SYZFAIL: %s (2)

15 views
Skip to first unread message

syzbot

unread,
Dec 17, 2021, 10:44:27 AM12/17/21
to syzkaller-...@googlegroups.com
Hello,

syzbot found the following issue on:

HEAD commit: 28e8edd09dea lint: fix initialization with few braces from..
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=11b9d47eb00000
kernel config: https://syzkaller.appspot.com/x/.config?x=1420f906d33d9f1f
dashboard link: https://syzkaller.appspot.com/bug?extid=3d5f719234953576d4fb
compiler: g++ (Debian 10.2.1-6) 10.2.1 20210110

Unfortunately, I don't have any reproducer for this issue yet.

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3d5f71...@syzkaller.appspotmail.com

failed to mmap coverage filter bitmap bad coverage filter bitmap size ioctl$HDAUDIO_FGRP_WIDGET_INFO ioctl$WSDISPLAYIO_GETACTIVESCREEN ioctl$WSKBDIO_GETDEFAULTKEYREPEAT ioctl$WSKBDIO_SETDEFAULTKEYREPEAT ioctl$_O_WSDISPLAYIO_SETKEYBOARD /dev/vhci%llu SYZFAIL: %s
(errno %d: %s)
pos=%p region=[%p:%p] output overflow pos=%p: [%p:%p) input command overflows input result=%lld command refers to bad result failed to chmod /dev/fault clock_gettime failed cover mmap failed setsid failed event already set control pipe write failed failed to open /dev /dev/%s path=%s failed to chmod vhci /dev/kcov open of /dev/kcov failed from=%d, to=%d failed to dup cover fd ioctl remote attach failed ioctl init trace write failed SIGSEGV on %p, skipping
SIGSEGV on %p, exiting
(errno %d)
pthread_mutex_init failed pthread_cond_init failed rmdir(%s) failed opendir(%s) failed .. %s/%s lstat(%s) failed unlink(%s) failed � � � > #%d [%llums] -> %s( , failed to open /dev/fault nth=%d FAULT_IOC_ENABLE failed thr=%d, cov=%u too much cover FAULT_IOC_GETINFO failed FAULT_IOC_DISABLE failed cover=%u fault=%d rerun=%d format=%llu bad binary format in swap size=%llu bad big-endian int size off=%llu, len=%llu bitmask for string format copyin: bad argument size bad strdec size %020llu bad strhex size 0x%016llx bad stroct size %023llo unknown binary format mmap of output file failed vsnprintf failed string='%s' command=%s: %d command failed command '%s': %d
tun_id=%d tun_id out of range /dev/tap%d ifconfig %s destroy ifconfig %s create device=%s tun: can't open device dup2(tunfd, kTunFd) failed aa:aa:aa:aa:aa:aa ifconfig %s link %s 172.20.%d.170 aa:aa:aa:aa:aa:bb 172.20.%d.187 arp -s %s %s fe80::%02hxaa ifconfig %s inet6 %s fe80::%02hxbb ndp -s %s%%%s %s %02x copyout: bad argument size tun: read failed extracted seq: %08x
extracted ack: %08x
IN OUT syz_usb_connect: configured
syz_usb_connect: dev: %p
syz_usb_connect: dev is null
failed to close kOutFd type=%llx invalid kcov comp type ncomps=%u too many comparisons ready=%d done=%d executing=%d index=%lld result overflows kMaxCommands negative running bag inet checksum size size=%lld bad checksum const chunk size kind=%llu bad checksum chunk kind bad checksum kind type=%llu bad argument type call_num=%llu invalid syscall number syscall=%s executing disabled syscall syz_usb syz_80211_inject_frame args=%llu bad argument binary format bad argument bitfield bad result argument format out of opened kcov threads pthread_create failed out of threads bad thread state in schedule ./%d failed to mkdir control pipe read failed magic=0x%llx bad execute request magic size=0x%llx bad execute prog size bad timeouts need_prog: no program clone failed failed to chdir spawned worker pid %d
killing hanging pid %d
child failed SKIP FAIL OK version setup feature=%s leak setup_kcsan_filterlist KCSAN is not implemented test === RUN %s
--- %-4s %s
exec unknown command mmap of data segment failed mmap of input file failed failed to mkdtemp failed to chmod dup2(0, kInPipeFd) failed dup2(1, kOutPipeFd) failed dup2(2, 1) failed dup2(2, 0) failed read=%d handshake read failed bad handshake magic syz-cover-bitmap faied to stat coverage filter want=%p, got=%p sandbox fork failed spawned loop pid %d
loop exited with status %d
nobody getpwnam_r("nobody") failed failed to setgroups failed to setgid failed to setuid unknown sandbox type ./syzkaller.XXXXXX test_copyin test_csum_inet test_csum_inet_acc test_coverage_filter __clock_getres50 __clock_gettime50 __clock_settime50 __clone __fhopen40 __fhstat50 __fhstatvfs190 __fstat50 __futimes50 __getcwd __getdents30 __getfh30 __getitimer50 __getlogin __getrusage50 __getvfsstat90 __lstat50 __lutimes50 __mount50 __msync13 __nanosleep50 __posix_chown __posix_fadvise50 __posix_fchown __posix_lchown __posix_rename __select50 __setitimer50 __stat50 __utimes50 __vfork14 __wait450 _ksem_close _ksem_destroy _ksem_getvalue _ksem_init _ksem_open _ksem_post _ksem_timedwait _ksem_trywait _ksem_unlink _ksem_wait _lwp_continue _lwp_create _lwp_ctl _lwp_detach _lwp_exit _lwp_getname _lwp_getprivate _lwp_kill _lwp_self _lwp_setname _lwp_setprivate _lwp_suspend _lwp_unpark _lwp_unpark_all _lwp_wait _lwp_wakeup accept$inet accept$inet6 accept$unix access acct bind bind$inet bind$inet6 bind$unix clock_nanosleep compat_09_ogetdomainname compat_09_osetdomainname compat_09_ouname compat_12_fstat12 compat_12_getdirentries compat_12_lstat12 compat_12_msync compat_12_stat12 compat_20_fstatfs compat_20_getfsstat compat_20_statfs compat_30___fhstat30 compat_30___fstat13 compat_30___lstat13 compat_30___stat13 compat_30_fhopen compat_30_fhstat compat_30_fhstatvfs1 compat_30_getdents compat_30_getfh compat_30_socket compat_40_mount compat_43_fstat43 compat_43_lstat43 compat_43_oaccept compat_43_ocreat compat_43_oftruncate compat_43_ogetdirentries compat_43_ogethostid compat_43_ogethostname compat_43_ogetpeername compat_43_ogetrlimit compat_43_ogetsockname compat_43_olseek compat_43_ommap compat_43_orecv compat_43_orecvfrom compat_43_orecvmsg compat_43_osend compat_43_osendmsg compat_43_osethostid compat_43_osethostname compat_43_osetrlimit compat_43_otruncate compat_43_stat43 compat_50___fstat30 compat_50___lstat30 compat_50___stat30 compat_50__lwp_park compat_50_clock_getres compat_50_clock_gettime compat_50_clock_settime compat_50_futimes compat_50_getitimer compat_50_getrusage compat_50_lutimes compat_50_mknod compat_50_nanosleep compat_50_quotactl compat_50_select compat_50_setitimer compat_50_utimes compat_50_wait4 compat_60__lwp_park compat_90_fhstatvfs1 compat_90_fstatvfs1 compat_90_getvfsstat compat_90_statvfs1 connect$inet connect$inet6 connect$unix dup dup2 dup3 execve faccessat fchdir fchflags fchmod fchmodat fchownat fchroot fcntl$dupfd fcntl$getflags fcntl$getown fcntl$lock fcntl$setflags fcntl$setown fcntl$setstatus fdatasync fktrace flock fpathconf fstatat fsync getegid geteuid getgid getgroups getpeername$inet getpeername$inet6 getpeername$unix getpgid getpgrp getpid getppid getpriority getsid getsockname$inet getsockname$inet6 getsockname$unix getsockopt getsockopt$SO_PEERCRED getsockopt$inet_opts getsockopt$sock_cred getsockopt$sock_int getsockopt$sock_linger getsockopt$sock_timeval getuid ioctl$CONS_GETVERS ioctl$FIOASYNC ioctl$FIOGETBMAP ioctl$FIOGETOWN ioctl$FIONBIO ioctl$FIONREAD ioctl$FIONSPACE ioctl$FIONWRITE ioctl$FIOSEEKDATA ioctl$FIOSEEKHOLE ioctl$FIOSETOWN ioctl$HDAUDIO_AFG_CODEC_INFO ioctl$HDAUDIO_AFG_WIDGET_INFO ioctl$HDAUDIO_FGRP_CODEC_INFO ioctl$HDAUDIO_FGRP_GETCONFIG ioctl$HDAUDIO_FGRP_INFO ioctl$HDAUDIO_FGRP_SETCONFIG ioctl$I2C_IOCTL_EXEC ioctl$KDDISABIO ioctl$KDENABIO ioctl$KDGETLED ioctl$KDGKBMODE ioctl$KDMKTONE ioctl$KDSETLED ioctl$KDSETMODE ioctl$KDSETRAD ioctl$KDSKBMODE ioctl$NETBSD_DM_IOCTL ioctl$OFIOGETBMAP ioctl$TPROF_IOC_GETINFO ioctl$TPROF_IOC_GETSTAT ioctl$TPROF_IOC_START ioctl$TPROF_IOC_STOP ioctl$VT_ACTIVATE ioctl$VT_GETACTIVE ioctl$VT_OPENQRY ioctl$VT_RELDISP ioctl$VT_WAITACTIVE ioctl$WSDISPLAYIO_ADDSCREEN ioctl$WSDISPLAYIO_DELSCREEN ioctl$WSDISPLAYIO_DGSCROLL ioctl$WSDISPLAYIO_DOBLIT ioctl$WSDISPLAYIO_DSSCROLL ioctl$WSDISPLAYIO_GBORDER ioctl$WSDISPLAYIO_GCURMAX ioctl$WSDISPLAYIO_GCURPOS ioctl$WSDISPLAYIO_GCURSOR ioctl$WSDISPLAYIO_GETCMAP ioctl$WSDISPLAYIO_GETPARAM ioctl$WSDISPLAYIO_GETWSCHAR ioctl$WSDISPLAYIO_GET_BUSID ioctl$WSDISPLAYIO_GET_EDID ioctl$WSDISPLAYIO_GET_FBINFO ioctl$WSDISPLAYIO_GINFO ioctl$WSDISPLAYIO_GMODE ioctl$WSDISPLAYIO_GMSGATTRS ioctl$WSDISPLAYIO_GTYPE ioctl$WSDISPLAYIO_GVIDEO ioctl$WSDISPLAYIO_LDFONT ioctl$WSDISPLAYIO_LINEBYTES ioctl$WSDISPLAYIO_PUTCMAP ioctl$WSDISPLAYIO_PUTWSCHAR ioctl$WSDISPLAYIO_SBORDER ioctl$WSDISPLAYIO_SCURPOS ioctl$WSDISPLAYIO_SCURSOR ioctl$WSDISPLAYIO_SETPARAM ioctl$WSDISPLAYIO_SETVERSION ioctl$WSDISPLAYIO_SET_POLLING ioctl$WSDISPLAYIO_SFONT ioctl$WSDISPLAYIO_SMODE ioctl$WSDISPLAYIO_SMSGATTRS ioctl$WSDISPLAYIO_SPROGRESS ioctl$WSDISPLAYIO_SSPLASH ioctl$WSDISPLAYIO_SVIDEO ioctl$WSDISPLAYIO_WAITBLIT ioctl$WSKBDIO_BELL ioctl$WSKBDIO_COMPLEXBELL ioctl$WSKBDIO_GETBELL ioctl$WSKBDIO_GETDEFAULTBELL ioctl$WSKBDIO_GETENCODING ioctl$WSKBDIO_GETKEYCLICK ioctl$WSKBDIO_GETKEYREPEAT ioctl$WSKBDIO_GETLEDS ioctl$WSKBDIO_GETMAP ioctl$WSKBDIO_GETMODE ioctl$WSKBDIO_GETSCROLL ioctl$WSKBDIO_GTYPE ioctl$WSKBDIO_SETBELL ioctl$WSKBDIO_SETDEFAULTBELL ioctl$WSKBDIO_SETENCODING ioctl$WSKBDIO_SETKEYCLICK ioctl$WSKBDIO_SETKEYREPEAT ioctl$WSKBDIO_SETLEDS ioctl$WSKBDIO_SETMAP ioctl$WSKBDIO_SETMODE ioctl$WSKBDIO_SETSCROLL ioctl$WSKBDIO_SETVERSION ioctl$WSMOUSEIO_GCALIBCOORDS ioctl$WSMOUSEIO_GETID ioctl$WSMOUSEIO_GETREPEAT ioctl$WSMOUSEIO_GTYPE ioctl$WSMOUSEIO_SCALIBCOORDS ioctl$WSMOUSEIO_SETREPEAT ioctl$WSMOUSEIO_SETVERSION ioctl$WSMOUSEIO_SRATE ioctl$WSMOUSEIO_SRES ioctl$WSMOUSEIO_SSCALE ioctl$WSMUXIO_ADD_DEVICE ioctl$WSMUXIO_INJECTEVENT ioctl$WSMUXIO_LIST_DEVICES ioctl$WSMUXIO_OINJECTEVENT ioctl$WSMUXIO_REMOVE_DEVICE lchflags lchmod listen madvise mincore minherit mkdirat mknod$loop mknodat mlock mlockall mprotect msgctl$IPC_RMID msgctl$IPC_SET msgctl$IPC_STAT msgget msgget$private msgrcv msgsnd munlock munlockall munmap open$dir openat openat$dm openat$hdaudio openat$i2c openat$tprof openat$wscons paccept pipe pipe2 poll posix_spawn pread preadv profil ptrace pwrite pwritev readlink readlinkat recvfrom$inet recvfrom$inet6 recvfrom$unix recvmmsg renameat rmdir semctl$GETALL semctl$GETNCNT semctl$GETPID semctl$GETVAL semctl$GETZCNT semctl$IPC_RMID semctl$IPC_SET semctl$IPC_STAT semctl$SETALL semctl$SETVAL semget semget$private semop sendmmsg sendmsg$unix sendto sendto$inet sendto$inet6 sendto$unix setegid seteuid setpgid setpriority setregid setreuid setsockopt setsockopt$inet6_MRT6_ADD_MFC setsockopt$inet6_MRT6_ADD_MIF setsockopt$inet6_MRT6_DEL_MFC setsockopt$inet_opts setsockopt$sock_cred setsockopt$sock_int setsockopt$sock_linger setsockopt$sock_timeval shmat shmctl$IPC_RMID shmctl$IPC_SET shmctl$IPC_STAT shmctl$SHM_LOCK shmctl$SHM_UNLOCK shmdt shmget shmget$private shutdown socket$inet socket$inet6 socket$unix socketpair socketpair$unix symlink symlinkat syz_builtin0 syz_builtin1 syz_emit_ethernet syz_execute_func syz_extract_tcp_res syz_extract_tcp_res$synack syz_usb_connect syz_usb_connect$cdc_ecm syz_usb_connect$cdc_ncm syz_usb_connect$hid syz_usb_connect$printer syz_usb_connect$uac1 syz_usb_disconnect umask undelete unlinkat unmount utimensat vfork �� � > �� B CD E ����� B CD E ����� B CD E ����� �� 4Vx 4 Vx �� "3DUfw�����������̻���wfUD3" �� 4 Vx �� "3DUfw�����������̻���wfUD3" �� "3DUfw�����������̻���wfUD3" : �� ƍ@ �� �@ �� "�@ �� %�@ J�@ � L�@ � O�@ �� *�@ 1�@ �C C�@ �C V�@ �C j�@ 2P z�@ �S ��@ �{ ��@ , T( ��@ �p г@ , T �@ , S� �C@ F@ �E@ �E@ �C@ �C@ {E@ �C@ �C@ �C@ �C@ �C@ �C@ �C@ �C@ )E@ �@ �+@ �@ �)@ /�@ f*@ B�@ '6@ ܓ@ %@ g�@
15:44:07 executing program 0:
mknod(&(0x7f0000000100)='./file0\x00', 0x2000, 0x8e0a) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e) (async)
poll(&(0x7f0000000440)=[{r0, 0xc4}], 0x1, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x80000, 0x0)

15:44:07 executing program 4:
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff})
pipe(&(0x7f0000001dc0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
fktrace(r1, 0x4, 0xf, 0x0)
compat_30___fstat13(r0, &(0x7f0000000300))
pipe(&(0x7f0000000040))

15:44:07 executing program 2:
compat_50_mknod(&(0x7f0000000000)='./file0\x00', 0x2000, 0x0)
r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x2, 0x0)
r1 = openat(0xffffffffffffffff, &(0x7f0000001640)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1, 0x10, r1, 0x0, 0x0)
preadv(r1, &(0x7f0000001580)=[{0x0}], 0x1, 0x0)
writev(r0, &(0x7f00000000c0)=[{0x0}], 0x1)

15:44:07 executing program 3:
syz_usb_connect(0x0, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001000000000904000003fe03010009058d"], 0x0) (async)
syz_usb_connect$printer(0x6, 0x2d, &(0x7f0000000040)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0xff, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x8, 0x90, 0x1, [{{0x9, 0x4, 0x0, 0x3, 0x1, 0x7, 0x1, 0x2, 0x9, "", {{{0x9, 0x5, 0x1, 0x2, 0x8, 0x2, 0x2, 0x4}}}}}]}}]}}, &(0x7f0000000800)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x300, 0x2, 0x9, 0x3, 0x10, 0x8}, 0x1d, &(0x7f00000000c0)={0x5, 0xf, 0x1d, 0x2, [@ssp_cap={0xc, 0x10, 0xa, 0x81, 0x0, 0x100, 0xff00, 0x3}, @ssp_cap={0xc, 0x10, 0xa, 0x3f, 0x0, 0x6, 0xf, 0x8}]}, 0xa, [{0xa5, &(0x7f0000000100)=@string={0xa5, 0x3, "f3412bacab8d7ef7ffb16cc911727ba0f2764115200f32be4b6e04b22c5830510baf374895c0a07fbbacf27186aba9e1d754c76db0b63490a37bc7ad9085128886d8180267390e89d86bdf8e49c43fc1208a01ebcefc9666d1d830fb328d93ba6c9d03b21fcb5488ad28d2751cb883c62101777b8b53b74432a32437362778b07981d20774a09ac8198cc9e83bf3f33d230d689c68807b228f9018b196900cf9185a52"}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x3401}}, {0x15, &(0x7f0000000200)=@string={0x15, 0x3, "738021e12a2ad5e573b508a5ccd4d482629839"}}, {0xd3, &(0x7f0000000240)=@string={0xd3, 0x3, "ae304b662b4be4ddfbdcff62ce45e104bae33173db22172c8960f3fef097d631f36502c915b6566f1bdded0c01271b2214eca7121fa3f75cf29108ca40597d7161c45e7e34f1f8a5936cc3c36759577672111c1b11c8ec9906364fb08ccd04b903e359203143cd5ae89d6d6632aa586af79148e1900d4c1362a1f9387f43eb870e3ae1d6e8ed38e6debc01047bbb1358ef7dc477325f0183f589a56b8ff42177fe188b7def0444146f446ef4204ac9ba84ea35b3ae608ebd12dd85ce343392f462ddc8bdd2ac255255d1e35f0f74c72fe6"}}, {0x8b, &(0x7f0000000340)=@string={0x8b, 0x3, "bec992518c34ce6d4cd981e7db40e5613cccba01738942db1622f4759c5b013f2d3f65bb920c0c7cdec9da2f78cc515954bbbc81680104000000000000d6d756ef381f063dd890ab58b7557d79fa7292f7b10d55b6086739c97dae498aba3265e4648bc498546764898f2c5a86de0a07553b508eadff95b9897de71768c4834f7328bab6787d0b2a75"}}, {0xee, &(0x7f0000000400)=@string={0xee, 0x3, "f026e2a1a38b3d404a3770e30570bca7c38df21e0255cefb630ce3a1c84907e7345a76fe50462dda87e71db7173eb3536573edf238d2fd2db127489250ee2e304143d17d24e700e781b00454354a878f2f1c5c74657bf4a53cb50b6a393f962725340c379fea324c3be4e9c68505598f6b623137dbdbaafc6177aed6b9bf4aa526699afe8bb2dc8d209d6ae24053bf0c3c18efd087269f763c61a66baaa19d6fd11ef7b00586bc098798cf950d0cd29d038880cc6b36033b11c5c0144cde5926bf124ae3764313a674f92bd4dae40d91ac082203aa25b0085319195ca3861497ad9c5957e4aca5c37e3d49fc"}}, {0x4, &(0x7f0000000500)=@lang_id={0x4, 0x3, 0x212}}, {0x71, &(0x7f0000000540)=@string={0x71, 0x3, "38ad337e9310682c6e04ba1847c2ed2f2f083e0f06c208526b0297892ed720696348073ad25e19fc0dfbf062cf227f2ff78e6f5b278b2cb7699058116d3304597e7b76bce7445d19815ffc966587099dbba36c0a3ff92dddd8b474988cb5856908378f6bb9d2fd764412d3e1265095"}}, {0xc5, &(0x7f0000000640)=@string={0xc5, 0x3, "f70066dc427da44910f3dcdf25b875d09d537d367c0428ed8f87301e6b82411469fbcbd0af10812c5e15f51abfc1051c2b55e0554bd05fdc0a8d8b55f03c198c3272d64aa44928dbd59d4f9586b477e214c0ffadbbb625f3f3e8d4dc041eaef2e3693c0dd240e216d6dadbbe1276b9b23f5d07232bbc0151ac079a46393d94f9f52c467a050b0955eaffa14c754292a9f21ba585ac81388198b9b960c0b89ff067a19e186075ff8437427e88d19344c933ab0e5b521500"/195}}, {0xb2, &(0x7f0000000740)=@string={0xb2, 0x3, "07f73e58a627bd824195e33b4036b786d437d779a190fc2eaa56ce0dfa65dccf8163f2b4e2c425686e79f4372e47c41b799ae0cf45323437e84b036a5681ab7198b50673aa99addd8335b3b941b66a9781e3f10a914c0107208b82ae77c0d6a611778818a01b87964ab3825b00cb6df692d9099b5774cd70566aeb087a80dc967cf4bfd890d525e01137cc6636077b5fb6b0474bf78a5fb0ae663db79de2977c678f1190977f7ea213007bc2620be2b9"}}]})

15:44:07 executing program 1:
mknod(&(0x7f0000000100)='./file0\x00', 0x2000, 0x8e0a)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e)
poll(&(0x7f0000000440)=[{r0, 0xc4}], 0x1, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x80000, 0x0)

15:44:07 executing program 5:
compat_50_mknod(&(0x7f0000000000)='./file0\x00', 0x2000, 0x0)
r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x2, 0x0)
r1 = openat(0xffffffffffffffff, &(0x7f0000001640)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1, 0x10, r1, 0x0, 0x0)
preadv(r1, &(0x7f0000001580)=[{0x0}], 0x1, 0x0)
writev(r0, &(0x7f00000000c0)=[{0x0}], 0x1)

#@ W�@ � h�@ � z�@ � ��@ ��@ � ��@ � ��@ � ��@ � Ø@ � Ϙ@ ( ؘ@ � �@ � �@ � ��@ 1 �@ � �@ � %�@ � /�@ � ;�@ � E�@ O�@ � ]�@ k�@ � }�@ ��@ ��@ ��@ � ��@ � Ù@ � ̙@ � י@ �@ � �@ � ��@ � �@ � �@ � �@ � *�@ � 5�@ E�@ � S�@ � `�@ � k�@ : y�@ 5 ��@ E ��@ ? ��@ 6 ��@ D ��@ < ��@ > ˚@ 7 ՚@ C �@ = �@ 9 ��@ A �@ B �@ 8 %�@ ; g�@ 1�@ =�@ J�@ V�@ ! ]�@ 3 b�@ h g�@ h q�@ h |�@ h [�@ �@ " ~�@ e�@ 2�@ = ��@ � �@ ��@ � ��@ � ț@ � ٛ@ � �@ � �@ � �@ A %�@ � 6�@ � H�@ \�@ � m�@ � ��@ ��@ ��@ ��@ * Μ@ + ߜ@ g ��@ �@ � �@ a (�@ 8�@ > J�@ ( \�@ c n�@ �@ � ��@ � ��@ � @ W ٝ@ � �@ � �@ � �@ -�@ G =�@ f M�@ } a�@ q t�@ e ��@ r ��@ � ��@ X Þ@ � ؞@ � �@ & ��@ � �@ � %�@ � 8�@ @ L�@ � c�@ � {�@ � ��@ � ��@ V ��@ u ͟@ ߟ@ �@ � �@ � �@ ] '�@ S ;�@ � L�@ \�@ � p�@ � ��@ f ��@ d ��@ e W�@ b ��@ b Π@ b ܠ@ b �@ ) ��@ Z �@ � ��@ ; ��@ ��@ � �@ [ 105.5812125] WARNING: defaulted mmap() share type to MAP_PRIVATE (pid 6056 command syz-executor.2)
15:44:07 executing program 0:
r0 = openat$wscons(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0)
ioctl$WSKBDIO_GETBELL(r0, 0x40105704, &(0x7f0000000080))
syz_usb_connect$printer(0x4, 0x36, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xfa, 0x0, 0x8, [{{0x9, 0x4, 0x0, 0xa9, 0x0, 0x7, 0x1, 0x3, 0x2, "", {{{0x9, 0x5, 0x1, 0x2, 0x0, 0x0, 0x1, 0x5}}, [{{0x9, 0x5, 0x82, 0x2, 0x0, 0x5, 0x5}}]}}}]}}]}}, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r1 = openat$wscons(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$WSDISPLAYIO_GET_FBINFO(r1, 0xc0485768, 0x0)
ioctl$WSKBDIO_SETLEDS(0xffffffffffffffff, 0x8004570b, 0x80)
ioctl$FIONREAD(0xffffffffffffffff, 0x4004667f, &(0x7f0000000900))
ioctl$WSDISPLAYIO_GETWSCHAR(r1, 0xc0105755, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f00000009c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x4, 0x90, 0x0, [{{0x9, 0x4, 0x0, 0x20, 0x0, 0x3, 0x1, 0x6, 0x0, {0x9, 0x21, 0x8, 0x6}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x5, 0x5}}}}}]}}]}}, &(0x7f0000000b40)={0xa, &(0x7f0000000a00)={0xa}, 0x5, &(0x7f0000000a40)={0x5, 0xf, 0x5}})
syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000b80)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x2, 0x0, 0x1, {0x22, 0xeb6}}, {{{0x9, 0x5, 0x81, 0x3, 0x40}}, [{{0x9, 0x5, 0x2, 0x3, 0x0, 0x0, 0x0, 0x2}}]}}}]}}]}}, 0x0)
syz_usb_connect$hid(0x7, 0x36, &(0x7f0000000d80)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x68, 0x0, 0x8, [{{0x9, 0x4, 0x0, 0x1, 0x0, 0x3, 0x1, 0x3, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0xbe1}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x8, 0x0, 0x81}}}}}]}}]}}, 0x0)
ioctl$WSMOUSEIO_SSCALE(0xffffffffffffffff, 0x80085722, &(0x7f0000001180)=[0x0, 0x6])

15:44:07 executing program 1:
open(&(0x7f00000000c0)='./file0\x00', 0x70e, 0x0)
r0 = getpid()
open(&(0x7f0000000000)='./file0\x00', 0x400, 0x2)
ktrace(&(0x7f0000000080)='./file0\x00', 0x0, 0xfcfc96ac7f78659a, r0)
chown(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
__clone(0x100, 0x0)

[ 105.6812111] uhub3: device problem, disabling port 1
15:44:07 executing program 2:
compat_50_mknod(&(0x7f0000000000)='./file0\x00', 0x2000, 0x0)
r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x2, 0x0)
r1 = openat(0xffffffffffffffff, &(0x7f0000001640)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1, 0x10, r1, 0x0, 0x0)
preadv(r1, &(0x7f0000001580)=[{0x0}], 0x1, 0x0)
writev(r0, &(0x7f00000000c0)=[{0x0}], 0x1)

[ 105.8412101] WARNING: defaulted mmap() share type to MAP_PRIVATE (pid 2255 command syz-executor.2)
ELF > ` @ @ �p @ 8 @ @ @ @ @ @ � � @ @ @ @ d; d; @ @a @a l �B (@ (@a (@a � � @ @ , , @ @a @a d P�td �* �*A �*A � � /usr/libexec/ld.elf_so NetBSD $��; PaX C O 2 ! G I F C = ( 5 L K N H < ' J / 3 B > ? : + 9 ; 8 * A 0 & E $ M .
% ) , 7 - 6 1 " # D @ 4 : � b � ? u � � 3 � b � � n � X Da �@ V � � � � � G � � � � Q h n l � 7 f � z � � � � O � ! � � � � u 0 " � " g � 3� � Y a � � u � . 3� i ) "
� X Z � � � @ a � libstdc++.so.9 __libc_cond_wait __libc_cond_broadcast memmove __libc_mutex_init atexit strerror abort fflush memcpy __libc_mutex_unlock read __fstat50 fwrite __errno __clock_gettime50 pthread_create ioctl _Jv_RegisterClasses sprintf __libc_mutex_lock __sF strcmp libm.so.0 _fini __deregister_frame_info __register_frame_info libpthread.so.1 pthread_attr_init _exit getpid open pthread_attr_destroy environ close __libc_cond_init pthread_attr_setstacksize __libc_cond_timedwait mmap libc.so.12 __getpwnam_r50 setuid dup2 setsid __progname setgid unlink fork rand system __ps_strings strrchr closedir vfprintf kill chmod _longjmp __syscall waitpid strncpy setrlimit rmdir mkdir __sigaction14 vsnprintf chdir _setjmp puts __lstat50 _libc_init __readdir30 usleep mkdtemp setgroups __opendir30 _end �Aa �Aa 2 �Aa D b �Aa �Aa Ba Ba Ba Ba Ba (Ba
0Ba 8Ba @Ba HBa PBa XBa `Ba hBa pBa xBa �Ba �Ba �Ba �Ba �Ba �Ba �Ba �Ba �Ba �Ba ! �Ba " �Ba # �Ba $ �Ba % �Ba & �Ba ' Ca ( Ca ) Ca * Ca + Ca , (Ca - 0Ca . 8Ca / @Ca 0 HCa 1 PCa 3 XCa 4 `Ca 5 hCa 7 pCa 8 xCa 9 �Ca : �Ca ; �Ca < �Ca = �Ca > �Ca ? �Ca A �Ca B �Ca C �Ca E �Ca F �Ca G �Ca H �Ca I �Ca J �Ca K Da M Da N H�� � H�� � �5�+! �%�+! @ �%�+! h ������%�+! h ������%�+! h ������%�+! h �����%�+! h �����%�+! h �����%�+! h �����%�+! h �p����%�+! h �`����%�+! h �P����%�+! h
�@����%�+! h �0����%�+! h � ����%�+! h � ����%z+! h � ����%r+! h ������%j+! h ������%b+! h ������%Z+! h ������%R+! h �����%J+! h �����%B+! h �����%:+! h �����%2+! h �p����%*+! h �`����%"+! h �P����% +! h �@����% +! h �0����%
+! h � ����% +! h � ����%�*! h � ����%�*! h ������%�*! h ������%�*! h! ������%�*! h" ������%�*! h# �����%�*! h$ �����%�*! h% �����%�*! h& �����%�*! h' �p����%�*! h( �`����%�*! h) �P����%�*! h* �@����%�*! h+ �0����%�*! h, � ����%�*! h- � ����%z*! h. � ����%r*! h/ ������%j*! h0 ������%b*! h1 ������%Z*! h2 ������%R*! h3 �����%J*! h4 �����%B*! h5 �����%:*! h6 �����%2*! h7 �p����%**! h8 �`����%"*! h9 �P����% *! h: �@����% *! h; �0����%
*! h< � ����% *! h= � ����%�)! h> � ����%�)! h? ������%�)! h@ ������%�)! hA ������%�)! hB ������%�)! hC �����%r'! f��%r'! f��%r'! f� H���H�� H��H���� f. � USH�� H� s%! H�� @a H9�s H�� H)�H�� H�l� � H�� H9�u�H�� []�HcW HcG H�T H� H� Ћ �� �. �����1�� �� � H�� � ��t �� t�� u�H�z t�� �r H�� � ��u�H�� �� f��� �� ��Hk�8H �H9� �� 1������� �� u H��H+q H��8H9�v � �� u�H��H��8H9�w�H�� �� �����H9� �� H�O H �H� H��tu1�1�� H�� u H�y H�� H� H��t H�� u�H�A H �H�� H� H��u�H� 8H9�r �5H� H�x H �H�<2H�� H9�v �P H�� t�H��%t�P�"���H�J ������ATUSH��� @ I��� @ L9�s �{ % ��M H�+�S H�E H�� L9�r�[]A\�AUATUSH�� H��H��H���b���H�� � H��� b H�(I�� 3� H�E I� $H�E H� H�� �� H�� Da H� H� � ��t H�� ��/u�H� � ��u�H��t H�������\���H�= %! �� H� '#! H�� @a H9�s H�� H)�H�� L�l� � H�� L9�u�H�=y����D���H� �"! H�� @a H9�s H�� H)�H�� L�l� � H�� L9�u�H�� �@ �
��������} I� $H�u �L ��� ���H�� Da H�5`�! H�0�:���� H� �d � � 1������ ������d����)����=�&! t �S� �&! H� V"! H� H��t ��H�� ��H�=�#! t H�=� �h���[À=o&! t �S� d&! H�=�#! t H�5 &! H�=l �/���H�=�#! t H�=�!! H�? t � ���H� �!! H� H���t ��H�� ��[ÐAVAUATUSH��PH�|$ 1�1���H�T H�T H�T H�T (�� ��@r�1�� � � � A� A� A� A� � �
A� A� A� H�D$ ��1�H��P[]A\A]A^�USH��� H�t$(H�T$0H�L$8L�D$@L�L$H��t7 )D$P )L$` )T$p )�$� )�$� )�$� )�$� )�$� �=u d tTH��� ����(�D$ �D$ 0 H��$� H�D$ H�D$ H�D$ H�T$ H�޿0 b ������0 b �J����5����(H��� []�� `u �z t H�� �X�@ 1��!���1�H�� �� � �H�� H�� d ���@ � H��1��,���� H��1�� ���H�� �SH�� H�|$ H�|$ �A����ÿ@ �5���Hc�H�� [�ATUSH��� I��H��H�T$0H�L$8L�D$@L�L$H��t7 )D$P )L$` )T$p )�$� )�$� )�$� )�$� )�$� �7���� L�⾷�@ �0 b 1��Q���H��t9�D$ �D$ 0 H��$� H�D$ H�D$ H�D$ H�T$ H��0 b �����������H���ھċ@ �0 b 1������dH� % H������H��t ��� u
�C �.���1��'���H� � d H�� d Lc r d I �H9�r L9�s �8H�P H� ` d �RH�¾Ջ@ ��@ 1�����SH� H= � s^L�H L� H� I�� � sjL�H L� H�x ��H� H��H�� ��� H�1H��H�� ��� I� H��H�� H � � d H � ��H� [�A� � � d H�¾��@ � �@ 1��-���A� � � d L�ʾ��@ � �@ 1�� ���H�� H� H= � �� H�P H� H� H�� � sbH�P H� H�p H�� � sNH�P H� L�@ H�� � s:H�P H� H�@ H��� wBH�� ����c t H����c H��t 1�H��L �H�� �A� � � d ���@ � �@ 1��j���H�ʾ)�@ �5�@ 1��V���A� � � d H�¾��@ � �@ 1��7���H�� 1�1��*���H�� �� �b�@ ������u H�� ÿR�@ �����H�� H�� ������u/H� $H� �H� �H� �H��4�ׂ� CH��H�d$ H�� H� �H�� ÿm�@ � ���SH� uQH���w E1�D� � � 1������H���t8H�C �S H �H�C �=� ! H �H���H�� H�C H�C( [ÿ��@ � ������@ � ���H�� �=� d u �s����� �� H�D$ � H� $ � H�� � ���H�D$ H� $ H�� �����H�D$ H� $ H�� �����H�D$ H� $ H�� ����H�D$ H� $ H�� ����H�� ÿ��@ �R���SH��� ����CX��u �CX H�������H�{0[�|������@ � ���H�� H�� H�D$ �|$ � H�t$ �� � ���H�� u H�� ÿ��@ �����SH�� �݌@ ����H��H��t}H������H��t_�x u�H��� �@ � H��� �€� ��u�H����@ � H��1������� H���4�����t�H���@ ��@ 1�����H������H�� [ÿΌ@ �>���ATUSH�� H��A��� � �@ 1��B������ �� �Ëu ���=�����x ���b���H�D$ E��u+H�T$ � K ��} 1��������ur�D$ �� �E H�� []A\�H�D$ H� I d H�� H�� H�D$ H�T$ �
K ��} 1�������t��P�@ �����M �ھ*�@ �9�@ 1������ �@ �g����k�@ �]���H� ! d H�" d Lc d I �H9�r H�P I9�v H�8H�� H� � d �RH�¾Ջ@ ��@ 1��J���USH�� ��H�v dH� % ��������t H�� ��H= 0 w ���@ 1��������5������@ 1�����H������� �H���USH��� H��H�t$(H�T$0H�L$8L�D$@L�L$H��t7 )D$P )L$` )T$p )�$� )�$� )�$� )�$� )�$� �#���� �D$ �D$ 0 H��$� H�D$ H�D$ H�D$ H�T$ H��0 b �����ھ��@ �0 b 1�� ���1��^���SH��1�� �����u H�{01��D�����u �CX [ÿǍ@ 1�� �����@ 1�� ���USH�� H���^���H��H�� �� H���j���H�� �� L�@� �@ � L��� �€� ��tҿ �@ � L��� �� ��t�H��!�@ � H��$� 1��`���H��H��$� �p�����u}�D$ % � H��$� = @ t?������� �e���H��$� �8�@ 1��;���H��� ���H��������uDH�Ĩ []�� ����)��������8 t�H�� �@ 1������H��$� �'�@ 1������H����@ 1������� I��I�� t61�D � D �H�� L9�r� �� u =�� v ���� �=�� w� �L � � Љ ��SH��� H�|$ �@�@ �6 �H�L�T$ E1ۻ�����/I�2H�|$ ����D �D$ A��A �J fD9�u-A�� I�� A�� tE�D$ I�R H��u�A��A �J fD9�t�E ��D�ھ��@ �0 b 1������ H��� [�1�H��� [�AWAVAUATUSH�� A� �����% ���y �� �ˀ�� D�c �����% �y �� ����� �l E��~4L�|$ M�w L �� I�� ����%� �y �� ����� A� M��L9�u��D$ D�����A�։Å�~2Lc�E1�E1�M��t Ic�H�D$ H �L��H�|$ �M���A�� A �A9�u�E��t#Ic�H��t D��D)�Hc�H�D$ H �H�|$ � ����D$ Ic�H��t)H�t$ H�|$ ����� �D$ f;D$ u A�� �����1�� 1�f;D$ t� H�Ę []A\A]A^A_�H�� f� �T# 4 �5�T# � �T# D ��T# � �T# �� �D � �u#� ���f�� f� �T# �� �Ā��u,< u(1�� � $A� �4 ���@ 1������� H�� �� $ E1�D ��1�1��8�@ 1������ H�� �USH��(I��H��H�j@H�Z8L�Z0L�J(L�B H�J H�R H�p H� M��t H�l$ H�\$ L� $H��A��H��([]�Hc�H�l$ H�\$ L�\$ L� $M��I��H��H��H��1��}���H��([]�AVATUSH��hH��H�|$ Hc�� �D$ H�� H���@ H�L$ H���@ � ���H+ �R# H��H�ًu �S�@ 1�������� � ��~3H�l$ H���� �ޔ@ 1�����9�� ~ �g�@ 1��x���H�� �Ϳč@ 1��f����D$ ����H�D$ ƀ� ��0 ��~mH�D$ ��8 �� �y � �b�@ 1��a����Ń�� �S H�D$@ �C H�H�D$HH�T$@� F ���1�� ����� �� H�D$ ƀ� �l$ �=� d t H�D$ H��` H� H�\$ Hǃ@ ��������� dH�<% ������� H�Ǡ��������� �{ dH� % ������� �V���� H�L$ ��H H��@ � �� HcD$ H�� H�� �@ t H�D$ ǀH H�T$ Ƃ� �=� d t H��` H� ��T ���� �" H�D$ ƀL ��0 �� � �D$ H�D$ H � H�D$(H�D$ �L$ 9�8 �Z L�t$ E��H I��@ HcD$ H�� H���@ �����H+ �P# H��E��I��H��A�6���@ 1��j����=; d �U H�D$ ��0 ��~ H�D$ ��L ���@ 1��6���H�D$ ��8 ��~ � �@ 1�� ����ō@ 1�� ���H��h[]A\A^�H�\$ H��� H�D$ H�p8�x �\���H��@ �\����D$P H�T$P� F ��|$ 1�������� � H�|$X ���D$< H�T$<� F ��|$ 1������� �� �|$ �����H�D$ ��L �D$ ������ �$���� ���dH�<% ������� H�Ǡ����Z�����u H�D$ H�p8�x H�T$(����dH� % ������� �D$ �?���H�D$ ��T ��@ 1�����������ھ��@ ���@ 1��*���� ���@ ���@ 1�� ����j�@ ��������@ ������ڎ@ ��������@ ����H��tEH�� H�� uJH�� t,H�� t3H�� t H��7�@ �A�@ 1�����f�� ��H�� � ω�H�� �H���H �H��H�� þ �@ � �@ 1�����AVSH��8H�|$ H�t$ H� $H�L$ L�D$ L�L$(H�� � M � �� H�D$ H�� �� H�� tuH�� t H�T$ � �@ ��@ 1�� ���H�<$ �� dH�<% ������� H�Ǡ����������u H�T$ ���@ H�|$ �����dH� % ������� H��8[A^�H�<$ �O dH�<% ������� H�Ǡ����h�����u�H�T$ ��@ H�|$ �����H�<$ �� dH�<% ������� H�Ǡ����&����� �u���H�T$ �ȏ@ H�|$ �J����\���dH�<% ������� H�Ǡ���������� �7���H�<$ �� vuH� $H�� u0H�D$ H D$( �J H�T$ � H�|$ �����H�\$ � �����H�� � H�D$ H D$( �� H�T$ � H�|$ ����H�\$ H� ����H�<$ �� H�D$ H D$(u H�T$ � H�|$ �x���H�\$ � �~���H�\$ �;L�t$ L�� �R���H�4$ �L$(H��H��H�� H�t$ ��H��H�|$ H��1�!�1�@ ��L�� � ���� �!���L�t$ L�� H�\$ H�;������ �L$(H��H�� H�t$ ��H��H�|$ H��H1�H!�H1�L�� ����H� �����H�\$ �;L�t$ L�� ����� �L$(H��H�z�H�t$ ��H��H��H�|$ H��1�!�1�L�� �b���� �m���H�D$ H D$(u!H�T$ � H�|$ �;���H�\$ f� �@���H�\$ �;L�t$ L�� � ���� �L$(H��H�� H�t$ ��H��H�|$ H��1�!�1� ��L�� �����f� �����L��H�T$ �Y�@ �l�@ 1�����H� $�7�@ ���@ 1�����H� $�7�@ ���@ 1�� ���H� $�7�@ ���@ 1��j���H� $�7�@ �ҏ@ 1��U���H� �J# H��t1� 9�r(�H �9�w )׉��� �� � ���� �D8 �� ���1��P��@ �����H�� H� � H� $J# H� IJ# `�c � c�c �!J# @H��e ��~�����tK�=E�c tBH��' ��e�����u2�=,�c t)H�� ��L�����u H� �I# � �c 1�H�� ø H�� Ë �c 9�}KUSH�� ��H� ��c H��t8Lc�L ˉ�)�Hc�A� � � H������H9�uI�-��c H�� []���k���% �y �� �Ȁ�� �� Hc�H� �+ H �H� ��c Lcz�c L��듿 �@ ����USH�� H��H���������x H�H9�s H�� []ÿ �@ �{���H��,�@ �(�@ 1�����H��� H�L$8L�D$@L�L$H��t7 )D$P )L$` )T$p )�$� )�$� )�$� )�$� )�$� �D$ �D$ 0 H��$� H�D$ H�D$ H�D$ H�L$ �=���H��� �SH�� ��H��$ H��$ L��$ L��$ ��t@ )�$ )�$0 )�$@ )�$P )�$` )�$p )�$� )�$� �D$ �D$ 0 H��$� H�D$ H��$� H�D$ H�PATH=/usH�D$ H�r/local/H�D$(H�sbin:/usH�L$0H�D$8H�bin:/usrH�D$@H�/sbin:/uH�D$HH�sr/bin:/H�D$PH�sbin:/biH�D$Xf�D$`n H�|$bH�L$ H�� � ���H�|$ � �����t ��u ��H�t$ �V�@ 1��z���H�Ġ [É�H�T$ �8�@ �G�@ 1������=&�c �� SH�� ����? �� �����@ � H�|$1�������ٺ��@ � H�|$ 1�����H�T$ ���@ 1�1��3���H�T$ ���@ 1�1�� ���� H�|$1�� ���� Q
! ��� �O �� ��� ����� �1 �=.
! �!����
! � ���@ � H�|$P1��7���H�L$PH�T$ � �@ � 1������ٺ �@ � H�|$ 1�� ���H�L$ H�T$ �X�@ � 1��s����(�@ � H�|$p1�������ٺ:�@ � H�|$&1�����H�L$pH�T$&�H�@ 1�1��-����ٺU�@ � H�|$41�����H�L$4H�T$ �c�@ � 1�������ٺx�@ � H�|$B1��X���L�D$pH�L$ H�T$B���@ 1�1������H�Đ [�ÿِ@ ����H�T$���@ � @ 1��������h�@ �r�@ 1�����H�F H9G u H�F H9G ��Å� �� AUATUSH�� A��H�� �7���@ 1�� ���E�e�I�� � � H�� I9�t) �t ���@ 1�������؃� �� uܿō@ 1��������A�� u H�� []A\A]ÿō@ 1�H�� []A\A]�����USH�� H�|$ H�4$�= ! ��x3H�l$ H� $�=U�c t ��H���;����=� ! H��H��H�� []����H������H�� []�H�� @�� ��� �D$ H�T$ � K ��?1��D�����u H�� Ët$ ���@ 1��s���AUATUSH�� H��dH� % H�������=��c t � ��c �=��c t] ��H��P �~���H�k L�khL�c8H�������S`��u H��L���0����C`��t�H���a����C` H���|���L���E���뾀=F�c u���t��H� H�� � s H�B H� H� �PA� � � d ���@ � �@ 1�����H��(H�|$ H�t$ H�T$ dH�<% ������� H�Ǡ����%�����u?H�|$ twvVH�D$ H�� u.H�D$ H�L$ � H� � dH� % ������� H��(�1���H�� uMH�D$ H� H�L$ H� � ��H�|$ u.H�D$ � H�L$ H� � �H�D$ � H�L$ H� � �H�T$ �7�@ ���@ 1�����SH�� H�|$ H�t$ H�T$ �=� ! �� �� �� H�t$ ����H�Å� �� �=��c t ��H�|$ ������� �� f�|$, te��I �� �|$4 �� H�D$VH�\$ �p �H�T$ � Ή3�@ �H�T$ � ȉC �ɑ@ 1������s �ޑ@ 1�����1�H�� [�HcӃ�!~-�|$7 u& �D$.H�� ��<H�H"H9�w H�D .��K����8#u H������H�� [ÿ��@ �Y���AWAVAUATUSH��x A� �D �@�c A�� I��H�� w �(�@ 1�� ���H�������2 ��I��I��Mc�L��H�� L �I�4AI� �L� � L�\$ I��( � � 1�H���H�M��( � I�V I��0 � A �V A��8 � A �V A��9 � A�W�A��< � Aǃ� � ����� 1�\$$L�d$(L��I���(�� u J� �H�� ��� � �� �� H�U I9� �� M�,.A �E A � < �� H �I9� �� �� u�N� �I�� M�� � A��� � �� �L�\$8L�T$0A �M A �U M�迸�@ 1������L�\$8Ic�` H��H��H�� H �H�� L�T$0I�� � L�h A �M �H(A �M �H)A �M �H*�� A��` H�U I9� �>����\$$L�d$(H�D$ �� � ���@ 1��X����D$p L�t$pL�� V ���1��W����� �k 1Ҿ
V ��1��?����� �� ���@ 1�� ����D$O L�l$d� � H9�tDH)�I �H��L����B���H��y�������0���@ 1������H������H��x []A\A]A^A_Ël$d�� �� �D$n �L$i �t$h@����@ ���@ H I׉ $D �L$lD �D$j� �@ 1��m���H�D$P �|$h � H�T$hH�L$OL���� ����� �� D �l$nL�� �T$hfA�� v 1�E1��L��1��� r H�� �H�@�� t �@�� t f��� t ���yAD�� �@ 1������E�� � �|$O ������@ �F������@ 1�����Hc������D��M��� H9� �� H)�I �H��L���������H��y�D��`�@ 1��}����=O�c t D��L���4���������(�@ 1��X�������� � � 9�t �� H h �� t'� 9�u� �T$h��`u �|$i �� �p�@ 1�� ������@ 1�� ����5���D��`�@ 1�������=��c � ���D��L�����������E��L�l$XL�|$X� � H)�I �H��L���������H�� �=���H9�u�L��� I9� �����I)�H �L��H�������H�� ����� �L$j �Ń� �F������$��@ �� Hc�H�q H�L$8H��H�� H �H�� L�� � L��A�p L�D$0���@ 1�� ���L�D$0Ic@ �� H�L$8 �����H��H�� H �H�D H�� H�L$ H�D I�U H�� � A �U ��( � A�@ ������@ 1����������I�t$ H�t$PA�D$ = �� 1�E1�H�� �p�����L���� r H�� �H�� t �� t f�� �t�����n���I�t$ H�� �3 H�t$PA� $= �� 1�E1��M��t ��A;D$ �� �� �� H�D$P�*A D �l$nA�� � D G辨*A �gHc�H��H�� H �H�DE H�D� H� � � H�p H�t$P�@ �&���Hc�H��H�� H �H�DE H�D� H�4�( � H�t$PD �l$nA�� � D G�D��������І@ ��������H�D$P�*A D �l$nA�� � D G辠*A ��H� @I�D� H�p H�t$P�@ �����.����0���@ 1��3���H�������a���f�D$P
Hc�H��H�� H �H�DE H�D� H� �( � �H f�L$R�H �L$T �@ �D$X�D$Y H�t$PD �l$nA��

D G��-����P�@ �����D �l$nA9�D G�� ���AUATUSH��(H�|$ H�t$ H�T$ H� $H�D$ L�d$ H�\$ L�,$H�޿ �@ 1��l���H��tS�؇@ 1��[����=-�c t D��H��� ����1����Ņ�x=L��H��L��������H�É�����H��H��([]A\A]ÿ1�@ 1�� ���H�������ݿ��@ � ���@�=��c �%��c H��H��� � ��c @�� t6� ��c H��H�� �� � ��c H��H�� �� � �c H�� �� @�=p�c �@�� u�� f�c �� � ^�c ��t � L�c ��t � � A�c ��u� � 1�c �H�� �=%�c u1�=!�c u �= �c u+� ������x)H�� ÿ ` ������� � ������տ @ ������ɿO�@ � ���SH��H�?H�� �� �C���H� �� H�� t$H�� t`H��t:H�{ H�� u!����H�{ [�z���H �{ H�{ H �C H�C �����H�{ [�����H �{ H�{ H �C H�C �����H�{ [�����Hc{ H�{ HcC H�C ����H�{ [����H���f�@ �p�@ 1������H�W H��t\H� �� H�� t � ��c ��tDH�� H� � ����� H�� �H���c Hc ��c H �H9�r H9�v H�W H9�r�H9�w�� ��H� t�H� � t�� ÐH� H9 t 1��H�F H9G u�H�F H9G ��ÐH� H9 u �S��� ��À=l�c t �W����AWAVAUATUSH��XH��H��H)�H�� �� H��H��H�� �� H�G H�D$(L�g@H�� H�� H�� H �L�i�L�S L�
M9� � ��L�Y��� �� M9� �] ��L� L�{ L�s L�K �� �� H� H� H�B H�C H�B H�C H�B H�C L� L�z L�r L�J L�C L� M��H��� ����t$M� I�� M�i�M9�u�H��L���M����� ����t H�� L9 u�H��H���0�����u�L9�v?I�y�I�q�I�A�L� M�Q�L�R M�Q�L�R M�Q�L�R M�Q�L� H�z H�r H�B L� �H��H��L������L��H)�H�� �� L��H�� �����L��L��H���4+ I�� I�} H�|$0I�u H�t$8I�M H�L$@I�E H�D$HH� I�U H�S I�U H�S I�U H�S I�U L��H)�H��H�� H�<$H�t$ H�L$ H�D$ 1�H���( H�� �H��X[]A\A]A^A_�M9� � ��L� L�{ L�s L�S �� �� H�C H� H�C(H�C H�C0H�C H�C8H�C L�C L�{(L�s0L�S8�V���H��H�|$(����������M9� �� L��H�|$(������ �� H�A�H� H�A�H�C H�A�H�C H�A�H�C L�A�L�y�L�q�L�I�L�C �����L��H���]�������M9�uYL��H���H�����tQH�A�H� H�A�H�C H�A�H�C H�A�H�C L�A�L�y�L�q�L�Q�L�C ����L��H�|$(���������� ����u�H� H� H�B H�C H�B H�C H�B H�C L� L�z L�r L�R L�C �C��� ���� � ���H�C H� H�C(H�C H�C0H�C H�C8H�C L�C L�{(L�s0L�K8� ���I������AWAVAUATUSH�� H��@��t71�H9= q# �Í � H��@ � �� E1䀽L ������
�� � A�� ��� ������� ����D������������1�����H��1�����I��1�� ���I�Ā=��c �� D��T L��L��` I�] I�� N�4;L9�h �* L9�t\L��H�� H ��H��?�? )�Hc�H �L��H���8���I�� �� I�� H��H���# I9�t H��� # H�� I9�u�L��H���`" H)�H�� �Ņ�t.�� H�� M�l (1�H��� �����u �� H���N���H�� I9�u�A�,$� [0# �� � R0# H� �c � H�� []A\A]A^A_À=��c t H��P L��H�ހ=�� t ��* 변=��c t����/ @ �D��H �N���L��H����" �7������@ ���@ 1�� ����=��c �� �=q�c �� �=h�c �� �=S�c �� H� �n# H� � �n# �� �� USH�� �������������������� ����1�����1�����H��1�����H��1��x���H��H�޿ �c �=�� u@��. H� On# H� � /# �� � /# H� ��c � H�� []À=��c �5�����) f D �AWAVAUATUSH��HH��H�o H������D�c`H���e���L�khE�� �� L���p���D��� L���A���E�� �� ��� �� H��@ H���u?� H����������ƃ� � O�c �P�� F�c �� �� H��H[]A\A]A^A_�H��� H���t H��� � H�� Ƃ��c H����c H��� H= � �� H�P H��� H�8� �m���H�� � �� H�P H��� H�h H��� �� H�� � �� H�P H��� H�x H�� � ssH�P H��� H�p H�D$8 H�T$8� ����� �`���H�� ƅ��c H�D$8H����c H��� H= � �I���A� � � d H�¾��@ � �@ 1��N���A� � � d ���@ � �@ 1��2���H��Ē@ �ϒ@ 1�� ���D ��� L������D��� L���{���H�������[`H���h���E��D��ھ��@ � �@ 1������D� D � F�c ��,# �@�@ �0 b 1��}����ȿc ��� �t$,L��� D�{tH���+���D�sXH�������H�k�H��� ���D�K�D�L$(H������� �K��t$,�t$ L�l$ D�|$ D�4$D�L$(D �CpD��x�@ �0 b 1������A�� H�È A�� �m�����@ 1��!���AWAVAUATUSH�� �C���H� ��c H� }�c 1�����������HDŽ$� d �=Q�c t1�=A�c �� �=2�c �� �=+�c t H� �j# H� HDŽ$$ DŽ$, H�D$hH�D$ H�D$ �D$8 H��$� H= � �� H�P H��$� H�0H�t$ H��� �� H��� �� H��� �� H��� �, H��� �s H��H�� H���@ H�L$`H�� � H�L$ H�� H�� �@ H;L$ vH �-�c H�L$ H�L$ H�� L���@ �ؓ@ � L��� ���� ��u(H���c H� �H� �H� �H�� H�t$ H9�H C�H�L$ ���@ � L��� ���� ��u*H���c H�4�H��H�� H)�H�� H�\$ H9�H C�H�L$ H�� � �4 H�P H��$� H�H H�L$0H�� � � L�p L��$� H�@ H�D$ H�� �_ H��$P � 1��H�H�|$ � I�� � �� H��$P H�D$ H���H � L��$ H��$ H��$ H��$� H��$� ����H��$ H�� �� H��$ H��$ H�� � H�� � H��$� H���=���H�E L��$� H9�tiH�� I�� � �� I�V H��$� I� H�� �U���H�� �� H�� � �� I�F H��$� I�V H�� �� H��$� �����H�|$ t H�D$ HDŽ�P H�� H�� u�D$8�D$<�� �D$8��$$ �D$X ��$( �D$G��$, �D$@�`�c E1�L�t$HI��I��`�c I��} �� �=��c t#�=��c �� �=��c �� �=��c u~A�D$ E�<$AƄ$� H�} �����L�mhL������L���U����=U�c �� L���e���A��$� L���5����� �� A�� H�ň A�� �K����~�@ 1������E D�} ƅ� A��$P �� �� I��$` �g���H��P �����V���L�mh�w���H��$0 藽��� H��$0 � ����d �!�����8# �e �2 �6����� �R L���<@ H��$0 H��$ 谾����u�H��$0 � ��������L�t$(L�t$HIc�Hi�� ��8�c �� H�D$(H��h�c H���5���Ic�H� @H�� H �H� � H�D$PH��`�c �K`�L$xH�������L$x�� �n L��������� �L$\L��达�� ��� �L$\�� �A �� �9 L�%<e# L��� H�D$0H��� ǃ� ƃ� �D$<��� �D$ ��� �D$ ��� H�D$(H��0 �t$X��`�c �t$G@��d�c �t$@��h�c H�\$PH�D$`H�� P H�� H�c H�� H��Hu�H�������� K�c � ��c ��$( �� �� �K HDŽ$$ DŽ$, H��$� H= � �� H�P H��$� H� H�\$ H��� �y H��� �l H�|$ � �� H�|$ � �� H�|$ � �W
H�L$ H�� H���@ �����H�D$ H�� H���@ ���@ ���@ 1������� �� H�D$ H�� H����@ H � ��c H ��c �=
�c �A �s���H��L��� ���Ic�Hi�� �� �c �� H�t$(H����c H�<+H��H� IH�� H �L�4�`�c L�d$pD�|$|I��I��� �� �� L��H)�H��H�� H���S㥛� H��H�� H��$@ H� �H� �H� �H�� H)�H��H��H�� H)�H��H�� H)�H� �H�� H��$H H��$@ L��L��� �������A��� H��H)�H9� �j���L�d$pD�|$|Ic�Hi�� �� �c L�������� �] �ȿc ���c � H�È H9� ������{p t�H���Ϻ��D�cXH��裻��E��t�H�{�� �����I��`�c �� A�D$` �`�c �����ȿc �d����`�c ������|����=X�c � ����=F�c �-���� ���L������ � ����h�@ 1�����H�\$hH��$� H�� � �� H�P H��$� H�H H��$� H�� � �u H�P H��$� H�H H�� �� H�� �N H�� �� H�� �� H�� � �1 H�p H��$� H�P H�� � �� H�p(H��$� H�H H�� �� H�� �� DŽ$� H�� � �� H�P0H��$� H�@(H��$� H��$� dH� % H ����H��$� H��$� H9�$� �1 H��$� H= � � H�P H��$� H� H�� � �\ H�P H��$� H�p H��$� H�� � �7 H�P H��$� H�@ H��$� H�� �� H�� �� H��$� H��$� H�� � � H�� � H��$� H��$� ������� H�� � �� H�P H��$� H�������� H#H H��$� dH� % ������� H�������7����� �� dH� % ������� H��$� H�� H�� 1�� H��� �� H B�����H��$� �5��c ���c �q���H��$� �R���L�����������L��$� H��$� H��$� H��$� H��$� � ���L��$� L��$� H��$� H��$� H��H��$� � ���H��$� H�D$h�#���H�� � �� H�P H��$� H�@ ��H�� H��H��$� �B���E1�E1�H��H��H��H��$� �����dH� % ������� H��$� ������u%H��$� H��$� H��t H��H��$� �+���dH� % ������� H��$� �;���� �@ � �@ 1�軾��H��$� �����H�� H9�u��
����=e�c �@ ����H�D$ H��cv'�d 1�H��H��1���� 薴���`���H�� H9�w�H�Ĩ []A\A]A^A_� ��$� �� ��E1�E1�1ɺ H��$� ��������H�D$hH��$� H��$� �G���H��$� �:���H��$� �-����O���H�\$hH��$� H�� � �� H�P H��$� H�H ��$$ H�� � �� H�P H��$� H�x ��$( H�� � �� H�P H��$� H�@ ��$, �����H�L$hH��$� �{���H� d\# �?���L�-��c M �I �H D$ I9�L B�H� ��c � 1�H��H D$hI9�L B���c �=͜c �h�������I9�rLi=K�c � � ����ȿc � H�È H9�tǀ{p t�H���]���D�cXH���1���E��t�H�{������ʻ`�c �`�c �=`�c �����H�߀�� t;�= �c t+�=��c u �=��c u �=��c t H��` H� ��T 1��5���H�È H9�u�����H��Y�@ � �@ 1��"���A� � � d L����@ � �@ 1�� ���H�¾q�@ �{�@ 1�����A� � � d ���@ � �@ 1��ӻ��� �@ �2�@ 1��»��� �@ � �@ 1�豻���M�@ 1�����H��$� H��$� H��$� �ı��� ���H�¾��@ �Ј@ 1��o������@ �.���A� � � d H�¾��@ � �@ 1��F���A� � � d H����@ � �@ 1��'���H�ʾ=�@ �G�@ 1�� ����7�@ ���@ 1�� ���H�ʾ=�@ �_�@ 1�����Ic�I��Hiۈ D ��8�c L���m����� �c H��`�c L���8���L���P����[`L���%���E����ھ��@ ���@ 1�葺��H�T$ ���@ ���@ 1��{���H�ʾq�@ �{�@ 1��g���AWAVAUATUSH�� DŽ$� � � H��$� �� � ���H�� �� �D$H �T$H���@ H��$� 1�� ����� H��$� 褰���� �� �@ � �c �� ����H��@ �j H� � # H������ ܺH9� �? H� � # H�� @ �F H�=� # �R���H� � # H� ��c H�T$hH�=� # H�=��c H�|$`L� # L� ��c L�T$XL� t # L� ��c L�\$PH� A # A��A�� D�5��c I��I��A�� D�%��c H��H�� �� @�-��c I��I�� A�� D�- �c H��H�� �� �q�c �L$OH�� �� � _�c L� � # L�D$@�ͻ�� �L$OH+ � # H�� �ۉ\$0L�D$@L�D$(L�\$PL�\$ L�T$XL�T$ H�|$`H�|$ E ��D�t$ @ ��,$E��A�� E��A�� H�T$h�(�@ 1�� ���H� ��c H�� �� H� ��c H; ��c �� H�� �� H�=S # �� 耱���Ņ� � �" �ƿa�@ 1�赶���D$| �����I��H� ��c D�(M��� H�t$|������a���9� �� �� ����H� (�c H� @H���������H��H��H�� L�= �c 蔺��H� -�c �
A9�L E�H��L)�H; ��c s H9�rfL)�K� �H�� H9�rV��x�@ 1�� ���� ���6��������1�H�t$|���ð��9�u�|$}CtU1��ϻ��H��$� �%����D$H �����A��� ������@ �Ź���D�@ 軹��H��$� �q�����t �Q�@ 蠹���n���� ���@ 苹���� ������ �ڮ������1��έ��L� ��c H� �c ���@ �!�@ 1�胶���.�@ �B����ؔ@ ��@ 1��h������@ �'������@ � �@ 1��M������@ � ����*���f. � AWAVAUATUSH��� ��I���� �� �� 2�0 b � � � �@ � ���� ��H��� []A\A]A^A_�L�f ���@ L���9����Å� �4 �Õ@ L���"����� �y �ȕ@ L������� �Z �� �a ���@ L�������Å� �� � �@ L���خ���� �T����[���H� , # E1�A���� �# � � 褬��H= �� HDŽ$� � HDŽ$� � H��$� H�� �����dH� % Hǀ����`�c E1�A� � � � @ � d �5���H= d �U � �9���� �լ��� �@ � H���H��� ���H��H�� �( �� H��� ����� �F H��������D$ �� �< H�U � H�׋D$ �HDŽ$� �&@ DŽ$� P 1�H�� �!���1�H��
� ����� 1�� ����� �� �� � ������ �� � � �ت���� �� 1�� �Ī���� �� � 1�H���H��$� � H��� 親���� �� H��$� H������ ܺH9� �� H��$� �#���H��$� H� ��c �=��c �� �=��c E �A�� A�� �=��c E �A���A�� A���c 1�� �� I�Lj A9�t)��� A� 1�L��舸��A9�~�I� u�L���3������ �Q# � � � �c �Y���� �c � ����=A�c � �� 1�H���H�I� �/ H���V���H)�H�P H��$� H��H���ܪ��H���1�H���H��H�D�� �@ � H���Ƅ$� 1�H��1��6����Å� �� H�t$ �������� �� E1�A�ع � H��$� �# H�� �r���H� [ # �# H�� H9� �T ��$� �@ �� �� H�� H9� � ��������=H�c �h �=:�c �� � ����Å� �j �� �ƿb�@ 1��;���DŽ$� A���� H��D�������9�u시$� �߉ھw�@ �0 b 1�� �����C�C ED$ �É��������[����� �����f�� ���L�f ���@ L���z����Å� �*����Љ@ �ƪ��� �����@ 贳��1�L����@ L����@ 1�菪������@ 1҅� �� Ӿ��@ ��x ���@ ���@ H D�L��
�@ 1��Z���H�� H��@u������� � �c E1�D9� �����O�l� �ܓ@ L���ө���� �� �g�@ L��辩���� �� L�꾸�@ �0�@ 1��6��������=��c �|���L�D$ � H��H�t$ ���@ �V����� �K H�|$ �? 1�1��ɨ���� �$ H�D$ �x 贩���� �# H�D$ �x �/�����t
�ۗ@ �~����I���1�� �c � ���������x�@ 1��B��������� H�� ��ȶ@ I�� �����1���,�@ �1����H�@ �'����b�@ � ���� ����=��c ����������ߕ@ ������P�@ ������t�@ �����Q�@ �������@ �ֱ�����@ �̱�����@ �±���˖@ 踱���¾ݖ@ ��@ 1��ܮ���ؔ@ ���@ 1��ˮ���Њ@ 花�����@ 耱�����@ �v����ʗ@ �l����N�@ �b���H���>�@ ���@ 1�腮��� �@ �D��� � H9�u � H��H�W H��H9� �� H�O H9J�u�H�J H9J�u�H�J H9J�u�H9�u(�XH� H�O H�H H�O(H�H H�O0H�H H�O8H��H�� H�� H9�t%H� H9 u�H�H H9O u�H�H H9O u�H�� H9�u�H���H���H���H��(L� L� $H�G H�D$ H�G H�D$ H�G H�D$ H�W��* ����t;H� H�B H�B H�B(H�B H�B0H�B H�B8H�� H�J L9 u�H��H���������u�H� $H� H�D$ H�A H�D$ H�A H�D$ H�A H��(�H9� �� AWAVAUATUSH�� H�_ H9� �� H��H��@H)�H���L�l7@�S ����tdL�C L�s L�{ H9�t"L�D$ H��H)� H�| H���K���L�D$ L�e L�E L�u L�} H�� L9�t)L�#L9e u�H��H��� �����u�H������H�� L9�u�H�� []A\A]A^A_��H9� �� AVAUATUSH�_ H9�twI��H�� H)�H�� L�t� A� �$I9�t H��L)�K�<,L��訣��I�,$H�� I9�t8H�+I;,$r�H�C�H�S�H9�r �)H��H�P H�H�H�P�H9�r�H�(H�� I9�u�[]A\A]A^�H��H�(���H9� �� AVAUATUSH�_ H9�tpI��H�� H)�H�� L�t� A� �$I9�t H��L)�K�<,L��� ���A�,$H�� I9�t1�+A;,$r�H�C��S�9�r �%H�ȉP H�H��P�9�r�(H�� I9�u�[]A\A]A^�H�؉(���f D USH�� I��I��H�B�H��H��?H �H��H�Ճ� H9� �R I���C ����t I�� L��H�� L �I�� K� H�1H�0H�q H�p H�q H�p H�q H�p M��I9�}&I�H L� H�� I�t �L �H� H9 u�H��� ����H�� �� H�\$8H� $H�D$@H�D$ H�D$HH�D$ H�D$PH�D$ I�C�I��I��?I �I��M9� O�s ��I�� K� ��tdH� H� H�B H�A H�B H�A H�B H�A I�H�H��H��?H �H��M��M9� �� I��L��H�� L �H9 u�H��H���O���I�� K� ��u�H� $H� H�D$ H�A H�D$ H�A H�D$ H�A H�� []�H��H�� H �H��ufM��H�B�H��H��?H �H��L9� �����I�� L��H�� L �H�P�H� H�P�H�Q H�P�H�Q H�@�H�A O�\ �L��H�� L �����H���b���H�D$8H� $H�D$@H�D$ H�D$HH�D$ H�D$PH�D$ �6���AWAVAUATUSH��HH��H��I��I��I)�I�� ~sM��I�� I�G�I��I��?I �I��� I�� L��H�� H�t H�t$ H�L H�L$(H�T H�T$0H�D H�D$8H�4$H�L$ H�T$ H�D$ L��L��H���P���M��u�L9� �� I�� I�� I)�I���N�d+ � ����u!H�� L9�toH�E H9 u�H��H��������t�H�3H�K H�S H�C H�} H�;H�} H�{ H�} H�{ H�} H�{ H�4$H�L$ H�T$ H�D$ L��1�H������H�� L9�u�H��H[]A\A]A^A_�USH�B�H��H��?H �H��H�Ճ� H9� �� I��I�C L� H�� L� M� L;T �s I�� N� �M� N� �M��I9�|�H��t`I�@�H��H��?H �H��I9�~8L� �L9�w �-L� �I��H��L9�v N� �L�B�L��H��?L �H��L� �H9�|�I� []�L� �H��u�I��H�B�H��H��?H �H��L9�u�O�D J�D��I� I�� N� ��p���AWAVAUATUSH�� I��H��H)�H��� �; H��M�� �T L�o L�g I�� H�� L� �H�S I� H�N�H�;H9�s_H9� � H9�r_H� H�{ H�N�M��L��H��I��H9�r(H�� H9�v H�� H� H9�w�H9�s<H�M H�8H�H�H� I�8I�� H�� ��H9�r�H9� �� H� H�~�H� H��H�{ �L��H��� ���H��H)�H��� ~nH��M�� �;���H�� H��L�b�I��J� �L��H�������I�� J� �H��L��H�������M��u�I�� I� H� I� L��H)�H��H�� 1�H������H�� �H�� []A\A]A^A_�H� I�8H�N�H�{ H� �����I���q���AWAVAUATUSH��(I��H�t$ H�T$ H�_ H _ � ��c �D$ �� �� �o �� �� �D$ E1�E1�1��(H��诺����u3�|$ �� A�� M��E9n �� D��I�V(H �I�Ԁ=L�c u� �D$ �D$ D���� D1���=�<����� 1�i�-��'��D1��� 1�D�W ��A��A��� F� � c D9�t�E�� �� �� A9�u؉�%� �<� c �b����� A�� M��E9n �e���H�D$ �(�=��c t4A�n �=��c uJ��t �E�L�d� I�~( ;� ���H�� I9�u�H�D$ �(H��([]A\A]A^A_��D$ �(���B�<� c �H�� L�$+L9�t^H��H�� H ��H��?�? )�Hc�H �L��H�������H��� w=L��H���"���H���H�J H9H�toH��H�B H��I9�u�L��� H��H)�H�� �<���H��� H��H�������I9�t�H�} H�E�H�U�H9�r �WH��H�P H�p�H�P�H9�r�H�8H�� I9�u��I9�t�H�� H��I9�t�H�>H9:t�H�z H��H�� H�� H��I9�u��s���H���USH�B�H��H��?H �H��H�Ճ� H9� �� I��I�C L� H�� L� E� D;T �s I�� N� �E� F� �M��I9�|�H��t`I�@�H��H��?H �H��I9�~8D� �D9�w �-D� �I��H��D9�v F� �L�B�L��H��?L �H��L� �H9�|�A� []�L� �H��u�I��H�B�H��H��?H �H��L9�u�O�D B�D��A� I�� N� ��p���AWAVAUATUSH�� I��H��H)�H��@ � H��M�� �4 L�o L�g I�� H�� L� ��S A� �N��;9�sR9� �� 9�rR� �{ �N�M��L��H��I��9�r!H�� 9�v
H�� � 9�w�H9�s1�M �8�H�� A�8I�� H�� ��9�r�9� �� � �~�� ���{ �L��H���9���H��H)�H��@~mH��M�� �V���H�� H��L�b�I��B� �L��H��� ���I�� B� �H��L��H��� ���M��u�I�� A� � A� L��H)�H��H�� 1�H�������H�� �H�� []A\A]A^A_É A�8�N��{ � � ���I���v���AWAVAUATUSH��(H��H�t$ H�T$ H�_ H _ � �c �D$ �� �� D�g E�� �� �D$ E1�E1�E1��'��������u1�|$ � A�� E��D9u �� D��� � U(A�Հ= �c u� �D$ �D$ D���� D1���=� ����� 1�i�-��'���� D1�1�D�O ��A��A��� B�4� c 9�t��� �� �� A9�uډ�%� �<� c 藠��A�� A�� E��D9u �h���H�D$ D� �=�c t7D�e �=�c uPE��t A�D$�L�l� �; }(�K���H�� I9�u�H�D$ D� H��([]A\A]A^A_��D$ �%���B�<� c �x���I�� N�,#L9�tYL��H�� H ��H��?�? )�Hc�H �L��H�������I��@w;L��H�������H��� �r 9p�tiH��H�B H��I9�u�M��� I��I)�I�� �;���L�c@L��H������M9�t�A�4$I�D$�A�T$�9�r �PH�ȉP H�H��P�9�r�0I�� M9�u��I9�t�H�� I��I9�t��192t�r H��H�� H�� I��I9�u��|���L��� H�� 耛��H�� � ps_strings missing
lookup_connect_response_out: unknown request cover_mmap invoked on an already mmapped cover_t object bad checksum in test #%u, want: %hx, got: %hx
bad result of STORE_BY_BITMASK(le16, 0x1234, 0, 16): %x %x %x %x %x %x
bad result of STORE_BY_BITMASK(be16, 0x4567, 13, 3): %x %x %x %x %x %x
both fault injection and rerun are enabled for the same call #%d [%llums] <- %s=0x%llx errno=%d coverage filter was enabled but bitmap initialization failed vsnprintf: string doesn't fit into buffer ifconfig %s inet %s netmask 255.255.255.0 cover enable write trace failed, mode=%d parse_usb_descriptor: found interface #%u (%d, %d) at %p
parse_usb_descriptor: found endpoint #%u at %p
syz_usb_connect: add_usb_index failed
syz_usb_connect: vhci_setport failed with syz_usb_connect: vhci_usb_attach failed with %d
syz_usb_connect: vhci_usb_attach success
syz_usb_connect: received non-control transfer
syz_usb_connect: bReqType: 0x%x (%s), bReq: 0x%x, wVal: 0x%x, wIdx: 0x%x, wLen: %d
lookup_connect_response_in: unknown request syz_usb_connect: unknown control IN request
syz_usb_connect: unknown control OUT request
syz_usb_connect: writing %d bytes
syz_usb_connect: usb_raw_ep0_read/write failed with %d
syz_usb_connect: read %d bytes
syz_usb_connect: vhci_usb_recv failed with %d
syz_usb_connect: add_usb_index success
syz_usb_connect: device data:
syz_usb_connect: vhci_open failed bad thread state in completion running=%d completed=%d flag_threaded=%d current=%d
th #%2d: created=%d executing=%d ready=%d done=%d call_index=%d res=%lld reserrno=%d
command has bad number of arguments using non-main thread in non-thread mode [%llums] exec opts: procid=%llu threaded=%d cover=%d comps=%d dedup=%d signal=%d timeouts=%llu/%llu/%llu prog=%llu filter=%d
syscall=%llu, program=%llu, scale=%llu netbsd amd64 cb2365d65813e006774f4b699735428b0823ab35 44068e196185e2f5a7c94629b6245cdde008b140 setup features: unknown feature leak checking is not implemented bitmap is not found, coverage filter disabled
failed to mmap coverage filter bitmap bad coverage filter bitmap size ioctl$HDAUDIO_FGRP_WIDGET_INFO ioctl$WSDISPLAYIO_GETACTIVESCREEN ioctl$WSKBDIO_GETDEFAULTKEYREPEAT ioctl$WSKBDIO_SETDEFAULTKEYREPEAT ioctl$_O_WSDISPLAYIO_SETKEYBOARD /dev/vhci%llu SYZFAIL: %s
(errno %d: %s)
pos=%p region=[%p:%p] output overflow pos=%p: [%p:%p) input command overflows input result=%lld command refers to bad result failed to chmod /dev/fault clock_gettime failed cover mmap failed setsid failed event already set control pipe write failed failed to open /dev /dev/%s path=%s failed to

---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

syzbot

unread,
Dec 17, 2021, 2:49:26 PM12/17/21
to syzkaller-...@googlegroups.com
syzbot has found a reproducer for the following issue on:

HEAD commit: 28e8edd09dea lint: fix initialization with few braces from..
git tree: netbsd

console output: https://syzkaller.appspot.com/x/log.txt?x=12baac85b00000


kernel config: https://syzkaller.appspot.com/x/.config?x=1420f906d33d9f1f
dashboard link: https://syzkaller.appspot.com/bug?extid=3d5f719234953576d4fb
compiler: g++ (Debian 10.2.1-6) 10.2.1 20210110

syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16caef25b00000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3d5f71...@syzkaller.appspotmail.com

failed to mmap coverage filter bitmap bad coverage filter bitmap size ioctl$HDAUDIO_FGRP_WIDGET_INFO ioctl$WSDISPLAYIO_GETACTIVESCREEN ioctl$WSKBDIO_GETDEFAULTKEYREPEAT ioctl$WSKBDIO_SETDEFAULTKEYREPEAT ioctl$_O_WSDISPLAYIO_SETKEYBOARD /dev/vhci%llu SYZFAIL: %s
(errno %d: %s)
pos=%p region=[%p:%p] output overflow pos=%p: [%p:%p) input command overflows input result=%lld command refers to bad result failed to chmod /dev/fault clock_gettime failed cover mmap failed setsid failed event already set control pipe write failed failed to open /dev /dev/%s path=%s failed to chmod vhci /dev/kcov open of /dev/kcov failed from=%d, to=%d failed to dup cover fd ioctl remote attach failed ioctl init trace write failed SIGSEGV on %p, skipping
SIGSEGV on %p, exiting
(errno %d)
pthread_mutex_init failed pthread_cond_init failed rmdir(%s) failed opendir(%s) failed .. %s/%s lstat(%s) failed unlink(%s) failed � � � > #%d [%llums] -> %s( , failed to open /dev/fault nth=%d FAULT_IOC_ENABLE failed thr=%d, cov=%u too much cover FAULT_IOC_GETINFO failed FAULT_IOC_DISABLE failed cover=%u fault=%d rerun=%d format=%llu bad binary format in swap size=%llu bad big-endian int size off=%llu, len=%llu bitmask for string format copyin: bad argument size bad strdec size %020llu bad strhex size 0x%016llx bad stroct size %023llo unknown binary format mmap of output file failed vsnprintf failed string='%s' command=%s: %d command failed command '%s': %d
tun_id=%d tun_id out of range /dev/tap%d ifconfig %s destroy ifconfig %s create device=%s tun: can't open device dup2(tunfd, kTunFd) failed aa:aa:aa:aa:aa:aa ifconfig %s link %s 172.20.%d.170 aa:aa:aa:aa:aa:bb 172.20.%d.187 arp -s %s %s fe80::%02hxaa ifconfig %s inet6 %s fe80::%02hxbb ndp -s %s%%%s %s %02x copyout: bad argument size tun: read failed extracted seq: %08x
extracted ack: %08x
IN OUT syz_usb_connect: configured
syz_usb_connect: dev: %p
syz_usb_connect: dev is null
failed to close kOutFd type=%llx invalid kcov comp type ncomps=%u too many comparisons ready=%d done=%d executing=%d index=%lld result overflows kMaxCommands negative running bag inet checksum size size=%lld bad checksum const chunk size kind=%llu bad checksum chunk kind bad checksum kind type=%llu bad argument type call_num=%llu invalid syscall number syscall=%s executing disabled syscall syz_usb syz_80211_inject_frame args=%llu bad argument binary format bad argument bitfield bad result argument format out of opened kcov threads pthread_create failed out of threads bad thread state in schedule ./%d failed to mkdir control pipe read failed magic=0x%llx bad execute request magic size=0x%llx bad execute prog size bad timeouts need_prog: no program clone failed failed to chdir spawned worker pid %d
killing hanging pid %d
child failed SKIP FAIL OK version setup feature=%s leak setup_kcsan_filterlist KCSAN is not implemented test === RUN %s
--- %-4s %s
exec unknown command mmap of data segment failed mmap of input file failed failed to mkdtemp failed to chmod dup2(0, kInPipeFd) failed dup2(1, kOutPipeFd) failed dup2(2, 1) failed dup2(2, 0) failed read=%d handshake read failed bad handshake magic syz-cover-bitmap faied to stat coverage filter want=%p, got=%p sandbox fork failed spawned loop pid %d
loop exited with status %d
nobody getpwnam_r("nobody") failed failed to setgroups failed to setgid failed to setuid unknown sandbox type ./syzkaller.XXXXXX test_copyin test_csum_inet test_csum_inet_acc test_coverage_filter __clock_getres50 __clock_gettime50 __clock_settime50 __clone __fhopen40 __fhstat50 __fhstatvfs190 __fstat50 __futimes50 __getcwd __getdents30 __getfh30 __getitimer50 __getlogin __getrusage50 __getvfsstat90 __lstat50 __lutimes50 __mount50 __msync13 __nanosleep50 __posix_chown __posix_fadvise50 __posix_fchown __posix_lchown __posix_rename __select50 __setitimer50 __stat50 __utimes50 __vfork14 __wait450 _ksem_close _ksem_destroy _ksem_getvalue _ksem_init _ksem_open _ksem_post _ksem_timedwait _ksem_trywait _ksem_unlink _ksem_wait _lwp_continue _lwp_create _lwp_ctl _lwp_detach _lwp_exit _lwp_getname _lwp_getprivate _lwp_kill _lwp_self _lwp_setname _lwp_setprivate _lwp_suspend _lwp_unpark _lwp_unpark_all _lwp_wait _lwp_wakeup accept$inet accept$inet6 accept$unix access acct bind bind$inet bind$inet6 bind$unix clock_nanosleep compat_09_ogetdomainname compat_09_osetdomainname compat_09_ouname compat_12_fstat12 compat_12_getdirentries compat_12_lstat12 compat_12_msync compat_12_stat12 compat_20_fstatfs compat_20_getfsstat compat_20_statfs compat_30___fhstat30 compat_30___fstat13 compat_30___lstat13 compat_30___stat13 compat_30_fhopen compat_30_fhstat compat_30_fhstatvfs1 compat_30_getdents compat_30_getfh compat_30_socket compat_40_mount compat_43_fstat43 compat_43_lstat43 compat_43_oaccept compat_43_ocreat compat_43_oftruncate compat_43_ogetdirentries compat_43_ogethostid compat_43_ogethostname compat_43_ogetpeername compat_43_ogetrlimit compat_43_ogetsockname compat_43_olseek compat_43_ommap compat_43_orecv compat_43_orecvfrom compat_43_orecvmsg compat_43_osend compat_43_osendmsg compat_43_osethostid compat_43_osethostname compat_43_osetrlimit compat_43_otruncate compat_43_stat43 compat_50___fstat30 compat_50___lstat30 compat_50___stat30 compat_50__lwp_park compat_50_clock_getres compat_50_clock_gettime compat_50_clock_settime compat_50_futimes compat_50_getitimer compat_50_getrusage compat_50_lutimes compat_50_mknod compat_50_nanosleep compat_50_quotactl compat_50_select compat_50_setitimer compat_50_utimes compat_50_wait4 compat_60__lwp_park compat_90_fhstatvfs1 compat_90_fstatvfs1 compat_90_getvfsstat compat_90_statvfs1 connect$inet connect$inet6 connect$unix dup dup2 dup3 execve faccessat fchdir fchflags fchmod fchmodat fchownat fchroot fcntl$dupfd fcntl$getflags fcntl$getown fcntl$lock fcntl$setflags fcntl$setown fcntl$setstatus fdatasync fktrace flock fpathconf fstatat fsync getegid geteuid getgid getgroups getpeername$inet getpeername$inet6 getpeername$unix getpgid getpgrp getpid getppid getpriority getsid getsockname$inet getsockname$inet6 getsockname$unix getsockopt getsockopt$SO_PEERCRED getsockopt$inet_opts getsockopt$sock_cred getsockopt$sock_int getsockopt$sock_linger getsockopt$sock_timeval getuid ioctl$CONS_GETVERS ioctl$FIOASYNC ioctl$FIOGETBMAP ioctl$FIOGETOWN ioctl$FIONBIO ioctl$FIONREAD ioctl$FIONSPACE ioctl$FIONWRITE ioctl$FIOSEEKDATA ioctl$FIOSEEKHOLE ioctl$FIOSETOWN ioctl$HDAUDIO_AFG_CODEC_INFO ioctl$HDAUDIO_AFG_WIDGET_INFO ioctl$HDAUDIO_FGRP_CODEC_INFO ioctl$HDAUDIO_FGRP_GETCONFIG ioctl$HDAUDIO_FGRP_INFO ioctl$HDAUDIO_FGRP_SETCONFIG ioctl$I2C_IOCTL_EXEC ioctl$KDDISABIO ioctl$KDENABIO ioctl$KDGETLED ioctl$KDGKBMODE ioctl$KDMKTONE ioctl$KDSETLED ioctl$KDSETMODE ioctl$KDSETRAD ioctl$KDSKBMODE ioctl$NETBSD_DM_IOCTL ioctl$OFIOGETBMAP ioctl$TPROF_IOC_GETINFO ioctl$TPROF_IOC_GETSTAT ioctl$TPROF_IOC_START ioctl$TPROF_IOC_STOP ioctl$VT_ACTIVATE ioctl$VT_GETACTIVE ioctl$VT_OPENQRY ioctl$VT_RELDISP ioctl$VT_WAITACTIVE ioctl$WSDISPLAYIO_ADDSCREEN ioctl$WSDISPLAYIO_DELSCREEN ioctl$WSDISPLAYIO_DGSCROLL ioctl$WSDISPLAYIO_DOBLIT ioctl$WSDISPLAYIO_DSSCROLL ioctl$WSDISPLAYIO_GBORDER ioctl$WSDISPLAYIO_GCURMAX ioctl$WSDISPLAYIO_GCURPOS ioctl$WSDISPLAYIO_GCURSOR ioctl$WSDISPLAYIO_GETCMAP ioctl$WSDISPLAYIO_GETPARAM ioctl$WSDISPLAYIO_GETWSCHAR ioctl$WSDISPLAYIO_GET_BUSID ioctl$WSDISPLAYIO_GET_EDID ioctl$WSDISPLAYIO_GET_FBINFO ioctl$WSDISPLAYIO_GINFO ioctl$WSDISPLAYIO_GMODE ioctl$WSDISPLAYIO_GMSGATTRS ioctl$WSDISPLAYIO_GTYPE ioctl$WSDISPLAYIO_GVIDEO ioctl$WSDISPLAYIO_LDFONT ioctl$WSDISPLAYIO_LINEBYTES ioctl$WSDISPLAYIO_PUTCMAP ioctl$WSDISPLAYIO_PUTWSCHAR ioctl$WSDISPLAYIO_SBORDER ioctl$WSDISPLAYIO_SCURPOS ioctl$WSDISPLAYIO_SCURSOR ioctl$WSDISPLAYIO_SETPARAM ioctl$WSDISPLAYIO_SETVERSION ioctl$WSDISPLAYIO_SET_POLLING ioctl$WSDISPLAYIO_SFONT ioctl$WSDISPLAYIO_SMODE ioctl$WSDISPLAYIO_SMSGATTRS ioctl$WSDISPLAYIO_SPROGRESS ioctl$WSDISPLAYIO_SSPLASH ioctl$WSDISPLAYIO_SVIDEO ioctl$WSDISPLAYIO_WAITBLIT ioctl$WSKBDIO_BELL ioctl$WSKBDIO_COMPLEXBELL ioctl$WSKBDIO_GETBELL ioctl$WSKBDIO_GETDEFAULTBELL ioctl$WSKBDIO_GETENCODING ioctl$WSKBDIO_GETKEYCLICK ioctl$WSKBDIO_GETKEYREPEAT ioctl$WSKBDIO_GETLEDS ioctl$WSKBDIO_GETMAP ioctl$WSKBDIO_GETMODE ioctl$WSKBDIO_GETSCROLL ioctl$WSKBDIO_GTYPE ioctl$WSKBDIO_SETBELL ioctl$WSKBDIO_SETDEFAULTBELL ioctl$WSKBDIO_SETENCODING ioctl$WSKBDIO_SETKEYCLICK ioctl$WSKBDIO_SETKEYREPEAT ioctl$WSKBDIO_SETLEDS ioctl$WSKBDIO_SETMAP ioctl$WSKBDIO_SETMODE ioctl$WSKBDIO_SETSCROLL ioctl$WSKBDIO_SETVERSION ioctl$WSMOUSEIO_GCALIBCOORDS ioctl$WSMOUSEIO_GETID ioctl$WSMOUSEIO_GETREPEAT ioctl$WSMOUSEIO_GTYPE ioctl$WSMOUSEIO_SCALIBCOORDS ioctl$WSMOUSEIO_SETREPEAT ioctl$WSMOUSEIO_SETVERSION ioctl$WSMOUSEIO_SRATE ioctl$WSMOUSEIO_SRES ioctl$WSMOUSEIO_SSCALE ioctl$WSMUXIO_ADD_DEVICE ioctl$WSMUXIO_INJECTEVENT ioctl$WSMUXIO_LIST_DEVICES ioctl$WSMUXIO_OINJECTEVENT ioctl$WSMUXIO_REMOVE_DEVICE lchflags lchmod listen madvise mincore minherit mkdirat mknod$loop mknodat mlock mlockall mprotect msgctl$IPC_RMID msgctl$IPC_SET msgctl$IPC_STAT msgget msgget$private msgrcv msgsnd munlock munlockall munmap open$dir openat openat$dm openat$hdaudio openat$i2c openat$tprof openat$wscons paccept pipe pipe2 poll posix_spawn pread preadv profil ptrace pwrite pwritev readlink readlinkat recvfrom$inet recvfrom$inet6 recvfrom$unix recvmmsg renameat rmdir semctl$GETALL semctl$GETNCNT semctl$GETPID semctl$GETVAL semctl$GETZCNT semctl$IPC_RMID semctl$IPC_SET semctl$IPC_STAT semctl$SETALL semctl$SETVAL semget semget$private semop sendmmsg sendmsg$unix sendto sendto$inet sendto$inet6 sendto$unix setegid seteuid setpgid setpriority setregid setreuid setsockopt setsockopt$inet6_MRT6_ADD_MFC setsockopt$inet6_MRT6_ADD_MIF setsockopt$inet6_MRT6_DEL_MFC setsockopt$inet_opts setsockopt$sock_cred setsockopt$sock_int setsockopt$sock_linger setsockopt$sock_timeval shmat shmctl$IPC_RMID shmctl$IPC_SET shmctl$IPC_STAT shmctl$SHM_LOCK shmctl$SHM_UNLOCK shmdt shmget shmget$private shutdown socket$inet socket$inet6 socket$unix socketpair socketpair$unix symlink symlinkat syz_builtin0 syz_builtin1 syz_emit_ethernet syz_execute_func syz_extract_tcp_res syz_extract_tcp_res$synack syz_usb_connect syz_usb_connect$cdc_ecm syz_usb_connect$cdc_ncm syz_usb_connect$hid syz_usb_connect$printer syz_usb_connect$uac1 syz_usb_disconnect umask undelete unlinkat unmount utimensat vfork �� � > �� B CD E ����� B CD E ����� B CD E ����� �� 4Vx 4 Vx �� "3DUfw�����������̻���wfUD3" �� 4 Vx �� "3DUfw�����������̻���wfUD3" �� "3DUfw�����������̻���wfUD3" : �� ƍ@ �� �@ �� "�@ �� %�@ J�@ � L�@ � O�@ �� *�@ 1�@ �C C�@ �C V�@ �C j�@ 2P z�@ �S ��@ �{ ��@ , T( ��@ �p г@ , T �@ , S� �C@ F@ �E@ �E@ �C@ �C@ {E@ �C@ �C@ �C@ �C@ �C@ �C@ �C@ �C@ )E@ �@ �+@ �@ �)@ /�@ f*@ B�@ '6@ ܓ@ %@ g�@

2021/12/17 19:38:09 executed programs: 1
#@ W�@ � h�@ � z�@ � ��@ ��@ � ��@ � ��@ � ��@ � Ø@ � Ϙ@ ( ؘ@ � �@ � �@ � ��@ 1 �@ � �@ � %�@ � /�@ � ;�@ � E�@ O�@ � ]�@ k�@ � }�@ ��@ ��@ ��@ � ��@ � Ù@ � ̙@ � י@ �@ � �@ � ��@ � �@ � �@ � �@ � *�@ � 5�@ E�@ � S�@ � `�@ � k�@ : y�@ 5 ��@ E ��@ ? ��@ 6 ��@ D ��@ < ��@ > ˚@ 7 ՚@ C �@ = �@ 9 ��@ A �@ B �@ 8 %�@ ; g�@ 1�@ =�@ J�@ V�@ ! ]�@ 3 b�@ h g�@ h q�@ h |�@ h [�@ �@ " ~�@ e�@ 2�@ = ��@ � �@ ��@ � ��@ � ț@ � ٛ@ � �@ � �@ � �@ A %�@ � 6�@ � H�@ \�@ � m�@ � ��@ ��@ ��@ ��@ * Μ@ + ߜ@ g ��@ �@ � �@ a (�@ 8�@ > J�@ ( \�@ c n�@ �@ � ��@ � ��@ � @ W ٝ@ � �@ � �@ � �@ -�@ G =�@ f M�@ } a�@ q t�@ e ��@ r ��@ � ��@ X Þ@ � ؞@ � �@ & ��@ � �@ � %�@ � 8�@ @ L�@ � c�@ � {�@ � ��@ � ��@ V ��@ u ͟@ ߟ@ �@ � �@ � �@ ] '�@ S ;�@ � L�@ \�@ � p�@ � ��@ f ��@ d ��@ e W�@ b ��@ b Π@ b ܠ@ b �@ ) ��@ Z �@ � ��@ ; ��@ ��@ � �@ �@ # �@ | �@ � ��@ { (�@ � 1�@ ) 9�@ \ E�@ \ T�@ \ a�@ \ l�@ \ {�@ \ ��@ \ ��@ � ��@ ��@ � �@ ��@ � ��@ � ¡@ _ ��@ � ȡ@ + С@ ء@ / [ 1594.4394892] WARNING: defaulted mmap() share type to MAP_PRIVATE (pid 1151 command syz-executor.0)
2021/12/17 19:38:14 executed programs: 2

Aleksandr Nogikh

unread,
Dec 20, 2021, 8:46:10 AM12/20/21
to syzbot, Dmitry Vyukov, syzkaller-...@googlegroups.com
NetBSD has -static-pie, so memory corruption is an unlikely cause here.
If I'm not mistaken, the repro sets up syscall tracing, then mmaps and
writes (thus causing it to be traced?) the binary code of
syz-executor. Quite clever :)

To prevent such false reports, we could take some strings (like
"SYZFAIL: %s") and add them to ignore lists, like it was done here:
https://github.com/google/syzkaller/commit/18876b0f6970ae5395ecbbd69d72404763153e19
Though not sure if it's a reliable enough solution.
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-netbsd-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-netbsd...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-netbsd-bugs/00000000000017095005d35cd628%40google.com.
Reply all
Reply to author
Forward
0 new messages