x2b,0x9,0x0,0x9,0x7f,0xf8,0xda,0x0,0x0,0xfa,0x80,0x9,0xff,0x77,0xff,0xb,0x2b,0x9,0x0,0x9,0x82,0x2f,0x2f,0x2f,0x7a,0x9,0x0,0x9,0x7f,0xf8,0xda,0x0,0x0,0xfa,0x80,0x9,0xff,0x77,0xff,0xb,0x2b,0x9,0x0,0x9,0x7f,0x14,0x0,0x0,0x0,0x0,0xff,0x31,0x31,0x39,0x30,0x34,0x30,0x33,0x34,0x39,0x2b,0x21,0x20,0xa,0x8f,0x8f,0x96,0x20,0x0,0x8f,0x96,0xa,0xf,0x8f,0x96,0xa,0x8f,0xf7,0x96,0xa,0x8f,0x8f,0x96,0xa,0x8f,0x8f,0x96,0xa,0x8f,0x8f,0x96,0xa,0x8f,0x8f,0x96,0xa,0xf,0x8f,0x96,0x2a,0x8f,0x8f,0x96,0xa,0x8f,0x8f,0x6e,0xa,0x8f,0x8e,0x96,0xa,0x8f,0x8f,0x96,0xa,0x8f,0x8f,0x96,0xa,0x8f,0x8f,0x96,0xa,0xf,0x8f,0x96,0xa,0x8f,0x8f,0x96,0xa,0x8f,0x8f,0x96,0xa,0xf,0xa,0x8f,0x8f,0x96,0x8f,0x8f,0x96,0xa,0x8f,0x8f,0xff,0xff,0xff,0x12,0x8f,0x8f,0xff,0x12,0x8f,0x8f,0xbe,0x13,0xb,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x96,0x2,0x6d,0x8f,0x96,0xa,0x8f,0xb1,0x0,0xff,0xff,0x12,0x8f,0x8f,0xff,0x12,0x8f,0x3d,0xff,0xfe,0x2,0xa6,0xff,0xae,0x8f,0x96,0xff,0xbf, Step #5: \000\011\377\010\200\013+\011\000\011\000\001\000\000\011d\367u\364\300\261\000\011\202///z\011\000\011\177\370\332\000\000\372\200\011\377w\377\013+\011\000\011\177\370\332\000\000\372\200\011\377w\377\013+\011\000\011\202///z\011\000\011\177\370\332\000\000\372\200\011\377w\377\013+\011\000\011\177\024\000\000\000\000\377119040349+! \012\217\217\226 \000\217\226\012\017\217\226\012\217\367\226\012\217\217\226\012\217\217\226\012\217\217\226\012\217\217\226\012\017\217\226*\217\217\226\012\217\217n\012\217\216\226\012\217\217\226\012\217\217\226\012\217\217\226\012\017\217\226\012\217\217\226\012\217\217\226\012\017\012\217\217\226\217\217\226\012\217\217\377\377\377\022\217\217\377\022\217\217\276\023\013\377\377\377\377\377\377\377\377\377\226\002m\217\226\012\217\261\000\377\377\022\217\217\377\022\217=\377\376\002\246\377\256\217\226\377\277 Step #5: artifact_prefix='./'; Test unit written to ./crash-939ead019b46d82b26d8718a88e8314625cb7877 Step #5: Base64: AAn/CIALKwkACQABAAAJZPd19MCxAAmCLy8vegkACX/42gAA+oAJ/3f/CysJAAl/+NoAAPqACf93/wsrCQAJgi8vL3oJAAl/+NoAAPqACf93/wsrCQAJfxQAAAAA/zExOTA0MDM0OSshIAqPj5YgAI+WCg+PlgqP95YKj4+WCo+PlgqPj5YKj4+WCg+PliqPj5YKj49uCo+OlgqPj5YKj4+WCo+PlgoPj5YKj4+WCo+PlgoPCo+Plo+PlgqPj////xKPj/8Sj4++Ewv///////////+WAm2PlgqPsQD//xKPj/8Sjz3//gKm/66Plv+/ Step #5: MERGE-OUTER: attempt 128 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1194228433 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/939ead019b46d82b26d8718a88e8314625cb7877' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 616 processed earlier; will process 440 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1607==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffd928f6ff8 (pc 0x55cb37813b64 bp 0x7ffd930f5220 sp 0x7ffd928f7000 T1607) Step #5: #0 0x55cb37813b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55cb378170b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55cb378170b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55cb377b419d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55cb377bd008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55cb377a3ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55cb377cf9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fc10b717082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55cb3779759d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1607==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0x3a,0x1,0xd3,0x1e,0x93,0x83,0x0,0x6,0x3a,0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x1,0xd3,0x1e,0x93,0x83,0x0,0x6,0x3a,0x1,0xd3,0x1e,0x93,0x83,0x0,0x6,0x3a,0x1,0xd3,0x1e,0x93,0x83,0x0,0x6,0x3a,0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x1,0xd3,0x1e,0x93,0x83,0x0,0x6,0x3a,0x1,0xd3,0x1e,0x93,0x83,0x0,0x6,0x3a,0x1,0xd3,0x1e,0x93,0x83,0x0,0x6,0x3a,0x1,0xd3,0x1e,0x93,0x83,0x0,0x6,0x2b,0x30,0x76,0x34,0x32,0x37,0x35,0xb3,0x34,0x30,0x30,0x33,0x30,0x30,0x33,0x39,0x37,0x0,0x1e,0x2f,0x93,0x76,0x34,0x32,0x37,0x35,0x33,0x34,0x30,0x30,0x33,0x30,0x39,0x34,0x33,0x39,0x32,0x37,0x38,0x35,0x30,0x30,0x33,0x39,0x37,0xd3,0x1e,0x93,0x83,0x0,0x6,0x3a,0x1,0xd3,0x1e,0x93,0x83,0x1,0x1,0xd3,0x40,0xdb,0xd3,0x1e,0x93,0x24,0x0,0x6,0xc0,0xba,0x1,0x33,0x34,0x31,0x32,0x38,0x30,0x35,0x39,0x31,0x35,0x32,0x3a,0x1,0xd3,0x1e,0x93,0x83,0x0,0x6,0x2b,0x30,0x76,0x34,0x32,0x37,0x35,0xb3,0x34,0x30,0x30,0x33,0x30,0x30,0x33,0x39,0x37,0x0,0x1e,0x2f,0x93,0x76,0x34,0x32,0x37,0x35,0x33,0x34,0x30,0x30,0x33,0x30,0x39,0x34,0x33,0x39,0x32,0x37,0x38,0x35,0x30,0x30,0x33,0x39,0x37,0xd3,0x1e,0x93,0x83,0x0,0x6,0x3a,0x1,0xd3,0x1e,0x93,0x83,0x1,0x1,0xd3,0x40,0xdb,0xd3,0x1e,0x93,0x24,0x0,0x6,0xc0,0xba,0x1,0xd3,0xca,0xb3,0x1e,0x94,0x93,0x92, Step #5: \000\006:\001\323\036\223\203\000\006:\001\000\000\000\000\000\000\000\001\323\036\223\203\000\006:\001\323\036\223\203\000\006:\001\323\036\223\203\000\006:\001\000\000\000\000\000\000\000\001\323\036\223\203\000\006:\001\323\036\223\203\000\006:\001\323\036\223\203\000\006:\001\323\036\223\203\000\006+0v4275\263400300397\000\036/\223v42753400309439278500397\323\036\223\203\000\006:\001\323\036\223\203\001\001\323@\333\323\036\223$\000\006\300\272\00134128059152:\001\323\036\223\203\000\006+0v4275\263400300397\000\036/\223v42753400309439278500397\323\036\223\203\000\006:\001\323\036\223\203\001\001\323@\333\323\036\223$\000\006\300\272\001\323\312\263\036\224\223\222 Step #5: artifact_prefix='./'; Test unit written to ./crash-a76eb793a7de766d53b14b78c31fc53bcd22c6e8 Step #5: Base64: AAY6AdMek4MABjoBAAAAAAAAAAHTHpODAAY6AdMek4MABjoB0x6TgwAGOgEAAAAAAAAAAdMek4MABjoB0x6TgwAGOgHTHpODAAY6AdMek4MABiswdjQyNzWzNDAwMzAwMzk3AB4vk3Y0Mjc1MzQwMDMwOTQzOTI3ODUwMDM5N9Mek4MABjoB0x6TgwEB00Db0x6TJAAGwLoBMzQxMjgwNTkxNTI6AdMek4MABiswdjQyNzWzNDAwMzAwMzk3AB4vk3Y0Mjc1MzQwMDMwOTQzOTI3ODUwMDM5N9Mek4MABjoB0x6TgwEB00Db0x6TJAAGwLoB08qzHpSTkg== Step #5: MERGE-OUTER: attempt 129 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1194288331 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/a76eb793a7de766d53b14b78c31fc53bcd22c6e8' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 618 processed earlier; will process 438 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1611==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fff29e88ff8 (pc 0x56187066bb64 bp 0x7fff2a687ac0 sp 0x7fff29e89000 T1611) Step #5: #0 0x56187066bb64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x56187066f0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x56187066f0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x56187060c19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x561870615008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x5618705fbce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x5618706279f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fc72823d082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x5618705ef59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1611==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x9,0xff,0x8,0x80,0xb,0x2b,0x9,0x0,0x9,0xf8,0x10,0xfa,0x0,0x0,0xfa,0x80,0x9,0xff,0x7a,0xff,0xb,0x2b,0x9,0x0,0x9,0x8,0xb0,0x21,0xb,0x79,0x7a,0x80,0x9,0x22,0x7f,0x2,0x32,0x31,0x34,0x37,0x34,0x38,0x33,0x36,0x34,0x37,0x9e,0xa0,0x0,0x9,0x7f,0x8,0xff,0x12,0xf8,0xfa,0x0,0x9,0xec,0x0,0x0,0x0,0x18,0x56,0x80,0x9,0x24,0x6a,0x27,0x0,0x1,0x9,0x0,0x9,0xbb,0xfb,0xf0,0x0,0x2f,0xfa,0x80,0x9,0xff,0xfe,0x0,0x0,0x18,0xf3,0x80,0x9,0xf3,0xa0,0x81,0xa6,0x1f,0x0,0x27,0x0,0x1,0x0,0x0,0x9,0x64,0xf7,0x75,0x5b,0xf4,0xc0,0xb1,0x0,0x9,0x82,0x2f,0x2f,0x2f,0x7a,0x9,0xc0,0x80,0x9,0x7f,0xf8,0xda,0x0,0x0,0xfa,0x80,0x9,0xff,0x77,0xff,0xb,0x2b,0x9,0x0,0x9,0x7f,0x9b,0xf8,0xda,0x0,0x0,0xfa,0x80,0x9,0xff,0x77,0xff,0xb,0x2b,0x9,0x0,0x9,0x0,0x9,0x7f,0x14,0x0,0x0,0x0,0x0,0x0,0x7f,0xff,0x39,0x32,0x32,0x33,0x33,0x37,0x32,0x30,0x33,0x36,0x38,0x35,0x34,0x37,0x37,0x35,0x38,0x30,0x38,0x2b,0x21,0x20,0xa,0x8f,0xe2,0x80,0x85,0x8f,0x96,0x0,0x20,0x8f,0x96,0xa,0xf,0x8f,0x96,0xa,0x8f,0x89,0x96,0xa,0x8f,0x8f,0x96,0xa,0x8f,0x8f,0x8f,0x96,0xa,0x8f,0x8f,0x96,0xa,0x8f,0x8f,0x96,0xa,0xf,0xa,0x8f,0x8f,0x96,0x8f,0x8f,0x96,0xa,0x8f,0xb1,0x0,0xff,0xff,0x12,0x6f,0x8f,0xff,0x12,0x8f,0x8f,0xff,0xfe,0x2,0xa6,0xff,0xae,0x8f,0x96,0xff,0xbf, Step #5: \000\011\377\010\200\013+\011\000\011\370\020\372\000\000\372\200\011\377z\377\013+\011\000\011\010\260!\013yz\200\011\"\177\0022147483647\236\240\000\011\177\010\377\022\370\372\000\011\354\000\000\000\030V\200\011$j'\000\001\011\000\011\273\373\360\000/\372\200\011\377\376\000\000\030\363\200\011\363\240\201\246\037\000'\000\001\000\000\011d\367u[\364\300\261\000\011\202///z\011\300\200\011\177\370\332\000\000\372\200\011\377w\377\013+\011\000\011\177\233\370\332\000\000\372\200\011\377w\377\013+\011\000\011\000\011\177\024\000\000\000\000\000\177\3779223372036854775808+! \012\217\342\200\205\217\226\000 \217\226\012\017\217\226\012\217\211\226\012\217\217\226\012\217\217\217\226\012\217\217\226\012\217\217\226\012\017\012\217\217\226\217\217\226\012\217\261\000\377\377\022o\217\377\022\217\217\377\376\002\246\377\256\217\226\377\277 Step #5: artifact_prefix='./'; Test unit written to ./crash-973057331f9f66ad089c829989b8f90c4feb90b4 Step #5: Base64: AAn/CIALKwkACfgQ+gAA+oAJ/3r/CysJAAkIsCELeXqACSJ/AjIxNDc0ODM2NDeeoAAJfwj/Evj6AAnsAAAAGFaACSRqJwABCQAJu/vwAC/6gAn//gAAGPOACfOggaYfACcAAQAACWT3dVv0wLEACYIvLy96CcCACX/42gAA+oAJ/3f/CysJAAl/m/jaAAD6gAn/d/8LKwkACQAJfxQAAAAAAH//OTIyMzM3MjAzNjg1NDc3NTgwOCshIAqP4oCFj5YAII+WCg+PlgqPiZYKj4+WCo+Pj5YKj4+WCo+PlgoPCo+Plo+PlgqPsQD//xJvj/8Sj4///gKm/66Plv+/ Step #5: MERGE-OUTER: attempt 130 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1194347520 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/973057331f9f66ad089c829989b8f90c4feb90b4' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 620 processed earlier; will process 436 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1615==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55dd73ef12be (pc 0x7fe01807398c bp 0x7fffbd1add30 sp 0x7fffbd1adcf8 T1615) Step #5: ==1615==The signal is caused by a WRITE memory access. Step #5: #0 0x7fe01807398c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55dd73f8b5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55dd73f8b5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55dd73f8c820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55dd73f8c820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55dd73f8c820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55dd73f8c820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55dd73f8f53d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55dd73f8f53d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55dd73f8f0a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55dd73f2c19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55dd73f35008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55dd73f1bce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55dd73f479f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fe017f0c082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55dd73f0f59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1615==Register values: Step #5: rax = 0x000055dd73ef12be rbx = 0x000055dd73f9c2b0 rcx = 0x0000000073ef3bb9 rdx = 0x0000000000000018 Step #5: rdi = 0x000055dd73ef12be rsi = 0x00007fffbd1adda0 rbp = 0x00007fffbd1add30 rsp = 0x00007fffbd1adcf8 Step #5: r8 = 0x00000000000048cb r9 = 0x00000000000048cb r10 = 0x0000000000000008 r11 = 0x00007fe0180d4be0 Step #5: r12 = 0x0000000000000000 r13 = 0x00000000000055dd r14 = 0x0000000000000018 r15 = 0x000055dd73f9c2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1615==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x0,0x3a,0x3a,0xfa,0xaf,0x0,0x0,0x2,0x1f,0x0,0x0,0x0,0xa0,0x81,0xb9,0xd4,0x27,0xd3,0x0,0x55,0xff,0x0,0x1e,0x1e,0x0,0x0,0x0,0x0,0x0,0x83,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0x93,0x46,0xd3,0x1e,0x93,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0xf3,0xa0,0x80,0xbe,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xcd,0x8f,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0x1e,0x93,0x1e,0x94,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0xf3,0xa0,0x80,0xa,0xa1,0x93,0xad,0x93,0xff,0xe6,0x46,0x93,0xff, Step #5: \000\000::\372\257\000\000\002\037\000\000\000\240\201\271\324'\323\000U\377\000\036\036\000\000\000\000\000\203\000\000\000\000\000\000\000\000F\323\036\223\346\377\036\223F\323\036\223\036\223\346\377\036\223F\323\036\223\346\377\036\223F\323\036\223\036\223\346\377\036\223F\323\036\223\346\377\036\223F\323\036\223\036\223\346\377\036\223F\323\036\223\346\377\036\223F\323\036\223\036\223\346\377\036\223F\323\036\223\346\377\036\223F\323\036\223\036\223\346\377\036\223F\323\036\223\036\223\346\377\036\223F\323\036\223\346\377\036\223F\223F\323\036\223\036\223\346\377\036\223F\323\036\223\346\377\036\223F\323\036\223\346\377\036\223F\323\036\223\036\223\346\377\036\223F\323\036\223\346\377\036\223F\323\036\223\036\223\346\377\036\223F\323\363\240\200\276\036\223\346\377\036\223F\323\036\223\315\217\036\223\346\377\036\223F\323\036\223\346\036\223\036\224\346\377\036\223F\323\036\363\240\200\012\241\223\255\223\377\346F\223\377 Step #5: artifact_prefix='./'; Test unit written to ./crash-bcc82edad95833a8e8b7c3b10f367dda82aab4ab Step #5: Base64: AAA6OvqvAAACHwAAAKCBudQn0wBV/wAeHgAAAAAAgwAAAAAAAAAARtMek+b/HpNG0x6THpPm/x6TRtMek+b/HpNG0x6THpPm/x6TRtMek+b/HpNG0x6THpPm/x6TRtMek+b/HpNG0x6THpPm/x6TRtMek+b/HpNG0x6THpPm/x6TRtMekx6T5v8ek0bTHpPm/x6TRpNG0x6THpPm/x6TRtMek+b/HpNG0x6T5v8ek0bTHpMek+b/HpNG0x6T5v8ek0bTHpMek+b/HpNG0/OggL4ek+b/HpNG0x6TzY8ek+b/HpNG0x6T5h6THpTm/x6TRtMe86CACqGTrZP/5kaT/w== Step #5: MERGE-OUTER: attempt 131 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1194397679 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/bcc82edad95833a8e8b7c3b10f367dda82aab4ab' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 624 processed earlier; will process 432 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1619==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5596d83b6b42 (pc 0x7fc25f6f198c bp 0x7fff739fccc0 sp 0x7fff739fcc88 T1619) Step #5: ==1619==The signal is caused by a WRITE memory access. Step #5: #0 0x7fc25f6f198c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x5596d844c5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x5596d844c5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x5596d844d820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x5596d844d820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x5596d844d820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x5596d844d820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x5596d845053d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x5596d845053d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x5596d84500a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x5596d83ed19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x5596d83f6008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x5596d83dcce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5596d84089f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fc25f58a082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x5596d83d059d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1619==Register values: Step #5: rax = 0x00005596d83b6b42 rbx = 0x00005596d845d2b0 rcx = 0x00000000d83b0335 rdx = 0x0000000000000018 Step #5: rdi = 0x00005596d83b6b42 rsi = 0x00007fff739fcd30 rbp = 0x00007fff739fccc0 rsp = 0x00007fff739fcc88 Step #5: r8 = 0x00000000000058cb r9 = 0x00000000000058cb r10 = 0x00005596d89b8490 r11 = 0x00007fc25f752be0 Step #5: r12 = 0x0000000000000000 r13 = 0x0000000000005596 r14 = 0x0000000000000018 r15 = 0x00005596d845d2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1619==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x0,0x3a,0x3a,0xfa,0xaf,0x0,0x0,0x2,0x1f,0x0,0x0,0x0,0xa0,0x81,0xb9,0xd4,0x27,0xd3,0x0,0x55,0xff,0x0,0x1e,0x1e,0x0,0x0,0x0,0x0,0x0,0x83,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x46,0xd3,0x1e,0x93,0xe6,0x7f,0x1e,0x93,0x46,0xd3,0x1e,0x93,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0x93,0x46,0xd3,0x1e,0x93,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0xf3,0xa0,0x80,0xbe,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xcd,0x8f,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0x1e,0x93,0x1e,0x94,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0xf3,0xa0,0x80,0xa,0xa1,0x93,0xad,0x93,0xff,0xe6,0x46,0x93,0xff, Step #5: \000\000::\372\257\000\000\002\037\000\000\000\240\201\271\324'\323\000U\377\000\036\036\000\000\000\000\000\203\000\000\000\000\000\000\000\000F\323\036\223\346\177\036\223F\323\036\223\036\223\346\377\036\223F\323\036\223\346\377\036\223F\323\036\223\036\223\346\377\036\223F\323\036\223\346\377\036\223F\323\036\223\036\223\346\377\036\223F\323\036\223\346\377\036\223F\323\036\223\036\223\346\377\036\223F\323\036\223\346\377\036\223F\323\036\223\036\223\346\377\036\223F\323\036\223\036\223\346\377\036\223F\323\036\223\346\377\036\223F\223F\323\036\223\036\223\346\377\036\223F\323\036\223\346\377\036\223F\323\036\223\346\377\036\223F\323\036\223\036\223\346\377\036\223F\323\036\223\346\377\036\223F\323\036\223\036\223\346\377\036\223F\323\363\240\200\276\036\223\346\377\036\223F\323\036\223\315\217\036\223\346\377\036\223F\323\036\223\346\036\223\036\224\346\377\036\223F\323\036\363\240\200\012\241\223\255\223\377\346F\223\377 Step #5: artifact_prefix='./'; Test unit written to ./crash-8588453d54114e613832dc6d7660e5e0503f6f3e Step #5: Base64: AAA6OvqvAAACHwAAAKCBudQn0wBV/wAeHgAAAAAAgwAAAAAAAAAARtMek+Z/HpNG0x6THpPm/x6TRtMek+b/HpNG0x6THpPm/x6TRtMek+b/HpNG0x6THpPm/x6TRtMek+b/HpNG0x6THpPm/x6TRtMek+b/HpNG0x6THpPm/x6TRtMekx6T5v8ek0bTHpPm/x6TRpNG0x6THpPm/x6TRtMek+b/HpNG0x6T5v8ek0bTHpMek+b/HpNG0x6T5v8ek0bTHpMek+b/HpNG0/OggL4ek+b/HpNG0x6TzY8ek+b/HpNG0x6T5h6THpTm/x6TRtMe86CACqGTrZP/5kaT/w== Step #5: MERGE-OUTER: attempt 132 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1194447237 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/8588453d54114e613832dc6d7660e5e0503f6f3e' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 625 processed earlier; will process 431 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1623==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffc02ec0230 (pc 0x7ffc02ec0230 bp 0x7ffc02ec0200 sp 0x7ffc02ec01a8 T1623) Step #5: #0 0x7ffc02ec0230 () Step #5: #1 0x563bdf1f10b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x563bdf1f10b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x563bdf18e19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x563bdf197008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x563bdf17dce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x563bdf1a99f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f0fdb1b0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==1623==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x6,0x2,0x3,0x2,0xdd,0x1,0x9e,0x0,0x9,0xfe,0x28,0x1f,0x0,0x2e,0x1b,0x21,0x62,0xe8,0x22,0x0,0x0,0x0,0x21,0x21,0x22,0xe8,0x2,0x0,0x0,0x0,0x21,0xa1,0x22,0x29,0x2,0x0,0x0,0xd2,0x27,0xa1,0x22,0xe8,0x20,0x7,0x80,0x0,0x1f,0xa1,0x24,0xea,0x2,0x0,0x0,0x2e,0x0,0xa1,0x23,0xea,0x2,0x0,0x0,0x2e,0x21,0xa1,0xdd,0xe8,0x22,0x0,0x0,0x0,0xa9,0x21,0xe8,0x0,0x23,0x20,0x0,0xd9,0x0,0xa1,0x22,0xea,0x2,0x0,0x0,0x2e,0x1b,0xa1,0x22,0xe8,0x2,0x0,0x0,0x0,0x21,0xa1,0x22,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0x7f,0xff,0xff,0x7f,0x7f,0xff,0xff,0xff,0x7f,0x7f,0x3d,0xff,0xff,0x7f,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0x7f,0xff,0xff,0x7f,0x7f,0xd,0x7f,0xff,0xff,0x7f,0x7f,0x7f,0x2f,0x13,0x13,0x13,0x13,0x13,0x2,0x2f,0x1,0x81,0xb4,0xb4,0xb4,0xb4,0x13,0x13,0x13,0x13,0x13,0x13,0x13,0x13,0x13,0xb4,0xb4,0xb4,0xb4,0xb4,0xb4,0x13,0x13,0x13,0x13,0x13,0x13,0x12,0xf3,0x13,0x13,0x13,0x13,0x13,0xb4,0xb4,0xb4,0xb4,0xb4,0x13,0x13,0x13,0x13,0xb4,0xb4,0x13, Step #5: \000\006\002\003\002\335\001\236\000\011\376(\037\000.\033!b\350\"\000\000\000!!\"\350\002\000\000\000!\241\")\002\000\000\322'\241\"\350 \007\200\000\037\241$\352\002\000\000.\000\241#\352\002\000\000.!\241\335\350\"\000\000\000\251!\350\000# \000\331\000\241\"\352\002\000\000.\033\241\"\350\002\000\000\000!\241\"\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\177\377\377\177\177\377\377\177\177\377\377\177\177\377\377\177\177\377\377\177\177\377\377\177\177\377\377\177\177\377\377\177\377\377\177\177\377\377\377\177\177=\377\377\177\177\177\377\377\177\177\177\377\377\177\177\015\177\377\377\177\177\177/\023\023\023\023\023\002/\001\201\264\264\264\264\023\023\023\023\023\023\023\023\023\264\264\264\264\264\264\023\023\023\023\023\023\022\363\023\023\023\023\023\264\264\264\264\264\023\023\023\023\264\264\023 Step #5: artifact_prefix='./'; Test unit written to ./crash-725877f03d0b8c519a8123c6e84ae02150352aa2 Step #5: Base64: AAYCAwLdAZ4ACf4oHwAuGyFi6CIAAAAhISLoAgAAACGhIikCAADSJ6Ei6CAHgAAfoSTqAgAALgChI+oCAAAuIaHd6CIAAACpIegAIyAA2QChIuoCAAAuG6Ei6AIAAAAhoSL//////////////////////////////////////////////////////3///39///9/f///f3///39///9/f///f3///39///9///9/f////39/Pf//f39///9/f3///39/DX///39/fy8TExMTEwIvAYG0tLS0ExMTExMTExMTtLS0tLS0ExMTExMTEvMTExMTE7S0tLS0ExMTE7S0Ew== Step #5: MERGE-OUTER: attempt 133 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1194496689 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/725877f03d0b8c519a8123c6e84ae02150352aa2' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 627 processed earlier; will process 429 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1627==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5593207c1274 (pc 0x7f03bc87298c bp 0x7fff7a424660 sp 0x7fff7a424628 T1627) Step #5: ==1627==The signal is caused by a WRITE memory access. Step #5: #0 0x7f03bc87298c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55932085b5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55932085b5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55932085c820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55932085c820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55932085c820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55932085c820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55932085f53d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55932085f53d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55932085f0a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x5593207fc19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x559320805008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x5593207ebce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5593208179f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f03bc70b082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x5593207df59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1627==Register values: Step #5: rax = 0x00005593207c1274 rbx = 0x000055932086c2b0 rcx = 0x00000000207c3c03 rdx = 0x0000000000000018 Step #5: rdi = 0x00005593207c1274 rsi = 0x00007fff7a4246d0 rbp = 0x00007fff7a424660 rsp = 0x00007fff7a424628 Step #5: r8 = 0x00000000000048cb r9 = 0x00000000000048cb r10 = 0x0000559320dc72d0 r11 = 0x00007f03bc8d3be0 Step #5: r12 = 0x0000000000000000 r13 = 0x0000000000005593 r14 = 0x0000000000000018 r15 = 0x000055932086c2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1627==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: 0x0,0x0,0x3a,0x3a,0xfa,0xaf,0x0,0x0,0x2,0x1f,0x0,0x0,0x0,0xa0,0x81,0xb9,0xd4,0x27,0xd3,0x0,0x55,0xff,0x0,0x1e,0x1e,0x0,0x0,0x0,0x0,0x0,0x83,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x46,0xd3,0x1e,0x93,0xe6,0x7f,0x1e,0x93,0x46,0xd3,0x1e,0x93,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xf3,0xa0,0x80,0xb0,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xe2,0x80,0xae,0xd3,0x1e,0x93,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xf3,0xa0,0x80,0x81,0x93,0x46,0xd3,0x1e,0x93,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0xff,0x1e,0xf3,0xa0,0x81,0x9c,0x93,0x46,0xd3,0x1e,0x93,0x1e,0x93,0xe6,0xff,0x1e,0xe0,0xb9,0x84,0x93,0x46,0xd3,0xf3,0xa0,0x80,0xbe,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xcd,0x8f,0x1e,0x93,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0x93,0xe6,0x1e,0x93,0x1e,0x94,0xe6,0xff,0x1e,0x93,0x46,0xd3,0x1e,0xf3,0xa0,0x80,0xa,0xa1,0x93,0xad,0x93,0xff,0xe6,0x46,0x93,0xff, Step #5: \000\000::\372\257\000\000\002\037\000\000\000\240\201\271\324'\323\000U\377\000\036\036\000\000\000\000\000\203\000\000\000\000\000\000\000\000F\323\036\223\346\177\036\223F\323\036\223\036\223\346\377\036\223F\323\036\223\346\377\036\223F\323\036\223\036\223\346\377\036\223F\323\036\223\363\240\200\260\346\377\036\223F\323\036\223\036\223\346\377\036\223F\323\036\223\346\377\036\223F\323\036\223\036\223\346\377\036\223F\342\200\256\323\036\223\036\223\346\377\036\223F\323\036\223\346\377\036\223F\363\240\200\201\223F\323\036\223\036\223\346\377\036\223F\323\036\223\346\377\036\223F\323\036\223\346\377\036\223F\323\036\223\036\223\346\377\036\223F\323\036\223\346\377\036\363\240\201\234\223F\323\036\223\036\223\346\377\036\340\271\204\223F\323\363\240\200\276\036\223\346\377\036\223F\323\036\223\315\217\036\223\346\377\036\223F\323\036\223\346\036\223\036\224\346\377\036\223F\323\036\363\240\200\012\241\223\255\223\377\346F\223\377 Step #5: artifact_prefix='./'; Test unit written to ./crash-3577538df65125439316867c5ffc35e5eafc80e9 Step #5: Base64: AAA6OvqvAAACHwAAAKCBudQn0wBV/wAeHgAAAAAAgwAAAAAAAAAARtMek+Z/HpNG0x6THpPm/x6TRtMek+b/HpNG0x6THpPm/x6TRtMek/OggLDm/x6TRtMekx6T5v8ek0bTHpPm/x6TRtMekx6T5v8ek0bigK7THpMek+b/HpNG0x6T5v8ek0bzoICBk0bTHpMek+b/HpNG0x6T5v8ek0bTHpPm/x6TRtMekx6T5v8ek0bTHpPm/x7zoIGck0bTHpMek+b/HuC5hJNG0/OggL4ek+b/HpNG0x6TzY8ek+b/HpNG0x6T5h6THpTm/x6TRtMe86CACqGTrZP/5kaT/w== Step #5: MERGE-OUTER: attempt 134 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1194546770 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/3577538df65125439316867c5ffc35e5eafc80e9' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 629 processed earlier; will process 427 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1631==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fff00081ff8 (pc 0x55efe38a5b64 bp 0x7fff00880690 sp 0x7fff00082000 T1631) Step #5: #0 0x55efe38a5b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55efe38a90b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55efe38a90b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55efe384619d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55efe384f008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55efe3835ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55efe38619f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fc7c08b1082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55efe382959d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1631==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-4cb654d7e7bffb0f3a20910f0d37ec46c0454ff2 Step #5: MERGE-OUTER: attempt 135 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1194605349 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/4cb654d7e7bffb0f3a20910f0d37ec46c0454ff2' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 634 processed earlier; will process 422 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1635==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55635bbbdb0f (pc 0x7f0c33d5098c bp 0x7fff83e98c10 sp 0x7fff83e98bd8 T1635) Step #5: ==1635==The signal is caused by a WRITE memory access. Step #5: #0 0x7f0c33d5098c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55635bc535cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55635bc535cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55635bc54820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55635bc54820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55635bc54820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55635bc54820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55635bc5753d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55635bc5753d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55635bc570a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55635bbf419d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55635bbfd008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55635bbe3ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55635bc0f9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f0c33be9082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55635bbd759d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1635==Register values: Step #5: rax = 0x000055635bbbdb0f rbx = 0x000055635bc642b0 rcx = 0x000000005bbb7368 rdx = 0x0000000000000018 Step #5: rdi = 0x000055635bbbdb0f rsi = 0x00007fff83e98c80 rbp = 0x00007fff83e98c10 rsp = 0x00007fff83e98bd8 Step #5: r8 = 0x000000000000c8cb r9 = 0x000000000000c8cb r10 = 0x0000000000000008 r11 = 0x00007f0c33db1be0 Step #5: r12 = 0x0000000000000000 r13 = 0x0000000000005563 r14 = 0x0000000000000018 r15 = 0x000055635bc642b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1635==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-382ca3c764be4b9defcdd32aa9f18e506e01f255 Step #5: MERGE-OUTER: attempt 136 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1194653459 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/382ca3c764be4b9defcdd32aa9f18e506e01f255' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 637 processed earlier; will process 419 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./timeout-3002c095b01cc5c4b1f8879ad69ed7bae307f15b Step #5: ==1639== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x5596cb6f7034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x5596cb6b4178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x5596cb697a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7fe7ed40508f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x5596cb6f87cf (out/libfuzzer-coverage-x86_64/net+0xaf7cf) Step #5: #5 0x5596cb6f8a2a in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:186:3 Step #5: #6 0x5596cb6f8a2a in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #7 0x5596cb6fc0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #8 0x5596cb6fc0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #9 0x5596cb69919d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #10 0x5596cb6a2008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #11 0x5596cb688ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #12 0x5596cb6b49f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #13 0x7fe7ed3e6082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #14 0x5596cb67c59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 137 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1296701277 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/3002c095b01cc5c4b1f8879ad69ed7bae307f15b' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 643 processed earlier; will process 413 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1643==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55ad4c16db59 (pc 0x7f2a2510b98c bp 0x7ffc72982e20 sp 0x7ffc72982de8 T1643) Step #5: ==1643==The signal is caused by a WRITE memory access. Step #5: #0 0x7f2a2510b98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55ad4c2035cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55ad4c2035cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55ad4c204820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55ad4c204820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55ad4c204820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55ad4c204820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55ad4c20753d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55ad4c20753d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55ad4c2070a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55ad4c1a419d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55ad4c1ad008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55ad4c193ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55ad4c1bf9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f2a24fa4082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55ad4c18759d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1643==Register values: Step #5: rax = 0x000055ad4c16db59 rbx = 0x000055ad4c2142b0 rcx = 0x000000004c16731e rdx = 0x0000000000000018 Step #5: rdi = 0x000055ad4c16db59 rsi = 0x00007ffc72982e90 rbp = 0x00007ffc72982e20 rsp = 0x00007ffc72982de8 Step #5: r8 = 0x000000000000c8cb r9 = 0x000000000000c8cb r10 = 0xfffffffffffff04a r11 = 0x00007f2a2501a6d0 Step #5: r12 = 0x0000000000000000 r13 = 0x00000000000055ad r14 = 0x0000000000000018 r15 = 0x000055ad4c2142b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1643==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-83008b45d4b670cca9b9369eac84aed4655838dd Step #5: MERGE-OUTER: attempt 138 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1296750038 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/83008b45d4b670cca9b9369eac84aed4655838dd' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 644 processed earlier; will process 412 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1647==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x561a4f236bc6 (pc 0x7fcdf8aa798c bp 0x7ffc38fe8270 sp 0x7ffc38fe8238 T1647) Step #5: ==1647==The signal is caused by a WRITE memory access. Step #5: #0 0x7fcdf8aa798c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x561a4f2cc5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x561a4f2cc5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x561a4f2cd820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x561a4f2cd820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x561a4f2cd820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x561a4f2cd820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x561a4f2d053d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x561a4f2d053d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x561a4f2d00a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x561a4f26d19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x561a4f276008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x561a4f25cce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x561a4f2889f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fcdf8940082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x561a4f25059d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1647==Register values: Step #5: rax = 0x0000561a4f236bc6 rbx = 0x0000561a4f2dd2b0 rcx = 0x000000004f2302b1 rdx = 0x0000000000000018 Step #5: rdi = 0x0000561a4f236bc6 rsi = 0x00007ffc38fe82e0 rbp = 0x00007ffc38fe8270 rsp = 0x00007ffc38fe8238 Step #5: r8 = 0x00000000000058cb r9 = 0x00000000000058cb r10 = 0x0000561a4f8382d0 r11 = 0x00007fcdf8b08be0 Step #5: r12 = 0x0000561a4fe87080 r13 = 0x000000000000561a r14 = 0x0000000000000018 r15 = 0x0000561a4f2dd2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1647==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-713bcd49331d1ccac38fb37ab8965203a10ae4a6 Step #5: MERGE-OUTER: attempt 139 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1296799760 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/713bcd49331d1ccac38fb37ab8965203a10ae4a6' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 650 processed earlier; will process 406 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1651==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fff226a7ff8 (pc 0x55a459da4b64 bp 0x7fff22ea6230 sp 0x7fff226a8000 T1651) Step #5: #0 0x55a459da4b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55a459da80b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55a459da80b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55a459d4519d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55a459d4e008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55a459d34ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55a459d609f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fcf385d2082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55a459d2859d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1651==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-085ae40a1d4110367f02c4dfc13a2e9be9d7e68b Step #5: MERGE-OUTER: attempt 140 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1296858733 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/085ae40a1d4110367f02c4dfc13a2e9be9d7e68b' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 656 processed earlier; will process 400 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./timeout-168022a26397eea43224a133d7bf0079d9c8b28f Step #5: ==1655== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x562307d08034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x562307cc5178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x562307ca8a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7fb3f77e608f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x562307d093ac in advance_index /src/tinyusb/src/common/tusb_fifo.c Step #5: #5 0x562307d093ac in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:510:15 Step #5: #6 0x562307d09a49 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #7 0x562307d09a49 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #8 0x562307d09a49 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #9 0x562307d0d0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #10 0x562307d0d0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #11 0x562307caa19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #12 0x562307cb3008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #13 0x562307c99ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #14 0x562307cc59f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #15 0x7fb3f77c7082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #16 0x562307c8d59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 141 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1398906924 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/168022a26397eea43224a133d7bf0079d9c8b28f' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 660 processed earlier; will process 396 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1659==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55734186fb1f (pc 0x7ff80070598c bp 0x7ffdf94ecee0 sp 0x7ffdf94ecea8 T1659) Step #5: ==1659==The signal is caused by a WRITE memory access. Step #5: #0 0x7ff80070598c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x5573419055cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x5573419055cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x557341906820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x557341906820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x557341906820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x557341906820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x5573419096d0 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x5573419096d0 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x5573419090a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x5573418a619d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x5573418af008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x557341895ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5573418c19f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7ff80059e082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55734188959d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1659==Register values: Step #5: rax = 0x000055734186fb1f rbx = 0x00005573419162b0 rcx = 0x0000000041869358 rdx = 0x0000000000000018 Step #5: rdi = 0x000055734186fb1f rsi = 0x00007ffdf94ecf50 rbp = 0x00007ffdf94ecee0 rsp = 0x00007ffdf94ecea8 Step #5: r8 = 0x000000000000e8cb r9 = 0x000000000000e8cb r10 = 0x0000000000000008 r11 = 0x00007ff800766be0 Step #5: r12 = 0x00000000000000ae r13 = 0x0000000000005573 r14 = 0x0000000000000018 r15 = 0x00005573419162b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1659==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-0b2e4be9c24ad00e2e144bdc28f2322158e16c2b Step #5: MERGE-OUTER: attempt 142 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1398955121 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/0b2e4be9c24ad00e2e144bdc28f2322158e16c2b' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 663 processed earlier; will process 393 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1663==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffed8396ff8 (pc 0x5594db724b64 bp 0x7ffed8b94750 sp 0x7ffed8397000 T1663) Step #5: #0 0x5594db724b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x5594db7280b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x5594db7280b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x5594db6c519d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x5594db6ce008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x5594db6b4ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x5594db6e09f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f9e4573b082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x5594db6a859d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1663==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-8a42fafa3d10a4e61f13bad6adc2e0fba9066a0d Step #5: MERGE-OUTER: attempt 143 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1399013274 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/8a42fafa3d10a4e61f13bad6adc2e0fba9066a0d' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 664 processed earlier; will process 392 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1667==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffd1b545ff8 (pc 0x559123a0ab64 bp 0x7ffd1bd445e0 sp 0x7ffd1b546000 T1667) Step #5: #0 0x559123a0ab64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x559123a0e0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x559123a0e0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x5591239ab19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x5591239b4008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55912399ace9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x5591239c69f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f7254f19082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55912398e59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1667==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-2a1b7c5cb187723b04c8b74078d122ef44f5af70 Step #5: MERGE-OUTER: attempt 144 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1399070916 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/2a1b7c5cb187723b04c8b74078d122ef44f5af70' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 665 processed earlier; will process 391 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./timeout-91e9feefdb6a224d986f479d71870073c983f3a5 Step #5: ==1671== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x55ba2e757034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x55ba2e714178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x55ba2e6f7a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7f36cc97708f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x55ba2e7587cf (out/libfuzzer-coverage-x86_64/net+0xaf7cf) Step #5: #5 0x55ba2e758a2a in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:186:3 Step #5: #6 0x55ba2e758a2a in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #7 0x55ba2e75c0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #8 0x55ba2e75c0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #9 0x55ba2e6f919d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #10 0x55ba2e702008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #11 0x55ba2e6e8ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #12 0x55ba2e7149f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #13 0x7f36cc958082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #14 0x55ba2e6dc59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 145 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1501119685 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/91e9feefdb6a224d986f479d71870073c983f3a5' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 667 processed earlier; will process 389 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1675==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffff674bff8 (pc 0x55bbb1b68b64 bp 0x7ffff6f48fc0 sp 0x7ffff674c000 T1675) Step #5: #0 0x55bbb1b68b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55bbb1b6c0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55bbb1b6c0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55bbb1b0919d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55bbb1b12008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55bbb1af8ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55bbb1b249f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f9d085df082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55bbb1aec59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1675==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-ac8eec37bb2ac811b0f936daf5dcf6e35f7950f0 Step #5: MERGE-OUTER: attempt 146 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1501178142 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/ac8eec37bb2ac811b0f936daf5dcf6e35f7950f0' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 669 processed earlier; will process 387 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1679==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffec4385ff8 (pc 0x56212537fb64 bp 0x7ffec4b843f0 sp 0x7ffec4386000 T1679) Step #5: #0 0x56212537fb64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x5621253830b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x5621253830b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x56212532019d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x562125329008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x56212530fce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x56212533b9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f8fb95cc082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x56212530359d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1679==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-00897232ae1c2cf0d83ab44cc449fd49d0b99090 Step #5: MERGE-OUTER: attempt 147 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1501236088 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/00897232ae1c2cf0d83ab44cc449fd49d0b99090' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 673 processed earlier; will process 383 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1683==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fffb90d5ff8 (pc 0x563c0509eb64 bp 0x7fffb98d4970 sp 0x7fffb90d6000 T1683) Step #5: #0 0x563c0509eb64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x563c050a20b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x563c050a20b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x563c0503f19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x563c05048008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x563c0502ece9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x563c0505a9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f2cafe6f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x563c0502259d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1683==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-7aec63075892cfe191e9a7e5ca10599499f610e9 Step #5: MERGE-OUTER: attempt 148 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1501293742 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/7aec63075892cfe191e9a7e5ca10599499f610e9' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 678 processed earlier; will process 378 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1687==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x564b1fb415b0 (pc 0x564b1fb415b0 bp 0x7ffd67689080 sp 0x7ffd67689038 T1687) Step #5: ==1687==The signal is caused by a READ memory access. Step #5: ==1687==Hint: PC is at a non-executable region. Maybe a wild jump? Step #5: #0 0x564b1fb415b0 () Step #5: Step #5: ==1687==Register values: Step #5: rax = 0x0000564b1e57d901 rbx = 0x0000000000000001 rcx = 0x0000000000000018 rdx = 0x0000000000000180 Step #5: rdi = 0x0000000000000001 rsi = 0x0000000000000018 rbp = 0x00007ffd67689080 rsp = 0x00007ffd67689038 Step #5: r8 = 0x0000000000000000 r9 = 0x0000000000000180 r10 = 0x0000564b1eae9490 r11 = 0x0000564b1fb190cc Step #5: r12 = 0x00007ffd67680818 r13 = 0x0000564b1e57d97c r14 = 0x0000000000000001 r15 = 0x0000564b1fb18e90 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV () Step #5: ==1687==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-d72f287bda5c6908e4fecf98df7cb0cf415bd9e0 Step #5: MERGE-OUTER: attempt 149 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1501309881 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/d72f287bda5c6908e4fecf98df7cb0cf415bd9e0' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 679 processed earlier; will process 377 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1690==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x557cbca8eb28 (pc 0x7fb76d82498c bp 0x7ffdfe345dc0 sp 0x7ffdfe345d88 T1690) Step #5: ==1690==The signal is caused by a WRITE memory access. Step #5: #0 0x7fb76d82498c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x557cbcb245cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x557cbcb245cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x557cbcb25820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x557cbcb25820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x557cbcb25820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x557cbcb25820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x557cbcb286d0 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x557cbcb286d0 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x557cbcb280a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x557cbcac519d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x557cbcace008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x557cbcab4ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x557cbcae09f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fb76d6bd082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x557cbcaa859d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1690==Register values: Step #5: rax = 0x0000557cbca8eb28 rbx = 0x0000557cbcb352b0 rcx = 0x00000000bca8834f rdx = 0x0000000000000018 Step #5: rdi = 0x0000557cbca8eb28 rsi = 0x00007ffdfe345e30 rbp = 0x00007ffdfe345dc0 rsp = 0x00007ffdfe345d88 Step #5: r8 = 0x000000000000d8cb r9 = 0x000000000000d8cb r10 = 0xfffffffffffff04a r11 = 0x00007fb76d7336d0 Step #5: r12 = 0x00000000000000ff r13 = 0x000000000000557c r14 = 0x0000000000000018 r15 = 0x0000557cbcb352b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1690==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-efd5b1e0306fda3ca92299551e0c6eac9de961d1 Step #5: MERGE-OUTER: attempt 150 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1501357658 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/efd5b1e0306fda3ca92299551e0c6eac9de961d1' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 680 processed earlier; will process 376 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1694==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x557a7cc6c5b0 (pc 0x557a7cc6c5b0 bp 0x7fff71eb1ab0 sp 0x7fff71eb1a68 T1694) Step #5: ==1694==The signal is caused by a READ memory access. Step #5: ==1694==Hint: PC is at a non-executable region. Maybe a wild jump? Step #5: #0 0x557a7cc6c5b0 () Step #5: Step #5: ==1694==Register values: Step #5: rax = 0x0000557a7af5c901 rbx = 0x0000000000000001 rcx = 0x0000000000000018 rdx = 0x0000000000000180 Step #5: rdi = 0x0000000000000001 rsi = 0x0000000000000018 rbp = 0x00007fff71eb1ab0 rsp = 0x00007fff71eb1a68 Step #5: r8 = 0x0000000000000000 r9 = 0x0000000000000180 r10 = 0xfffffffffffff04a r11 = 0x00007f455f7bc6d0 Step #5: r12 = 0x00007fff71eb08b4 r13 = 0x0000557a7af5c97c r14 = 0x0000000000000001 r15 = 0x0000557a7cc44118 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV () Step #5: ==1694==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-aeea572ef5c55e956c3e198dfe0303584a15d2e5 Step #5: MERGE-OUTER: attempt 151 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1501373500 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/aeea572ef5c55e956c3e198dfe0303584a15d2e5' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 681 processed earlier; will process 375 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1697==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55d41f37bb80 (pc 0x7f0965ca498c bp 0x7ffd83d58470 sp 0x7ffd83d58438 T1697) Step #5: ==1697==The signal is caused by a WRITE memory access. Step #5: #0 0x7f0965ca498c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55d41f4115cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55d41f4115cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55d41f412820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55d41f412820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55d41f412820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55d41f412820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55d41f4156d0 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x55d41f4156d0 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x55d41f4150a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55d41f3b219d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55d41f3bb008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55d41f3a1ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55d41f3cd9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f0965b3d082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55d41f39559d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1697==Register values: Step #5: rax = 0x000055d41f37bb80 rbx = 0x000055d41f4222b0 rcx = 0x000000001f3752f7 rdx = 0x0000000000000018 Step #5: rdi = 0x000055d41f37bb80 rsi = 0x00007ffd83d584e0 rbp = 0x00007ffd83d58470 rsp = 0x00007ffd83d58438 Step #5: r8 = 0x000000000000a8cb r9 = 0x000055d420ddde90 r10 = 0x000055d420dca010 r11 = 0x00007f0965d05be0 Step #5: r12 = 0x00000000000000f3 r13 = 0x00000000000055d4 r14 = 0x0000000000000018 r15 = 0x000055d41f4222b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1697==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-7d8d17750c96b0dd5693e6086afb2e6c3aa22e25 Step #5: MERGE-OUTER: attempt 152 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1501422103 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/7d8d17750c96b0dd5693e6086afb2e6c3aa22e25' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 682 processed earlier; will process 374 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1701==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55e6fd1f85b0 (pc 0x55e6fd1f85b0 bp 0x7ffe5e0f18c0 sp 0x7ffe5e0f1878 T1701) Step #5: ==1701==The signal is caused by a READ memory access. Step #5: ==1701==Hint: PC is at a non-executable region. Maybe a wild jump? Step #5: #0 0x55e6fd1f85b0 () Step #5: Step #5: ==1701==Register values: Step #5: rax = 0x000055e6fc9b6901 rbx = 0x0000000000000001 rcx = 0x0000000000000018 rdx = 0x0000000000000180 Step #5: rdi = 0x0000000000000001 rsi = 0x0000000000000018 rbp = 0x00007ffe5e0f18c0 rsp = 0x00007ffe5e0f1878 Step #5: r8 = 0x0000000000000000 r9 = 0x0000000000000180 r10 = 0xfffffffffffff04a r11 = 0x00007f959c0866d0 Step #5: r12 = 0x00007ffe5e0f08ff r13 = 0x000055e6fc9b697c r14 = 0x0000000000000001 r15 = 0x000055e6fd1d0128 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV () Step #5: ==1701==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-1f73f64fb23432c1ee4fcfa9ab21634eb70e7b9f Step #5: MERGE-OUTER: attempt 153 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1501438086 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/1f73f64fb23432c1ee4fcfa9ab21634eb70e7b9f' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 683 processed earlier; will process 373 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1704==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x560f9d62dbbb (pc 0x7fa94015598c bp 0x7ffc72894610 sp 0x7ffc728945d8 T1704) Step #5: ==1704==The signal is caused by a WRITE memory access. Step #5: #0 0x7fa94015598c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x560f9d6c35cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x560f9d6c35cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x560f9d6c4820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x560f9d6c4820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x560f9d6c4820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x560f9d6c4820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x560f9d6c753d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x560f9d6c753d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x560f9d6c70a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x560f9d66419d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x560f9d66d008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x560f9d653ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x560f9d67f9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fa93ffee082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x560f9d64759d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1704==Register values: Step #5: rax = 0x0000560f9d62dbbb rbx = 0x0000560f9d6d42b0 rcx = 0x000000009d6272bc rdx = 0x0000000000000018 Step #5: rdi = 0x0000560f9d62dbbb rsi = 0x00007ffc72894680 rbp = 0x00007ffc72894610 rsp = 0x00007ffc728945d8 Step #5: r8 = 0x000000000000c8cb r9 = 0x000000000000c8cb r10 = 0x0000560f9dc2f2d0 r11 = 0x00007fa9400646d0 Step #5: r12 = 0x0000000000000000 r13 = 0x000000000000560f r14 = 0x0000000000000018 r15 = 0x0000560f9d6d42b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1704==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-e68ee40b5a61638955848de067f8fb67a8d35224 Step #5: MERGE-OUTER: attempt 154 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1501486150 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/e68ee40b5a61638955848de067f8fb67a8d35224' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 684 processed earlier; will process 372 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1708==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x556d3eb1cb19 (pc 0x7f110cd4c98c bp 0x7fffda4082c0 sp 0x7fffda408288 T1708) Step #5: ==1708==The signal is caused by a WRITE memory access. Step #5: #0 0x7f110cd4c98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x556d3ebb25cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x556d3ebb25cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x556d3ebb3820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x556d3ebb3820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x556d3ebb3820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x556d3ebb3820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x556d3ebb653d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x556d3ebb653d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x556d3ebb60a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x556d3eb5319d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x556d3eb5c008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x556d3eb42ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x556d3eb6e9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f110cbe5082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x556d3eb3659d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1708==Register values: Step #5: rax = 0x0000556d3eb1cb19 rbx = 0x0000556d3ebc32b0 rcx = 0x000000003eb1635e rdx = 0x0000000000000018 Step #5: rdi = 0x0000556d3eb1cb19 rsi = 0x00007fffda408330 rbp = 0x00007fffda4082c0 rsp = 0x00007fffda408288 Step #5: r8 = 0x000000000000b8cb r9 = 0x000000000000b8cb r10 = 0x0000000000000008 r11 = 0x00007fffda584080 Step #5: r12 = 0x0000000000000000 r13 = 0x000000000000556d r14 = 0x0000000000000018 r15 = 0x0000556d3ebc32b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1708==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-25b340f46457bb03dc94f5b7b65f8c590361b990 Step #5: MERGE-OUTER: attempt 155 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1501534491 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/25b340f46457bb03dc94f5b7b65f8c590361b990' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 686 processed earlier; will process 370 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1712==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55fd014585b0 (pc 0x55fd014585b0 bp 0x7ffe0c183ba0 sp 0x7ffe0c183b58 T1712) Step #5: ==1712==The signal is caused by a READ memory access. Step #5: ==1712==Hint: PC is at a non-executable region. Maybe a wild jump? Step #5: #0 0x55fd014585b0 () Step #5: Step #5: ==1712==Register values: Step #5: rax = 0x000055fcff500901 rbx = 0x0000000000000001 rcx = 0x0000000000000018 rdx = 0x0000000000000180 Step #5: rdi = 0x0000000000000001 rsi = 0x0000000000000018 rbp = 0x00007ffe0c183ba0 rsp = 0x00007ffe0c183b58 Step #5: r8 = 0x0000000000000000 r9 = 0x0000000000000180 r10 = 0xfffffffffffff04a r11 = 0x00007f5bdf5986d0 Step #5: r12 = 0x00007ffe0c1808f3 r13 = 0x000055fcff50097c r14 = 0x0000000000000001 r15 = 0x000055fd01430008 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV () Step #5: ==1712==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-3e87ed20885e4c64031c2833496e95be686774cf Step #5: MERGE-OUTER: attempt 156 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1501550068 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/3e87ed20885e4c64031c2833496e95be686774cf' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 687 processed earlier; will process 369 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1715==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x564c46d1132d (pc 0x7fc53a96998c bp 0x7ffdc9bec990 sp 0x7ffdc9bec958 T1715) Step #5: ==1715==The signal is caused by a WRITE memory access. Step #5: #0 0x7fc53a96998c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x564c46dab5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x564c46dab5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x564c46dac820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x564c46dac820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x564c46dac820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x564c46dac820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x564c46daf6d0 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x564c46daf6d0 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x564c46daf0a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x564c46d4c19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x564c46d55008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x564c46d3bce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x564c46d679f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fc53a802082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x564c46d2f59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1715==Register values: Step #5: rax = 0x0000564c46d1132d rbx = 0x0000564c46dbc2b0 rcx = 0x0000000046d13b4a rdx = 0x0000000000000018 Step #5: rdi = 0x0000564c46d1132d rsi = 0x00007ffdc9beca00 rbp = 0x00007ffdc9bec990 rsp = 0x00007ffdc9bec958 Step #5: r8 = 0x00000000000048cb r9 = 0x0000564c4797fe90 r10 = 0x0000564c4796c010 r11 = 0x00007fc53a9cabe0 Step #5: r12 = 0x0000000000000093 r13 = 0x000000000000564c r14 = 0x0000000000000018 r15 = 0x0000564c46dbc2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1715==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-f12b848557845ffbd4166cad5c6cb5aaf926e68b Step #5: MERGE-OUTER: attempt 157 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1501597995 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/f12b848557845ffbd4166cad5c6cb5aaf926e68b' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 688 processed earlier; will process 368 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1719==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffcb5370b10 (pc 0x7ffcb5370b10 bp 0x7ffcb5370ae0 sp 0x7ffcb5370a88 T1719) Step #5: #0 0x7ffcb5370b10 () Step #5: #1 0x55a74f01e0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55a74f01e0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55a74efbb19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55a74efc4008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55a74efaace9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55a74efd69f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fc86cc14082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==1719==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-724afd94f1819cdcfe9a0dbeb579f92cc2ba8f3b Step #5: MERGE-OUTER: attempt 158 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1501645465 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/724afd94f1819cdcfe9a0dbeb579f92cc2ba8f3b' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 690 processed earlier; will process 366 files now Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./timeout-bec146f3334dc7ae72f7e88d89c454426902b140 Step #5: ==1723== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x556584b97034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x556584b54178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x556584b37a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7f0b05a0a08f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x556584b98312 in idx2ptr /src/tinyusb/src/common/tusb_fifo.c Step #5: #5 0x556584b98312 in tu_fifo_peek_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:481:27 Step #5: #6 0x556584b9839d in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:509:15 Step #5: #7 0x556584b98a49 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #8 0x556584b98a49 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #9 0x556584b98a49 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #10 0x556584b9c0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #11 0x556584b9c0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #12 0x556584b3919d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #13 0x556584b42008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #14 0x556584b28ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #15 0x556584b549f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #16 0x7f0b059eb082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #17 0x556584b1c59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 159 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1603693264 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/bec146f3334dc7ae72f7e88d89c454426902b140' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 691 processed earlier; will process 365 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./timeout-842ed634ae7d8fd267c2d101d19463e7cdc83f12 Step #5: ==1727== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x55f9fa116034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x55f9fa0d3178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x55f9fa0b6a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7f147c17008f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x55f9fa1173a1 in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:510:32 Step #5: #5 0x55f9fa117a49 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #6 0x55f9fa117a49 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #7 0x55f9fa117a49 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #8 0x55f9fa11b0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #9 0x55f9fa11b0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #10 0x55f9fa0b819d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55f9fa0c1008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55f9fa0a7ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55f9fa0d39f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f147c151082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55f9fa09b59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 160 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1705742805 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/842ed634ae7d8fd267c2d101d19463e7cdc83f12' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 695 processed earlier; will process 361 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1731==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fffc3bc9ff8 (pc 0x55a04d37db64 bp 0x7fffc43c7050 sp 0x7fffc3bca000 T1731) Step #5: #0 0x55a04d37db64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55a04d3810b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55a04d3810b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55a04d31e19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55a04d327008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55a04d30dce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55a04d3399f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f643c8a9082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55a04d30159d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1731==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-27679b52ed440fd90d539b4ed1dee72fe4e71a3e Step #5: MERGE-OUTER: attempt 161 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1705804941 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/27679b52ed440fd90d539b4ed1dee72fe4e71a3e' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 696 processed earlier; will process 360 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1735==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5570e4ec6b1c (pc 0x7f51e574d98c bp 0x7ffdb5087e20 sp 0x7ffdb5087de8 T1735) Step #5: ==1735==The signal is caused by a WRITE memory access. Step #5: #0 0x7f51e574d98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x5570e4f5c5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x5570e4f5c5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x5570e4f5d820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x5570e4f5d820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x5570e4f5d820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x5570e4f5d820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x5570e4f6053d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x5570e4f6053d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x5570e4f600a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x5570e4efd19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x5570e4f06008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x5570e4eecce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5570e4f189f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f51e55e6082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x5570e4ee059d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1735==Register values: Step #5: rax = 0x00005570e4ec6b1c rbx = 0x00005570e4f6d2b0 rcx = 0x00000000e4ec035b rdx = 0x0000000000000018 Step #5: rdi = 0x00005570e4ec6b1c rsi = 0x00007ffdb5087e90 rbp = 0x00007ffdb5087e20 rsp = 0x00007ffdb5087de8 Step #5: r8 = 0x00000000000058cb r9 = 0x00000000000058cb r10 = 0x00005570e54c82d0 r11 = 0x00007f51e565c6d0 Step #5: r12 = 0x0000000000000000 r13 = 0x0000000000005570 r14 = 0x0000000000000018 r15 = 0x00005570e4f6d2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1735==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-e635e54e7f02bb085445280c9e5ac1dd898c91a6 Step #5: MERGE-OUTER: attempt 162 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1705856336 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/e635e54e7f02bb085445280c9e5ac1dd898c91a6' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 697 processed earlier; will process 359 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1739==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55c5935345b0 (pc 0x55c5935345b0 bp 0x7ffcc0b05ac0 sp 0x7ffcc0b05a78 T1739) Step #5: ==1739==The signal is caused by a READ memory access. Step #5: ==1739==Hint: PC is at a non-executable region. Maybe a wild jump? Step #5: #0 0x55c5935345b0 () Step #5: Step #5: ==1739==Register values: Step #5: rax = 0x000055c59138d901 rbx = 0x0000000000000001 rcx = 0x0000000000000018 rdx = 0x0000000000000180 Step #5: rdi = 0x0000000000000001 rsi = 0x0000000000000018 rbp = 0x00007ffcc0b05ac0 rsp = 0x00007ffcc0b05a78 Step #5: r8 = 0x0000000000000000 r9 = 0x0000000000000180 r10 = 0xfffffffffffff04a r11 = 0x00007f28a33c66d0 Step #5: r12 = 0x00007ffcc0b00818 r13 = 0x000055c59138d97c r14 = 0x0000000000000001 r15 = 0x000055c59350c188 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV () Step #5: ==1739==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-c3d92f14508b39f5a93a5471bca21fb7ab2db784 Step #5: MERGE-OUTER: attempt 163 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1705874126 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/c3d92f14508b39f5a93a5471bca21fb7ab2db784' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 698 processed earlier; will process 358 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1742==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x555d128605b0 (pc 0x555d128605b0 bp 0x7ffdf319c4f0 sp 0x7ffdf319c4a8 T1742) Step #5: ==1742==The signal is caused by a READ memory access. Step #5: ==1742==Hint: PC is at a non-executable region. Maybe a wild jump? Step #5: #0 0x555d128605b0 () Step #5: Step #5: ==1742==Register values: Step #5: rax = 0x0000555d11949901 rbx = 0x0000000000000001 rcx = 0x0000000000000018 rdx = 0x0000000000000180 Step #5: rdi = 0x0000000000000001 rsi = 0x0000000000000018 rbp = 0x00007ffdf319c4f0 rsp = 0x00007ffdf319c4a8 Step #5: r8 = 0x0000000000000000 r9 = 0x0000000000000180 r10 = 0xfffffffffffff04a r11 = 0x00007f6118c5a6d0 Step #5: r12 = 0x00007ffdf3190818 r13 = 0x0000555d1194997c r14 = 0x0000000000000001 r15 = 0x0000555d12838188 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV () Step #5: ==1742==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-b702d464e017c0e0ee9a6832fa0971770db06e30 Step #5: MERGE-OUTER: attempt 164 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1705891956 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/b702d464e017c0e0ee9a6832fa0971770db06e30' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 699 processed earlier; will process 357 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1745==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5571d1b91252 (pc 0x7f06162ad98c bp 0x7fffc584da80 sp 0x7fffc584da48 T1745) Step #5: ==1745==The signal is caused by a WRITE memory access. Step #5: #0 0x7f06162ad98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x5571d1c2b5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x5571d1c2b5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x5571d1c2c820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x5571d1c2c820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x5571d1c2c820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x5571d1c2c820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x5571d1c2f53d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x5571d1c2f53d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x5571d1c2f0a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x5571d1bcc19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x5571d1bd5008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x5571d1bbbce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5571d1be79f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f0616146082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x5571d1baf59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1745==Register values: Step #5: rax = 0x00005571d1b91252 rbx = 0x00005571d1c3c2b0 rcx = 0x00000000d1b93c25 rdx = 0x0000000000000018 Step #5: rdi = 0x00005571d1b91252 rsi = 0x00007fffc584daf0 rbp = 0x00007fffc584da80 rsp = 0x00007fffc584da48 Step #5: r8 = 0x00000000000048cb r9 = 0x00000000000048cb r10 = 0x00005571d21972d0 r11 = 0x00007f06161bc6d0 Step #5: r12 = 0x0000000000000000 r13 = 0x0000000000005571 r14 = 0x0000000000000018 r15 = 0x00005571d1c3c2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1745==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-9d00fe8c0990e2e8aefb01d1c6b580afae1c7aeb Step #5: MERGE-OUTER: attempt 165 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1705943619 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/9d00fe8c0990e2e8aefb01d1c6b580afae1c7aeb' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 700 processed earlier; will process 356 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1749==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffc40f74ff8 (pc 0x55c9ad355b64 bp 0x7ffc41772260 sp 0x7ffc40f75000 T1749) Step #5: #0 0x55c9ad355b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55c9ad3590b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55c9ad3590b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55c9ad2f619d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55c9ad2ff008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55c9ad2e5ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55c9ad3119f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fb97cb7f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55c9ad2d959d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1749==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-b599a39a158a20554adca9723c82d553bae8a205 Step #5: MERGE-OUTER: attempt 166 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1706004538 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/b599a39a158a20554adca9723c82d553bae8a205' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 701 processed earlier; will process 355 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1753==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55bfbde8f5b0 (pc 0x55bfbde8f5b0 bp 0x7ffeee80f230 sp 0x7ffeee80f1e8 T1753) Step #5: ==1753==The signal is caused by a READ memory access. Step #5: ==1753==Hint: PC is at a non-executable region. Maybe a wild jump? Step #5: #0 0x55bfbde8f5b0 () Step #5: Step #5: ==1753==Register values: Step #5: rax = 0x000055bfbd274901 rbx = 0x0000000000000001 rcx = 0x0000000000000018 rdx = 0x0000000000000180 Step #5: rdi = 0x0000000000000001 rsi = 0x0000000000000018 rbp = 0x00007ffeee80f230 rsp = 0x00007ffeee80f1e8 Step #5: r8 = 0x0000000000000000 r9 = 0x0000000000000180 r10 = 0xfffffffffffff04a r11 = 0x00007f40123256d0 Step #5: r12 = 0x00007ffeee8008a0 r13 = 0x000055bfbd27497c r14 = 0x0000000000000001 r15 = 0x000055bfbde67148 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV () Step #5: ==1753==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-814405981e7fa7fda4ecc1972c4748109635912b Step #5: MERGE-OUTER: attempt 167 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1706022048 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/814405981e7fa7fda4ecc1972c4748109635912b' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 702 processed earlier; will process 354 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1756==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x563750b2bbe3 (pc 0x7fe55065798c bp 0x7fffecde0a80 sp 0x7fffecde0a48 T1756) Step #5: ==1756==The signal is caused by a WRITE memory access. Step #5: #0 0x7fe55065798c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x563750bc15cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x563750bc15cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x563750bc2820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x563750bc2820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x563750bc2820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x563750bc2820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x563750bc553d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x563750bc553d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x563750bc50a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x563750b6219d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x563750b6b008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x563750b51ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x563750b7d9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fe5504f0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x563750b4559d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1756==Register values: Step #5: rax = 0x0000563750b2bbe3 rbx = 0x0000563750bd22b0 rcx = 0x0000000050b25294 rdx = 0x0000000000000018 Step #5: rdi = 0x0000563750b2bbe3 rsi = 0x00007fffecde0af0 rbp = 0x00007fffecde0a80 rsp = 0x00007fffecde0a48 Step #5: r8 = 0x000000000000a8cb r9 = 0x000000000000a8cb r10 = 0x000056375112d2d0 r11 = 0x00005637520c7340 Step #5: r12 = 0x0000000000000000 r13 = 0x0000000000005637 r14 = 0x0000000000000018 r15 = 0x0000563750bd22b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1756==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-b48dea87de8bf6fd4f6527fc9af8dbc6ff70838e Step #5: MERGE-OUTER: attempt 168 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1706073028 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/b48dea87de8bf6fd4f6527fc9af8dbc6ff70838e' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 707 processed earlier; will process 349 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1760==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fff5dec8790 (pc 0x7fff5dec8790 bp 0x7fff5dec8760 sp 0x7fff5dec8708 T1760) Step #5: #0 0x7fff5dec8790 () Step #5: #1 0x560b39b070b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x560b39b070b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x560b39aa419d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x560b39aad008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x560b39a93ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x560b39abf9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7efd59b55082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==1760==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-f9bf884d3e34ab1a40319d5fa73e639f40a04ebe Step #5: MERGE-OUTER: attempt 169 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1706122512 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/f9bf884d3e34ab1a40319d5fa73e639f40a04ebe' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 709 processed earlier; will process 347 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1764==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x562aa2deebd6 (pc 0x7fd58690498c bp 0x7ffcf1617ed0 sp 0x7ffcf1617e98 T1764) Step #5: ==1764==The signal is caused by a WRITE memory access. Step #5: #0 0x7fd58690498c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x562aa2e845cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x562aa2e845cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x562aa2e85820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x562aa2e85820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x562aa2e85820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x562aa2e85820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x562aa2e886d0 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x562aa2e886d0 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x562aa2e880a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x562aa2e2519d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x562aa2e2e008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x562aa2e14ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x562aa2e409f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fd58679d082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x562aa2e0859d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1764==Register values: Step #5: rax = 0x0000562aa2deebd6 rbx = 0x0000562aa2e952b0 rcx = 0x00000000a2de82a1 rdx = 0x0000000000000018 Step #5: rdi = 0x0000562aa2deebd6 rsi = 0x00007ffcf1617f40 rbp = 0x00007ffcf1617ed0 rsp = 0x00007ffcf1617e98 Step #5: r8 = 0x000000000000d8cb r9 = 0x000000000000d8cb r10 = 0x0000000000000008 r11 = 0x0000562aa51bb1bd Step #5: r12 = 0x00000000000000ff r13 = 0x000000000000562a r14 = 0x0000000000000018 r15 = 0x0000562aa2e952b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1764==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-62c7b6e332998c03b29e7b8ea02a0c2d1ab0e793 Step #5: MERGE-OUTER: attempt 170 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1706174840 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/62c7b6e332998c03b29e7b8ea02a0c2d1ab0e793' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 711 processed earlier; will process 345 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1768==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fff546a0ff8 (pc 0x56073ee38b64 bp 0x7fff54e9f450 sp 0x7fff546a1000 T1768) Step #5: #0 0x56073ee38b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x56073ee3c0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x56073ee3c0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x56073edd919d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x56073ede2008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x56073edc8ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x56073edf49f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f4e2d7a4082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x56073edbc59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1768==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-37630909356158662973a5bcf4b11e4eff950edc Step #5: MERGE-OUTER: attempt 171 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1706236050 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/37630909356158662973a5bcf4b11e4eff950edc' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 712 processed earlier; will process 344 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1772==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffea7aff260 (pc 0x7ffea7aff260 bp 0x7ffea7aff230 sp 0x7ffea7aff1d8 T1772) Step #5: #0 0x7ffea7aff260 () Step #5: #1 0x56138bb900b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x56138bb900b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x56138bb2d19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x56138bb36008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x56138bb1cce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x56138bb489f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f21d3053082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==1772==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-37443d9384a8f968568482907848ef73ce14fff3 Step #5: MERGE-OUTER: attempt 172 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1706285048 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/37443d9384a8f968568482907848ef73ce14fff3' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 715 processed earlier; will process 341 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1776==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55a68c3abb52 (pc 0x7f5fe720d98c bp 0x7ffc97a78ea0 sp 0x7ffc97a78e68 T1776) Step #5: ==1776==The signal is caused by a WRITE memory access. Step #5: #0 0x7f5fe720d98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55a68c4415cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55a68c4415cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55a68c442820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55a68c442820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55a68c442820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55a68c442820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55a68c44553d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55a68c44553d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55a68c4450a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55a68c3e219d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55a68c3eb008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55a68c3d1ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55a68c3fd9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f5fe70a6082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55a68c3c559d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1776==Register values: Step #5: rax = 0x000055a68c3abb52 rbx = 0x000055a68c4522b0 rcx = 0x000000008c3a5325 rdx = 0x0000000000000018 Step #5: rdi = 0x000055a68c3abb52 rsi = 0x00007ffc97a78f10 rbp = 0x00007ffc97a78ea0 rsp = 0x00007ffc97a78e68 Step #5: r8 = 0x000000000000a8cb r9 = 0x000000000000a8cb r10 = 0x000055a68c9ad2d0 r11 = 0x000055a68d044e90 Step #5: r12 = 0x0000000000000000 r13 = 0x00000000000055a6 r14 = 0x0000000000000018 r15 = 0x000055a68c4522b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1776==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-a51d7e7b030f551300d48a3da191395628ecc328 Step #5: MERGE-OUTER: attempt 173 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1706336354 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/a51d7e7b030f551300d48a3da191395628ecc328' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 723 processed earlier; will process 333 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1780==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x56218d0b9bcd (pc 0x7f2c6cb5298c bp 0x7ffe78639c80 sp 0x7ffe78639c48 T1780) Step #5: ==1780==The signal is caused by a WRITE memory access. Step #5: #0 0x7f2c6cb5298c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x56218d14f5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x56218d14f5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x56218d150820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x56218d150820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x56218d150820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x56218d150820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x56218d15353d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x56218d15353d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x56218d1530a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x56218d0f019d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x56218d0f9008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x56218d0dfce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x56218d10b9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f2c6c9eb082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x56218d0d359d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1780==Register values: Step #5: rax = 0x000056218d0b9bcd rbx = 0x000056218d1602b0 rcx = 0x000000008d0b32aa rdx = 0x0000000000000018 Step #5: rdi = 0x000056218d0b9bcd rsi = 0x00007ffe78639cf0 rbp = 0x00007ffe78639c80 rsp = 0x00007ffe78639c48 Step #5: r8 = 0x00000000000088cb r9 = 0x00000000000088cb r10 = 0x000056218d6bb2d0 r11 = 0x00007f2c6cbb3be0 Step #5: r12 = 0x000056218e5c23c0 r13 = 0x0000000000005621 r14 = 0x0000000000000018 r15 = 0x000056218d1602b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1780==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-3d7fb9d1916f627967db3fa7732bc67bbf014ec4 Step #5: MERGE-OUTER: attempt 174 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1706387810 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/3d7fb9d1916f627967db3fa7732bc67bbf014ec4' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 727 processed earlier; will process 329 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1784==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffd6cae6e90 (pc 0x7ffd6cae6e90 bp 0x7ffd6cae6e60 sp 0x7ffd6cae6e08 T1784) Step #5: #0 0x7ffd6cae6e90 () Step #5: #1 0x55abfe9260b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55abfe9260b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55abfe8c319d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55abfe8cc008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55abfe8b2ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55abfe8de9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fbfbb058082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==1784==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-3241fe2e932d89e4b1ab3d71bd580a1fa3f73bee Step #5: MERGE-OUTER: attempt 175 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1706437653 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/3241fe2e932d89e4b1ab3d71bd580a1fa3f73bee' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 730 processed earlier; will process 326 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1788==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fff66018770 (pc 0x7fff66018770 bp 0x7fff66018740 sp 0x7fff660186e8 T1788) Step #5: #0 0x7fff66018770 () Step #5: #1 0x55a0681a80b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55a0681a80b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55a06814519d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55a06814e008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55a068134ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55a0681609f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f5365197082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==1788==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-f13f58e324536a0944a09e91b2b502ec9e5a8719 Step #5: MERGE-OUTER: attempt 176 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1706487107 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/f13f58e324536a0944a09e91b2b502ec9e5a8719' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 741 processed earlier; will process 315 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1792==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55dcb98012bd (pc 0x7fdf4de0098c bp 0x7fff9c7aafa0 sp 0x7fff9c7aaf68 T1792) Step #5: ==1792==The signal is caused by a WRITE memory access. Step #5: #0 0x7fdf4de0098c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55dcb989a5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55dcb989a5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55dcb989b820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55dcb989b820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55dcb989b820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55dcb989b820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55dcb989e53d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55dcb989e53d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55dcb989e0a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55dcb983b19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55dcb9844008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55dcb982ace9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55dcb98569f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fdf4dc99082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55dcb981e59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1792==Register values: Step #5: rax = 0x000055dcb98012bd rbx = 0x000055dcb98ab2b0 rcx = 0x00000000b9801bba rdx = 0x0000000000000018 Step #5: rdi = 0x000055dcb98012bd rsi = 0x00007fff9c7ab010 rbp = 0x00007fff9c7aafa0 rsp = 0x00007fff9c7aaf68 Step #5: r8 = 0x00000000000038cb r9 = 0x00000000000038cb r10 = 0x000055dcb9e062d0 r11 = 0x000055dcbb107a7e Step #5: r12 = 0x000055dcbb107480 r13 = 0x00000000000055dc r14 = 0x0000000000000018 r15 = 0x000055dcb98ab2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1792==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-82d48bd4162dfc5053f43f3a10a52bc6e9d9f692 Step #5: MERGE-OUTER: attempt 177 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1706538763 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/82d48bd4162dfc5053f43f3a10a52bc6e9d9f692' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 744 processed earlier; will process 312 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1796==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe7d696ff8 (pc 0x55b14499db64 bp 0x7ffe7de94310 sp 0x7ffe7d697000 T1796) Step #5: #0 0x55b14499db64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55b1449a10b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55b1449a10b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55b14493e19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55b144947008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55b14492dce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55b1449599f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f4b47a96082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55b14492159d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1796==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-57824997b416dc9e0da0bb5adb492201f195c82d Step #5: MERGE-OUTER: attempt 178 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1706599346 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/57824997b416dc9e0da0bb5adb492201f195c82d' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 746 processed earlier; will process 310 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1800==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffc4be4dff8 (pc 0x556dd69d3b64 bp 0x7ffc4c64c1e0 sp 0x7ffc4be4e000 T1800) Step #5: #0 0x556dd69d3b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x556dd69d70b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x556dd69d70b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x556dd697419d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x556dd697d008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x556dd6963ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x556dd698f9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7ff422541082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x556dd695759d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1800==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-38e5e6a6f41c5ef8f09a82f6962dcea7d2beee80 Step #5: MERGE-OUTER: attempt 179 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1706659349 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/38e5e6a6f41c5ef8f09a82f6962dcea7d2beee80' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 747 processed earlier; will process 309 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1804==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffd2bd73ff8 (pc 0x5637ed5bdb64 bp 0x7ffd2c572bb0 sp 0x7ffd2bd74000 T1804) Step #5: #0 0x5637ed5bdb64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x5637ed5c10b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x5637ed5c10b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x5637ed55e19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x5637ed567008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x5637ed54dce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x5637ed5799f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fa00df9a082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x5637ed54159d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1804==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-bda60729627c5a2a8b4fbbe329c173db22c72708 Step #5: MERGE-OUTER: attempt 180 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1706720229 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/bda60729627c5a2a8b4fbbe329c173db22c72708' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 748 processed earlier; will process 308 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1808==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5574df1c1255 (pc 0x7f285686398c bp 0x7ffd11abe9e0 sp 0x7ffd11abe9a8 T1808) Step #5: ==1808==The signal is caused by a WRITE memory access. Step #5: #0 0x7f285686398c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x5574df25a5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x5574df25a5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x5574df25b820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x5574df25b820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x5574df25b820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x5574df25b820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x5574df25e53d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x5574df25e53d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x5574df25e0a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x5574df1fb19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x5574df204008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x5574df1eace9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5574df2169f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f28566fc082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x5574df1de59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1808==Register values: Step #5: rax = 0x00005574df1c1255 rbx = 0x00005574df26b2b0 rcx = 0x00000000df1c1c22 rdx = 0x0000000000000018 Step #5: rdi = 0x00005574df1c1255 rsi = 0x00007ffd11abea50 rbp = 0x00007ffd11abe9e0 rsp = 0x00007ffd11abe9a8 Step #5: r8 = 0x00000000000038cb r9 = 0x00000000000038cb r10 = 0x00005574df7c62d0 r11 = 0x00005574e0c2748c Step #5: r12 = 0x0000000000000000 r13 = 0x0000000000005574 r14 = 0x0000000000000018 r15 = 0x00005574df26b2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1808==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-0cea21753f7dbc5ca68adf492cb168cab13f5781 Step #5: MERGE-OUTER: attempt 181 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1706770771 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/0cea21753f7dbc5ca68adf492cb168cab13f5781' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 750 processed earlier; will process 306 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1812==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe36d8bff8 (pc 0x560fa9cd5b64 bp 0x7ffe37589790 sp 0x7ffe36d8c000 T1812) Step #5: #0 0x560fa9cd5b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x560fa9cd90b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x560fa9cd90b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x560fa9c7619d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x560fa9c7f008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x560fa9c65ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x560fa9c919f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fc3642f5082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x560fa9c5959d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1812==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-3a4ffc5b91368966b8bb587cad19e4aee0692a60 Step #5: MERGE-OUTER: attempt 182 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1706832071 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/3a4ffc5b91368966b8bb587cad19e4aee0692a60' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 753 processed earlier; will process 303 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1816==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe43e91ff8 (pc 0x55a82c2b2b64 bp 0x7ffe4468fa30 sp 0x7ffe43e92000 T1816) Step #5: #0 0x55a82c2b2b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55a82c2b60b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55a82c2b60b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55a82c25319d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55a82c25c008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55a82c242ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55a82c26e9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f278bdd0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55a82c23659d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1816==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-8807687b1bc94f1bbb6daef857af038083f6d7c8 Step #5: MERGE-OUTER: attempt 183 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1706892037 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/8807687b1bc94f1bbb6daef857af038083f6d7c8' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 757 processed earlier; will process 299 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1820==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x56140779bbc0 (pc 0x7f9e931ea98c bp 0x7ffcc1558fb0 sp 0x7ffcc1558f78 T1820) Step #5: ==1820==The signal is caused by a WRITE memory access. Step #5: #0 0x7f9e931ea98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x5614078315cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x5614078315cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x561407832820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x561407832820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x561407832820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x561407832820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x5614078356d0 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x5614078356d0 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x5614078350a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x5614077d219d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x5614077db008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x5614077c1ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5614077ed9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f9e93083082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x5614077b559d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1820==Register values: Step #5: rax = 0x000056140779bbc0 rbx = 0x00005614078422b0 rcx = 0x00000000077952b7 rdx = 0x0000000000000018 Step #5: rdi = 0x000056140779bbc0 rsi = 0x00007ffcc1559020 rbp = 0x00007ffcc1558fb0 rsp = 0x00007ffcc1558f78 Step #5: r8 = 0x000000000000a8cb r9 = 0x0000561407d9d2d0 r10 = 0x0000561407d9d2d0 r11 = 0x0000561409d4e4fd Step #5: r12 = 0x000000000000000f r13 = 0x0000000000005614 r14 = 0x0000000000000018 r15 = 0x00005614078422b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1820==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-0a454fd69acf76a5b851ded3e861b3b99f05c527 Step #5: MERGE-OUTER: attempt 184 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1706942731 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/0a454fd69acf76a5b851ded3e861b3b99f05c527' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 759 processed earlier; will process 297 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1824==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe6d281ff8 (pc 0x55d2e6c13b64 bp 0x7ffe6da7f250 sp 0x7ffe6d282000 T1824) Step #5: #0 0x55d2e6c13b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55d2e6c170b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55d2e6c170b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55d2e6bb419d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55d2e6bbd008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55d2e6ba3ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55d2e6bcf9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fb6edc3a082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55d2e6b9759d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1824==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-5de80cc63c77ef9fe2612b0d74613976ecbaeade Step #5: MERGE-OUTER: attempt 185 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1707004401 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/5de80cc63c77ef9fe2612b0d74613976ecbaeade' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 762 processed earlier; will process 294 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1828==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55bb20117b67 (pc 0x7f012009e98c bp 0x7ffdbf2d1cd0 sp 0x7ffdbf2d1c98 T1828) Step #5: ==1828==The signal is caused by a WRITE memory access. Step #5: #0 0x7f012009e98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55bb201ad5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55bb201ad5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55bb201ae820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55bb201ae820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55bb201ae820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55bb201ae820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55bb201b153d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55bb201b153d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55bb201b10a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55bb2014e19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55bb20157008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55bb2013dce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55bb201699f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f011ff37082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55bb2013159d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1828==Register values: Step #5: rax = 0x000055bb20117b67 rbx = 0x000055bb201be2b0 rcx = 0x0000000020111310 rdx = 0x0000000000000018 Step #5: rdi = 0x000055bb20117b67 rsi = 0x00007ffdbf2d1d40 rbp = 0x00007ffdbf2d1cd0 rsp = 0x00007ffdbf2d1c98 Step #5: r8 = 0x00000000000068cb r9 = 0x00000000000068cb r10 = 0x000055bb207192d0 r11 = 0x00007f011ffad6d0 Step #5: r12 = 0x000055bb21bed5b0 r13 = 0x00000000000055bb r14 = 0x0000000000000018 r15 = 0x000055bb201be2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1828==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-2174e66dc7b763442f575fc065090079e5f1f798 Step #5: MERGE-OUTER: attempt 186 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1707055326 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/2174e66dc7b763442f575fc065090079e5f1f798' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 763 processed earlier; will process 293 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1832==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe3265cff8 (pc 0x55bd1c6bdb64 bp 0x7ffe32e5b0b0 sp 0x7ffe3265d000 T1832) Step #5: #0 0x55bd1c6bdb64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55bd1c6c10b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55bd1c6c10b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55bd1c65e19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55bd1c667008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55bd1c64dce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55bd1c6799f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f2893709082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55bd1c64159d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1832==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-e111a9017a198a3bdfaf67092309568318d17b17 Step #5: MERGE-OUTER: attempt 187 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1707115637 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/e111a9017a198a3bdfaf67092309568318d17b17' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 764 processed earlier; will process 292 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1836==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5573c6b6bb1f (pc 0x7fabeb69498c bp 0x7fff760fabf0 sp 0x7fff760fabb8 T1836) Step #5: ==1836==The signal is caused by a WRITE memory access. Step #5: #0 0x7fabeb69498c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x5573c6c015cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x5573c6c015cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x5573c6c02820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x5573c6c02820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x5573c6c02820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x5573c6c02820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x5573c6c056d0 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x5573c6c056d0 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x5573c6c050a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x5573c6ba219d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x5573c6bab008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x5573c6b91ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5573c6bbd9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fabeb52d082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x5573c6b8559d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1836==Register values: Step #5: rax = 0x00005573c6b6bb1f rbx = 0x00005573c6c122b0 rcx = 0x00000000c6b65358 rdx = 0x0000000000000018 Step #5: rdi = 0x00005573c6b6bb1f rsi = 0x00007fff760fac60 rbp = 0x00007fff760fabf0 rsp = 0x00007fff760fabb8 Step #5: r8 = 0x000000000000a8cb r9 = 0x00005573c716d2d0 r10 = 0x00005573c716d2d0 r11 = 0x00005573c8affdf3 Step #5: r12 = 0x00000000000000ff r13 = 0x0000000000005573 r14 = 0x0000000000000018 r15 = 0x00005573c6c122b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1836==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-3997dfdbc9a429679c417fc53abf75d933a54d0e Step #5: MERGE-OUTER: attempt 188 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1707165912 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/3997dfdbc9a429679c417fc53abf75d933a54d0e' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 767 processed earlier; will process 289 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1840==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55af32381290 (pc 0x7f6a066d698c bp 0x7ffedf861260 sp 0x7ffedf861228 T1840) Step #5: ==1840==The signal is caused by a WRITE memory access. Step #5: #0 0x7f6a066d698c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55af3241b5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55af3241b5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55af3241c820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55af3241c820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55af3241c820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55af3241c820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55af3241f53d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55af3241f53d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55af3241f0a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55af323bc19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55af323c5008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55af323abce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55af323d79f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f6a0656f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55af3239f59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1840==Register values: Step #5: rax = 0x000055af32381290 rbx = 0x000055af3242c2b0 rcx = 0x0000000032383be7 rdx = 0x0000000000000018 Step #5: rdi = 0x000055af32381290 rsi = 0x00007ffedf8612d0 rbp = 0x00007ffedf861260 rsp = 0x00007ffedf861228 Step #5: r8 = 0x00000000000048cb r9 = 0x00000000000048cb r10 = 0x000055af329872d0 r11 = 0x000055af332ca3cd Step #5: r12 = 0x0000000000000000 r13 = 0x00000000000055af r14 = 0x0000000000000018 r15 = 0x000055af3242c2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1840==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-fcc4fda2478820974d49bcdc801c31f576a363b6 Step #5: MERGE-OUTER: attempt 189 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1707216954 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/fcc4fda2478820974d49bcdc801c31f576a363b6' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 769 processed earlier; will process 287 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1844==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe8af26ff8 (pc 0x55d343e01b64 bp 0x7ffe8b725720 sp 0x7ffe8af27000 T1844) Step #5: #0 0x55d343e01b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55d343e050b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55d343e050b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55d343da219d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55d343dab008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55d343d91ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55d343dbd9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7ff307bb7082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55d343d8559d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1844==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-17ec1cc06124cd0fc729c836e7ea3ba859fcc48f Step #5: MERGE-OUTER: attempt 190 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1707277577 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/17ec1cc06124cd0fc729c836e7ea3ba859fcc48f' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 772 processed earlier; will process 284 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1848==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe9fbdaff8 (pc 0x556062fb9b64 bp 0x7ffea03d9140 sp 0x7ffe9fbdb000 T1848) Step #5: #0 0x556062fb9b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x556062fbd0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x556062fbd0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x556062f5a19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x556062f63008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x556062f49ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x556062f759f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f684a053082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x556062f3d59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1848==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-2d9848c66e64a3ded67ca6dd39c2a8f0e856f14c Step #5: MERGE-OUTER: attempt 191 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1707338633 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/2d9848c66e64a3ded67ca6dd39c2a8f0e856f14c' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 775 processed earlier; will process 281 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1852==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55b6b857db62 (pc 0x7f14a1d3398c bp 0x7ffdeb201110 sp 0x7ffdeb2010d8 T1852) Step #5: ==1852==The signal is caused by a WRITE memory access. Step #5: #0 0x7f14a1d3398c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55b6b86135cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55b6b86135cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55b6b8614820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55b6b8614820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55b6b8614820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55b6b8614820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55b6b86176d0 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x55b6b86176d0 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x55b6b86170a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55b6b85b419d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55b6b85bd008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55b6b85a3ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55b6b85cf9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f14a1bcc082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55b6b859759d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1852==Register values: Step #5: rax = 0x000055b6b857db62 rbx = 0x000055b6b86242b0 rcx = 0x00000000b8577315 rdx = 0x0000000000000018 Step #5: rdi = 0x000055b6b857db62 rsi = 0x00007ffdeb201180 rbp = 0x00007ffdeb201110 rsp = 0x00007ffdeb2010d8 Step #5: r8 = 0x000000000000c8cb r9 = 0x000055b6b8b7f2d0 r10 = 0x000055b6b8b7f2d0 r11 = 0x000055b6b9f47613 Step #5: r12 = 0x0000000000000001 r13 = 0x00000000000055b6 r14 = 0x0000000000000018 r15 = 0x000055b6b86242b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1852==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-068523d217566a63b251f8a56298742348f4fc66 Step #5: MERGE-OUTER: attempt 192 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1707390795 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/068523d217566a63b251f8a56298742348f4fc66' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 781 processed earlier; will process 275 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1856==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55807516cb2c (pc 0x7ff1ee23b98c bp 0x7ffc4c60de80 sp 0x7ffc4c60de48 T1856) Step #5: ==1856==The signal is caused by a WRITE memory access. Step #5: #0 0x7ff1ee23b98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x5580752025cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x5580752025cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x558075203820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x558075203820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x558075203820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x558075203820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x5580752066d0 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x5580752066d0 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x5580752060a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x5580751a319d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x5580751ac008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x558075192ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5580751be9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7ff1ee0d4082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55807518659d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1856==Register values: Step #5: rax = 0x000055807516cb2c rbx = 0x00005580752132b0 rcx = 0x000000007516634b rdx = 0x0000000000000018 Step #5: rdi = 0x000055807516cb2c rsi = 0x00007ffc4c60def0 rbp = 0x00007ffc4c60de80 rsp = 0x00007ffc4c60de48 Step #5: r8 = 0x000000000000b8cb r9 = 0x000055807576e2d0 r10 = 0x000055807576e2d0 r11 = 0x0000558075b0a4e3 Step #5: r12 = 0x0000000000000060 r13 = 0x0000000000005580 r14 = 0x0000000000000018 r15 = 0x00005580752132b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1856==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-c49ba8f5bcb98b3dc041c81e17855aec824020dc Step #5: MERGE-OUTER: attempt 193 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1707441422 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/c49ba8f5bcb98b3dc041c81e17855aec824020dc' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 783 processed earlier; will process 273 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1860==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe2aaa8ff8 (pc 0x55ab476ddb64 bp 0x7ffe2b2a66b0 sp 0x7ffe2aaa9000 T1860) Step #5: #0 0x55ab476ddb64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55ab476e10b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55ab476e10b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55ab4767e19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55ab47687008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55ab4766dce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55ab476999f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fb8af654082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55ab4766159d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1860==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-81e37a897a6b49bb05898405f7ff3fd38ab956a3 Step #5: MERGE-OUTER: attempt 194 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1707501614 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/81e37a897a6b49bb05898405f7ff3fd38ab956a3' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 784 processed earlier; will process 272 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1864==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffdf3d3cb30 (pc 0x7ffdf3d3cb30 bp 0x7ffdf3d3cb00 sp 0x7ffdf3d3caa8 T1864) Step #5: #0 0x7ffdf3d3cb30 () Step #5: #1 0x55a03bcc80b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55a03bcc80b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55a03bc6519d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55a03bc6e008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55a03bc54ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55a03bc809f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f8d6d81f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==1864==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-957ee540952650a8152518ee7476ce5d0bffa2e7 Step #5: MERGE-OUTER: attempt 195 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1707551192 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/957ee540952650a8152518ee7476ce5d0bffa2e7' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 786 processed earlier; will process 270 files now Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./timeout-9bc7c0f008c168b14b6c6107d25104341f9f9e24 Step #5: ==1868== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x5647ae827034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x5647ae7e4178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x5647ae7c7a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7f71603e708f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x5647ae828a06 in tud_task_ext /src/tinyusb/src/device/usbd.c Step #5: #5 0x5647ae82c0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #6 0x5647ae82c0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #7 0x5647ae7c919d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #8 0x5647ae7d2008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #9 0x5647ae7b8ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #10 0x5647ae7e49f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #11 0x7f71603c8082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #12 0x5647ae7ac59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 196 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1809600207 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/9bc7c0f008c168b14b6c6107d25104341f9f9e24' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 787 processed earlier; will process 269 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1872==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffde2c7bff8 (pc 0x55e7b949db64 bp 0x7ffde347a870 sp 0x7ffde2c7c000 T1872) Step #5: #0 0x55e7b949db64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55e7b94a10b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55e7b94a10b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55e7b943e19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55e7b9447008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55e7b942dce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55e7b94599f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f4d62758082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55e7b942159d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1872==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-66c52f99b017fe8868cd473905d862904b7c10b3 Step #5: MERGE-OUTER: attempt 197 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1809658958 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/66c52f99b017fe8868cd473905d862904b7c10b3' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 788 processed earlier; will process 268 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1876==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe2ec7ce70 (pc 0x7ffe2ec7ce70 bp 0x7ffe2ec7ce40 sp 0x7ffe2ec7cde8 T1876) Step #5: #0 0x7ffe2ec7ce70 () Step #5: #1 0x55f8d583e0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55f8d583e0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55f8d57db19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55f8d57e4008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55f8d57cace9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55f8d57f69f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fc319f01082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==1876==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-8b93bed9d11de9a8c77d679ccc67efaa287ce0ce Step #5: MERGE-OUTER: attempt 198 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1809707144 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/8b93bed9d11de9a8c77d679ccc67efaa287ce0ce' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 790 processed earlier; will process 266 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1880==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe79669ff8 (pc 0x55770ac89b64 bp 0x7ffe79e67090 sp 0x7ffe7966a000 T1880) Step #5: #0 0x55770ac89b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55770ac8d0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55770ac8d0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55770ac2a19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55770ac33008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55770ac19ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55770ac459f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f1ad62a3082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55770ac0d59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1880==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-6f58bbe2ee2b9d2b945696ae1f3daa7434083ee7 Step #5: MERGE-OUTER: attempt 199 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1809765863 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/6f58bbe2ee2b9d2b945696ae1f3daa7434083ee7' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 791 processed earlier; will process 265 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1884==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5634e087bbe0 (pc 0x7f1a9215c98c bp 0x7ffc22aec840 sp 0x7ffc22aec808 T1884) Step #5: ==1884==The signal is caused by a WRITE memory access. Step #5: #0 0x7f1a9215c98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x5634e09115cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x5634e09115cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x5634e0912820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x5634e0912820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x5634e0912820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x5634e0912820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x5634e091553d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x5634e091553d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x5634e09150a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x5634e08b219d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x5634e08bb008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x5634e08a1ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5634e08cd9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f1a91ff5082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x5634e089559d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1884==Register values: Step #5: rax = 0x00005634e087bbe0 rbx = 0x00005634e09222b0 rcx = 0x00000000e0875297 rdx = 0x0000000000000018 Step #5: rdi = 0x00005634e087bbe0 rsi = 0x00007ffc22aec8b0 rbp = 0x00007ffc22aec840 rsp = 0x00007ffc22aec808 Step #5: r8 = 0x000000000000a8cb r9 = 0x000000000000a8cb r10 = 0x00005634e0e7d2d0 r11 = 0x00005634e1495939 Step #5: r12 = 0x0000000000000000 r13 = 0x0000000000005634 r14 = 0x0000000000000018 r15 = 0x00005634e09222b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1884==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-730025f3e25d0f520f1d3f31782f695ea1f704d9 Step #5: MERGE-OUTER: attempt 200 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1809816062 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/730025f3e25d0f520f1d3f31782f695ea1f704d9' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 797 processed earlier; will process 259 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1888==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55d44ee6fb80 (pc 0x7f4cd1d4798c bp 0x7ffd2b844360 sp 0x7ffd2b844328 T1888) Step #5: ==1888==The signal is caused by a WRITE memory access. Step #5: #0 0x7f4cd1d4798c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55d44ef055cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55d44ef055cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55d44ef06820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55d44ef06820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55d44ef06820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55d44ef06820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55d44ef0953d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55d44ef0953d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55d44ef090a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55d44eea619d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55d44eeaf008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55d44ee95ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55d44eec19f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f4cd1be0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55d44ee8959d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1888==Register values: Step #5: rax = 0x000055d44ee6fb80 rbx = 0x000055d44ef162b0 rcx = 0x000000004ee692f7 rdx = 0x0000000000000018 Step #5: rdi = 0x000055d44ee6fb80 rsi = 0x00007ffd2b8443d0 rbp = 0x00007ffd2b844360 rsp = 0x00007ffd2b844328 Step #5: r8 = 0x000000000000e8cb r9 = 0x000000000000e8cb r10 = 0x000055d44f4712d0 r11 = 0x000055d450eb2290 Step #5: r12 = 0x0000000000000000 r13 = 0x00000000000055d4 r14 = 0x0000000000000018 r15 = 0x000055d44ef162b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1888==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-58e9735547891e4d3f9e740e06383c9fff803e57 Step #5: MERGE-OUTER: attempt 201 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1809866062 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/58e9735547891e4d3f9e740e06383c9fff803e57' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 809 processed earlier; will process 247 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1892==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5611d9ef8bbd (pc 0x7f5bf567a98c bp 0x7ffc3b79f3b0 sp 0x7ffc3b79f378 T1892) Step #5: ==1892==The signal is caused by a WRITE memory access. Step #5: #0 0x7f5bf567a98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x5611d9f8e5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x5611d9f8e5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x5611d9f8f820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x5611d9f8f820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x5611d9f8f820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x5611d9f8f820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x5611d9f9253d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x5611d9f9253d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x5611d9f920a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x5611d9f2f19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x5611d9f38008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x5611d9f1ece9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5611d9f4a9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f5bf5513082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x5611d9f1259d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1892==Register values: Step #5: rax = 0x00005611d9ef8bbd rbx = 0x00005611d9f9f2b0 rcx = 0x00000000d9ef22ba rdx = 0x0000000000000018 Step #5: rdi = 0x00005611d9ef8bbd rsi = 0x00007ffc3b79f420 rbp = 0x00007ffc3b79f3b0 rsp = 0x00007ffc3b79f378 Step #5: r8 = 0x00000000000078cb r9 = 0x00000000000078cb r10 = 0x0000000000000008 r11 = 0x00005611db6dee90 Step #5: r12 = 0x0000000000000000 r13 = 0x0000000000005611 r14 = 0x0000000000000018 r15 = 0x00005611d9f9f2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1892==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-8ef8f952bfe022f5aad8c38978427fb654ecac4d Step #5: MERGE-OUTER: attempt 202 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1809916001 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/8ef8f952bfe022f5aad8c38978427fb654ecac4d' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 813 processed earlier; will process 243 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1896==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe0e15cff8 (pc 0x555def93eb64 bp 0x7ffe0e95a570 sp 0x7ffe0e15d000 T1896) Step #5: #0 0x555def93eb64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x555def9420b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x555def9420b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x555def8df19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x555def8e8008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x555def8cece9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x555def8fa9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fa7c8e12082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x555def8c259d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1896==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-a68bb6d81e1c42fe874863d44350a4d4a17066b0 Step #5: MERGE-OUTER: attempt 203 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1809974920 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/a68bb6d81e1c42fe874863d44350a4d4a17066b0' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 814 processed earlier; will process 242 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1900==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55733e1b8b1f (pc 0x7fca8b96398c bp 0x7fffd6e01080 sp 0x7fffd6e01048 T1900) Step #5: ==1900==The signal is caused by a WRITE memory access. Step #5: #0 0x7fca8b96398c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55733e24e5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55733e24e5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55733e24f820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55733e24f820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55733e24f820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55733e24f820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55733e25253d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55733e25253d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55733e2520a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55733e1ef19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55733e1f8008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55733e1dece9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55733e20a9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fca8b7fc082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55733e1d259d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1900==Register values: Step #5: rax = 0x000055733e1b8b1f rbx = 0x000055733e25f2b0 rcx = 0x000000003e1b2358 rdx = 0x0000000000000018 Step #5: rdi = 0x000055733e1b8b1f rsi = 0x00007fffd6e010f0 rbp = 0x00007fffd6e01080 rsp = 0x00007fffd6e01048 Step #5: r8 = 0x00000000000078cb r9 = 0x00000000000078cb r10 = 0x000055733e7ba2d0 r11 = 0x00005573403169d8 Step #5: r12 = 0x00005573402ee770 r13 = 0x0000000000005573 r14 = 0x0000000000000018 r15 = 0x000055733e25f2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1900==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-7f1f8a6257f053bb8adca027c675e42156ed9041 Step #5: MERGE-OUTER: attempt 204 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1810024700 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/7f1f8a6257f053bb8adca027c675e42156ed9041' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 816 processed earlier; will process 240 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1904==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffc1e4aeff8 (pc 0x5583aa3a1b64 bp 0x7ffc1ecacad0 sp 0x7ffc1e4af000 T1904) Step #5: #0 0x5583aa3a1b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x5583aa3a50b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x5583aa3a50b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x5583aa34219d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x5583aa34b008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x5583aa331ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x5583aa35d9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f9005c4e082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x5583aa32559d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1904==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-c189f151db264f16d1329938435f9b72739dadac Step #5: MERGE-OUTER: attempt 205 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1810084663 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/c189f151db264f16d1329938435f9b72739dadac' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 818 processed earlier; will process 238 files now Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./timeout-b3c2430f6ff41c3c9d173eff9606160b378e5a92 Step #5: ==1908== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x5631830f8034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x5631830b5178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x563183098a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7fdfedd0308f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x5631830f93ac in advance_index /src/tinyusb/src/common/tusb_fifo.c Step #5: #5 0x5631830f93ac in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:510:15 Step #5: #6 0x5631830f9a49 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #7 0x5631830f9a49 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #8 0x5631830f9a49 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #9 0x5631830fd0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #10 0x5631830fd0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #11 0x56318309a19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #12 0x5631830a3008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #13 0x563183089ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #14 0x5631830b59f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #15 0x7fdfedce4082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #16 0x56318307d59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 206 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 1912133810 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/b3c2430f6ff41c3c9d173eff9606160b378e5a92' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 819 processed earlier; will process 237 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./timeout-6ce64985661e9a642858647f799af7106d08685c Step #5: ==1912== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x55faf9ef8034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x55faf9eb5178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x55faf9e98a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7f48ec6f608f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x55faf9ef93da in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:510:13 Step #5: #5 0x55faf9ef9a49 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #6 0x55faf9ef9a49 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #7 0x55faf9ef9a49 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #8 0x55faf9efd0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #9 0x55faf9efd0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #10 0x55faf9e9a19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55faf9ea3008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55faf9e89ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55faf9eb59f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f48ec6d7082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55faf9e7d59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 207 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2014182042 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/6ce64985661e9a642858647f799af7106d08685c' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 821 processed earlier; will process 235 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1916==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffcd5872ff8 (pc 0x55cfd5164b64 bp 0x7ffcd606fe10 sp 0x7ffcd5873000 T1916) Step #5: #0 0x55cfd5164b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55cfd51680b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55cfd51680b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55cfd510519d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55cfd510e008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55cfd50f4ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55cfd51209f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f74e7ce0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55cfd50e859d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1916==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-7ddd711e6a74d61d1bb0ad617caf60f1e5266831 Step #5: MERGE-OUTER: attempt 208 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2014239949 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/7ddd711e6a74d61d1bb0ad617caf60f1e5266831' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 822 processed earlier; will process 234 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1920==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fffe4798ff8 (pc 0x55c365d6eb64 bp 0x7fffe4f97350 sp 0x7fffe4799000 T1920) Step #5: #0 0x55c365d6eb64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55c365d720b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55c365d720b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55c365d0f19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55c365d18008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55c365cfece9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55c365d2a9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fee1a1ff082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55c365cf259d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1920==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-b1fc1db2c02dfb88f87bc6a7697363ad895c8b37 Step #5: MERGE-OUTER: attempt 209 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2014299123 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/b1fc1db2c02dfb88f87bc6a7697363ad895c8b37' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 823 processed earlier; will process 233 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1924==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x561f4da40bcb (pc 0x7fa65d82798c bp 0x7fffc04a5830 sp 0x7fffc04a57f8 T1924) Step #5: ==1924==The signal is caused by a WRITE memory access. Step #5: #0 0x7fa65d82798c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x561f4dad65cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x561f4dad65cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x561f4dad7820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x561f4dad7820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x561f4dad7820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x561f4dad7820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x561f4dada53d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x561f4dada53d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x561f4dada0a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x561f4da7719d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x561f4da80008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x561f4da66ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x561f4da929f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fa65d6c0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x561f4da5a59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1924==Register values: Step #5: rax = 0x0000561f4da40bcb rbx = 0x0000561f4dae72b0 rcx = 0x000000004da3a2ac rdx = 0x0000000000000018 Step #5: rdi = 0x0000561f4da40bcb rsi = 0x00007fffc04a58a0 rbp = 0x00007fffc04a5830 rsp = 0x00007fffc04a57f8 Step #5: r8 = 0x000000000000f8cb r9 = 0x000000000000f8cb r10 = 0x0000561f4e0422d0 r11 = 0x00007fa65d7366d0 Step #5: r12 = 0x0000000000000000 r13 = 0x000000000000561f r14 = 0x0000000000000018 r15 = 0x0000561f4dae72b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1924==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-39f1731dedda5a7435794d4814f6d33bffd7c55a Step #5: MERGE-OUTER: attempt 210 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2014348035 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/39f1731dedda5a7435794d4814f6d33bffd7c55a' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 824 processed earlier; will process 232 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1928==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe0314eff8 (pc 0x5618fa69cb64 bp 0x7ffe0394c2e0 sp 0x7ffe0314f000 T1928) Step #5: #0 0x5618fa69cb64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x5618fa6a00b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x5618fa6a00b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x5618fa63d19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x5618fa646008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x5618fa62cce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x5618fa6589f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f96265e0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x5618fa62059d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1928==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-16efa240cbf9e717678b8d63a305a224e2f149ae Step #5: MERGE-OUTER: attempt 211 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2014405853 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/16efa240cbf9e717678b8d63a305a224e2f149ae' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 825 processed earlier; will process 231 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1932==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5633fecffbdf (pc 0x7fa58a84b98c bp 0x7fffd170d9a0 sp 0x7fffd170d968 T1932) Step #5: ==1932==The signal is caused by a WRITE memory access. Step #5: #0 0x7fa58a84b98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x5633fed955cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x5633fed955cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x5633fed96820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x5633fed96820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x5633fed96820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x5633fed96820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x5633fed9953d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x5633fed9953d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x5633fed990a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x5633fed3619d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x5633fed3f008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x5633fed25ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5633fed519f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fa58a6e4082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x5633fed1959d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1932==Register values: Step #5: rax = 0x00005633fecffbdf rbx = 0x00005633feda62b0 rcx = 0x00000000fecf9298 rdx = 0x0000000000000018 Step #5: rdi = 0x00005633fecffbdf rsi = 0x00007fffd170da10 rbp = 0x00007fffd170d9a0 rsp = 0x00007fffd170d968 Step #5: r8 = 0x000000000000e8cb r9 = 0x000000000000e8cb r10 = 0x00005633ff3012d0 r11 = 0x00005633ff598722 Step #5: r12 = 0x00005633ff5c05b0 r13 = 0x0000000000005633 r14 = 0x0000000000000018 r15 = 0x00005633feda62b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1932==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-cf7f4fbd305811096501e07c22512f706a1d4a7b Step #5: MERGE-OUTER: attempt 212 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2014454662 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/cf7f4fbd305811096501e07c22512f706a1d4a7b' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 826 processed earlier; will process 230 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1936==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffedc2b9ff8 (pc 0x55881898bb64 bp 0x7ffedcab8800 sp 0x7ffedc2ba000 T1936) Step #5: #0 0x55881898bb64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55881898f0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55881898f0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55881892c19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x558818935008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55881891bce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x5588189479f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fc4f84fc082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55881890f59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1936==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-672e4d5f61189965677165e7c1dab056e05bb2f0 Step #5: MERGE-OUTER: attempt 213 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2014513494 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/672e4d5f61189965677165e7c1dab056e05bb2f0' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 832 processed earlier; will process 224 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1940==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x56117d0bdbbd (pc 0x7fac61d0498c bp 0x7ffde4ea74f0 sp 0x7ffde4ea74b8 T1940) Step #5: ==1940==The signal is caused by a WRITE memory access. Step #5: #0 0x7fac61d0498c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x56117d1535cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x56117d1535cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x56117d154820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x56117d154820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x56117d154820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x56117d154820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x56117d15753d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x56117d15753d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x56117d1570a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x56117d0f419d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x56117d0fd008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x56117d0e3ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x56117d10f9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fac61b9d082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x56117d0d759d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1940==Register values: Step #5: rax = 0x000056117d0bdbbd rbx = 0x000056117d1642b0 rcx = 0x000000007d0b72ba rdx = 0x0000000000000018 Step #5: rdi = 0x000056117d0bdbbd rsi = 0x00007ffde4ea7560 rbp = 0x00007ffde4ea74f0 rsp = 0x00007ffde4ea74b8 Step #5: r8 = 0x000000000000c8cb r9 = 0x000000000000c8cb r10 = 0xfffffffffffff04a r11 = 0x00007fac61c136d0 Step #5: r12 = 0x0000000000000000 r13 = 0x0000000000005611 r14 = 0x0000000000000018 r15 = 0x000056117d1642b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1940==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-0468f0e84b9096664752dbe4fee8f79fe87d9d24 Step #5: MERGE-OUTER: attempt 214 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2014562391 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/0468f0e84b9096664752dbe4fee8f79fe87d9d24' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 833 processed earlier; will process 223 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1944==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe047f8ff8 (pc 0x56151c896b64 bp 0x7ffe04ff6620 sp 0x7ffe047f9000 T1944) Step #5: #0 0x56151c896b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x56151c89a0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x56151c89a0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x56151c83719d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x56151c840008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x56151c826ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x56151c8529f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f283f845082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x56151c81a59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1944==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-b4a871f254e8f6ff6b06c71e1e97a5c2a0aa724e Step #5: MERGE-OUTER: attempt 215 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2014621691 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/b4a871f254e8f6ff6b06c71e1e97a5c2a0aa724e' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 837 processed earlier; will process 219 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1948==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffeafeb7ff8 (pc 0x558ad5ca9b64 bp 0x7ffeb06b62f0 sp 0x7ffeafeb8000 T1948) Step #5: #0 0x558ad5ca9b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x558ad5cad0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x558ad5cad0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x558ad5c4a19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x558ad5c53008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x558ad5c39ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x558ad5c659f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fb24f338082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x558ad5c2d59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1948==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-b8a20f3c1c2e52d4d3260674c9cc7fe126d6555f Step #5: MERGE-OUTER: attempt 216 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2014679705 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/b8a20f3c1c2e52d4d3260674c9cc7fe126d6555f' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 838 processed earlier; will process 218 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./timeout-486d5aa2330c5c611ec4c6e55b79300276ae5e60 Step #5: ==1952== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x559dda1c7034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x559dda184178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x559dda167a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7fcb6720d08f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x559dda1d15df in __stop___lcxx_override (out/libfuzzer-coverage-x86_64/net+0xb85df) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 217 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2116717163 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/486d5aa2330c5c611ec4c6e55b79300276ae5e60' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 840 processed earlier; will process 216 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1956==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55969c2cdb42 (pc 0x7f8f3a86998c bp 0x7ffdc842d8c0 sp 0x7ffdc842d888 T1956) Step #5: ==1956==The signal is caused by a WRITE memory access. Step #5: #0 0x7f8f3a86998c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55969c3635cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55969c3635cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55969c364820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55969c364820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55969c364820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55969c364820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55969c3676d0 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x55969c3676d0 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x55969c3670a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55969c30419d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55969c30d008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55969c2f3ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55969c31f9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f8f3a702082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55969c2e759d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1956==Register values: Step #5: rax = 0x000055969c2cdb42 rbx = 0x000055969c3742b0 rcx = 0x000000009c2c7335 rdx = 0x0000000000000018 Step #5: rdi = 0x000055969c2cdb42 rsi = 0x00007ffdc842d930 rbp = 0x00007ffdc842d8c0 rsp = 0x00007ffdc842d888 Step #5: r8 = 0x000000000000c8cb r9 = 0x000000000000c8cb r10 = 0xfffffffffffff04a r11 = 0x00007f8f3a7786d0 Step #5: r12 = 0x000000000000006e r13 = 0x0000000000005596 r14 = 0x0000000000000018 r15 = 0x000055969c3742b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1956==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-5e0ca1cfd5856ad6ce761e999aed8a9a34b434d7 Step #5: MERGE-OUTER: attempt 218 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2116766131 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/5e0ca1cfd5856ad6ce761e999aed8a9a34b434d7' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 841 processed earlier; will process 215 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1960==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fff85384ff8 (pc 0x5652d3185b64 bp 0x7fff85b830d0 sp 0x7fff85385000 T1960) Step #5: #0 0x5652d3185b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x5652d31890b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x5652d31890b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x5652d312619d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x5652d312f008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x5652d3115ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x5652d31419f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fc6234d6082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x5652d310959d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1960==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-6637ffec2e0021b792b859f63786d73e8f4ac365 Step #5: MERGE-OUTER: attempt 219 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2116824544 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/6637ffec2e0021b792b859f63786d73e8f4ac365' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 844 processed earlier; will process 212 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1964==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe63962c50 (pc 0x7ffe63962c50 bp 0x7ffe63962c20 sp 0x7ffe63962bc8 T1964) Step #5: #0 0x7ffe63962c50 () Step #5: #1 0x56053ab4d0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x56053ab4d0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x56053aaea19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x56053aaf3008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x56053aad9ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x56053ab059f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f7e18cd1082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==1964==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-ec272d962cbf86a20d34bb46a9d0870d10facc27 Step #5: MERGE-OUTER: attempt 220 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2116872224 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/ec272d962cbf86a20d34bb46a9d0870d10facc27' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 848 processed earlier; will process 208 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1968==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fffa5e07ff8 (pc 0x564413e3ab64 bp 0x7fffa6606920 sp 0x7fffa5e08000 T1968) Step #5: #0 0x564413e3ab64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x564413e3e0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x564413e3e0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x564413ddb19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x564413de4008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x564413dcace9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x564413df69f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f711c607082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x564413dbe59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1968==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-7bb1a00f09089a2563b7a5b937a656945d1df1cd Step #5: MERGE-OUTER: attempt 221 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2116929932 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/7bb1a00f09089a2563b7a5b937a656945d1df1cd' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 851 processed earlier; will process 205 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1972==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55a09b06db4c (pc 0x7fce81b0398c bp 0x7ffd71fc5b40 sp 0x7ffd71fc5b08 T1972) Step #5: ==1972==The signal is caused by a WRITE memory access. Step #5: #0 0x7fce81b0398c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55a09b1035cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55a09b1035cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55a09b104820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55a09b104820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55a09b104820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55a09b104820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55a09b1076d0 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x55a09b1076d0 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x55a09b1070a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55a09b0a419d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55a09b0ad008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55a09b093ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55a09b0bf9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fce8199c082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55a09b08759d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1972==Register values: Step #5: rax = 0x000055a09b06db4c rbx = 0x000055a09b1142b0 rcx = 0x000000009b06732b rdx = 0x0000000000000018 Step #5: rdi = 0x000055a09b06db4c rsi = 0x00007ffd71fc5bb0 rbp = 0x00007ffd71fc5b40 rsp = 0x00007ffd71fc5b08 Step #5: r8 = 0x000000000000c8cb r9 = 0x000000000000c8cb r10 = 0x000055a09cf03010 r11 = 0x00007fce81b64be0 Step #5: r12 = 0x000000000000001f r13 = 0x00000000000055a0 r14 = 0x0000000000000018 r15 = 0x000055a09b1142b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1972==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-0635fa325ab0197211a38aee07c073c8d8b57610 Step #5: MERGE-OUTER: attempt 222 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2116978736 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/0635fa325ab0197211a38aee07c073c8d8b57610' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 853 processed earlier; will process 203 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1976==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fff89325ff8 (pc 0x55d793a24b64 bp 0x7fff89b24280 sp 0x7fff89326000 T1976) Step #5: #0 0x55d793a24b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55d793a280b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55d793a280b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55d7939c519d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55d7939ce008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55d7939b4ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55d7939e09f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f7293e7c082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55d7939a859d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==1976==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-ef6f94e91f4bcc4bea4d1332397f878285def288 Step #5: MERGE-OUTER: attempt 223 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2117037422 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/ef6f94e91f4bcc4bea4d1332397f878285def288' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 858 processed earlier; will process 198 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./timeout-b889126cbc99fe42ee56389bbe4679d96a5e9c7b Step #5: ==1980== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x5580a6096034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x5580a6053178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x5580a6036a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7f279d10b08f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x5580a60a05df in __stop___lcxx_override (out/libfuzzer-coverage-x86_64/net+0xb85df) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 224 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2219074133 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/b889126cbc99fe42ee56389bbe4679d96a5e9c7b' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 869 processed earlier; will process 187 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1984==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55c39c250b6f (pc 0x7f3b6de8798c bp 0x7ffc501182b0 sp 0x7ffc50118278 T1984) Step #5: ==1984==The signal is caused by a WRITE memory access. Step #5: #0 0x7f3b6de8798c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55c39c2e65cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55c39c2e65cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55c39c2e7820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55c39c2e7820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55c39c2e7820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55c39c2e7820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55c39c2ea53d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55c39c2ea53d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55c39c2ea0a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55c39c28719d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55c39c290008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55c39c276ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55c39c2a29f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f3b6dd20082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55c39c26a59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1984==Register values: Step #5: rax = 0x000055c39c250b6f rbx = 0x000055c39c2f72b0 rcx = 0x000000009c24a308 rdx = 0x0000000000000018 Step #5: rdi = 0x000055c39c250b6f rsi = 0x00007ffc50118320 rbp = 0x00007ffc501182b0 rsp = 0x00007ffc50118278 Step #5: r8 = 0x000000000000f8cb r9 = 0x000055c39c8522d0 r10 = 0x000055c39c8522d0 r11 = 0x0000000000000101 Step #5: r12 = 0x000055c39e0845d0 r13 = 0x00000000000055c3 r14 = 0x0000000000000018 r15 = 0x000055c39c2f72b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1984==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-92364fe5072666a305dc8689fecf484bb42a6bd6 Step #5: MERGE-OUTER: attempt 225 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2219124793 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/92364fe5072666a305dc8689fecf484bb42a6bd6' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 873 processed earlier; will process 183 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1988==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55f4165905b0 (pc 0x55f4165905b0 bp 0x7ffcf8e83490 sp 0x7ffcf8e83448 T1988) Step #5: ==1988==The signal is caused by a READ memory access. Step #5: ==1988==Hint: PC is at a non-executable region. Maybe a wild jump? Step #5: #0 0x55f4165905b0 () Step #5: Step #5: ==1988==Register values: Step #5: rax = 0x000055f415257901 rbx = 0x0000000000000001 rcx = 0x0000000000000018 rdx = 0x0000000000000180 Step #5: rdi = 0x0000000000000001 rsi = 0x0000000000000018 rbp = 0x00007ffcf8e83490 rsp = 0x00007ffcf8e83448 Step #5: r8 = 0x0000000000000000 r9 = 0x0000000000000180 r10 = 0x000055f4157c3490 r11 = 0x000055f41659183a Step #5: r12 = 0x00007ffcf8e8085f r13 = 0x000055f41525797c r14 = 0x0000000000000001 r15 = 0x000055f416567e90 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV () Step #5: ==1988==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-87b8ab804cd894a38407b4c70cbe5dfbe253200a Step #5: MERGE-OUTER: attempt 226 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2219141186 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/87b8ab804cd894a38407b4c70cbe5dfbe253200a' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 874 processed earlier; will process 182 files now Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./timeout-496ea81f62cae1dd64dde344f5910e162fd5e638 Step #5: ==1991== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x55918e276034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x55918e233178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x55918e216a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7f829203008f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x55918e27730b in idx2ptr /src/tinyusb/src/common/tusb_fifo.c:438:3 Step #5: #5 0x55918e27730b in tu_fifo_peek_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:481:27 Step #5: #6 0x55918e27739d in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:509:15 Step #5: #7 0x55918e277a49 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #8 0x55918e277a49 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #9 0x55918e277a49 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #10 0x55918e27b0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #11 0x55918e27b0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #12 0x55918e21819d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #13 0x55918e221008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #14 0x55918e207ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #15 0x55918e2339f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #16 0x7f8292011082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #17 0x55918e1fb59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 227 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2321189378 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/496ea81f62cae1dd64dde344f5910e162fd5e638' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 875 processed earlier; will process 181 files now Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./timeout-907f821b33ef8143cf9c523e34f395db75b580b6 Step #5: ==1995== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x55d5cf527034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x55d5cf4e4178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x55d5cf4c7a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7f2ec482008f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x55d5cf528a65 in tud_task_ext /src/tinyusb/src/device/usbd.c:683:19 Step #5: #5 0x55d5cf52c0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #6 0x55d5cf52c0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #7 0x55d5cf4c919d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #8 0x55d5cf4d2008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #9 0x55d5cf4b8ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #10 0x55d5cf4e49f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #11 0x7f2ec4801082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #12 0x55d5cf4ac59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 228 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2423237412 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/907f821b33ef8143cf9c523e34f395db75b580b6' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 876 processed earlier; will process 180 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==1999==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55c3f427ab6f (pc 0x7f008ce5698c bp 0x7ffde1658980 sp 0x7ffde1658948 T1999) Step #5: ==1999==The signal is caused by a WRITE memory access. Step #5: #0 0x7f008ce5698c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55c3f43105cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55c3f43105cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55c3f4311820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55c3f4311820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55c3f4311820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55c3f4311820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55c3f431453d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55c3f431453d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55c3f43140a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55c3f42b119d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55c3f42ba008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55c3f42a0ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55c3f42cc9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f008ccef082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55c3f429459d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==1999==Register values: Step #5: rax = 0x000055c3f427ab6f rbx = 0x000055c3f43212b0 rcx = 0x00000000f4274308 rdx = 0x0000000000000018 Step #5: rdi = 0x000055c3f427ab6f rsi = 0x00007ffde16589f0 rbp = 0x00007ffde1658980 rsp = 0x00007ffde1658948 Step #5: r8 = 0x00000000000098cb r9 = 0x00000000000098cb r10 = 0x000055c3f487c490 r11 = 0x000055c3f63a5a16 Step #5: r12 = 0x0000000000000000 r13 = 0x00000000000055c3 r14 = 0x0000000000000018 r15 = 0x000055c3f43212b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==1999==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-28c9d4f3d1f35a45353bed8142f838c0936c6864 Step #5: MERGE-OUTER: attempt 229 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2423286601 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/28c9d4f3d1f35a45353bed8142f838c0936c6864' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 877 processed earlier; will process 179 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2003==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5590d2326b3c (pc 0x7ff343b0e98c bp 0x7ffdf2a32620 sp 0x7ffdf2a325e8 T2003) Step #5: ==2003==The signal is caused by a WRITE memory access. Step #5: #0 0x7ff343b0e98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x5590d23bc5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x5590d23bc5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x5590d23bd820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x5590d23bd820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x5590d23bd820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x5590d23bd820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x5590d23c053d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x5590d23c053d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x5590d23c00a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x5590d235d19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x5590d2366008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x5590d234cce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5590d23789f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7ff3439a7082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x5590d234059d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==2003==Register values: Step #5: rax = 0x00005590d2326b3c rbx = 0x00005590d23cd2b0 rcx = 0x00000000d232033b rdx = 0x0000000000000018 Step #5: rdi = 0x00005590d2326b3c rsi = 0x00007ffdf2a32690 rbp = 0x00007ffdf2a32620 rsp = 0x00007ffdf2a325e8 Step #5: r8 = 0x00000000000058cb r9 = 0x00000000000058cb r10 = 0x00005590d29282d0 r11 = 0x00005590d4536e90 Step #5: r12 = 0x0000000000000000 r13 = 0x0000000000005590 r14 = 0x0000000000000018 r15 = 0x00005590d23cd2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==2003==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-6d71e0e48d66af0de269454c0af33f1d593a3921 Step #5: MERGE-OUTER: attempt 230 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2423336572 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/6d71e0e48d66af0de269454c0af33f1d593a3921' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 879 processed earlier; will process 177 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2007==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55d2c52dab7e (pc 0x7f78da45c98c bp 0x7ffff00406c0 sp 0x7ffff0040688 T2007) Step #5: ==2007==The signal is caused by a WRITE memory access. Step #5: #0 0x7f78da45c98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55d2c53705cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55d2c53705cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55d2c5371820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55d2c5371820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55d2c5371820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55d2c5371820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55d2c53746d0 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x55d2c53746d0 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x55d2c53740a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55d2c531119d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55d2c531a008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55d2c5300ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55d2c532c9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f78da2f5082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55d2c52f459d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==2007==Register values: Step #5: rax = 0x000055d2c52dab7e rbx = 0x000055d2c53812b0 rcx = 0x00000000c52d42f9 rdx = 0x0000000000000018 Step #5: rdi = 0x000055d2c52dab7e rsi = 0x00007ffff0040730 rbp = 0x00007ffff00406c0 rsp = 0x00007ffff0040688 Step #5: r8 = 0x00000000000098cb r9 = 0x00000000000098cb r10 = 0x000055d2c58dc2d0 r11 = 0x00007f78da36b6d0 Step #5: r12 = 0x0000000000000093 r13 = 0x00000000000055d2 r14 = 0x0000000000000018 r15 = 0x000055d2c53812b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==2007==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-17e9533c65af95c3513bd742eb05f94c23c4efe2 Step #5: MERGE-OUTER: attempt 231 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2423386081 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/17e9533c65af95c3513bd742eb05f94c23c4efe2' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 880 processed earlier; will process 176 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2011==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x556c7229ab18 (pc 0x7f0eb671698c bp 0x7fff71f6b940 sp 0x7fff71f6b908 T2011) Step #5: ==2011==The signal is caused by a WRITE memory access. Step #5: #0 0x7f0eb671698c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x556c723305cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x556c723305cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x556c72331820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x556c72331820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x556c72331820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x556c72331820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x556c7233453d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x556c7233453d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x556c723340a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x556c722d119d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x556c722da008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x556c722c0ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x556c722ec9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f0eb65af082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x556c722b459d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==2011==Register values: Step #5: rax = 0x0000556c7229ab18 rbx = 0x0000556c723412b0 rcx = 0x000000007229435f rdx = 0x0000000000000018 Step #5: rdi = 0x0000556c7229ab18 rsi = 0x00007fff71f6b9b0 rbp = 0x00007fff71f6b940 rsp = 0x00007fff71f6b908 Step #5: r8 = 0x00000000000098cb r9 = 0x0000000000000180 r10 = 0x0000556c7289c2d0 r11 = 0x0000000000000105 Step #5: r12 = 0x0000556c738385d0 r13 = 0x000000000000556c r14 = 0x0000000000000018 r15 = 0x0000556c723412b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==2011==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-772fde8c32eddac41bccde027a9ce68f42e6de04 Step #5: MERGE-OUTER: attempt 232 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2423435335 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/772fde8c32eddac41bccde027a9ce68f42e6de04' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 882 processed earlier; will process 174 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2015==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffd47614ff8 (pc 0x55e103474b64 bp 0x7ffd47e12b20 sp 0x7ffd47615000 T2015) Step #5: #0 0x55e103474b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55e1034780b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55e1034780b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55e10341519d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55e10341e008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55e103404ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55e1034309f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fb15ca6c082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55e1033f859d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==2015==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-8dda20b290ddedb4cac75edd07d046493b032554 Step #5: MERGE-OUTER: attempt 233 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2423493739 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/8dda20b290ddedb4cac75edd07d046493b032554' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 883 processed earlier; will process 173 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2019==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5610989212f1 (pc 0x7f99048c898c bp 0x7ffd3800af80 sp 0x7ffd3800af48 T2019) Step #5: ==2019==The signal is caused by a WRITE memory access. Step #5: #0 0x7f99048c898c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x5610989ba5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x5610989ba5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x5610989bb820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x5610989bb820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x5610989bb820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x5610989bb820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x5610989be53d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x5610989be53d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x5610989be0a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x56109895b19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x561098964008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x56109894ace9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5610989769f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f9904761082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x56109893e59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==2019==Register values: Step #5: rax = 0x00005610989212f1 rbx = 0x00005610989cb2b0 rcx = 0x0000000098921b86 rdx = 0x0000000000000018 Step #5: rdi = 0x00005610989212f1 rsi = 0x00007ffd3800aff0 rbp = 0x00007ffd3800af80 rsp = 0x00007ffd3800af48 Step #5: r8 = 0x00000000000038cb r9 = 0x00000000000038cb r10 = 0x0000561098f262d0 r11 = 0x000056109a6ebe90 Step #5: r12 = 0x0000000000000000 r13 = 0x0000000000005610 r14 = 0x0000000000000018 r15 = 0x00005610989cb2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==2019==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-601e24a9ede12194cf3765c0c0dd8185d881ed8e Step #5: MERGE-OUTER: attempt 234 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2423544360 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/601e24a9ede12194cf3765c0c0dd8185d881ed8e' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 887 processed earlier; will process 169 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2023==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x560b24de12ec (pc 0x7f3289cc798c bp 0x7ffe26399350 sp 0x7ffe26399318 T2023) Step #5: ==2023==The signal is caused by a WRITE memory access. Step #5: #0 0x7f3289cc798c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x560b24e7b5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x560b24e7b5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x560b24e7c820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x560b24e7c820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x560b24e7c820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x560b24e7c820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x560b24e7f53d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x560b24e7f53d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x560b24e7f0a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x560b24e1c19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x560b24e25008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x560b24e0bce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x560b24e379f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f3289b60082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x560b24dff59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==2023==Register values: Step #5: rax = 0x0000560b24de12ec rbx = 0x0000560b24e8c2b0 rcx = 0x0000000024de3b8b rdx = 0x0000000000000018 Step #5: rdi = 0x0000560b24de12ec rsi = 0x00007ffe263993c0 rbp = 0x00007ffe26399350 rsp = 0x00007ffe26399318 Step #5: r8 = 0x00000000000048cb r9 = 0x00000000000048cb r10 = 0x0000560b253e72d0 r11 = 0x0000560b27247dc3 Step #5: r12 = 0x0000560b272494a0 r13 = 0x000000000000560b r14 = 0x0000000000000018 r15 = 0x0000560b24e8c2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==2023==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-29fdb7c5974614cc20dacdbe7f2a8973931a8e60 Step #5: MERGE-OUTER: attempt 235 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2423594481 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/29fdb7c5974614cc20dacdbe7f2a8973931a8e60' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 898 processed earlier; will process 158 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2027==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55b40cfccb60 (pc 0x7f54c32e298c bp 0x7ffe1637c000 sp 0x7ffe1637bfc8 T2027) Step #5: ==2027==The signal is caused by a WRITE memory access. Step #5: #0 0x7f54c32e298c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55b40d0625cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55b40d0625cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55b40d063820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55b40d063820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55b40d063820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55b40d063820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55b40d06653d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55b40d06653d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55b40d0660a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55b40d00319d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55b40d00c008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55b40cff2ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55b40d01e9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f54c317b082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55b40cfe659d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==2027==Register values: Step #5: rax = 0x000055b40cfccb60 rbx = 0x000055b40d0732b0 rcx = 0x000000000cfc6317 rdx = 0x0000000000000018 Step #5: rdi = 0x000055b40cfccb60 rsi = 0x00007ffe1637c070 rbp = 0x00007ffe1637c000 rsp = 0x00007ffe1637bfc8 Step #5: r8 = 0x000000000000b8cb r9 = 0x000000000000b8cb r10 = 0x000055b40debc010 r11 = 0x00007f54c3343be0 Step #5: r12 = 0x0000000000000000 r13 = 0x00000000000055b4 r14 = 0x0000000000000018 r15 = 0x000055b40d0732b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==2027==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-0a9d235f95f814c34a58b7d9db5e22f2354286cd Step #5: MERGE-OUTER: attempt 236 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2423643669 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/0a9d235f95f814c34a58b7d9db5e22f2354286cd' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 903 processed earlier; will process 153 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2031==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55a9f5a36b55 (pc 0x7fe1fc1b798c bp 0x7ffdd5cf8210 sp 0x7ffdd5cf81d8 T2031) Step #5: ==2031==The signal is caused by a WRITE memory access. Step #5: #0 0x7fe1fc1b798c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55a9f5acc5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55a9f5acc5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55a9f5acd820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55a9f5acd820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55a9f5acd820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55a9f5acd820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55a9f5ad053d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55a9f5ad053d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55a9f5ad00a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55a9f5a6d19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55a9f5a76008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55a9f5a5cce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55a9f5a889f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fe1fc050082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55a9f5a5059d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==2031==Register values: Step #5: rax = 0x000055a9f5a36b55 rbx = 0x000055a9f5add2b0 rcx = 0x00000000f5a30322 rdx = 0x0000000000000018 Step #5: rdi = 0x000055a9f5a36b55 rsi = 0x00007ffdd5cf8280 rbp = 0x00007ffdd5cf8210 rsp = 0x00007ffdd5cf81d8 Step #5: r8 = 0x00000000000058cb r9 = 0x00000000000058cb r10 = 0x000055a9f6092010 r11 = 0x000055a9f60a4eb0 Step #5: r12 = 0x0000000000000000 r13 = 0x00000000000055a9 r14 = 0x0000000000000018 r15 = 0x000055a9f5add2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==2031==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-6c0fb48469badc72efec6253fc34b5eae62d1f5e Step #5: MERGE-OUTER: attempt 237 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2423699997 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/6c0fb48469badc72efec6253fc34b5eae62d1f5e' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 906 processed earlier; will process 150 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2035==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55a0df460b4c (pc 0x7fe8622ae98c bp 0x7ffd48e63080 sp 0x7ffd48e63048 T2035) Step #5: ==2035==The signal is caused by a WRITE memory access. Step #5: #0 0x7fe8622ae98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55a0df4f65cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55a0df4f65cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55a0df4f7820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55a0df4f7820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55a0df4f7820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55a0df4f7820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55a0df4fa53d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55a0df4fa53d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55a0df4fa0a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55a0df49719d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55a0df4a0008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55a0df486ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55a0df4b29f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fe862147082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55a0df47a59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==2035==Register values: Step #5: rax = 0x000055a0df460b4c rbx = 0x000055a0df5072b0 rcx = 0x00000000df45a32b rdx = 0x0000000000000018 Step #5: rdi = 0x000055a0df460b4c rsi = 0x00007ffd48e630f0 rbp = 0x00007ffd48e63080 rsp = 0x00007ffd48e63048 Step #5: r8 = 0x000000000000f8cb r9 = 0x000000000000f8cb r10 = 0x000055a0dfa622d0 r11 = 0x00007fe86230fbe0 Step #5: r12 = 0x000055a0e09625d0 r13 = 0x00000000000055a0 r14 = 0x0000000000000018 r15 = 0x000055a0df5072b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==2035==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-e9aadb3a942cd410e1156653d837fc20ab7a8491 Step #5: MERGE-OUTER: attempt 238 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2423749035 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/e9aadb3a942cd410e1156653d837fc20ab7a8491' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 908 processed earlier; will process 148 files now Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./timeout-6d44dc85f969ebac9797dab7d05521b48ad96e95 Step #5: ==2039== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x55832f628034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x55832f5e5178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x55832f5c8a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7ff49b64408f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x55832f629a3c in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h Step #5: #5 0x55832f629a3c in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #6 0x55832f629a3c in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #7 0x55832f62d0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #8 0x55832f62d0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #9 0x55832f5ca19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #10 0x55832f5d3008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #11 0x55832f5b9ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #12 0x55832f5e59f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #13 0x7ff49b625082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #14 0x55832f5ad59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 239 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2525796822 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/6d44dc85f969ebac9797dab7d05521b48ad96e95' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 909 processed earlier; will process 147 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2043==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffd9dd31ff8 (pc 0x560ea7161b64 bp 0x7ffd9e5302b0 sp 0x7ffd9dd32000 T2043) Step #5: #0 0x560ea7161b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x560ea71650b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x560ea71650b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x560ea710219d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x560ea710b008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x560ea70f1ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x560ea711d9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f39141c8082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x560ea70e559d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==2043==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-c04582355ca23381f7377e2d2dc4429856884ab1 Step #5: MERGE-OUTER: attempt 240 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2525855327 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/c04582355ca23381f7377e2d2dc4429856884ab1' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 910 processed earlier; will process 146 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2047==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55cfe05eab7b (pc 0x7fcab3ebf98c bp 0x7ffc4e405170 sp 0x7ffc4e405138 T2047) Step #5: ==2047==The signal is caused by a WRITE memory access. Step #5: #0 0x7fcab3ebf98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55cfe06805cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55cfe06805cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55cfe0681820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55cfe0681820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55cfe0681820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55cfe0681820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55cfe068453d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55cfe068453d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55cfe06840a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55cfe062119d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55cfe062a008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55cfe0610ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55cfe063c9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fcab3d58082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55cfe060459d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==2047==Register values: Step #5: rax = 0x000055cfe05eab7b rbx = 0x000055cfe06912b0 rcx = 0x00000000e05e42fc rdx = 0x0000000000000018 Step #5: rdi = 0x000055cfe05eab7b rsi = 0x00007ffc4e4051e0 rbp = 0x00007ffc4e405170 rsp = 0x00007ffc4e405138 Step #5: r8 = 0x00000000000098cb r9 = 0x00000000000098cb r10 = 0xfffffffffffff04a r11 = 0x00007fcab3dce6d0 Step #5: r12 = 0x0000000000000000 r13 = 0x00000000000055cf r14 = 0x0000000000000018 r15 = 0x000055cfe06912b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==2047==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-dcce4ebbac95c45a3b5509205da4a4aaa3418c9e Step #5: MERGE-OUTER: attempt 241 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2525904549 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/dcce4ebbac95c45a3b5509205da4a4aaa3418c9e' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 911 processed earlier; will process 145 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2051==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffc0d4d7ff8 (pc 0x55c76ac0bb64 bp 0x7ffc0dcd5880 sp 0x7ffc0d4d8000 T2051) Step #5: #0 0x55c76ac0bb64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55c76ac0f0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55c76ac0f0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55c76abac19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55c76abb5008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55c76ab9bce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55c76abc79f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7ff1232c7082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55c76ab8f59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==2051==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-9379510da706c3efb79392f359470f78cca1055c Step #5: MERGE-OUTER: attempt 242 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2525964507 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/9379510da706c3efb79392f359470f78cca1055c' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 924 processed earlier; will process 132 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2055==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffec4532770 (pc 0x7ffec4532770 bp 0x7ffec4532740 sp 0x7ffec45326e8 T2055) Step #5: #0 0x7ffec4532770 () Step #5: #1 0x560e4e9050b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x560e4e9050b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x560e4e8a219d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x560e4e8ab008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x560e4e891ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x560e4e8bd9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f18539fd082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==2055==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-b426f7fb4a36355c7e7295a2db6eddd06296e327 Step #5: MERGE-OUTER: attempt 243 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2526013126 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/b426f7fb4a36355c7e7295a2db6eddd06296e327' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 931 processed earlier; will process 125 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2059==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x557d3cb415b0 (pc 0x557d3cb415b0 bp 0x7ffdaa4cbee0 sp 0x7ffdaa4cbe98 T2059) Step #5: ==2059==The signal is caused by a READ memory access. Step #5: ==2059==Hint: PC is at a non-executable region. Maybe a wild jump? Step #5: #0 0x557d3cb415b0 () Step #5: Step #5: ==2059==Register values: Step #5: rax = 0x0000557d3bab7901 rbx = 0x0000000000000001 rcx = 0x0000000000000018 rdx = 0x0000000000000180 Step #5: rdi = 0x0000000000000001 rsi = 0x0000000000000018 rbp = 0x00007ffdaa4cbee0 rsp = 0x00007ffdaa4cbe98 Step #5: r8 = 0x0000000000000000 r9 = 0x0000000000000180 r10 = 0xfffffffffffff04a r11 = 0x00007f8c4a7fc6d0 Step #5: r12 = 0x00007ffdaa4c0881 r13 = 0x0000557d3bab797c r14 = 0x0000000000000001 r15 = 0x0000557d3cb18e98 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV () Step #5: ==2059==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-066bf05dc5307cb32478c263f611f2d80c4955ea Step #5: MERGE-OUTER: attempt 244 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2526029294 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/066bf05dc5307cb32478c263f611f2d80c4955ea' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 932 processed earlier; will process 124 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2062==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5566953305b0 (pc 0x5566953305b0 bp 0x7ffc39403d30 sp 0x7ffc39403ce8 T2062) Step #5: ==2062==The signal is caused by a READ memory access. Step #5: ==2062==Hint: PC is at a non-executable region. Maybe a wild jump? Step #5: #0 0x5566953305b0 () Step #5: Step #5: ==2062==Register values: Step #5: rax = 0x0000556694147901 rbx = 0x0000000000000001 rcx = 0x0000000000000018 rdx = 0x0000000000000180 Step #5: rdi = 0x0000000000000001 rsi = 0x0000000000000018 rbp = 0x00007ffc39403d30 rsp = 0x00007ffc39403ce8 Step #5: r8 = 0x0000000000000000 r9 = 0x0000000000000180 r10 = 0xfffffffffffff04a r11 = 0x00007facfdd0b6d0 Step #5: r12 = 0x00007ffc394008ff r13 = 0x000055669414797c r14 = 0x0000000000000001 r15 = 0x0000556695307e98 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV () Step #5: ==2062==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-269491d1434e7cf693fd689e99b6b79606a48f95 Step #5: MERGE-OUTER: attempt 245 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2526045188 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/269491d1434e7cf693fd689e99b6b79606a48f95' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 933 processed earlier; will process 123 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2065==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5617e9cb6bc3 (pc 0x7f67d150b98c bp 0x7ffffe083b30 sp 0x7ffffe083af8 T2065) Step #5: ==2065==The signal is caused by a WRITE memory access. Step #5: #0 0x7f67d150b98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x5617e9d4c5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x5617e9d4c5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x5617e9d4d820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x5617e9d4d820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x5617e9d4d820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x5617e9d4d820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x5617e9d5053d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x5617e9d5053d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x5617e9d500a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x5617e9ced19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x5617e9cf6008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x5617e9cdcce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5617e9d089f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f67d13a4082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x5617e9cd059d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==2065==Register values: Step #5: rax = 0x00005617e9cb6bc3 rbx = 0x00005617e9d5d2b0 rcx = 0x00000000e9cb02b4 rdx = 0x0000000000000018 Step #5: rdi = 0x00005617e9cb6bc3 rsi = 0x00007ffffe083ba0 rbp = 0x00007ffffe083b30 rsp = 0x00007ffffe083af8 Step #5: r8 = 0x00000000000058cb r9 = 0x00000000000058cb r10 = 0x00005617ea2b82d0 r11 = 0x00007f67d156cbe0 Step #5: r12 = 0x0000000000000000 r13 = 0x0000000000005617 r14 = 0x0000000000000018 r15 = 0x00005617e9d5d2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==2065==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-886de572ec818a312c6c073a4fff0bfe5fe52842 Step #5: MERGE-OUTER: attempt 246 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2526094212 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/regressions/886de572ec818a312c6c073a4fff0bfe5fe52842' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 937 processed earlier; will process 119 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2069==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffce2ec9db0 (pc 0x7ffce2ec9db0 bp 0x7ffce2ec9d80 sp 0x7ffce2ec9d28 T2069) Step #5: #0 0x7ffce2ec9db0 () Step #5: #1 0x560900eab0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x560900eab0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x560900e4819d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x560900e51008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x560900e37ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x560900e639f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f3fe526f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: Step #5: DEDUP_TOKEN: tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow () Step #5: ==2069==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-cb5f569dfac7acd9af4f18205eec1c18f8b3dfa6 Step #5: MERGE-OUTER: attempt 247 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2526141897 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/cb5f569dfac7acd9af4f18205eec1c18f8b3dfa6' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 939 processed earlier; will process 117 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2073==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55d1435115b0 (pc 0x55d1435115b0 bp 0x7ffebfe73830 sp 0x7ffebfe737e8 T2073) Step #5: ==2073==The signal is caused by a READ memory access. Step #5: ==2073==Hint: PC is at a non-executable region. Maybe a wild jump? Step #5: #0 0x55d1435115b0 () Step #5: #1 0x00000000156b () Step #5: Step #5: ==2073==Register values: Step #5: rax = 0x000055d14213b901 rbx = 0x0000000000000001 rcx = 0x0000000000000018 rdx = 0x0000000000000180 Step #5: rdi = 0x0000000000000001 rsi = 0x0000000000000018 rbp = 0x00007ffebfe73830 rsp = 0x00007ffebfe737e8 Step #5: r8 = 0x0000000000000000 r9 = 0x0000000000000180 r10 = 0xfffffffffffff04a r11 = 0x00007feaf441e6d0 Step #5: r12 = 0x00007ffebfe70817 r13 = 0x000055d14213b97c r14 = 0x0000000000000001 r15 = 0x000055d1434e8e98 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV () Step #5: ==2073==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-6e22d522b8d1e678c35d72dcada43e01c5fc8cac Step #5: MERGE-OUTER: attempt 248 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2526159177 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/6e22d522b8d1e678c35d72dcada43e01c5fc8cac' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 940 processed earlier; will process 116 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./timeout-05d3513d3aeec48194b70649829d355af35f1163 Step #5: ==2076== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x557a82678034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x557a82635178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x557a82618a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7f52b23e608f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x557a8267d76a in dcd_int_disable /src/tinyusb/test/fuzz/dcd_fuzz.cc Step #5: #5 0x557a82679a2a in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:186:3 Step #5: #6 0x557a82679a2a in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #7 0x557a8267d0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #8 0x557a8267d0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #9 0x557a8261a19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #10 0x557a82623008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #11 0x557a82609ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #12 0x557a826359f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #13 0x7f52b23c7082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #14 0x557a825fd59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 249 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2628208300 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/05d3513d3aeec48194b70649829d355af35f1163' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 942 processed earlier; will process 114 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: #16 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2080==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffda9909ff8 (pc 0x5602d424cb64 bp 0x7ffdaa108220 sp 0x7ffda990a000 T2080) Step #5: #0 0x5602d424cb64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x5602d42500b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x5602d42500b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x5602d41ed19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x5602d41f6008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x5602d41dcce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x5602d42089f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fbf7c029082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x5602d41d059d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==2080==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-c9b5ecf33f1a550f5454724aa97282d3f82eaecc Step #5: MERGE-OUTER: attempt 250 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2628269292 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/c9b5ecf33f1a550f5454724aa97282d3f82eaecc' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 960 processed earlier; will process 96 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2084==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5573af126b1f (pc 0x7f62f1edf98c bp 0x7ffef751a6e0 sp 0x7ffef751a6a8 T2084) Step #5: ==2084==The signal is caused by a WRITE memory access. Step #5: #0 0x7f62f1edf98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x5573af1bc5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x5573af1bc5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x5573af1bd820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x5573af1bd820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x5573af1bd820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x5573af1bd820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x5573af1c053d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x5573af1c053d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x5573af1c00a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x5573af15d19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x5573af166008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x5573af14cce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5573af1789f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f62f1d78082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x5573af14059d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==2084==Register values: Step #5: rax = 0x00005573af126b1f rbx = 0x00005573af1cd2b0 rcx = 0x00000000af120358 rdx = 0x0000000000000018 Step #5: rdi = 0x00005573af126b1f rsi = 0x00007ffef751a750 rbp = 0x00007ffef751a6e0 rsp = 0x00007ffef751a6a8 Step #5: r8 = 0x00000000000058cb r9 = 0x00000000000058cb r10 = 0x0000000000000008 r11 = 0x00007f62f1f40be0 Step #5: r12 = 0x0000000000000000 r13 = 0x0000000000005573 r14 = 0x0000000000000018 r15 = 0x00005573af1cd2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==2084==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-70d4605f9b1e342bd720f308b56bc4b534921e3e Step #5: MERGE-OUTER: attempt 251 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2628318849 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/70d4605f9b1e342bd720f308b56bc4b534921e3e' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 962 processed earlier; will process 94 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2088==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffcccfcbff8 (pc 0x55c7ad7aeb64 bp 0x7ffccd7ca890 sp 0x7ffcccfcc000 T2088) Step #5: #0 0x55c7ad7aeb64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55c7ad7b20b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55c7ad7b20b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55c7ad74f19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55c7ad758008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55c7ad73ece9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55c7ad76a9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f099c8e0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55c7ad73259d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==2088==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-31841b3c2941f563ea95efbe4281f494385bad75 Step #5: MERGE-OUTER: attempt 252 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2628377986 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/31841b3c2941f563ea95efbe4281f494385bad75' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 970 processed earlier; will process 86 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2092==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fffa56c4ff8 (pc 0x55f469c05b64 bp 0x7fffa5ec1e00 sp 0x7fffa56c5000 T2092) Step #5: #0 0x55f469c05b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55f469c090b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55f469c090b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55f469ba619d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55f469baf008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55f469b95ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55f469bc19f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f333ce78082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55f469b8959d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==2092==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-fde4a7eedd96806c1acf3ffca9503563fba4915c Step #5: MERGE-OUTER: attempt 253 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2628437011 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/fde4a7eedd96806c1acf3ffca9503563fba4915c' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 971 processed earlier; will process 85 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2096==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffeff95bff8 (pc 0x55f72d164b64 bp 0x7fff00159740 sp 0x7ffeff95c000 T2096) Step #5: #0 0x55f72d164b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55f72d1680b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55f72d1680b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55f72d10519d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55f72d10e008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55f72d0f4ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55f72d1209f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f382f8cd082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55f72d0e859d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==2096==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-a872896999cfd7d983e07034516432103135ac2d Step #5: MERGE-OUTER: attempt 254 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2628496074 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/a872896999cfd7d983e07034516432103135ac2d' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 972 processed earlier; will process 84 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2100==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffd085c6ff8 (pc 0x562afc108b64 bp 0x7ffd08dc4990 sp 0x7ffd085c7000 T2100) Step #5: #0 0x562afc108b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x562afc10c0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x562afc10c0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x562afc0a919d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x562afc0b2008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x562afc098ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x562afc0c49f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f3ca9459082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x562afc08c59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==2100==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-b8acffb7f0d556e93c4ad7e788aa9a16226e6442 Step #5: MERGE-OUTER: attempt 255 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2628555163 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/b8acffb7f0d556e93c4ad7e788aa9a16226e6442' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 974 processed earlier; will process 82 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2104==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffd1a1f8ff8 (pc 0x55d8a7ba4b64 bp 0x7ffd1a9f7680 sp 0x7ffd1a1f9000 T2104) Step #5: #0 0x55d8a7ba4b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x55d8a7ba80b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x55d8a7ba80b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x55d8a7b4519d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x55d8a7b4e008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55d8a7b34ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x55d8a7b609f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f7ce7f00082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55d8a7b2859d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==2104==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-b202244e6da170b232d5802c9c82cb500533e0e0 Step #5: MERGE-OUTER: attempt 256 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2628613945 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/b202244e6da170b232d5802c9c82cb500533e0e0' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 975 processed earlier; will process 81 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 28Mb Step #5: #8 pulse exec/s: 0 rss: 28Mb Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./timeout-22aae05ee2cb78677388b077a5853a96f6719e3e Step #5: ==2108== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x55fc55f87034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x55fc55f44178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x55fc55f27a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7fdd7a59c08f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x55fc55f88a3c in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h Step #5: #5 0x55fc55f88a3c in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #6 0x55fc55f88a3c in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #7 0x55fc55f8c0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #8 0x55fc55f8c0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #9 0x55fc55f2919d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #10 0x55fc55f32008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #11 0x55fc55f18ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #12 0x55fc55f449f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #13 0x7fdd7a57d082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #14 0x55fc55f0c59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 257 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2730662616 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/22aae05ee2cb78677388b077a5853a96f6719e3e' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 990 processed earlier; will process 66 files now Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./timeout-f84444b0054ad53b6898d46598be01321ee6be4a Step #5: ==2112== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x559b231e6034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x559b231a3178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x559b23186a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7f64222af08f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x559b231e7379 in tu_fifo_peek_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:494:1 Step #5: #5 0x559b231e739d in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:509:15 Step #5: #6 0x559b231e7a49 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #7 0x559b231e7a49 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #8 0x559b231e7a49 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #9 0x559b231eb0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #10 0x559b231eb0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #11 0x559b2318819d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #12 0x559b23191008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #13 0x559b23177ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #14 0x559b231a39f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #15 0x7f6422290082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #16 0x559b2316b59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 258 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2832712113 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/f84444b0054ad53b6898d46598be01321ee6be4a' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 991 processed earlier; will process 65 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2116==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5629eb86dbd5 (pc 0x7f07a16b798c bp 0x7ffe16043010 sp 0x7ffe16042fd8 T2116) Step #5: ==2116==The signal is caused by a WRITE memory access. Step #5: #0 0x7f07a16b798c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x5629eb9035cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x5629eb9035cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x5629eb904820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x5629eb904820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x5629eb904820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x5629eb904820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x5629eb9076d0 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x5629eb9076d0 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x5629eb9070a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x5629eb8a419d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x5629eb8ad008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x5629eb893ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5629eb8bf9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f07a1550082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x5629eb88759d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==2116==Register values: Step #5: rax = 0x00005629eb86dbd5 rbx = 0x00005629eb9142b0 rcx = 0x00000000eb8672a2 rdx = 0x0000000000000018 Step #5: rdi = 0x00005629eb86dbd5 rsi = 0x00007ffe16043080 rbp = 0x00007ffe16043010 rsp = 0x00007ffe16042fd8 Step #5: r8 = 0x000000000000c8cb r9 = 0x000000000000c8cb r10 = 0x00005629ebe6f2d0 r11 = 0x00007f07a15c66d0 Step #5: r12 = 0x000000000000003e r13 = 0x0000000000005629 r14 = 0x0000000000000018 r15 = 0x00005629eb9142b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==2116==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-aa323c10b8e1e39954512864522e52777380f921 Step #5: MERGE-OUTER: attempt 259 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2832762926 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/aa323c10b8e1e39954512864522e52777380f921' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 992 processed earlier; will process 64 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2120==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x556b7859bb17 (pc 0x7f88c916098c bp 0x7fff11ea0420 sp 0x7fff11ea03e8 T2120) Step #5: ==2120==The signal is caused by a WRITE memory access. Step #5: #0 0x7f88c916098c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x556b786315cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x556b786315cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x556b78632820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x556b78632820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x556b78632820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x556b78632820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x556b786356d0 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x556b786356d0 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x556b786350a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x556b785d219d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x556b785db008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x556b785c1ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x556b785ed9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f88c8ff9082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x556b785b559d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==2120==Register values: Step #5: rax = 0x0000556b7859bb17 rbx = 0x0000556b786422b0 rcx = 0x0000000078595360 rdx = 0x0000000000000018 Step #5: rdi = 0x0000556b7859bb17 rsi = 0x00007fff11ea0490 rbp = 0x00007fff11ea0420 rsp = 0x00007fff11ea03e8 Step #5: r8 = 0x000000000000a8cb r9 = 0x000000000000a8cb r10 = 0x0000556b78b9d2d0 r11 = 0x00007f88c906f6d0 Step #5: r12 = 0x000000000000003e r13 = 0x000000000000556b r14 = 0x0000000000000018 r15 = 0x0000556b786422b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==2120==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-6e587ff2020bfe279eef31aeaef2f0732e55445f Step #5: MERGE-OUTER: attempt 260 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2832814306 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/6e587ff2020bfe279eef31aeaef2f0732e55445f' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 993 processed earlier; will process 63 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2124==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55dc54d1ab88 (pc 0x7f69ef0da98c bp 0x7ffec0f97320 sp 0x7ffec0f972e8 T2124) Step #5: ==2124==The signal is caused by a WRITE memory access. Step #5: #0 0x7f69ef0da98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55dc54db05cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55dc54db05cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55dc54db1820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55dc54db1820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55dc54db1820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55dc54db1820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55dc54db46d0 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x55dc54db46d0 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x55dc54db40a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55dc54d5119d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55dc54d5a008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55dc54d40ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55dc54d6c9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f69eef73082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55dc54d3459d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==2124==Register values: Step #5: rax = 0x000055dc54d1ab88 rbx = 0x000055dc54dc12b0 rcx = 0x0000000054d142ef rdx = 0x0000000000000018 Step #5: rdi = 0x000055dc54d1ab88 rsi = 0x00007ffec0f97390 rbp = 0x00007ffec0f97320 rsp = 0x00007ffec0f972e8 Step #5: r8 = 0x00000000000098cb r9 = 0x00000000000098cb r10 = 0x000055dc5531c2d0 r11 = 0x00007f69ef13bbe0 Step #5: r12 = 0x0000000000000031 r13 = 0x00000000000055dc r14 = 0x0000000000000018 r15 = 0x000055dc54dc12b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==2124==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-36e03e9cf5a0f8797b9f2c84cd09d897d88ec602 Step #5: MERGE-OUTER: attempt 261 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2832865852 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/36e03e9cf5a0f8797b9f2c84cd09d897d88ec602' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 994 processed earlier; will process 62 files now Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./timeout-b98861fdb791ad82003ed9a8c639625cf4683a80 Step #5: ==2128== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x55bc68e26034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x55bc68de3178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x55bc68dc6a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7fba0213e08f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x55bc68e27a22 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h Step #5: #5 0x55bc68e27a22 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #6 0x55bc68e2b0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #7 0x55bc68e2b0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #8 0x55bc68dc819d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #9 0x55bc68dd1008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #10 0x55bc68db7ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #11 0x55bc68de39f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #12 0x7fba0211f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #13 0x55bc68dab59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 262 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2934914652 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/b98861fdb791ad82003ed9a8c639625cf4683a80' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 995 processed earlier; will process 61 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2132==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x56415b167bed (pc 0x7f6c3872998c bp 0x7ffebea3ff20 sp 0x7ffebea3fee8 T2132) Step #5: ==2132==The signal is caused by a WRITE memory access. Step #5: #0 0x7f6c3872998c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x56415b1fd5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x56415b1fd5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x56415b1fe820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x56415b1fe820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x56415b1fe820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x56415b1fe820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x56415b2016d0 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x56415b2016d0 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x56415b2010a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x56415b19e19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x56415b1a7008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x56415b18dce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x56415b1b99f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f6c385c2082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x56415b18159d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==2132==Register values: Step #5: rax = 0x000056415b167bed rbx = 0x000056415b20e2b0 rcx = 0x000000005b16128a rdx = 0x0000000000000018 Step #5: rdi = 0x000056415b167bed rsi = 0x00007ffebea3ff90 rbp = 0x00007ffebea3ff20 rsp = 0x00007ffebea3fee8 Step #5: r8 = 0x00000000000068cb r9 = 0x00000000000068cb r10 = 0x000056415b7692d0 r11 = 0x00007f6c3878abe0 Step #5: r12 = 0x0000000000000000 r13 = 0x0000000000005641 r14 = 0x0000000000000018 r15 = 0x000056415b20e2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==2132==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-17261904489440831f766708dc5ebba840727392 Step #5: MERGE-OUTER: attempt 263 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2934966877 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/17261904489440831f766708dc5ebba840727392' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 997 processed earlier; will process 59 files now Step #5: #1 pulse exec/s: 0 rss: 28Mb Step #5: #2 pulse exec/s: 0 rss: 28Mb Step #5: #4 pulse exec/s: 0 rss: 29Mb Step #5: #8 pulse exec/s: 0 rss: 29Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2136==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffc631e0ff8 (pc 0x5556048ffb64 bp 0x7ffc639df340 sp 0x7ffc631e1000 T2136) Step #5: #0 0x5556048ffb64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x5556049030b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x5556049030b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x5556048a019d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x5556048a9008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x55560488fce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x5556048bb9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fdef47fd082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x55560488359d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==2136==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-f7bb99a348ffe6ac349853e0c1cfbeb9b2d2b872 Step #5: MERGE-OUTER: attempt 264 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2935029517 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/f7bb99a348ffe6ac349853e0c1cfbeb9b2d2b872' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 1006 processed earlier; will process 50 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2140==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55996a8bab45 (pc 0x7f030c28798c bp 0x7ffddc825ce0 sp 0x7ffddc825ca8 T2140) Step #5: ==2140==The signal is caused by a WRITE memory access. Step #5: #0 0x7f030c28798c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55996a9505cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55996a9505cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55996a951820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55996a951820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55996a951820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55996a951820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55996a95453d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55996a95453d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55996a9540a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55996a8f119d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55996a8fa008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55996a8e0ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55996a90c9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f030c120082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55996a8d459d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==2140==Register values: Step #5: rax = 0x000055996a8bab45 rbx = 0x000055996a9612b0 rcx = 0x000000006a8b4332 rdx = 0x0000000000000018 Step #5: rdi = 0x000055996a8bab45 rsi = 0x00007ffddc825d50 rbp = 0x00007ffddc825ce0 rsp = 0x00007ffddc825ca8 Step #5: r8 = 0x00000000000098cb r9 = 0x00000000000098cb r10 = 0x000055996aebc2d0 r11 = 0x00007f030c1966d0 Step #5: r12 = 0x00007f030c041010 r13 = 0x0000000000005599 r14 = 0x0000000000000018 r15 = 0x000055996a9612b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==2140==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-ab104c13c7b4fbc07598710cdbd0bbb070046c87 Step #5: MERGE-OUTER: attempt 265 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2935080373 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/ab104c13c7b4fbc07598710cdbd0bbb070046c87' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 1007 processed earlier; will process 49 files now Step #5: #1 pulse exec/s: 0 rss: 29Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2144==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x5623289f1304 (pc 0x7f2fc58c498c bp 0x7ffd4f36b2c0 sp 0x7ffd4f36b288 T2144) Step #5: ==2144==The signal is caused by a WRITE memory access. Step #5: #0 0x7f2fc58c498c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x562328a8b5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x562328a8b5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x562328a8c820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x562328a8c820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x562328a8c820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x562328a8c820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x562328a8f53d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x562328a8f53d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x562328a8f0a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x562328a2c19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x562328a35008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x562328a1bce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x562328a479f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f2fc575d082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x562328a0f59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==2144==Register values: Step #5: rax = 0x00005623289f1304 rbx = 0x0000562328a9c2b0 rcx = 0x00000000289f3b73 rdx = 0x0000000000000018 Step #5: rdi = 0x00005623289f1304 rsi = 0x00007ffd4f36b330 rbp = 0x00007ffd4f36b2c0 rsp = 0x00007ffd4f36b288 Step #5: r8 = 0x00000000000048cb r9 = 0x00000000000048cb r10 = 0x0000562328ff72d0 r11 = 0xfffffffffffff000 Step #5: r12 = 0x0000000000000000 r13 = 0x0000000000005623 r14 = 0x0000000000000018 r15 = 0x0000562328a9c2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==2144==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-3fcecacbbd79de5b50ca99584b7433979b322a9c Step #5: MERGE-OUTER: attempt 266 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2935132046 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/3fcecacbbd79de5b50ca99584b7433979b322a9c' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 1009 processed earlier; will process 47 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2148==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55d3ec66fb7f (pc 0x7f918065198c bp 0x7fff1e50ece0 sp 0x7fff1e50eca8 T2148) Step #5: ==2148==The signal is caused by a WRITE memory access. Step #5: #0 0x7f918065198c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55d3ec7055cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55d3ec7055cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55d3ec706820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55d3ec706820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55d3ec706820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55d3ec706820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55d3ec7096d0 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x55d3ec7096d0 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x55d3ec7090a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55d3ec6a619d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55d3ec6af008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55d3ec695ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55d3ec6c19f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f91804ea082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55d3ec68959d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==2148==Register values: Step #5: rax = 0x000055d3ec66fb7f rbx = 0x000055d3ec7162b0 rcx = 0x00000000ec6692f8 rdx = 0x0000000000000018 Step #5: rdi = 0x000055d3ec66fb7f rsi = 0x00007fff1e50ed50 rbp = 0x00007fff1e50ece0 rsp = 0x00007fff1e50eca8 Step #5: r8 = 0x000000000000e8cb r9 = 0x000000000000e8cb r10 = 0xfffffffffffff04a r11 = 0x00007f91805606d0 Step #5: r12 = 0x0000000000000016 r13 = 0x00000000000055d3 r14 = 0x0000000000000018 r15 = 0x000055d3ec7162b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==2148==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-fcb23937842451d934473ac800cca3e16213475c Step #5: MERGE-OUTER: attempt 267 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2935183701 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/fcb23937842451d934473ac800cca3e16213475c' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 1010 processed earlier; will process 46 files now Step #5: #1 pulse exec/s: 0 rss: 29Mb Step #5: #2 pulse exec/s: 0 rss: 29Mb Step #5: #4 pulse exec/s: 0 rss: 29Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2152==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fff33d33ff8 (pc 0x5579c478db64 bp 0x7fff34532970 sp 0x7fff33d34000 T2152) Step #5: #0 0x5579c478db64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x5579c47910b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x5579c47910b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x5579c472e19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x5579c4737008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x5579c471dce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x5579c47499f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f141d82f082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x5579c471159d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==2152==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-df1121311a3c2fcb69a55ebf0c9f2f35a75767c2 Step #5: MERGE-OUTER: attempt 268 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2935249049 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/df1121311a3c2fcb69a55ebf0c9f2f35a75767c2' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 1015 processed earlier; will process 41 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2156==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x56429567dbee (pc 0x7f942457e98c bp 0x7ffe7d6d13f0 sp 0x7ffe7d6d13b8 T2156) Step #5: ==2156==The signal is caused by a WRITE memory access. Step #5: #0 0x7f942457e98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x5642957135cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x5642957135cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x564295714820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x564295714820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x564295714820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x564295714820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x56429571753d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x56429571753d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x5642957170a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x5642956b419d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x5642956bd008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x5642956a3ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x5642956cf9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f9424417082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x56429569759d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==2156==Register values: Step #5: rax = 0x000056429567dbee rbx = 0x00005642957242b0 rcx = 0x0000000095677289 rdx = 0x0000000000000018 Step #5: rdi = 0x000056429567dbee rsi = 0x00007ffe7d6d1460 rbp = 0x00007ffe7d6d13f0 rsp = 0x00007ffe7d6d13b8 Step #5: r8 = 0x000000000000c8cb r9 = 0x0000564295c7f2d0 r10 = 0x0000564295c7f2d0 r11 = 0x00007f942448d6d0 Step #5: r12 = 0x00007f9424188010 r13 = 0x0000000000005642 r14 = 0x0000000000000018 r15 = 0x00005642957242b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==2156==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-bfb5b8ab32bc2064568ba360370d5147657db23c Step #5: MERGE-OUTER: attempt 269 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 2935305387 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/bfb5b8ab32bc2064568ba360370d5147657db23c' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 1016 processed earlier; will process 40 files now Step #5: #1 pulse exec/s: 0 rss: 30Mb Step #5: #2 pulse exec/s: 0 rss: 30Mb Step #5: #4 pulse exec/s: 0 rss: 30Mb Step #5: #8 pulse exec/s: 0 rss: 30Mb Step #5: #16 pulse exec/s: 0 rss: 30Mb Step #5: ALARM: working on the last Unit for 101 seconds Step #5: and the timeout value is 100 (use -timeout=N to change) Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./timeout-47100962a77654029d1b1492019867d37f588e30 Step #5: ==2160== ERROR: libFuzzer: timeout after 101 seconds Step #5: #0 0x56135d117034 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/ubsan/ubsan_diag_standalone.cpp:31:3 Step #5: #1 0x56135d0d4178 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 Step #5: #2 0x56135d0b7a3b in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5 Step #5: #3 0x7f48c548608f (/lib/x86_64-linux-gnu/libc.so.6+0x4308f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #4 0x7f48c55ce98f (/lib/x86_64-linux-gnu/libc.so.6+0x18b98f) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #5 0x56135d11836e in ff_pull_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #6 0x56135d11836e in tu_fifo_peek_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:490:5 Step #5: #7 0x56135d11839d in tu_fifo_read_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:509:15 Step #5: #8 0x56135d118a49 in tu_fifo_read_n /src/tinyusb/src/common/tusb_fifo.h:212:10 Step #5: #9 0x56135d118a49 in osal_queue_receive /src/tinyusb/src/osal/osal_none.h:187:24 Step #5: #10 0x56135d118a49 in tud_task_ext /src/tinyusb/src/device/usbd.c:672:10 Step #5: #11 0x56135d11c0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #12 0x56135d11c0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #13 0x56135d0b919d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #14 0x56135d0c2008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #15 0x56135d0a8ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #16 0x56135d0d49f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #17 0x7f48c5467082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #18 0x56135d09c59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: __sanitizer_print_stack_trace--fuzzer::PrintStackTrace()--fuzzer::Fuzzer::AlarmCallback() Step #5: SUMMARY: libFuzzer: timeout Step #5: MERGE-OUTER: attempt 270 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 3037359475 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/47100962a77654029d1b1492019867d37f588e30' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 1033 processed earlier; will process 23 files now Step #5: #1 pulse exec/s: 0 rss: 30Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2164==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55d4f48112b5 (pc 0x7f795070d98c bp 0x7ffd75e52280 sp 0x7ffd75e52248 T2164) Step #5: ==2164==The signal is caused by a WRITE memory access. Step #5: #0 0x7f795070d98c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55d4f48aa5cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55d4f48aa5cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55d4f48ab820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55d4f48ab820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55d4f48ab820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55d4f48ab820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55d4f48ae53d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x55d4f48ae53d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x55d4f48ae0a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55d4f484b19d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55d4f4854008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55d4f483ace9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55d4f48669f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f79505a6082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55d4f482e59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==2164==Register values: Step #5: rax = 0x000055d4f48112b5 rbx = 0x000055d4f48bb2b0 rcx = 0x00000000f4811bc2 rdx = 0x0000000000000018 Step #5: rdi = 0x000055d4f48112b5 rsi = 0x00007ffd75e522f0 rbp = 0x00007ffd75e52280 rsp = 0x00007ffd75e52248 Step #5: r8 = 0x00000000000038cb r9 = 0x00000000000038cb r10 = 0x000055d4f4e162d0 r11 = 0xfffffffffffff000 Step #5: r12 = 0x00007f7950365010 r13 = 0x00000000000055d4 r14 = 0x0000000000000018 r15 = 0x000055d4f48bb2b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==2164==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-b1c20d7faddc0cd2f37a70cd6fa43ae7bf38bf20 Step #5: MERGE-OUTER: attempt 271 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 3037417672 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/b1c20d7faddc0cd2f37a70cd6fa43ae7bf38bf20' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 1035 processed earlier; will process 21 files now Step #5: #1 pulse exec/s: 0 rss: 30Mb Step #5: #2 pulse exec/s: 0 rss: 31Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2168==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x55caafa7fb76 (pc 0x7fb2e8ea798c bp 0x7ffd5bd16f90 sp 0x7ffd5bd16f58 T2168) Step #5: ==2168==The signal is caused by a WRITE memory access. Step #5: #0 0x7fb2e8ea798c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x55caafb155cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x55caafb155cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x55caafb16820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x55caafb16820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x55caafb16820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x55caafb16820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x55caafb196d0 in dcd_event_setup_received /src/tinyusb/src/device/dcd.h:222:3 Step #5: #8 0x55caafb196d0 in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:84:5 Step #5: #9 0x55caafb190a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x55caafab619d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x55caafabf008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x55caafaa5ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x55caafad19f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7fb2e8d40082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x55caafa9959d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==2168==Register values: Step #5: rax = 0x000055caafa7fb76 rbx = 0x000055caafb262b0 rcx = 0x00000000afa79301 rdx = 0x0000000000000018 Step #5: rdi = 0x000055caafa7fb76 rsi = 0x00007ffd5bd17000 rbp = 0x00007ffd5bd16f90 rsp = 0x00007ffd5bd16f58 Step #5: r8 = 0x000000000000e8cb r9 = 0x000055cab00812d0 r10 = 0x000055cab00812d0 r11 = 0xfffffffffffff000 Step #5: r12 = 0x0000000000000001 r13 = 0x00000000000055ca r14 = 0x0000000000000018 r15 = 0x000055caafb262b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==2168==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-02a7fc8039a739c546e67fe423c7ee3f74b5e396 Step #5: MERGE-OUTER: attempt 272 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 3037487286 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/02a7fc8039a739c546e67fe423c7ee3f74b5e396' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 1039 processed earlier; will process 17 files now Step #5: #1 pulse exec/s: 0 rss: 31Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2172==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffe96052ff8 (pc 0x558dd36e6b64 bp 0x7ffe96850e10 sp 0x7ffe96053000 T2172) Step #5: #0 0x558dd36e6b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x558dd36ea0b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x558dd36ea0b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x558dd368719d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x558dd3690008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x558dd3676ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x558dd36a29f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fbeb16d6082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x558dd366a59d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==2172==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-9e5dd8b6146cf6de596e838a90110efe0da62b50 Step #5: MERGE-OUTER: attempt 273 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 3037562479 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/c968ef3ed3d6c009967e7674dfaf338545e96491' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 1041 processed earlier; will process 15 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2176==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7fff5b4ceff8 (pc 0x56128cdd2b64 bp 0x7fff5bccbf70 sp 0x7fff5b4cf000 T2176) Step #5: #0 0x56128cdd2b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x56128cdd60b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x56128cdd60b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x56128cd7319d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x56128cd7c008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x56128cd62ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x56128cd8e9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7fd2821b7082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x56128cd5659d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==2176==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-669899b1c596988cf6f6eb9587df2e57100cbee7 Step #5: MERGE-OUTER: attempt 274 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 3037635562 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/4da32994a0471b527d8c28747443937639438165' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 1042 processed earlier; will process 14 files now Step #5: #1 pulse exec/s: 0 rss: 31Mb Step #5: #2 pulse exec/s: 0 rss: 31Mb Step #5: #4 pulse exec/s: 0 rss: 31Mb Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2180==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address 0x7ffd21ad3ff8 (pc 0x5560f0a72b64 bp 0x7ffd222d1da0 sp 0x7ffd21ad4000 T2180) Step #5: #0 0x5560f0a72b64 in tud_task_ext /src/tinyusb/src/device/usbd.c:771:11 Step #5: #1 0x5560f0a760b8 in tud_task /src/tinyusb/src/device/usbd.h:91:3 Step #5: #2 0x5560f0a760b8 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:67:5 Step #5: #3 0x5560f0a1319d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #4 0x5560f0a1c008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #5 0x5560f0a02ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #6 0x5560f0a2e9f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #7 0x7f010ba22082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #8 0x5560f09f659d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: tud_task_ext--tud_task--LLVMFuzzerTestOneInput Step #5: SUMMARY: UndefinedBehaviorSanitizer: stack-overflow /src/tinyusb/src/device/usbd.c:771:11 in tud_task_ext Step #5: ==2180==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-1a3392404ce807e62d7716b7babf853a979d84af Step #5: MERGE-OUTER: attempt 275 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 3037719802 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/0da2684b2333bf53d99761a56d42e37c75e19a27' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 1047 processed earlier; will process 9 files now Step #5: UndefinedBehaviorSanitizer:DEADLYSIGNAL Step #5: ==2184==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x558e999beb3a (pc 0x7f4f8766998c bp 0x7ffee5b0e5a0 sp 0x7ffee5b0e568 T2184) Step #5: ==2184==The signal is caused by a WRITE memory access. Step #5: #0 0x7f4f8766998c (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #1 0x558e99a545cd in ff_push_n /src/tinyusb/src/common/tusb_fifo.c Step #5: #2 0x558e99a545cd in tu_fifo_write_n_access_mode /src/tinyusb/src/common/tusb_fifo.c:586:7 Step #5: #3 0x558e99a55820 in tu_fifo_write_n /src/tinyusb/src/common/tusb_fifo.h:225:10 Step #5: #4 0x558e99a55820 in osal_queue_send /src/tinyusb/src/osal/osal_none.h:198:24 Step #5: #5 0x558e99a55820 in queue_event /src/tinyusb/src/device/usbd.c:387:3 Step #5: #6 0x558e99a55820 in dcd_event_handler /src/tinyusb/src/device/usbd.c:1292:5 Step #5: #7 0x558e99a5853d in dcd_event_bus_signal /src/tinyusb/src/device/dcd.h:204:3 Step #5: #8 0x558e99a5853d in dcd_int_handler /src/tinyusb/test/fuzz/dcd_fuzz.cc:64:5 Step #5: #9 0x558e99a580a5 in LLVMFuzzerTestOneInput /src/tinyusb/test/fuzz/device/net/src/fuzz.cc:66:5 Step #5: #10 0x558e999f519d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13 Step #5: #11 0x558e999fe008 in fuzzer::Fuzzer::CrashResistantMergeInternalStep(std::__Fuzzer::basic_string, std::__Fuzzer::allocator> const&, bool) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMerge.cpp:239:5 Step #5: #12 0x558e999e4ce9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:890:8 Step #5: #13 0x558e99a109f2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Step #5: #14 0x7f4f87502082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: #15 0x558e999d859d in _start (out/libfuzzer-coverage-x86_64/net+0x3359d) Step #5: Step #5: DEDUP_TOKEN: ff_push_n--tu_fifo_write_n_access_mode Step #5: ==2184==Register values: Step #5: rax = 0x0000558e999beb3a rbx = 0x0000558e99a652b0 rcx = 0x00000000999b833d rdx = 0x0000000000000018 Step #5: rdi = 0x0000558e999beb3a rsi = 0x00007ffee5b0e610 rbp = 0x00007ffee5b0e5a0 rsp = 0x00007ffee5b0e568 Step #5: r8 = 0x000000000000d8cb r9 = 0x000000000000d8cb r10 = 0x0000558e99fc02d0 r11 = 0x00007f4f875786d0 Step #5: r12 = 0x00007f4f84bbb010 r13 = 0x000000000000558e r14 = 0x0000000000000018 r15 = 0x0000558e99a652b0 Step #5: UndefinedBehaviorSanitizer can not provide additional info. Step #5: SUMMARY: UndefinedBehaviorSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x18b98c) (BuildId: 5792732f783158c66fb4f3756458ca24e46e827d) Step #5: ==2184==ABORTING Step #5: MS: 0 ; base unit: 0000000000000000000000000000000000000000 Step #5: artifact_prefix='./'; Test unit written to ./crash-58260c068f4adc661d263c51856520f1fcc6989d Step #5: MERGE-OUTER: attempt 276 Step #5: INFO: Running with entropic power schedule (0xFF, 100). Step #5: INFO: Seed: 3037790421 Step #5: INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 1048576 bytes Step #5: MERGE-INNER: using the control file '/tmp/libFuzzerTemp.Merge51.txt' Step #5: MERGE-INNER: '/corpus/net/a017cde86d4864b5b4e55d690f3242f7816cfa01' caused a failure at the previous merge step Step #5: MERGE-INNER: 1056 total files; 1048 processed earlier; will process 8 files now Step #5: #1 pulse exec/s: 0 rss: 33Mb Step #5: #2 pulse exec/s: 0 rss: 34Mb Step #5: #4 pulse exec/s: 0 rss: 34Mb Step #5: #8 pulse exec/s: 0 rss: 34Mb Step #5: #8 DONE exec/s: 0 rss: 34Mb Step #5: MERGE-OUTER: successful in 276 attempt(s) Step #5: MERGE-OUTER: the control file has 84246 bytes Step #5: MERGE-OUTER: consumed 0Mb (29Mb rss) to parse the control file Step #5: MERGE-OUTER: 0 new files with 0 new features added; 0 new coverage edges Step #5: [2026-01-14 07:03:37,762 INFO] Finding shared libraries for targets (if any). Step #5: [2026-01-14 07:03:37,773 INFO] Finished finding shared libraries for targets. Step #5: Coverage error, creating log file: /workspace/out/libfuzzer-coverage-x86_64/fuzzer_stats/net_error.log Step #5: [2026-01-14 07:03:37,999 INFO] Finding shared libraries for targets (if any). Step #5: [2026-01-14 07:03:38,024 INFO] Finished finding shared libraries for targets. Step #5: [2026-01-14 07:03:38,291 DEBUG] Finished generating per-file code coverage summary. Step #5: [2026-01-14 07:03:38,291 DEBUG] Generating file view html index file as: "/workspace/out/libfuzzer-coverage-x86_64/report/linux/file_view_index.html". Step #5: [2026-01-14 07:03:38,307 DEBUG] Finished generating file view html index file. Step #5: [2026-01-14 07:03:38,307 DEBUG] Calculating per-directory coverage summary. Step #5: [2026-01-14 07:03:38,308 DEBUG] Finished calculating per-directory coverage summary. Step #5: [2026-01-14 07:03:38,308 DEBUG] Writing per-directory coverage html reports. Step #5: [2026-01-14 07:03:38,616 DEBUG] Finished writing per-directory coverage html reports. Step #5: [2026-01-14 07:03:38,616 DEBUG] Generating directory view html index file as: "/workspace/out/libfuzzer-coverage-x86_64/report/linux/directory_view_index.html". Step #5: [2026-01-14 07:03:38,617 DEBUG] Finished generating directory view html index file. Step #5: [2026-01-14 07:03:38,617 INFO] Index file for html report is generated as: "file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/index.html". Step #5: [2026-01-14 07:03:38,805 DEBUG] Finished generating per-file code coverage summary. Step #5: [2026-01-14 07:03:38,805 DEBUG] Generating file view html index file as: "/workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/file_view_index.html". Step #5: [2026-01-14 07:03:38,820 DEBUG] Finished generating file view html index file. Step #5: [2026-01-14 07:03:38,820 DEBUG] Calculating per-directory coverage summary. Step #5: [2026-01-14 07:03:38,820 DEBUG] Finished calculating per-directory coverage summary. Step #5: [2026-01-14 07:03:38,820 DEBUG] Writing per-directory coverage html reports. Step #5: [2026-01-14 07:03:38,969 DEBUG] Finished writing per-directory coverage html reports. Step #5: [2026-01-14 07:03:38,969 DEBUG] Generating directory view html index file as: "/workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/directory_view_index.html". Step #5: [2026-01-14 07:03:38,969 DEBUG] Finished generating directory view html index file. Step #5: [2026-01-14 07:03:38,969 INFO] Index file for html report is generated as: "file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/index.html". Step #5: [2026-01-14 07:03:39,210 DEBUG] Finished generating per-file code coverage summary. Step #5: [2026-01-14 07:03:39,210 DEBUG] Generating file view html index file as: "/workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/file_view_index.html". Step #5: [2026-01-14 07:03:39,226 DEBUG] Finished generating file view html index file. Step #5: [2026-01-14 07:03:39,226 DEBUG] Calculating per-directory coverage summary. Step #5: [2026-01-14 07:03:39,227 DEBUG] Finished calculating per-directory coverage summary. Step #5: [2026-01-14 07:03:39,227 DEBUG] Writing per-directory coverage html reports. Step #5: [2026-01-14 07:03:39,484 DEBUG] Finished writing per-directory coverage html reports. Step #5: [2026-01-14 07:03:39,484 DEBUG] Generating directory view html index file as: "/workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/directory_view_index.html". Step #5: [2026-01-14 07:03:39,484 DEBUG] Finished generating directory view html index file. Step #5: [2026-01-14 07:03:39,484 INFO] Index file for html report is generated as: "file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/index.html". Step #5: [2026-01-14 07:03:39,677 DEBUG] Finished generating per-file code coverage summary. Step #5: [2026-01-14 07:03:39,677 DEBUG] Generating file view html index file as: "/workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/file_view_index.html". Step #5: [2026-01-14 07:03:39,692 DEBUG] Finished generating file view html index file. Step #5: [2026-01-14 07:03:39,692 DEBUG] Calculating per-directory coverage summary. Step #5: [2026-01-14 07:03:39,692 DEBUG] Finished calculating per-directory coverage summary. Step #5: [2026-01-14 07:03:39,692 DEBUG] Writing per-directory coverage html reports. Step #5: [2026-01-14 07:03:39,851 DEBUG] Finished writing per-directory coverage html reports. Step #5: [2026-01-14 07:03:39,851 DEBUG] Generating directory view html index file as: "/workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/directory_view_index.html". Step #5: [2026-01-14 07:03:39,852 DEBUG] Finished generating directory view html index file. Step #5: [2026-01-14 07:03:39,852 INFO] Index file for html report is generated as: "file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/index.html". Finished Step #5 Starting Step #6 Step #6: Pulling image: gcr.io/cloud-builders/gsutil Step #6: Using default tag: latest Step #6: latest: Pulling from cloud-builders/gsutil Step #6: 63e5bc7682b8: Already exists Step #6: 655e5854bd03: Already exists Step #6: 4f4e73db334e: Already exists Step #6: 271086bcee88: Already exists Step #6: c3d1a5d799dc: Already exists Step #6: 07cc84115d75: Already exists Step #6: ab29b921ec14: Pulling fs layer Step #6: 4cbb58df7f25: Pulling fs layer Step #6: 4cbb58df7f25: Download complete Step #6: ab29b921ec14: Verifying Checksum Step #6: ab29b921ec14: Download complete Step #6: ab29b921ec14: Pull complete Step #6: 4cbb58df7f25: Pull complete Step #6: Digest: sha256:5e3ddd1fe51f8d741e592f72e7bd1e35cc39d0852ad1bd41b30fa568aa1789d4 Step #6: Status: Downloaded newer image for gcr.io/cloud-builders/gsutil:latest Step #6: gcr.io/cloud-builders/gsutil:latest Step #6: CommandException: 1 files/objects could not be removed. Finished Step #6 Starting Step #7 Step #7: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #7: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/control.js [Content-Type=text/javascript]... Step #7: / [0/132 files][ 0.0 B/ 9.8 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/style.css [Content-Type=text/css]... Step #7: / [0/132 files][ 0.0 B/ 9.8 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/directory_view_index.html [Content-Type=text/html]... Step #7: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/summary.json [Content-Type=application/json]... Step #7: / [0/132 files][ 0.0 B/ 9.8 MiB] 0% Done / [0/132 files][ 0.0 B/ 9.8 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/index.html [Content-Type=text/html]... Step #7: / [0/132 files][ 0.0 B/ 9.8 MiB] 0% Done / [1/132 files][ 45.2 KiB/ 9.8 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/report.html [Content-Type=text/html]... Step #7: / [1/132 files][ 45.2 KiB/ 9.8 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/file_view_index.html [Content-Type=text/html]... Step #7: / [1/132 files][ 45.2 KiB/ 9.8 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/report.html [Content-Type=text/html]... Step #7: / [1/132 files][ 45.2 KiB/ 9.8 MiB] 0% Done / [2/132 files][ 45.2 KiB/ 9.8 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/report.html [Content-Type=text/html]... Step #7: / [2/132 files][ 45.2 KiB/ 9.8 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/test/report.html [Content-Type=text/html]... Step #7: / [2/132 files][ 45.2 KiB/ 9.8 MiB] 0% Done / [3/132 files][ 45.2 KiB/ 9.8 MiB] 0% Done / [4/132 files][ 45.2 KiB/ 9.8 MiB] 0% Done / [5/132 files][ 45.2 KiB/ 9.8 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/test/fuzz/net_fuzz.cc.html [Content-Type=text/html]... Step #7: / [5/132 files][ 45.2 KiB/ 9.8 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/test/fuzz/report.html [Content-Type=text/html]... Step #7: / [5/132 files][ 45.2 KiB/ 9.8 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/test/fuzz/fuzz.cc.html [Content-Type=text/html]... Step #7: / [5/132 files][ 45.2 KiB/ 9.8 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/test/fuzz/msc_fuzz.cc.html [Content-Type=text/html]... Step #7: / [5/132 files][ 45.2 KiB/ 9.8 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/test/fuzz/dcd_fuzz.cc.html [Content-Type=text/html]... Step #7: / [5/132 files][ 77.1 KiB/ 9.8 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/test/fuzz/device/report.html [Content-Type=text/html]... Step #7: / [5/132 files][ 77.1 KiB/ 9.8 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/test/fuzz/device/cdc/report.html [Content-Type=text/html]... Step #7: / [5/132 files][ 81.4 KiB/ 9.8 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/test/fuzz/device/cdc/src/usb_descriptors.cc.html [Content-Type=text/html]... Step #7: / [5/132 files][ 90.9 KiB/ 9.8 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/test/fuzz/device/cdc/src/fuzz.cc.html [Content-Type=text/html]... Step #7: / [5/132 files][ 90.9 KiB/ 9.8 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/test/fuzz/device/cdc/src/report.html [Content-Type=text/html]... Step #7: / [5/132 files][ 90.9 KiB/ 9.8 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/test/fuzz/device/cdc/src/tusb_config.h.html [Content-Type=text/html]... Step #7: / [5/132 files][ 90.9 KiB/ 9.8 MiB] 0% Done / [6/132 files][ 90.9 KiB/ 9.8 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/test/fuzz/device/net/report.html [Content-Type=text/html]... Step #7: / [6/132 files][ 90.9 KiB/ 9.8 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/test/fuzz/device/net/src/lwipopts.h.html [Content-Type=text/html]... Step #7: / [6/132 files][105.6 KiB/ 9.8 MiB] 1% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/test/fuzz/device/net/src/usb_descriptors.cc.html [Content-Type=text/html]... Step #7: / [6/132 files][105.6 KiB/ 9.8 MiB] 1% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/test/fuzz/device/net/src/fuzz.cc.html [Content-Type=text/html]... Step #7: / [6/132 files][105.6 KiB/ 9.8 MiB] 1% Done / [7/132 files][105.6 KiB/ 9.8 MiB] 1% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/test/fuzz/device/net/src/tusb_config.h.html [Content-Type=text/html]... Step #7: / [8/132 files][105.6 KiB/ 9.8 MiB] 1% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/test/fuzz/device/net/src/report.html [Content-Type=text/html]... Step #7: / [9/132 files][111.5 KiB/ 9.8 MiB] 1% Done / [9/132 files][111.5 KiB/ 9.8 MiB] 1% Done / [9/132 files][111.5 KiB/ 9.8 MiB] 1% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/test/fuzz/device/msc/src/fuzz.cc.html [Content-Type=text/html]... Step #7: / [10/132 files][111.5 KiB/ 9.8 MiB] 1% Done / [10/132 files][111.5 KiB/ 9.8 MiB] 1% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/test/fuzz/device/msc/src/report.html [Content-Type=text/html]... Step #7: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/test/fuzz/device/net/src/arch/cc.h.html [Content-Type=text/html]... Step #7: / [10/132 files][111.5 KiB/ 9.8 MiB] 1% Done / [10/132 files][118.4 KiB/ 9.8 MiB] 1% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/test/fuzz/device/msc/src/tusb_config.h.html [Content-Type=text/html]... Step #7: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/tusb.h.html [Content-Type=text/html]... Step #7: / [10/132 files][118.4 KiB/ 9.8 MiB] 1% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/test/fuzz/device/msc/report.html [Content-Type=text/html]... Step #7: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/test/fuzz/device/msc/src/usb_descriptors.cc.html [Content-Type=text/html]... Step #7: / [10/132 files][123.5 KiB/ 9.8 MiB] 1% Done / [10/132 files][123.5 KiB/ 9.8 MiB] 1% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/report.html [Content-Type=text/html]... Step #7: / [10/132 files][123.5 KiB/ 9.8 MiB] 1% Done / [10/132 files][156.4 KiB/ 9.8 MiB] 1% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/tusb_option.h.html [Content-Type=text/html]... Step #7: / [10/132 files][197.6 KiB/ 9.8 MiB] 1% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/tusb.c.html [Content-Type=text/html]... Step #7: / [10/132 files][197.6 KiB/ 9.8 MiB] 1% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/device/usbd_pvt.h.html [Content-Type=text/html]... Step #7: / [10/132 files][197.6 KiB/ 9.8 MiB] 1% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/device/usbd.c.html [Content-Type=text/html]... Step #7: / [10/132 files][197.6 KiB/ 9.8 MiB] 1% Done / [11/132 files][197.6 KiB/ 9.8 MiB] 1% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/device/report.html [Content-Type=text/html]... Step #7: / [11/132 files][282.1 KiB/ 9.8 MiB] 2% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/device/usbd_control.c.html [Content-Type=text/html]... Step #7: - - [11/132 files][286.9 KiB/ 9.8 MiB] 2% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/device/dcd.h.html [Content-Type=text/html]... Step #7: - [11/132 files][286.9 KiB/ 9.8 MiB] 2% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/device/usbd.h.html [Content-Type=text/html]... Step #7: - [11/132 files][286.9 KiB/ 9.8 MiB] 2% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/osal/osal_none.h.html [Content-Type=text/html]... Step #7: - [11/132 files][286.9 KiB/ 9.8 MiB] 2% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/osal/report.html [Content-Type=text/html]... Step #7: - [11/132 files][286.9 KiB/ 9.8 MiB] 2% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/common/tusb_mcu.h.html [Content-Type=text/html]... Step #7: - [11/132 files][286.9 KiB/ 9.8 MiB] 2% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/common/tusb_verify.h.html [Content-Type=text/html]... Step #7: - [11/132 files][319.9 KiB/ 9.8 MiB] 3% Done - [12/132 files][319.9 KiB/ 9.8 MiB] 3% Done - [13/132 files][319.9 KiB/ 9.8 MiB] 3% Done - [14/132 files][319.9 KiB/ 9.8 MiB] 3% Done - [15/132 files][319.9 KiB/ 9.8 MiB] 3% Done - [16/132 files][319.9 KiB/ 9.8 MiB] 3% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/ip4_addr.h.html [Content-Type=text/html]... Step #7: - [16/132 files][402.7 KiB/ 9.8 MiB] 3% Done - [17/132 files][402.7 KiB/ 9.8 MiB] 3% Done - [18/132 files][402.7 KiB/ 9.8 MiB] 3% Done - [19/132 files][402.7 KiB/ 9.8 MiB] 3% Done - [20/132 files][402.7 KiB/ 9.8 MiB] 3% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/common/tusb_private.h.html [Content-Type=text/html]... Step #7: - [20/132 files][402.7 KiB/ 9.8 MiB] 3% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/common/report.html [Content-Type=text/html]... Step #7: - [20/132 files][546.7 KiB/ 9.8 MiB] 5% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/common/tusb_fifo.c.html [Content-Type=text/html]... Step #7: - [21/132 files][546.7 KiB/ 9.8 MiB] 5% Done - [21/132 files][546.7 KiB/ 9.8 MiB] 5% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/common/tusb_types.h.html [Content-Type=text/html]... Step #7: - [21/132 files][546.7 KiB/ 9.8 MiB] 5% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/class/cdc/cdc_device.h.html [Content-Type=text/html]... Step #7: - [21/132 files][546.7 KiB/ 9.8 MiB] 5% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/common/tusb_compiler.h.html [Content-Type=text/html]... Step #7: - [22/132 files][546.7 KiB/ 9.8 MiB] 5% Done - [22/132 files][546.7 KiB/ 9.8 MiB] 5% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/common/tusb_fifo.h.html [Content-Type=text/html]... Step #7: - [22/132 files][670.7 KiB/ 9.8 MiB] 6% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/class/report.html [Content-Type=text/html]... Step #7: - [22/132 files][670.7 KiB/ 9.8 MiB] 6% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/common/tusb_common.h.html [Content-Type=text/html]... Step #7: - [22/132 files][670.7 KiB/ 9.8 MiB] 6% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/class/cdc/cdc_device.c.html [Content-Type=text/html]... Step #7: - [22/132 files][670.7 KiB/ 9.8 MiB] 6% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/class/cdc/report.html [Content-Type=text/html]... Step #7: - [22/132 files][670.7 KiB/ 9.8 MiB] 6% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/class/net/net_device.h.html [Content-Type=text/html]... Step #7: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/class/cdc/cdc.h.html [Content-Type=text/html]... Step #7: - [22/132 files][791.5 KiB/ 9.8 MiB] 7% Done - [22/132 files][791.5 KiB/ 9.8 MiB] 7% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/class/net/report.html [Content-Type=text/html]... Step #7: - [22/132 files][791.5 KiB/ 9.8 MiB] 7% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/class/net/ecm_rndis_device.c.html [Content-Type=text/html]... Step #7: - [22/132 files][791.5 KiB/ 9.8 MiB] 7% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/class/msc/msc_device.c.html [Content-Type=text/html]... Step #7: - [22/132 files][818.5 KiB/ 9.8 MiB] 8% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/src/class/msc/report.html [Content-Type=text/html]... Step #7: - [22/132 files][818.5 KiB/ 9.8 MiB] 8% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/report.html [Content-Type=text/html]... Step #7: - [23/132 files][818.5 KiB/ 9.8 MiB] 8% Done - [23/132 files][818.5 KiB/ 9.8 MiB] 8% Done - [24/132 files][906.7 KiB/ 9.8 MiB] 8% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/report.html [Content-Type=text/html]... Step #7: - [24/132 files][ 1.2 MiB/ 9.8 MiB] 12% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/report.html [Content-Type=text/html]... Step #7: - [24/132 files][ 1.2 MiB/ 9.8 MiB] 12% Done - [25/132 files][ 1.2 MiB/ 9.8 MiB] 12% Done - [26/132 files][ 1.2 MiB/ 9.8 MiB] 12% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/core/init.c.html [Content-Type=text/html]... Step #7: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/core/netif.c.html [Content-Type=text/html]... Step #7: - [26/132 files][ 1.2 MiB/ 9.8 MiB] 12% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/core/tcp_in.c.html [Content-Type=text/html]... Step #7: - [26/132 files][ 1.2 MiB/ 9.8 MiB] 12% Done - [26/132 files][ 1.2 MiB/ 9.8 MiB] 12% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/core/pbuf.c.html [Content-Type=text/html]... Step #7: - [26/132 files][ 1.2 MiB/ 9.8 MiB] 12% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/core/stats.c.html [Content-Type=text/html]... Step #7: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/core/inet_chksum.c.html [Content-Type=text/html]... Step #7: - [26/132 files][ 1.2 MiB/ 9.8 MiB] 12% Done - [26/132 files][ 1.2 MiB/ 9.8 MiB] 12% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/core/tcp_out.c.html [Content-Type=text/html]... Step #7: - [26/132 files][ 1.2 MiB/ 9.8 MiB] 12% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/core/udp.c.html [Content-Type=text/html]... Step #7: - [26/132 files][ 1.2 MiB/ 9.8 MiB] 12% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/core/report.html [Content-Type=text/html]... Step #7: - [26/132 files][ 1.2 MiB/ 9.8 MiB] 12% Done - [27/132 files][ 1.2 MiB/ 9.8 MiB] 12% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/core/timeouts.c.html [Content-Type=text/html]... Step #7: - [27/132 files][ 1.2 MiB/ 9.8 MiB] 12% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/core/mem.c.html [Content-Type=text/html]... Step #7: - [27/132 files][ 1.2 MiB/ 9.8 MiB] 12% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/core/memp.c.html [Content-Type=text/html]... Step #7: - [27/132 files][ 1.2 MiB/ 9.8 MiB] 12% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/core/tcp.c.html [Content-Type=text/html]... Step #7: - [27/132 files][ 1.2 MiB/ 9.8 MiB] 12% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/core/ipv4/etharp.c.html [Content-Type=text/html]... Step #7: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/core/def.c.html [Content-Type=text/html]... Step #7: - [27/132 files][ 1.2 MiB/ 9.8 MiB] 12% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/core/ipv4/ip4.c.html [Content-Type=text/html]... Step #7: - [27/132 files][ 1.2 MiB/ 9.8 MiB] 12% Done - [27/132 files][ 1.2 MiB/ 9.8 MiB] 12% Done - [28/132 files][ 1.2 MiB/ 9.8 MiB] 12% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/core/ipv4/icmp.c.html [Content-Type=text/html]... Step #7: - [28/132 files][ 1.2 MiB/ 9.8 MiB] 12% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/core/ipv4/report.html [Content-Type=text/html]... Step #7: - [28/132 files][ 1.3 MiB/ 9.8 MiB] 12% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/core/ipv4/ip4_addr.c.html [Content-Type=text/html]... Step #7: - [28/132 files][ 1.3 MiB/ 9.8 MiB] 12% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/core/ipv4/ip4_frag.c.html [Content-Type=text/html]... Step #7: - [28/132 files][ 1.3 MiB/ 9.8 MiB] 12% Done - [29/132 files][ 1.5 MiB/ 9.8 MiB] 15% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/apps/http/report.html [Content-Type=text/html]... Step #7: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/apps/report.html [Content-Type=text/html]... Step #7: - [29/132 files][ 1.5 MiB/ 9.8 MiB] 15% Done - [29/132 files][ 1.5 MiB/ 9.8 MiB] 15% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/apps/http/httpd.c.html [Content-Type=text/html]... Step #7: - [29/132 files][ 1.5 MiB/ 9.8 MiB] 15% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/apps/http/fs.c.html [Content-Type=text/html]... Step #7: - [29/132 files][ 1.5 MiB/ 9.8 MiB] 15% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/apps/http/fsdata.c.html [Content-Type=text/html]... Step #7: - [29/132 files][ 1.5 MiB/ 9.8 MiB] 15% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/debug.h.html [Content-Type=text/html]... Step #7: - [30/132 files][ 1.5 MiB/ 9.8 MiB] 15% Done - [30/132 files][ 1.6 MiB/ 9.8 MiB] 16% Done - [31/132 files][ 1.6 MiB/ 9.8 MiB] 16% Done - [32/132 files][ 1.6 MiB/ 9.8 MiB] 16% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/tcpbase.h.html [Content-Type=text/html]... Step #7: - [32/132 files][ 1.6 MiB/ 9.8 MiB] 16% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/icmp.h.html [Content-Type=text/html]... Step #7: - [32/132 files][ 1.6 MiB/ 9.8 MiB] 16% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/altcp.h.html [Content-Type=text/html]... Step #7: - [32/132 files][ 1.6 MiB/ 9.8 MiB] 16% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/udp.h.html [Content-Type=text/html]... Step #7: - [32/132 files][ 1.6 MiB/ 9.8 MiB] 16% Done - [33/132 files][ 1.6 MiB/ 9.8 MiB] 16% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/ip.h.html [Content-Type=text/html]... Step #7: - [33/132 files][ 1.6 MiB/ 9.8 MiB] 16% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/ip_addr.h.html [Content-Type=text/html]... Step #7: - [33/132 files][ 1.6 MiB/ 9.8 MiB] 16% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/inet_chksum.h.html [Content-Type=text/html]... Step #7: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/etharp.h.html [Content-Type=text/html]... Step #7: - [33/132 files][ 1.6 MiB/ 9.8 MiB] 16% Done - [33/132 files][ 1.6 MiB/ 9.8 MiB] 16% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/sys.h.html [Content-Type=text/html]... Step #7: - [33/132 files][ 1.6 MiB/ 9.8 MiB] 16% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/priv/memp_priv.h.html [Content-Type=text/html]... Step #7: - [33/132 files][ 1.9 MiB/ 9.8 MiB] 19% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/tcp.h.html [Content-Type=text/html]... Step #7: - [34/132 files][ 1.9 MiB/ 9.8 MiB] 19% Done - [34/132 files][ 1.9 MiB/ 9.8 MiB] 19% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/prot/icmp.h.html [Content-Type=text/html]... Step #7: - [34/132 files][ 1.9 MiB/ 9.8 MiB] 19% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/opt.h.html [Content-Type=text/html]... Step #7: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/priv/tcp_priv.h.html [Content-Type=text/html]... Step #7: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/arch.h.html [Content-Type=text/html]... Step #7: - [34/132 files][ 2.0 MiB/ 9.8 MiB] 19% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/netif.h.html [Content-Type=text/html]... Step #7: - [34/132 files][ 2.0 MiB/ 9.8 MiB] 19% Done - [34/132 files][ 2.0 MiB/ 9.8 MiB] 19% Done - [34/132 files][ 2.0 MiB/ 9.8 MiB] 19% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/prot/ethernet.h.html [Content-Type=text/html]... Step #7: - [34/132 files][ 2.0 MiB/ 9.8 MiB] 19% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/def.h.html [Content-Type=text/html]... Step #7: - [34/132 files][ 2.0 MiB/ 9.8 MiB] 19% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/prot/udp.h.html [Content-Type=text/html]... Step #7: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/prot/ip4.h.html [Content-Type=text/html]... Step #7: - [34/132 files][ 2.0 MiB/ 9.8 MiB] 19% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/timeouts.h.html [Content-Type=text/html]... Step #7: - [34/132 files][ 2.0 MiB/ 9.8 MiB] 19% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/ip4.h.html [Content-Type=text/html]... Step #7: - [34/132 files][ 2.1 MiB/ 9.8 MiB] 21% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/stats.h.html [Content-Type=text/html]... Step #7: - [34/132 files][ 2.1 MiB/ 9.8 MiB] 21% Done - [34/132 files][ 2.1 MiB/ 9.8 MiB] 21% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/pbuf.h.html [Content-Type=text/html]... Step #7: - [34/132 files][ 2.1 MiB/ 9.8 MiB] 21% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/apps/httpd_opts.h.html [Content-Type=text/html]... Step #7: - [34/132 files][ 2.2 MiB/ 9.8 MiB] 21% Done - [35/132 files][ 2.2 MiB/ 9.8 MiB] 21% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/apps/fs.h.html [Content-Type=text/html]... Step #7: - [35/132 files][ 2.2 MiB/ 9.8 MiB] 21% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/netif/ethernet.c.html [Content-Type=text/html]... Step #7: - [35/132 files][ 2.2 MiB/ 9.8 MiB] 21% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/networking/dhserver.c.html [Content-Type=text/html]... Step #7: - [35/132 files][ 2.2 MiB/ 9.8 MiB] 21% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/networking/dnserver.c.html [Content-Type=text/html]... Step #7: - [36/132 files][ 2.2 MiB/ 9.8 MiB] 21% Done - [37/132 files][ 2.2 MiB/ 9.8 MiB] 21% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/netif/slipif.c.html [Content-Type=text/html]... Step #7: - [37/132 files][ 2.2 MiB/ 9.8 MiB] 21% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/netif/report.html [Content-Type=text/html]... Step #7: - [37/132 files][ 2.2 MiB/ 9.8 MiB] 21% Done - [37/132 files][ 2.2 MiB/ 9.8 MiB] 21% Done - [38/132 files][ 2.2 MiB/ 9.8 MiB] 21% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/networking/rndis_reports.c.html [Content-Type=text/html]... Step #7: - [38/132 files][ 2.2 MiB/ 9.8 MiB] 21% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/networking/ndis.h.html [Content-Type=text/html]... Step #7: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/networking/rndis_protocol.h.html [Content-Type=text/html]... Step #7: - [38/132 files][ 2.2 MiB/ 9.8 MiB] 21% Done - [38/132 files][ 2.2 MiB/ 9.8 MiB] 21% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/networking/report.html [Content-Type=text/html]... Step #7: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/prot/ip.h.html [Content-Type=text/html]... Step #7: - [38/132 files][ 2.2 MiB/ 9.8 MiB] 21% Done - [38/132 files][ 2.2 MiB/ 9.8 MiB] 21% Done - [39/132 files][ 2.4 MiB/ 9.8 MiB] 24% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/prot/etharp.h.html [Content-Type=text/html]... Step #7: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report/linux/src/tinyusb/lib/lwip/src/include/lwip/prot/tcp.h.html [Content-Type=text/html]... Step #7: - [39/132 files][ 2.4 MiB/ 9.8 MiB] 24% Done - [39/132 files][ 2.4 MiB/ 9.8 MiB] 24% Done - [40/132 files][ 3.2 MiB/ 9.8 MiB] 33% Done - [41/132 files][ 3.2 MiB/ 9.8 MiB] 33% Done - [42/132 files][ 3.2 MiB/ 9.8 MiB] 33% Done - [43/132 files][ 3.2 MiB/ 9.8 MiB] 33% Done - [44/132 files][ 3.2 MiB/ 9.8 MiB] 33% Done - [45/132 files][ 3.2 MiB/ 9.8 MiB] 33% Done - [46/132 files][ 3.6 MiB/ 9.8 MiB] 37% Done - [47/132 files][ 3.6 MiB/ 9.8 MiB] 37% Done - [48/132 files][ 3.6 MiB/ 9.8 MiB] 37% Done - [49/132 files][ 3.6 MiB/ 9.8 MiB] 37% Done - [50/132 files][ 3.8 MiB/ 9.8 MiB] 38% Done - [51/132 files][ 3.8 MiB/ 9.8 MiB] 38% Done - [52/132 files][ 3.8 MiB/ 9.8 MiB] 38% Done - [53/132 files][ 3.8 MiB/ 9.8 MiB] 38% Done - [54/132 files][ 3.8 MiB/ 9.8 MiB] 38% Done - [55/132 files][ 3.8 MiB/ 9.8 MiB] 38% Done - [56/132 files][ 3.9 MiB/ 9.8 MiB] 39% Done - [57/132 files][ 4.8 MiB/ 9.8 MiB] 48% Done \ \ [58/132 files][ 4.8 MiB/ 9.8 MiB] 48% Done \ [59/132 files][ 4.8 MiB/ 9.8 MiB] 48% Done \ [60/132 files][ 4.8 MiB/ 9.8 MiB] 48% Done \ [61/132 files][ 5.2 MiB/ 9.8 MiB] 53% Done \ [62/132 files][ 5.2 MiB/ 9.8 MiB] 53% Done \ [63/132 files][ 5.3 MiB/ 9.8 MiB] 54% Done \ [64/132 files][ 5.3 MiB/ 9.8 MiB] 54% Done \ [65/132 files][ 5.3 MiB/ 9.8 MiB] 54% Done \ [66/132 files][ 5.3 MiB/ 9.8 MiB] 54% Done \ [67/132 files][ 5.3 MiB/ 9.8 MiB] 54% Done \ [68/132 files][ 5.8 MiB/ 9.8 MiB] 59% Done \ [69/132 files][ 6.0 MiB/ 9.8 MiB] 61% Done \ [70/132 files][ 6.0 MiB/ 9.8 MiB] 61% Done \ [71/132 files][ 6.0 MiB/ 9.8 MiB] 61% Done \ [72/132 files][ 6.1 MiB/ 9.8 MiB] 61% Done \ [73/132 files][ 6.1 MiB/ 9.8 MiB] 61% Done \ [74/132 files][ 6.1 MiB/ 9.8 MiB] 61% Done \ [75/132 files][ 6.1 MiB/ 9.8 MiB] 61% Done \ [76/132 files][ 6.1 MiB/ 9.8 MiB] 61% Done \ [77/132 files][ 6.1 MiB/ 9.8 MiB] 61% Done \ [78/132 files][ 6.1 MiB/ 9.8 MiB] 61% Done \ [79/132 files][ 6.1 MiB/ 9.8 MiB] 61% Done \ [80/132 files][ 6.1 MiB/ 9.8 MiB] 61% Done \ [81/132 files][ 6.1 MiB/ 9.8 MiB] 61% Done \ [82/132 files][ 6.2 MiB/ 9.8 MiB] 63% Done \ [83/132 files][ 7.0 MiB/ 9.8 MiB] 71% Done \ [84/132 files][ 7.1 MiB/ 9.8 MiB] 71% Done \ [85/132 files][ 7.1 MiB/ 9.8 MiB] 71% Done \ [86/132 files][ 7.1 MiB/ 9.8 MiB] 71% Done \ [87/132 files][ 7.2 MiB/ 9.8 MiB] 72% Done \ [88/132 files][ 7.2 MiB/ 9.8 MiB] 72% Done \ [89/132 files][ 7.2 MiB/ 9.8 MiB] 72% Done \ [90/132 files][ 7.2 MiB/ 9.8 MiB] 72% Done \ [91/132 files][ 7.2 MiB/ 9.8 MiB] 73% Done \ [92/132 files][ 7.2 MiB/ 9.8 MiB] 73% Done \ [93/132 files][ 7.2 MiB/ 9.8 MiB] 73% Done \ [94/132 files][ 7.2 MiB/ 9.8 MiB] 73% Done \ [95/132 files][ 7.2 MiB/ 9.8 MiB] 73% Done \ [96/132 files][ 7.2 MiB/ 9.8 MiB] 73% Done \ [97/132 files][ 7.2 MiB/ 9.8 MiB] 73% Done \ [98/132 files][ 7.4 MiB/ 9.8 MiB] 74% Done \ [99/132 files][ 7.4 MiB/ 9.8 MiB] 74% Done \ [100/132 files][ 7.4 MiB/ 9.8 MiB] 74% Done \ [101/132 files][ 7.4 MiB/ 9.8 MiB] 74% Done \ [102/132 files][ 7.4 MiB/ 9.8 MiB] 74% Done \ [103/132 files][ 7.4 MiB/ 9.8 MiB] 74% Done \ [104/132 files][ 8.0 MiB/ 9.8 MiB] 80% Done \ [105/132 files][ 8.0 MiB/ 9.8 MiB] 80% Done | | [106/132 files][ 8.3 MiB/ 9.8 MiB] 84% Done | [107/132 files][ 8.3 MiB/ 9.8 MiB] 84% Done | [108/132 files][ 8.4 MiB/ 9.8 MiB] 85% Done | [109/132 files][ 8.4 MiB/ 9.8 MiB] 85% Done | [110/132 files][ 8.4 MiB/ 9.8 MiB] 85% Done | [111/132 files][ 8.4 MiB/ 9.8 MiB] 85% Done | [112/132 files][ 8.4 MiB/ 9.8 MiB] 85% Done | [113/132 files][ 8.8 MiB/ 9.8 MiB] 88% Done | [114/132 files][ 8.8 MiB/ 9.8 MiB] 89% Done | [115/132 files][ 9.0 MiB/ 9.8 MiB] 90% Done | [116/132 files][ 9.0 MiB/ 9.8 MiB] 90% Done | [117/132 files][ 9.0 MiB/ 9.8 MiB] 90% Done | [118/132 files][ 9.6 MiB/ 9.8 MiB] 97% Done | [119/132 files][ 9.6 MiB/ 9.8 MiB] 97% Done | [120/132 files][ 9.6 MiB/ 9.8 MiB] 97% Done | [121/132 files][ 9.6 MiB/ 9.8 MiB] 97% Done | [122/132 files][ 9.6 MiB/ 9.8 MiB] 97% Done | [123/132 files][ 9.6 MiB/ 9.8 MiB] 97% Done | [124/132 files][ 9.7 MiB/ 9.8 MiB] 98% Done | [125/132 files][ 9.7 MiB/ 9.8 MiB] 98% Done | [126/132 files][ 9.7 MiB/ 9.8 MiB] 98% Done | [127/132 files][ 9.7 MiB/ 9.8 MiB] 98% Done | [128/132 files][ 9.8 MiB/ 9.8 MiB] 99% Done | [129/132 files][ 9.8 MiB/ 9.8 MiB] 99% Done | [130/132 files][ 9.8 MiB/ 9.8 MiB] 99% Done | [131/132 files][ 9.8 MiB/ 9.8 MiB] 99% Done | [132/132 files][ 9.8 MiB/ 9.8 MiB] 100% Done Step #7: Operation completed over 132 objects/9.8 MiB. Finished Step #7 Starting Step #8 Step #8: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #8: CommandException: 1 files/objects could not be removed. Finished Step #8 Starting Step #9 Step #9: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/control.js [Content-Type=text/javascript]... Step #9: / [0/210 files][ 0.0 B/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/style.css [Content-Type=text/css]... Step #9: / [0/210 files][ 0.0 B/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/directory_view_index.html [Content-Type=text/html]... Step #9: / [0/210 files][ 0.0 B/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/summary.json [Content-Type=application/json]... Step #9: / [0/210 files][ 0.0 B/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/report.html [Content-Type=text/html]... Step #9: / [0/210 files][ 0.0 B/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/index.html [Content-Type=text/html]... Step #9: / [0/210 files][ 0.0 B/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/file_view_index.html [Content-Type=text/html]... Step #9: / [0/210 files][ 0.0 B/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/report.html [Content-Type=text/html]... Step #9: / [0/210 files][ 0.0 B/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/report.html [Content-Type=text/html]... Step #9: / [0/210 files][ 0.0 B/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/test/report.html [Content-Type=text/html]... Step #9: / [0/210 files][ 0.0 B/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/test/fuzz/fuzz.cc.html [Content-Type=text/html]... Step #9: / [0/210 files][ 20.2 KiB/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/test/fuzz/device/cdc/report.html [Content-Type=text/html]... Step #9: / [0/210 files][ 20.2 KiB/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/test/fuzz/report.html [Content-Type=text/html]... Step #9: / [0/210 files][ 20.2 KiB/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/test/fuzz/dcd_fuzz.cc.html [Content-Type=text/html]... Step #9: / [0/210 files][ 20.2 KiB/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/test/fuzz/device/report.html [Content-Type=text/html]... Step #9: / [0/210 files][ 32.6 KiB/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/test/fuzz/device/cdc/src/fuzz.cc.html [Content-Type=text/html]... Step #9: / [0/210 files][ 32.6 KiB/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/test/fuzz/device/cdc/src/report.html [Content-Type=text/html]... Step #9: / [0/210 files][ 32.6 KiB/ 13.9 MiB] 0% Done / [1/210 files][ 45.9 KiB/ 13.9 MiB] 0% Done / [2/210 files][ 45.9 KiB/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/test/fuzz/device/cdc/src/tusb_config.h.html [Content-Type=text/html]... Step #9: / [2/210 files][ 45.9 KiB/ 13.9 MiB] 0% Done / [3/210 files][ 45.9 KiB/ 13.9 MiB] 0% Done / [4/210 files][ 45.9 KiB/ 13.9 MiB] 0% Done / [5/210 files][ 45.9 KiB/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/test/fuzz/device/cdc/src/usb_descriptors.cc.html [Content-Type=text/html]... Step #9: / [5/210 files][ 45.9 KiB/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/src/tusb.h.html [Content-Type=text/html]... Step #9: / [5/210 files][ 45.9 KiB/ 13.9 MiB] 0% Done / [6/210 files][ 45.9 KiB/ 13.9 MiB] 0% Done / [7/210 files][ 57.3 KiB/ 13.9 MiB] 0% Done / [8/210 files][ 57.3 KiB/ 13.9 MiB] 0% Done / [9/210 files][ 57.3 KiB/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/src/report.html [Content-Type=text/html]... Step #9: / [9/210 files][ 62.4 KiB/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/src/tusb_option.h.html [Content-Type=text/html]... Step #9: / [10/210 files][ 62.4 KiB/ 13.9 MiB] 0% Done / [10/210 files][ 62.4 KiB/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/src/tusb.c.html [Content-Type=text/html]... Step #9: / [10/210 files][ 62.4 KiB/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/src/device/usbd.c.html [Content-Type=text/html]... Step #9: / [10/210 files][110.0 KiB/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/src/device/dcd.h.html [Content-Type=text/html]... Step #9: / [10/210 files][110.0 KiB/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/src/device/usbd.h.html [Content-Type=text/html]... Step #9: / [10/210 files][110.0 KiB/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/src/device/usbd_control.c.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/src/device/usbd_pvt.h.html [Content-Type=text/html]... Step #9: / [10/210 files][110.0 KiB/ 13.9 MiB] 0% Done / [10/210 files][110.0 KiB/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/src/osal/osal_none.h.html [Content-Type=text/html]... Step #9: / [10/210 files][110.0 KiB/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/src/device/report.html [Content-Type=text/html]... Step #9: / [10/210 files][110.0 KiB/ 13.9 MiB] 0% Done / [11/210 files][110.0 KiB/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/src/osal/report.html [Content-Type=text/html]... Step #9: / [11/210 files][110.0 KiB/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/src/common/tusb_mcu.h.html [Content-Type=text/html]... Step #9: / [11/210 files][110.0 KiB/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/src/common/tusb_verify.h.html [Content-Type=text/html]... Step #9: / [11/210 files][110.0 KiB/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/src/common/tusb_private.h.html [Content-Type=text/html]... Step #9: / [11/210 files][110.0 KiB/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/src/common/tusb_types.h.html [Content-Type=text/html]... Step #9: / [11/210 files][110.0 KiB/ 13.9 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/src/common/tusb_fifo.c.html [Content-Type=text/html]... Step #9: / [11/210 files][191.3 KiB/ 13.9 MiB] 1% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/src/common/tusb_compiler.h.html [Content-Type=text/html]... Step #9: / [11/210 files][191.3 KiB/ 13.9 MiB] 1% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/src/common/tusb_fifo.h.html [Content-Type=text/html]... Step #9: / [11/210 files][196.0 KiB/ 13.9 MiB] 1% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/src/common/report.html [Content-Type=text/html]... Step #9: / [11/210 files][196.0 KiB/ 13.9 MiB] 1% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/src/common/tusb_common.h.html [Content-Type=text/html]... Step #9: / [11/210 files][196.0 KiB/ 13.9 MiB] 1% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/src/class/report.html [Content-Type=text/html]... Step #9: / [11/210 files][196.0 KiB/ 13.9 MiB] 1% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/src/class/cdc/cdc_device.h.html [Content-Type=text/html]... Step #9: / [11/210 files][248.7 KiB/ 13.9 MiB] 1% Done / [12/210 files][248.7 KiB/ 13.9 MiB] 1% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/src/class/cdc/report.html [Content-Type=text/html]... Step #9: / [12/210 files][248.7 KiB/ 13.9 MiB] 1% Done / [13/210 files][248.7 KiB/ 13.9 MiB] 1% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/src/class/cdc/cdc_device.c.html [Content-Type=text/html]... Step #9: / [13/210 files][248.7 KiB/ 13.9 MiB] 1% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/cdc/linux/src/tinyusb/src/class/cdc/cdc.h.html [Content-Type=text/html]... Step #9: / [13/210 files][248.7 KiB/ 13.9 MiB] 1% Done / [14/210 files][248.7 KiB/ 13.9 MiB] 1% Done / [15/210 files][248.7 KiB/ 13.9 MiB] 1% Done / [16/210 files][254.6 KiB/ 13.9 MiB] 1% Done / [17/210 files][254.6 KiB/ 13.9 MiB] 1% Done / [18/210 files][254.6 KiB/ 13.9 MiB] 1% Done / [19/210 files][254.6 KiB/ 13.9 MiB] 1% Done / [20/210 files][299.2 KiB/ 13.9 MiB] 2% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/control.js [Content-Type=text/javascript]... Step #9: / [20/210 files][452.4 KiB/ 13.9 MiB] 3% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/style.css [Content-Type=text/css]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/directory_view_index.html [Content-Type=text/html]... Step #9: / [20/210 files][458.3 KiB/ 13.9 MiB] 3% Done / [20/210 files][458.3 KiB/ 13.9 MiB] 3% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/index.html [Content-Type=text/html]... Step #9: / [20/210 files][458.3 KiB/ 13.9 MiB] 3% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/summary.json [Content-Type=application/json]... Step #9: / [20/210 files][458.3 KiB/ 13.9 MiB] 3% Done / [21/210 files][458.3 KiB/ 13.9 MiB] 3% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/test/fuzz/net_fuzz.cc.html [Content-Type=text/html]... Step #9: / [21/210 files][458.3 KiB/ 13.9 MiB] 3% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/report.html [Content-Type=text/html]... Step #9: / [21/210 files][458.3 KiB/ 13.9 MiB] 3% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/file_view_index.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/test/fuzz/fuzz.cc.html [Content-Type=text/html]... Step #9: / [21/210 files][458.3 KiB/ 13.9 MiB] 3% Done / [21/210 files][458.3 KiB/ 13.9 MiB] 3% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/report.html [Content-Type=text/html]... Step #9: / [21/210 files][458.3 KiB/ 13.9 MiB] 3% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/test/fuzz/report.html [Content-Type=text/html]... Step #9: / [21/210 files][458.3 KiB/ 13.9 MiB] 3% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/report.html [Content-Type=text/html]... Step #9: / [21/210 files][458.3 KiB/ 13.9 MiB] 3% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/test/report.html [Content-Type=text/html]... Step #9: / [21/210 files][458.3 KiB/ 13.9 MiB] 3% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/test/fuzz/device/report.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/test/fuzz/dcd_fuzz.cc.html [Content-Type=text/html]... Step #9: / [21/210 files][458.3 KiB/ 13.9 MiB] 3% Done / [21/210 files][458.3 KiB/ 13.9 MiB] 3% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/test/fuzz/device/net/report.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/test/fuzz/device/net/src/lwipopts.h.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/test/fuzz/device/net/src/usb_descriptors.cc.html [Content-Type=text/html]... Step #9: / [21/210 files][720.6 KiB/ 13.9 MiB] 5% Done / [21/210 files][720.6 KiB/ 13.9 MiB] 5% Done / [21/210 files][720.6 KiB/ 13.9 MiB] 5% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/test/fuzz/device/net/src/fuzz.cc.html [Content-Type=text/html]... Step #9: / [21/210 files][765.4 KiB/ 13.9 MiB] 5% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/test/fuzz/device/net/src/report.html [Content-Type=text/html]... Step #9: / [21/210 files][765.4 KiB/ 13.9 MiB] 5% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/test/fuzz/device/net/src/arch/cc.h.html [Content-Type=text/html]... Step #9: / [21/210 files][765.4 KiB/ 13.9 MiB] 5% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/test/fuzz/device/net/src/tusb_config.h.html [Content-Type=text/html]... Step #9: / [21/210 files][765.4 KiB/ 13.9 MiB] 5% Done / [22/210 files][765.4 KiB/ 13.9 MiB] 5% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/src/tusb.h.html [Content-Type=text/html]... Step #9: / [22/210 files][765.4 KiB/ 13.9 MiB] 5% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/src/tusb_option.h.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/src/device/dcd.h.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/src/report.html [Content-Type=text/html]... Step #9: / [22/210 files][765.4 KiB/ 13.9 MiB] 5% Done / [22/210 files][765.4 KiB/ 13.9 MiB] 5% Done / [22/210 files][765.4 KiB/ 13.9 MiB] 5% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/src/tusb.c.html [Content-Type=text/html]... Step #9: / [22/210 files][771.4 KiB/ 13.9 MiB] 5% Done - - [23/210 files][771.4 KiB/ 13.9 MiB] 5% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/src/device/usbd.h.html [Content-Type=text/html]... Step #9: - [23/210 files][771.4 KiB/ 13.9 MiB] 5% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/src/osal/osal_none.h.html [Content-Type=text/html]... Step #9: - [23/210 files][771.4 KiB/ 13.9 MiB] 5% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/src/device/usbd_pvt.h.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/src/osal/report.html [Content-Type=text/html]... Step #9: - [23/210 files][771.4 KiB/ 13.9 MiB] 5% Done - [23/210 files][771.4 KiB/ 13.9 MiB] 5% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/src/device/usbd.c.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/src/common/tusb_mcu.h.html [Content-Type=text/html]... Step #9: - [23/210 files][771.4 KiB/ 13.9 MiB] 5% Done - [23/210 files][771.4 KiB/ 13.9 MiB] 5% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/src/device/usbd_control.c.html [Content-Type=text/html]... Step #9: - [24/210 files][771.4 KiB/ 13.9 MiB] 5% Done - [25/210 files][771.4 KiB/ 13.9 MiB] 5% Done - [25/210 files][771.4 KiB/ 13.9 MiB] 5% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/src/device/report.html [Content-Type=text/html]... Step #9: - [25/210 files][935.7 KiB/ 13.9 MiB] 6% Done - [26/210 files][935.7 KiB/ 13.9 MiB] 6% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/src/common/tusb_verify.h.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/src/common/tusb_private.h.html [Content-Type=text/html]... Step #9: - [26/210 files][989.7 KiB/ 13.9 MiB] 6% Done - [26/210 files][989.7 KiB/ 13.9 MiB] 6% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/src/class/cdc/report.html [Content-Type=text/html]... Step #9: - [26/210 files][989.7 KiB/ 13.9 MiB] 6% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/src/common/report.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/src/common/tusb_fifo.c.html [Content-Type=text/html]... Step #9: - [26/210 files][989.7 KiB/ 13.9 MiB] 6% Done - [26/210 files][989.7 KiB/ 13.9 MiB] 6% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/src/class/cdc/cdc_device.c.html [Content-Type=text/html]... Step #9: - [26/210 files][989.7 KiB/ 13.9 MiB] 6% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/src/common/tusb_types.h.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/src/common/tusb_compiler.h.html [Content-Type=text/html]... Step #9: - [26/210 files][989.7 KiB/ 13.9 MiB] 6% Done - [26/210 files][989.7 KiB/ 13.9 MiB] 6% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/src/common/tusb_fifo.h.html [Content-Type=text/html]... Step #9: - [26/210 files][ 1.1 MiB/ 13.9 MiB] 8% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/src/class/cdc/cdc.h.html [Content-Type=text/html]... Step #9: - [26/210 files][ 1.1 MiB/ 13.9 MiB] 8% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/src/class/net/net_device.h.html [Content-Type=text/html]... Step #9: - [26/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/src/class/net/ecm_rndis_device.c.html [Content-Type=text/html]... Step #9: - [26/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done - [27/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/report.html [Content-Type=text/html]... Step #9: - [27/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/src/class/cdc/cdc_device.h.html [Content-Type=text/html]... Step #9: - [27/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done - [28/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/report.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/src/common/tusb_common.h.html [Content-Type=text/html]... Step #9: - [28/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done - [29/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done - [29/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/src/class/report.html [Content-Type=text/html]... Step #9: - [30/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done - [30/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/core/init.c.html [Content-Type=text/html]... Step #9: - [30/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done - [31/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/core/pbuf.c.html [Content-Type=text/html]... Step #9: - [31/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/report.html [Content-Type=text/html]... Step #9: - [31/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/src/class/net/report.html [Content-Type=text/html]... Step #9: - [31/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/core/tcp_in.c.html [Content-Type=text/html]... Step #9: - [31/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/core/netif.c.html [Content-Type=text/html]... Step #9: - [31/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/core/inet_chksum.c.html [Content-Type=text/html]... Step #9: - [31/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/core/tcp_out.c.html [Content-Type=text/html]... Step #9: - [32/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done - [32/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/core/mem.c.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/core/report.html [Content-Type=text/html]... Step #9: - [32/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done - [32/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/core/memp.c.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/core/tcp.c.html [Content-Type=text/html]... Step #9: - [32/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done - [32/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/core/stats.c.html [Content-Type=text/html]... Step #9: - [32/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/core/def.c.html [Content-Type=text/html]... Step #9: - [32/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done - [33/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/core/udp.c.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/core/ipv4/ip4.c.html [Content-Type=text/html]... Step #9: - [33/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done - [33/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/core/ipv4/icmp.c.html [Content-Type=text/html]... Step #9: - [33/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done - [34/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done - [35/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/core/ipv4/report.html [Content-Type=text/html]... Step #9: - [35/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/core/ipv4/ip4_addr.c.html [Content-Type=text/html]... Step #9: - [35/210 files][ 1.2 MiB/ 13.9 MiB] 8% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/core/ipv4/ip4_frag.c.html [Content-Type=text/html]... Step #9: - [35/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/core/ipv4/etharp.c.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/apps/report.html [Content-Type=text/html]... Step #9: - [35/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done - [35/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/inet_chksum.h.html [Content-Type=text/html]... Step #9: - [35/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/altcp.h.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/sys.h.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/def.h.html [Content-Type=text/html]... Step #9: - [35/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done - [35/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done - [35/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/arch.h.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/udp.h.html [Content-Type=text/html]... Step #9: - [35/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done - [35/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/ip.h.html [Content-Type=text/html]... Step #9: - [35/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/ip_addr.h.html [Content-Type=text/html]... Step #9: - [35/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/opt.h.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/etharp.h.html [Content-Type=text/html]... Step #9: - [35/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done - [35/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/netif.h.html [Content-Type=text/html]... Step #9: - [35/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/pbuf.h.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/apps/http/httpd.c.html [Content-Type=text/html]... Step #9: - [35/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done - [35/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/apps/http/fs.c.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/stats.h.html [Content-Type=text/html]... Step #9: - [35/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done - [35/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/priv/tcp_priv.h.html [Content-Type=text/html]... Step #9: - [35/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/apps/http/report.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/apps/http/fsdata.c.html [Content-Type=text/html]... Step #9: - [35/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done - [35/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/debug.h.html [Content-Type=text/html]... Step #9: - [35/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/ip4.h.html [Content-Type=text/html]... Step #9: - [36/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/prot/ethernet.h.html [Content-Type=text/html]... Step #9: - [36/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/timeouts.h.html [Content-Type=text/html]... Step #9: - [36/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done - [36/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/priv/memp_priv.h.html [Content-Type=text/html]... Step #9: - [37/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done - [37/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done - [38/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/tcp.h.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/prot/icmp.h.html [Content-Type=text/html]... Step #9: - [38/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/prot/udp.h.html [Content-Type=text/html]... Step #9: - [38/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done - [38/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/prot/ip.h.html [Content-Type=text/html]... Step #9: - [38/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done - [39/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/prot/etharp.h.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/prot/ip4.h.html [Content-Type=text/html]... Step #9: - [39/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done - [39/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done - [40/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done - [41/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/prot/tcp.h.html [Content-Type=text/html]... Step #9: - [41/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/netif/ethernet.c.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/apps/httpd_opts.h.html [Content-Type=text/html]... Step #9: - [41/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done - [41/210 files][ 1.3 MiB/ 13.9 MiB] 9% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/apps/fs.h.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/netif/slipif.c.html [Content-Type=text/html]... Step #9: - [41/210 files][ 1.4 MiB/ 13.9 MiB] 10% Done - [41/210 files][ 1.4 MiB/ 13.9 MiB] 10% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/netif/report.html [Content-Type=text/html]... Step #9: - [41/210 files][ 1.4 MiB/ 13.9 MiB] 10% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/networking/dnserver.c.html [Content-Type=text/html]... Step #9: - [41/210 files][ 1.4 MiB/ 13.9 MiB] 10% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/core/timeouts.c.html [Content-Type=text/html]... Step #9: - [41/210 files][ 1.4 MiB/ 13.9 MiB] 10% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/networking/rndis_reports.c.html [Content-Type=text/html]... Step #9: - [41/210 files][ 1.6 MiB/ 13.9 MiB] 11% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/networking/ndis.h.html [Content-Type=text/html]... Step #9: - [41/210 files][ 1.6 MiB/ 13.9 MiB] 11% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/tcpbase.h.html [Content-Type=text/html]... Step #9: - [41/210 files][ 1.6 MiB/ 13.9 MiB] 11% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/ip4_addr.h.html [Content-Type=text/html]... Step #9: - [41/210 files][ 1.6 MiB/ 13.9 MiB] 11% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/lwip/src/include/lwip/icmp.h.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/networking/rndis_protocol.h.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/networking/report.html [Content-Type=text/html]... Step #9: - [41/210 files][ 1.6 MiB/ 13.9 MiB] 11% Done - [41/210 files][ 1.6 MiB/ 13.9 MiB] 11% Done - [41/210 files][ 1.6 MiB/ 13.9 MiB] 11% Done - [42/210 files][ 1.6 MiB/ 13.9 MiB] 11% Done - [43/210 files][ 1.6 MiB/ 13.9 MiB] 11% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/net/linux/src/tinyusb/lib/networking/dhserver.c.html [Content-Type=text/html]... Step #9: - [44/210 files][ 1.6 MiB/ 13.9 MiB] 11% Done - [44/210 files][ 1.6 MiB/ 13.9 MiB] 11% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/control.js [Content-Type=text/javascript]... Step #9: - [44/210 files][ 1.6 MiB/ 13.9 MiB] 11% Done - [45/210 files][ 1.6 MiB/ 13.9 MiB] 11% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/style.css [Content-Type=text/css]... Step #9: - [45/210 files][ 1.6 MiB/ 13.9 MiB] 11% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/directory_view_index.html [Content-Type=text/html]... Step #9: - [45/210 files][ 1.6 MiB/ 13.9 MiB] 11% Done - [46/210 files][ 1.6 MiB/ 13.9 MiB] 11% Done - [47/210 files][ 1.6 MiB/ 13.9 MiB] 11% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/summary.json [Content-Type=application/json]... Step #9: - [47/210 files][ 2.3 MiB/ 13.9 MiB] 16% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/index.html [Content-Type=text/html]... Step #9: - [47/210 files][ 2.4 MiB/ 13.9 MiB] 17% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/report.html [Content-Type=text/html]... Step #9: - [47/210 files][ 2.4 MiB/ 13.9 MiB] 17% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/file_view_index.html [Content-Type=text/html]... Step #9: - [47/210 files][ 2.6 MiB/ 13.9 MiB] 19% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/report.html [Content-Type=text/html]... Step #9: - [47/210 files][ 2.6 MiB/ 13.9 MiB] 19% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/report.html [Content-Type=text/html]... Step #9: - [47/210 files][ 2.6 MiB/ 13.9 MiB] 19% Done - [48/210 files][ 2.6 MiB/ 13.9 MiB] 19% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/test/report.html [Content-Type=text/html]... Step #9: - [49/210 files][ 2.6 MiB/ 13.9 MiB] 19% Done - [49/210 files][ 2.6 MiB/ 13.9 MiB] 19% Done - [50/210 files][ 2.6 MiB/ 13.9 MiB] 19% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/test/fuzz/fuzz.cc.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/test/fuzz/report.html [Content-Type=text/html]... Step #9: - [50/210 files][ 2.6 MiB/ 13.9 MiB] 19% Done - [51/210 files][ 2.7 MiB/ 13.9 MiB] 19% Done - [52/210 files][ 2.7 MiB/ 13.9 MiB] 19% Done - [52/210 files][ 2.7 MiB/ 13.9 MiB] 19% Done - [53/210 files][ 2.7 MiB/ 13.9 MiB] 19% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/test/fuzz/dcd_fuzz.cc.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/test/fuzz/msc_fuzz.cc.html [Content-Type=text/html]... Step #9: - [53/210 files][ 2.8 MiB/ 13.9 MiB] 20% Done - [53/210 files][ 2.8 MiB/ 13.9 MiB] 20% Done - [54/210 files][ 2.8 MiB/ 13.9 MiB] 20% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/test/fuzz/device/report.html [Content-Type=text/html]... Step #9: - [54/210 files][ 2.8 MiB/ 13.9 MiB] 20% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/test/fuzz/device/msc/src/usb_descriptors.cc.html [Content-Type=text/html]... Step #9: - [54/210 files][ 2.8 MiB/ 13.9 MiB] 20% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/test/fuzz/device/msc/report.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/test/fuzz/device/msc/src/fuzz.cc.html [Content-Type=text/html]... Step #9: - [54/210 files][ 2.8 MiB/ 13.9 MiB] 20% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/test/fuzz/device/msc/src/report.html [Content-Type=text/html]... Step #9: - [54/210 files][ 2.8 MiB/ 13.9 MiB] 20% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/test/fuzz/device/msc/src/tusb_config.h.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/src/tusb.h.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/src/report.html [Content-Type=text/html]... Step #9: - [54/210 files][ 2.8 MiB/ 13.9 MiB] 20% Done - [54/210 files][ 2.8 MiB/ 13.9 MiB] 20% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/src/tusb_option.h.html [Content-Type=text/html]... Step #9: - [54/210 files][ 2.8 MiB/ 13.9 MiB] 20% Done - [54/210 files][ 2.8 MiB/ 13.9 MiB] 20% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/src/tusb.c.html [Content-Type=text/html]... Step #9: - [55/210 files][ 2.9 MiB/ 13.9 MiB] 21% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/src/device/usbd_pvt.h.html [Content-Type=text/html]... Step #9: - [56/210 files][ 2.9 MiB/ 13.9 MiB] 21% Done - [57/210 files][ 3.0 MiB/ 13.9 MiB] 21% Done - [58/210 files][ 3.0 MiB/ 13.9 MiB] 21% Done - [59/210 files][ 3.0 MiB/ 13.9 MiB] 21% Done - [60/210 files][ 3.0 MiB/ 13.9 MiB] 21% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/src/device/usbd.c.html [Content-Type=text/html]... Step #9: - [60/210 files][ 3.0 MiB/ 13.9 MiB] 21% Done - [60/210 files][ 3.0 MiB/ 13.9 MiB] 21% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/src/device/report.html [Content-Type=text/html]... Step #9: - [60/210 files][ 3.1 MiB/ 13.9 MiB] 22% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/src/device/usbd_control.c.html [Content-Type=text/html]... Step #9: - [61/210 files][ 3.1 MiB/ 13.9 MiB] 22% Done - [61/210 files][ 3.1 MiB/ 13.9 MiB] 22% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/src/device/dcd.h.html [Content-Type=text/html]... Step #9: - [62/210 files][ 3.1 MiB/ 13.9 MiB] 22% Done - [62/210 files][ 3.1 MiB/ 13.9 MiB] 22% Done - [62/210 files][ 3.1 MiB/ 13.9 MiB] 22% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/src/device/usbd.h.html [Content-Type=text/html]... Step #9: - [63/210 files][ 3.1 MiB/ 13.9 MiB] 22% Done - [63/210 files][ 3.1 MiB/ 13.9 MiB] 22% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/src/common/tusb_private.h.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/src/osal/osal_none.h.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/src/osal/report.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/src/common/tusb_verify.h.html [Content-Type=text/html]... Step #9: - [64/210 files][ 3.2 MiB/ 13.9 MiB] 22% Done - [65/210 files][ 3.2 MiB/ 13.9 MiB] 22% Done - [65/210 files][ 3.2 MiB/ 13.9 MiB] 22% Done - [66/210 files][ 3.2 MiB/ 13.9 MiB] 22% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/src/common/report.html [Content-Type=text/html]... Step #9: - [66/210 files][ 3.3 MiB/ 13.9 MiB] 23% Done - [67/210 files][ 3.3 MiB/ 13.9 MiB] 23% Done - [67/210 files][ 3.3 MiB/ 13.9 MiB] 23% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/src/common/tusb_types.h.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/src/common/tusb_fifo.c.html [Content-Type=text/html]... Step #9: - [67/210 files][ 3.3 MiB/ 13.9 MiB] 23% Done - [67/210 files][ 3.3 MiB/ 13.9 MiB] 23% Done - [68/210 files][ 3.3 MiB/ 13.9 MiB] 23% Done - [69/210 files][ 3.6 MiB/ 13.9 MiB] 26% Done - [69/210 files][ 3.6 MiB/ 13.9 MiB] 26% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/src/common/tusb_compiler.h.html [Content-Type=text/html]... Step #9: - [70/210 files][ 3.6 MiB/ 13.9 MiB] 26% Done - [70/210 files][ 3.7 MiB/ 13.9 MiB] 26% Done - [71/210 files][ 3.7 MiB/ 13.9 MiB] 26% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/src/common/tusb_fifo.h.html [Content-Type=text/html]... Step #9: - [71/210 files][ 3.7 MiB/ 13.9 MiB] 26% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/src/class/report.html [Content-Type=text/html]... Step #9: Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/src/common/tusb_common.h.html [Content-Type=text/html]... Step #9: - [71/210 files][ 3.8 MiB/ 13.9 MiB] 27% Done - [72/210 files][ 3.8 MiB/ 13.9 MiB] 27% Done - [72/210 files][ 3.8 MiB/ 13.9 MiB] 27% Done - [73/210 files][ 3.8 MiB/ 13.9 MiB] 27% Done - [73/210 files][ 3.9 MiB/ 13.9 MiB] 28% Done - [74/210 files][ 3.9 MiB/ 13.9 MiB] 28% Done - [75/210 files][ 3.9 MiB/ 13.9 MiB] 28% Done - [76/210 files][ 3.9 MiB/ 13.9 MiB] 28% Done - [77/210 files][ 3.9 MiB/ 13.9 MiB] 28% Done - [78/210 files][ 3.9 MiB/ 13.9 MiB] 28% Done - [79/210 files][ 4.0 MiB/ 13.9 MiB] 29% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/src/class/cdc/report.html [Content-Type=text/html]... Step #9: - [80/210 files][ 4.1 MiB/ 13.9 MiB] 29% Done - [81/210 files][ 4.1 MiB/ 13.9 MiB] 29% Done - [81/210 files][ 4.4 MiB/ 13.9 MiB] 31% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/src/class/cdc/cdc_device.h.html [Content-Type=text/html]... Step #9: - [82/210 files][ 4.7 MiB/ 13.9 MiB] 33% Done - [83/210 files][ 4.9 MiB/ 13.9 MiB] 35% Done - [84/210 files][ 4.9 MiB/ 13.9 MiB] 35% Done - [85/210 files][ 5.2 MiB/ 13.9 MiB] 37% Done - [86/210 files][ 5.2 MiB/ 13.9 MiB] 37% Done - [86/210 files][ 5.2 MiB/ 13.9 MiB] 37% Done - [87/210 files][ 5.2 MiB/ 13.9 MiB] 37% Done - [88/210 files][ 5.2 MiB/ 13.9 MiB] 37% Done - [88/210 files][ 5.2 MiB/ 13.9 MiB] 37% Done - [89/210 files][ 5.2 MiB/ 13.9 MiB] 37% Done \ \ [90/210 files][ 5.9 MiB/ 13.9 MiB] 42% Done \ [91/210 files][ 5.9 MiB/ 13.9 MiB] 42% Done \ [92/210 files][ 5.9 MiB/ 13.9 MiB] 42% Done \ [93/210 files][ 6.0 MiB/ 13.9 MiB] 43% Done \ [94/210 files][ 6.0 MiB/ 13.9 MiB] 43% Done \ [95/210 files][ 6.0 MiB/ 13.9 MiB] 43% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/src/class/msc/report.html [Content-Type=text/html]... Step #9: \ [95/210 files][ 6.1 MiB/ 13.9 MiB] 44% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/src/class/cdc/cdc.h.html [Content-Type=text/html]... Step #9: \ [95/210 files][ 6.1 MiB/ 13.9 MiB] 44% Done \ [96/210 files][ 6.1 MiB/ 13.9 MiB] 44% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/report_target/msc/linux/src/tinyusb/src/class/msc/msc_device.c.html [Content-Type=text/html]... Step #9: \ [96/210 files][ 6.2 MiB/ 13.9 MiB] 44% Done \ [97/210 files][ 6.4 MiB/ 13.9 MiB] 46% Done \ [98/210 files][ 6.4 MiB/ 13.9 MiB] 46% Done \ [99/210 files][ 6.4 MiB/ 13.9 MiB] 46% Done \ [100/210 files][ 6.4 MiB/ 13.9 MiB] 46% Done \ [101/210 files][ 6.4 MiB/ 13.9 MiB] 46% Done \ [102/210 files][ 6.4 MiB/ 13.9 MiB] 46% Done \ [103/210 files][ 6.4 MiB/ 13.9 MiB] 46% Done \ [104/210 files][ 6.8 MiB/ 13.9 MiB] 49% Done \ [105/210 files][ 6.8 MiB/ 13.9 MiB] 49% Done \ [106/210 files][ 6.8 MiB/ 13.9 MiB] 49% Done \ [107/210 files][ 6.8 MiB/ 13.9 MiB] 49% Done \ [108/210 files][ 6.8 MiB/ 13.9 MiB] 49% Done \ [109/210 files][ 6.9 MiB/ 13.9 MiB] 49% Done \ [110/210 files][ 6.9 MiB/ 13.9 MiB] 49% Done \ [111/210 files][ 6.9 MiB/ 13.9 MiB] 49% Done \ [112/210 files][ 7.0 MiB/ 13.9 MiB] 50% Done \ [113/210 files][ 7.0 MiB/ 13.9 MiB] 50% Done \ [114/210 files][ 7.0 MiB/ 13.9 MiB] 50% Done \ [115/210 files][ 7.0 MiB/ 13.9 MiB] 50% Done \ [116/210 files][ 7.1 MiB/ 13.9 MiB] 50% Done \ [117/210 files][ 7.4 MiB/ 13.9 MiB] 53% Done \ [118/210 files][ 7.4 MiB/ 13.9 MiB] 53% Done \ [119/210 files][ 7.4 MiB/ 13.9 MiB] 53% Done \ [120/210 files][ 7.4 MiB/ 13.9 MiB] 53% Done \ [121/210 files][ 7.4 MiB/ 13.9 MiB] 53% Done \ [122/210 files][ 7.4 MiB/ 13.9 MiB] 53% Done \ [123/210 files][ 7.4 MiB/ 13.9 MiB] 53% Done \ [124/210 files][ 7.4 MiB/ 13.9 MiB] 53% Done \ [125/210 files][ 7.4 MiB/ 13.9 MiB] 53% Done \ [126/210 files][ 7.4 MiB/ 13.9 MiB] 53% Done \ [127/210 files][ 7.5 MiB/ 13.9 MiB] 53% Done \ [128/210 files][ 7.5 MiB/ 13.9 MiB] 53% Done \ [129/210 files][ 7.6 MiB/ 13.9 MiB] 54% Done \ [130/210 files][ 7.6 MiB/ 13.9 MiB] 54% Done \ [131/210 files][ 7.6 MiB/ 13.9 MiB] 54% Done \ [132/210 files][ 7.7 MiB/ 13.9 MiB] 55% Done \ [133/210 files][ 7.7 MiB/ 13.9 MiB] 55% Done \ [134/210 files][ 7.9 MiB/ 13.9 MiB] 56% Done \ [135/210 files][ 7.9 MiB/ 13.9 MiB] 56% Done \ [136/210 files][ 8.2 MiB/ 13.9 MiB] 59% Done \ [137/210 files][ 8.4 MiB/ 13.9 MiB] 60% Done \ [138/210 files][ 8.4 MiB/ 13.9 MiB] 60% Done \ [139/210 files][ 8.4 MiB/ 13.9 MiB] 60% Done \ [140/210 files][ 8.4 MiB/ 13.9 MiB] 60% Done \ [141/210 files][ 8.5 MiB/ 13.9 MiB] 61% Done \ [142/210 files][ 8.5 MiB/ 13.9 MiB] 61% Done \ [143/210 files][ 8.5 MiB/ 13.9 MiB] 61% Done \ [144/210 files][ 8.5 MiB/ 13.9 MiB] 61% Done \ [145/210 files][ 8.5 MiB/ 13.9 MiB] 61% Done \ [146/210 files][ 8.5 MiB/ 13.9 MiB] 61% Done \ [147/210 files][ 8.6 MiB/ 13.9 MiB] 62% Done \ [148/210 files][ 8.6 MiB/ 13.9 MiB] 62% Done \ [149/210 files][ 8.7 MiB/ 13.9 MiB] 62% Done \ [150/210 files][ 8.7 MiB/ 13.9 MiB] 62% Done \ [151/210 files][ 8.7 MiB/ 13.9 MiB] 62% Done \ [152/210 files][ 9.5 MiB/ 13.9 MiB] 68% Done \ [153/210 files][ 9.6 MiB/ 13.9 MiB] 69% Done \ [154/210 files][ 9.6 MiB/ 13.9 MiB] 69% Done \ [155/210 files][ 9.6 MiB/ 13.9 MiB] 69% Done \ [156/210 files][ 9.6 MiB/ 13.9 MiB] 69% Done \ [157/210 files][ 9.6 MiB/ 13.9 MiB] 69% Done \ [158/210 files][ 9.7 MiB/ 13.9 MiB] 70% Done \ [159/210 files][ 9.8 MiB/ 13.9 MiB] 70% Done \ [160/210 files][ 9.8 MiB/ 13.9 MiB] 70% Done \ [161/210 files][ 9.8 MiB/ 13.9 MiB] 70% Done \ [162/210 files][ 9.8 MiB/ 13.9 MiB] 70% Done \ [163/210 files][ 9.8 MiB/ 13.9 MiB] 70% Done \ [164/210 files][ 9.8 MiB/ 13.9 MiB] 70% Done \ [165/210 files][ 9.8 MiB/ 13.9 MiB] 70% Done \ [166/210 files][ 10.5 MiB/ 13.9 MiB] 75% Done \ [167/210 files][ 10.5 MiB/ 13.9 MiB] 75% Done \ [168/210 files][ 10.6 MiB/ 13.9 MiB] 76% Done \ [169/210 files][ 10.8 MiB/ 13.9 MiB] 77% Done | | [170/210 files][ 10.8 MiB/ 13.9 MiB] 77% Done | [171/210 files][ 10.8 MiB/ 13.9 MiB] 77% Done | [172/210 files][ 10.8 MiB/ 13.9 MiB] 77% Done | [173/210 files][ 11.1 MiB/ 13.9 MiB] 79% Done | [174/210 files][ 11.4 MiB/ 13.9 MiB] 81% Done | [175/210 files][ 11.4 MiB/ 13.9 MiB] 82% Done | [176/210 files][ 11.4 MiB/ 13.9 MiB] 82% Done | [177/210 files][ 11.4 MiB/ 13.9 MiB] 82% Done | [178/210 files][ 11.4 MiB/ 13.9 MiB] 82% Done | [179/210 files][ 11.4 MiB/ 13.9 MiB] 82% Done | [180/210 files][ 11.4 MiB/ 13.9 MiB] 82% Done | [181/210 files][ 11.7 MiB/ 13.9 MiB] 84% Done | [182/210 files][ 12.0 MiB/ 13.9 MiB] 86% Done | [183/210 files][ 12.0 MiB/ 13.9 MiB] 86% Done | [184/210 files][ 12.3 MiB/ 13.9 MiB] 88% Done | [185/210 files][ 12.4 MiB/ 13.9 MiB] 89% Done | [186/210 files][ 12.4 MiB/ 13.9 MiB] 89% Done | [187/210 files][ 12.4 MiB/ 13.9 MiB] 89% Done | [188/210 files][ 12.4 MiB/ 13.9 MiB] 89% Done | [189/210 files][ 12.4 MiB/ 13.9 MiB] 89% Done | [190/210 files][ 12.4 MiB/ 13.9 MiB] 89% Done | [191/210 files][ 12.4 MiB/ 13.9 MiB] 89% Done | [192/210 files][ 12.5 MiB/ 13.9 MiB] 90% Done | [193/210 files][ 12.5 MiB/ 13.9 MiB] 90% Done | [194/210 files][ 12.5 MiB/ 13.9 MiB] 90% Done | [195/210 files][ 12.6 MiB/ 13.9 MiB] 91% Done | [196/210 files][ 12.6 MiB/ 13.9 MiB] 91% Done | [197/210 files][ 12.6 MiB/ 13.9 MiB] 91% Done | [198/210 files][ 12.6 MiB/ 13.9 MiB] 91% Done | [199/210 files][ 12.6 MiB/ 13.9 MiB] 91% Done | [200/210 files][ 12.6 MiB/ 13.9 MiB] 91% Done | [201/210 files][ 12.6 MiB/ 13.9 MiB] 91% Done | [202/210 files][ 12.6 MiB/ 13.9 MiB] 91% Done | [203/210 files][ 12.6 MiB/ 13.9 MiB] 91% Done | [204/210 files][ 12.6 MiB/ 13.9 MiB] 91% Done | [205/210 files][ 13.0 MiB/ 13.9 MiB] 93% Done | [206/210 files][ 13.2 MiB/ 13.9 MiB] 95% Done | [207/210 files][ 13.9 MiB/ 13.9 MiB] 99% Done | [208/210 files][ 13.9 MiB/ 13.9 MiB] 99% Done | [209/210 files][ 13.9 MiB/ 13.9 MiB] 99% Done | [210/210 files][ 13.9 MiB/ 13.9 MiB] 100% Done Step #9: Operation completed over 210 objects/13.9 MiB. Finished Step #9 Starting Step #10 Step #10: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #10: CommandException: 1 files/objects could not be removed. Finished Step #10 Starting Step #11 Step #11: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #11: Copying file:///workspace/out/libfuzzer-coverage-x86_64/fuzzer_stats/cdc.json [Content-Type=application/json]... Step #11: / [0/6 files][ 0.0 B/ 58.0 KiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/fuzzer_stats/msc.json [Content-Type=application/json]... Step #11: / [0/6 files][ 0.0 B/ 58.0 KiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/fuzzer_stats/net.json [Content-Type=application/json]... Step #11: / [0/6 files][ 0.0 B/ 58.0 KiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/fuzzer_stats/net_error.log [Content-Type=application/octet-stream]... Step #11: / [0/6 files][ 10.0 KiB/ 58.0 KiB] 17% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/fuzzer_stats/msc_error.log [Content-Type=application/octet-stream]... Step #11: / [0/6 files][ 10.0 KiB/ 58.0 KiB] 17% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/fuzzer_stats/coverage_targets.txt [Content-Type=text/plain]... Step #11: / [0/6 files][ 10.0 KiB/ 58.0 KiB] 17% Done / [1/6 files][ 20.1 KiB/ 58.0 KiB] 34% Done / [2/6 files][ 58.0 KiB/ 58.0 KiB] 99% Done / [3/6 files][ 58.0 KiB/ 58.0 KiB] 99% Done / [4/6 files][ 58.0 KiB/ 58.0 KiB] 99% Done / [5/6 files][ 58.0 KiB/ 58.0 KiB] 99% Done / [6/6 files][ 58.0 KiB/ 58.0 KiB] 100% Done Step #11: Operation completed over 6 objects/58.0 KiB. Finished Step #11 Starting Step #12 Step #12: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #12: CommandException: 1 files/objects could not be removed. Finished Step #12 Starting Step #13 Step #13: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #13: Copying file:///workspace/out/libfuzzer-coverage-x86_64/textcov_reports/net.covreport [Content-Type=application/octet-stream]... Step #13: / [0/3 files][ 0.0 B/ 67.9 KiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/textcov_reports/cdc.covreport [Content-Type=application/octet-stream]... Step #13: / [0/3 files][ 0.0 B/ 67.9 KiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/textcov_reports/msc.covreport [Content-Type=application/octet-stream]... Step #13: / [0/3 files][ 0.0 B/ 67.9 KiB] 0% Done / [1/3 files][ 67.9 KiB/ 67.9 KiB] 99% Done / [2/3 files][ 67.9 KiB/ 67.9 KiB] 99% Done / [3/3 files][ 67.9 KiB/ 67.9 KiB] 100% Done Step #13: Operation completed over 3 objects/67.9 KiB. Finished Step #13 Starting Step #14 Step #14: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #14: CommandException: 1 files/objects could not be removed. Finished Step #14 Starting Step #15 Step #15: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #15: Copying file:///workspace/out/libfuzzer-coverage-x86_64/logs/cdc.log [Content-Type=application/octet-stream]... Step #15: / [0/4 files][ 0.0 B/ 1.4 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/logs/cdc_error.log [Content-Type=application/octet-stream]... Step #15: / [0/4 files][ 0.0 B/ 1.4 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/logs/msc.log [Content-Type=application/octet-stream]... Step #15: / [0/4 files][ 0.0 B/ 1.4 MiB] 0% Done Copying file:///workspace/out/libfuzzer-coverage-x86_64/logs/net.log [Content-Type=application/octet-stream]... Step #15: / [0/4 files][ 0.0 B/ 1.4 MiB] 0% Done / [1/4 files][ 1.4 MiB/ 1.4 MiB] 99% Done / [2/4 files][ 1.4 MiB/ 1.4 MiB] 99% Done / [3/4 files][ 1.4 MiB/ 1.4 MiB] 99% Done / [4/4 files][ 1.4 MiB/ 1.4 MiB] 100% Done Step #15: Operation completed over 4 objects/1.4 MiB. Finished Step #15 Starting Step #16 Step #16: Already have image (with digest): gcr.io/cloud-builders/gsutil Step #16: Copying file:///workspace/srcmap.json [Content-Type=application/json]... Step #16: / [0 files][ 0.0 B/ 154.0 B] / [1 files][ 154.0 B/ 154.0 B] Step #16: Operation completed over 1 objects/154.0 B. Finished Step #16 Starting Step #17 Step #17: Already have image (with digest): gcr.io/cloud-builders/curl Step #17: Step #17: ***** NOTICE ***** Step #17: Step #17: Supported `curl` versions can be found in the various images available at Step #17: https://console.cloud.google.com/launcher/details/google/ubuntu1604. Step #17: Step #17: ***** END OF NOTICE ***** Step #17: Step #17: % Total % Received % Xferd Average Speed Time Time Time Current Step #17: Dload Upload Total Spent Left Speed Step #17: 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 309 0 0 100 309 0 1485 --:--:-- --:--:-- --:--:-- 1485 100 309 0 0 100 309 0 1457 --:--:-- --:--:-- --:--:-- 1457 Finished Step #17 PUSH DONE