winafl
winafl copied to clipboard
googleprojectzero
Program hangs with tinyinst but works when calling normally
Hi!
I have this program here:
#include <windows.h>
#include <iostream>
#include <vector>
#include <fstream>
// Typedefs for function pointers
// typedef HRESULT (__stdcall *ISVGImageFactoryCreate1Proxy_t)(void**);
typedef HRESULT (__stdcall *ISVGImageFactoryCreate1Proxy_t)(void**, char);
/*
void ISVGImageFactoryCreate1Proxy(longlong *param_1,undefined8 param_2)
{
longlong lVar1;
longlong *plVar2;
longlong *local_res8 [4];
plVar2 = Mso::SVG::ISVGImageFactory::Create(local_res8,param_2);
lVar1 = *plVar2;
*plVar2 = 0;
plVar2 = (longlong *)*param_1;
*param_1 = lVar1;
if (plVar2 != (longlong *)0x0) {
(**(code **)(*plVar2 + 8))();
}
plVar2 = local_res8[0];
if (local_res8[0] != (longlong *)0x0) {
local_res8[0] = (longlong *)0x0;
(**(code **)(*plVar2 + 8))();
}
return;
}
*/
// typedef HRESULT (__thiscall *CreateSVGImage_t)(void*, void**);
typedef void* (__thiscall *CreateSVGImage_t)(void*, void*);
typedef void (__thiscall *DestroyFunc)(void*);
HMODULE hDll;
ISVGImageFactoryCreate1Proxy_t ISVGImageFactoryCreate1Proxy;
/*
void PrintLastError(const char* message) {
DWORD errorCode = GetLastError();
LPVOID errorMessage;
FormatMessage(
FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
NULL, errorCode, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
(LPSTR)&errorMessage, 0, NULL);
std::cerr << message << " Error Code: " << errorCode << " - " << (char*)errorMessage << std::endl;
LocalFree(errorMessage);
}
void PrintLastErrorWithModule() {
DWORD error = GetLastError(); // Get the last error code
if (error == 126) {
std::cerr << "Error 126: Module not found (missing dependency)" << std::endl;
} else if (error == 193) {
std::cerr << "Error 193: Incorrect architecture (x86 vs x64 mismatch)" << std::endl;
} else {
std::cerr << "Unknown error: " << error << std::endl;
}
LPVOID messageBuffer;
FormatMessage(
FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
NULL, error, 0, (LPTSTR)&messageBuffer, 0, NULL);
std::cerr << "Error Message: " << (char*)messageBuffer << std::endl;
LocalFree(messageBuffer);
}
*/
void PrintLastError() {
DWORD error = GetLastError();
if (error == 126) {
std::cerr << "Error 126: Module not found (missing dependency)" << std::endl;
} else if (error == 193) {
std::cerr << "Error 193: Incorrect architecture (x86 vs x64 mismatch)" << std::endl;
} else {
std::cerr << "Unknown error: " << error << std::endl;
}
LPVOID messageBuffer;
FormatMessageA(
FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
NULL, error, 0, (LPSTR)&messageBuffer, 0, NULL);
std::cerr << "Error Message: " << (char*)messageBuffer << std::endl;
LocalFree(messageBuffer);
}
// Function to print which module is failing
void PrintMissingDependency(const std::wstring& moduleName) {
HMODULE hModule = LoadLibraryExW(moduleName.c_str(), NULL, LOAD_LIBRARY_SEARCH_DEFAULT_DIRS);
if (!hModule) {
DWORD error = GetLastError();
std::wcerr << L"Failed to load: " << moduleName << L" - Error " << error << std::endl;
} else {
std::wcout << L"Successfully loaded: " << moduleName << std::endl;
FreeLibrary(hModule);
}
}
/*
Microsoft (R) COFF/PE Dumper Version 14.42.34436.0
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file mso40uiWin32Client.dll
File Type: DLL
Image has the following dependencies:
KERNEL32.dll
gdiplus.dll
Mso30Win32Client.dll
Mso20Win32Client.dll
VCRUNTIME140_1.dll
VCRUNTIME140.dll
MSVCP140.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-convert-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-utility-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-filesystem-l1-1-0.dll
api-ms-win-crt-time-l1-1-0.dll
api-ms-win-crt-locale-l1-1-0.dll
api-ms-win-crt-multibyte-l1-1-0.dll
api-ms-win-crt-environment-l1-1-0.dll
Image has the following delay load dependencies:
dbghelp.dll
ADVAPI32.dll
d3d10_1.dll
d3d11.dll
d2d1.dll
DWrite.dll
dwmapi.dll
dxgi.dll
GDI32.dll
NInput.dll
OLEACC.dll
ole32.dll
USER32.dll
VERSION.dll
WindowsCodecs.dll
WINMM.dll
dcomp.dll
api-ms-win-core-winrt-string-l1-1-0.dll
api-ms-win-core-winrt-l1-1-0.dll
api-ms-win-core-winrt-error-l1-1-0.dll
MF.dll
MFPlat.DLL
msi.dll
MSIMG32.dll
OLEAUT32.dll
POWRPROF.dll
SHELL32.dll
SHLWAPI.dll
UIAutomationCore.DLL
UxTheme.dll
WINHTTP.dll
WTSAPI32.dll
XmlLite.dll
react-native-win32.dll
Microsoft.UI.Windowing.Core.dll
WebView2Loader.dll
Summary
4C000 .data
3000 .detourc
2000 .didat
85000 .pdata
6F6000 .rdata
3A000 .reloc
1000 .rsrc
972000 .text
*/
// Function to load DLL and get function pointers
int fuzz_init(void) {
// C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\
// this was previously C:\\Program Files\\Microsoft Office\\root\\Office16\\
// SetDllDirectory("C:\\Program Files\\Microsoft Office\\root\\vfs\\ProgramFilesCommonX64\\Microsoft Shared\\"); // We need to look here
/*
hDll = LoadLibrary("MSOSVG.DLL");
if (!hDll) {
// std::cerr << "Failed to load MSOSVG.DLL\n";
PrintLastError("Failed to load MSOSVG.DLL\n");
return 1;
}*/
// HMODULE hDll = LoadLibraryEx("MSOSVG.dll", NULL, LOAD_LIBRARY_SEARCH_DEFAULT_DIRS);
// Try loading with explicit error detection
// HMODULE hDll = LoadLibraryExW(L"MSOSVG.dll", NULL, LOAD_LIBRARY_SEARCH_DEFAULT_DIRS);
// mso40uiWin32Client.dll
// HMODULE hDll = LoadLibraryExW(L"mso40uiWin32Client.dll", NULL, LOAD_LIBRARY_SEARCH_DEFAULT_DIRS);
HMODULE hDll = LoadLibraryW(L"MSOSVG.dll");
if (!hDll) {
std::cerr << "Failed to load MSOSVG.DLL" << std::endl;
PrintLastError();
// Now manually check each dependency
/*
std::vector<std::wstring> dependencies = {
L"KERNEL32.dll",
L"OLEAUT32.dll",
L"mso40uiWin32Client.dll",
L"Mso20Win32Client.dll",
L"VCRUNTIME140_1.dll",
L"VCRUNTIME140.dll",
L"MSVCP140.dll",
L"api-ms-win-crt-heap-l1-1-0.dll",
L"api-ms-win-crt-runtime-l1-1-0.dll",
L"api-ms-win-crt-string-l1-1-0.dll",
L"api-ms-win-crt-stdio-l1-1-0.dll",
L"api-ms-win-crt-math-l1-1-0.dll",
L"api-ms-win-crt-convert-l1-1-0.dll",
L"api-ms-win-crt-locale-l1-1-0.dll",
L"gfx.dll" // Delay-loaded dependency
};
};
std::vector<std::wstring> delay_load_dependencies = {
*/
std::vector<std::wstring> dependencies = {
L"KERNEL32.dll",
L"gdiplus.dll",
L"Mso30Win32Client.dll",
L"Mso20Win32Client.dll",
L"VCRUNTIME140_1.dll",
L"VCRUNTIME140.dll",
L"MSVCP140.dll",
L"api-ms-win-crt-heap-l1-1-0.dll",
L"api-ms-win-crt-convert-l1-1-0.dll",
L"api-ms-win-crt-runtime-l1-1-0.dll",
L"api-ms-win-crt-string-l1-1-0.dll",
L"api-ms-win-crt-stdio-l1-1-0.dll",
L"api-ms-win-crt-utility-l1-1-0.dll",
L"api-ms-win-crt-math-l1-1-0.dll",
L"api-ms-win-crt-filesystem-l1-1-0.dll",
L"api-ms-win-crt-time-l1-1-0.dll",
L"api-ms-win-crt-locale-l1-1-0.dll",
L"api-ms-win-crt-multibyte-l1-1-0.dll",
L"api-ms-win-crt-environment-l1-1-0.dll",
L"dbghelp.dll",
L"ADVAPI32.dll",
L"d3d10_1.dll",
L"d3d11.dll",
L"d2d1.dll",
L"DWrite.dll",
L"dwmapi.dll",
L"dxgi.dll",
L"GDI32.dll",
L"NInput.dll",
L"OLEACC.dll",
L"ole32.dll",
L"USER32.dll",
L"VERSION.dll",
L"WindowsCodecs.dll",
L"WINMM.dll",
L"dcomp.dll",
L"api-ms-win-core-winrt-string-l1-1-0.dll",
L"api-ms-win-core-winrt-l1-1-0.dll",
L"api-ms-win-core-winrt-error-l1-1-0.dll",
L"MF.dll",
L"MFPlat.DLL",
L"msi.dll",
L"MSIMG32.dll",
L"OLEAUT32.dll",
L"POWRPROF.dll",
L"SHELL32.dll",
L"SHLWAPI.dll",
L"UIAutomationCore.DLL",
L"UxTheme.dll",
L"WINHTTP.dll",
L"WTSAPI32.dll",
L"XmlLite.dll",
L"react-native-win32.dll",
L"Microsoft.UI.Windowing.Core.dll",
L"WebView2Loader.dll"
};
std::wcout << L"Checking dependencies...\n";
for (const auto& dep : dependencies) {
PrintMissingDependency(dep);
}
return 1;
}
// printf("Holy fuck!!!\n");
ISVGImageFactoryCreate1Proxy =
(ISVGImageFactoryCreate1Proxy_t) GetProcAddress(hDll, "ISVGImageFactoryCreate1Proxy");
if (!ISVGImageFactoryCreate1Proxy) {
std::cerr << "Failed to get function address for ISVGImageFactoryCreate1Proxy\n";
FreeLibrary(hDll);
return 1;
}
return 0;
}
// Function to read a file into a buffer
bool ReadFileToBuffer(const std::string& filename, std::vector<uint8_t>& buffer) {
std::ifstream file(filename, std::ios::binary);
if (!file) {
std::cerr << "Error: Could not open file: " << filename << "\n";
return false;
}
file.seekg(0, std::ios::end);
size_t fileSize = file.tellg();
file.seekg(0, std::ios::beg);
if (fileSize < 1) { // Ensure there is data
std::cerr << "Error: File must not be empty!\n";
return false;
}
buffer.resize(fileSize);
file.read(reinterpret_cast<char*>(buffer.data()), fileSize);
return true;
}
#include <objidl.h> // IStream
#include <ole2.h> // CreateStreamOnHGlobal
IStream* CreateMemoryStream(const std::vector<uint8_t>& data) {
IStream* stream = nullptr;
HGLOBAL hMem = GlobalAlloc(GMEM_MOVEABLE, data.size());
if (hMem) {
void* pMem = GlobalLock(hMem);
if (pMem) {
memcpy(pMem, data.data(), data.size());
GlobalUnlock(hMem);
HRESULT hr = CreateStreamOnHGlobal(hMem, TRUE, &stream);
if (FAILED(hr)) {
std::cerr << "Failed to create memory stream!" << std::endl;
return nullptr;
}
}
}
return stream;
}
// Function to call CreateSVGImage
int fuzz_function(const std::vector<uint8_t>& svgData) {
void* factory = nullptr;
void* svgImage = nullptr;
HRESULT res;
printf("Called fuzz function...\n");
// Call the factory function to get an instance of ISVGImageFactory // NOTE: This actually returns void, therefore do not check res
// HRESULT res = ISVGImageFactoryCreate1Proxy(&factory);
ISVGImageFactoryCreate1Proxy(&factory, 0); // Need to pass in flags maybe???
//printf("Here is the factory pointer: %p\n", factory);
//if (FAILED(res) || !factory) {
if (!factory) {
std::cerr << "Error: Failed to get SVGImageFactory!\n";
return 1;
}
// Get the function pointer for CreateSVGImage from the vtable
void** vtable_ptr = *(void***)factory;
CreateSVGImage_t create_svg_func = (CreateSVGImage_t)vtable_ptr[3]; // Usually function at index 5
if (!create_svg_func) {
std::cerr << "Error: Failed to retrieve CreateSVGImage function pointer!\n";
return 1;
}
//printf("Address (this + 0x10): %p\n", (void*)((uintptr_t)factory + 0x10));
void* stream_ptr = *(void**)((uintptr_t)factory + 0x10);
//printf("Stream Pointer: %p\n", stream_ptr);
void** stream_location = (void**)((uintptr_t)factory + 0x10);
IStream* svgStream = CreateMemoryStream(svgData); // svgData is your SVG file contents
*stream_location = svgStream; // Assign our new memory stream to the factory
//printf("New Stream Pointer: %p\n", *stream_location);
*(IStream**)((char*)factory + 0x10) = svgStream;
/*
!!!!!!! IMPORTANT NOTES !!!!!!!
Now the value stored in stream_ptr should be the stream pointer aka a pointer to an ISTREAM object, which I assume is a stream which contains the actual SVG data.
This is based on educated guesses in this decompilation here:
undefined8 * __thiscall
Mso::SVG::SVGImageFactory::CreateSVGImage(SVGImageFactory *this,undefined8 *param_2)
{
loadmorestuff(param_2,*(longlong **)(this + 0x10),(char)this[0x18]);
return param_2;
}
The *(longlong **)(this + 0x10) stuff is basically just a pointer to the stream object.
This is later used here: Mso::SVG::GetUniqueIDFromStream(&local_70,somestreamstuff); in the function.
in GetUniqueIDFromStream we then have this:
void __cdecl Mso::SVG::GetUniqueIDFromStream(undefined8 *param_1,IStream *streamobj)
{
code *pcVar1;
int iVar2;
long lVar3;
long extraout_EAX;
undefined auStack_d8 [48];
undefined8 *local_a8;
undefined8 local_a0 [2];
undefined8 local_90;
undefined8 uStack_88;
undefined *local_78;
undefined8 uStack_70;
undefined4 local_68;
undefined4 local_64;
ulonglong local_18;
local_18 = __security_cookie ^ (ulonglong)auStack_d8;
local_90 = 0;
uStack_88 = 0;
local_a8 = param_1;
iVar2 = (**(code **)(*(longlong *)streamobj + 0x28))(streamobj,0,1,local_a0);
if (iVar2 < 0) {
Ofc::CHResultException::ThrowTag(iVar2,0x138d885);
lVar3 = extraout_EAX;
}
else {
local_68 = 0;
local_64 = 0;
local_78 = &DAT_efcdab8967452301;
uStack_70 = 0x1032547698badcfe;
Ofc::MD4Ctx::UpdateFromIStream((MD4Ctx *)&local_78,streamobj);
Ofc::MD4Ctx::Final((MD4Ctx *)&local_78,(MD4UID *)&local_90);
lVar3 = (**(code **)(*(longlong *)streamobj + 0x28))(streamobj,local_a0[0],0,0);
if (-1 < lVar3) {
*param_1 = local_90;
param_1[1] = uStack_88;
__security_check_cookie(local_18 ^ (ulonglong)auStack_d8);
return;
}
}
Ofc::CHResultException::ThrowTag(lVar3,0x138d886);
pcVar1 = (code *)swi(3);
(*pcVar1)();
return;
}
This is essentially just a caching function....
Ok, so now we have a sigsegv on
180006596 ff 15 3c CALL qword ptr [-> _guard_dispatch_icall ] undefined _guard_dispatch_icall(
21 14 00 = 180142750
18000659c 90 NOP
LAB_18000659d XREF[3]: 1800064ce (j) , 1800064e0 (j) ,
180006587 (j)
18000659d 48 8b c3 MOV RAX ,RBX
1800065a0 eb 09 JMP LAB_1800065ab
1800065a2 48 8b 44 MOV RAX ,qword ptr [RSP + 0x78 ]
24 78
1800065a7 48 83 20 AND qword ptr [RAX ],0x0
00
LAB_1800065ab XREF[1]: 1800065a0 (j)
1800065ab 48 8b 8c MOV suspected_filename ,qword ptr [RSP + local_18 ]
24 a0 00
00 00
1800065b3 48 33 cc XOR suspected_filename ,RSP
1800065b6 e8 95 a8 CALL __security_check_cookie undefined __security_check_cooki
13 00
on the and instruction. this is in loadmorestuff...
This is because the result fails here:
if (plVar2 == (longlong *)0x0) {
Ordinal_21217(0x1e3c3840,0);
pcVar1 = (code *)swi(3);
(*pcVar1)();
return;
}
(**(code **)(*plVar2 + 0x10))(plVar2);
plVar3 = theresul;
*suspected_filename = plVar2;
if (theresul != (longlong *)0x0) {
theresul = (longlong *)0x0;
(**(code **)(*plVar3 + 8))();
}
Here we have a function which basically just checks if we should use caching:
bVar4 = Mso::SVG::SVGImage::FUseCaching();
if (bVar4) {
Mso::SVG::GetUniqueIDFromStream(&local_70,somestreamstuff);
so therefore we can just patch this bullshit out and not use caching? That would be beneficial for fuzzing since it doesn't really make sense to use caching for fuzzing.
Here is the jnz call bullshit:
18000648e e8 99 eb CALL Mso::SVG::SVGImage::FUseCaching bool FUseCaching(void)
03 00
180006493 84 c0 TEST AL ,AL
180006495 75 4e JNZ LAB_1800064e5
180006497 ba 01 00 MOV somestreamstuff ,0x1
00 00
18000649c b9 a0 00 MOV suspected_filename ,0xa0
00 00
so therefore if we just patch the jnz out with nops, we should be good... correct?????
84 c0 75 4e ba 01 00 00 00 b9 a0 00 00 00
"84 c0 75 4e ba 01 00 00 00 b9 a0 00 00\x00"
The parameters to this function here: puVar1 = (undefined8 *)Mso::SVG::SVGImage::SVGImage(local_78,param_2,param_3);
are the following:
*/
// Call CreateSVGImage
// svgImage = create_svg_func(factory, &(void*)svgData.data()); // (void*)svgData.data()
printf("Calling create_svg_func\n");
create_svg_func(factory, &svgImage);
printf("Returned from the thing...\n");
//printf("Here is the svgImage: %p\n", svgImage);
//printf("Value at svgImage: %p\n", *svgImage); // Deref the shit.
if (FAILED(res) || !svgImage) {
//std::cerr << "CreateSVGImage failed!\n";
return 1;
}
//std::cout << "Successfully created SVGImage!\n";
// Cleanup: Destroy the created SVGImage if possible
DestroyFunc destroy_func = (DestroyFunc)vtable_ptr[0]; // Assuming first function in vtable is destroy
if (destroy_func) {
destroy_func(svgImage);
}
return 0;
}
// Main fuzzing function
__declspec(noinline) void __fastcall actual_stuff(char* filename) {
std::vector<uint8_t> buffer;
printf("Reading to file...\n");
if (!ReadFileToBuffer(filename, buffer)) {
return;
}
printf("Now calling fuzz...\n");
fuzz_function(buffer);
printf("After\n");
}
// Loop for continuous fuzzing
__declspec(noinline) void __fastcall loop(char* filename) {
printf("poopoooooooo\n");
actual_stuff(filename);
printf("After the fact...\n");
}
int main(int argc, char** argv) {
if (fuzz_init()) {
std::cerr << "Failed to initialize fuzzing setup\n";
return 0;
}
if (argc != 2) {
std::cerr << "Need to pass input file as command line argument!\n";
return 0;
}
while (1) {
printf("Calling the bullshit...\n");
loop(argv[1]);
}
FreeLibrary(hDll);
return 0;
}
when running normally without afl-fuzz, the binary works normally and loops in the loop function, however when running with this command line:
afl-fuzz.exe -T 100000 -d -i corpus -o findings -y -t 60000 -f input.data -- -instrument_module MSOSVG.DLL -iterations 100000 -target_module fuzzer.exe -target_offset 0x2100 -nargs 1 -persist -- ".\fuzzer.exe" "@@"
I get the following output:
afl-fuzz.exe -T 100000 -d -i corpus -o findings -y -t 60000 -f input.data -- -instrument_module MSOSVG.DLL -iterations 100000 -target_module fuzzer.exe -target_offset 0x2100 -nargs 1 -persist -- ".\fuzzer.exe" "@@"
WinAFL 1.17 by <[email protected]>
Based on AFL 2.43b by <[email protected]>
[+] You have 12 CPU cores with average utilization of 0%.
[+] Try parallel jobs - see afl_docs\parallel_fuzzing.txt.
[*] Checking CPU core loadout...
[+] Found a free CPU core, binding to #0.
[+] Process affinity is set to 1.
[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Scanning 'corpus'...
[+] No auto-generated dictionary tokens to reuse.
[*] Creating hard links for all input files...
[*] Attempting dry run with 'id_000000'...
Calling the bullshit...
Instrumented module MSOSVG.DLL, code size: 1339392
poopoooooooo
Reading to file...
Now calling fuzz...
Called fuzz function...
Calling create_svg_func
[!] WARNING: Process exit during target function
[-] The program took more than 60000 ms to process one of the initial test cases.
In WinAFL, this error could also mean incorrect instrumentation params.
Please make sure instrumentation runs correctly using the debug mode
(see the README) before attempting to run afl-fuzz.
[-] PROGRAM ABORT : Test case 'id_000000' results in a timeout
Location : perform_dry_run(), C:\Users\elsku\newtools\aflfuzz\winafl\afl-fuzz.c:3254
so it hangs in the call to the internal dll function while completing normally during a normal program execution. I am not sure if this is a tinyinst bug or a bug in afl-fuzz.
I have attached all of the files which I used. I used the most recent commit of winafl.
I also tried to run with Dynamorio, but I think I ran into https://github.com/googleprojectzero/winafl/issues/454
The attachment was too large so I have a attached a link to my github here: https://github.com/personnumber3377/debug_files
This is the error in this case:
[!] WARNING: Process exit during target function
However, I can't tell what happened before the process exited. Since I'm seeing things related to C++ exceptions in your code, you might need to add -generate_unwind instrumentation flag (or -patch_return_addresses if -generate_unwind doesn't work). One thing you can also try is -stack_offset 1024.
If you wish to debug further, if you pass -trace_basic_blocks to TinyInst, it will print out each basic block address as it's being executed.
Ok, so I managed to get it working with the flags you mentioned, but I am just going to put my debugging steps here just for more info.
I tried it with this:
.\afl-fuzz.exe -T 100000 -d -i corpus -o findings -y -t 60000 -f input.data -- -instrument_module MSOSVG.DLL -generate_unwind -stack_offset 1024 -trace_basic_blocks -iterations 100000 -target_module fuzzer.exe -target_offset 0x2100 -nargs 1 -persist -- ".\fuzzer.exe" "@@"
and I got a null pointer dereference in winafl:
ntdll!LdrpDoDebuggerBreak+0x35:
00007fff`028014a9 cc int 3
0:000> g
ModLoad: 00007ffe`fedc0000 00007ffe`fedcc000 C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL
ModLoad: 00007fff`002e0000 00007fff`00379000 C:\WINDOWS\System32\bcryptPrimitives.dll
(6af4.96f0): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
afl_fuzz+0x28ac5:
00007ff7`a88b8ac5 488b89b0050000 mov rcx,qword ptr [rcx+5B0h] ds:00000000`000005b0=????????????????
0:000> k
# Child-SP RetAddr Call Site
00 000000fe`aafeeed0 00007ff7`a88b536e afl_fuzz+0x28ac5
01 000000fe`aafeef00 00007ff7`a88b58b4 afl_fuzz+0x2536e
02 000000fe`aafef1c0 00007ff7`a88b2f16 afl_fuzz+0x258b4
03 000000fe`aafef250 00007ff7`a88b45d3 afl_fuzz+0x22f16
04 000000fe`aafef280 00007ff7`a88aea23 afl_fuzz+0x245d3
05 000000fe`aafef2c0 00007ff7`a88add88 afl_fuzz+0x1ea23
06 000000fe`aafef800 00007ff7`a88adb61 afl_fuzz+0x1dd88
07 000000fe`aafef970 00007ff7`a88abf6b afl_fuzz+0x1db61
08 000000fe`aafef9a0 00007ff7`a8892bcd afl_fuzz+0x1bf6b
09 000000fe`aafef9d0 00007ff7`a889eefd afl_fuzz+0x2bcd
0a 000000fe`aafefa60 00007ff7`a889dfb7 afl_fuzz+0xeefd
0b 000000fe`aafefac0 00007ff7`a8c5d700 afl_fuzz+0xdfb7
0c 000000fe`aafefb30 00007fff`00ece8d7 afl_fuzz+0x3cd700
0d 000000fe`aafefb70 00007fff`0279bf6c KERNEL32!BaseThreadInitThunk+0x17
0e 000000fe`aafefba0 00000000`00000000 ntdll!RtlUserThreadStart+0x2c
0:000> u
afl_fuzz+0x28ac5:
00007ff7`a88b8ac5 488b89b0050000 mov rcx,qword ptr [rcx+5B0h]
00007ff7`a88b8acc 488bfa mov rdi,rdx
00007ff7`a88b8acf 4885c9 test rcx,rcx
00007ff7`a88b8ad2 742b je afl_fuzz+0x28aff (00007ff7`a88b8aff)
00007ff7`a88b8ad4 488b83a0050000 mov rax,qword ptr [rbx+5A0h]
00007ff7`a88b8adb 4885c0 test rax,rax
00007ff7`a88b8ade 741f je afl_fuzz+0x28aff (00007ff7`a88b8aff)
00007ff7`a88b8ae0 483b10 cmp rdx,qword ptr [rax]
When compiling winafl to debug mode enabled to find out where this null pointer deref is with these commands here:
cmake -A x64 .. -DCMAKE_MSVC_RUNTIME_LIBRARY=MultiThreadedDL -DDynamoRIO_DIR=C:\Users\elsku\newest\DynamoRIO-Windows-11.90.20161\cmake -DTINYINST=1
cmake --build . --config Debug
I am getting these compiler errors:
C:\Users\elsku\newest\winafl\build64>cmake --build . --config Debug
MSBuild version 17.12.12+1cce77968 for .NET Framework
1>Checking Build System
Building Custom Rule C:/Users/elsku/newest/winafl/CMakeLists.txt
afl-analyze.c
afl-analyze.vcxproj -> C:\Users\elsku\newest\winafl\build64\bin\Debug\afl-analyze.exe
Building Xed
[MBUILD WARNING] Could not find 64b RC command in SDK directory; assuming on PATH
[PYTHON VERSION] 3.13.1
[GIT VERSION] 12.0.1
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/files-xregs.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/via/files-via-padlock.c
fg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/amd/files-amd.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/amd/amdxop/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/mpx/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/cet/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/rdrand/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/glm/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/sha/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/xsaveopt/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/xsaves/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/xsavec/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/clflushopt/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/rdseed/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/fsgsbase/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/smap/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/sgx/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/rdpid/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/pt/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/tremont/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/movdir/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/waitpkg/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/cldemote/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/sgx-enclv/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/avx/files.cfg
[Clearing file list for type dec-spine: [ C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles
/xed-spine.txt ]]
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/ivbavx/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/hswavx/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/hswbmi/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/hsw/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/bdw/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/skl/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/skx/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/pku/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/clwb/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/clx/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/vnni/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/cpx/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/avx512-bf16/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/knl/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/knm/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/4fmaps-512/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/4vnniw-512/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/vpopcntdq-512/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/avx512f/shared-files.cf
g
[Clearing file list for type dec-spine: [ C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles
/avx/avx-spine.txt ]]
CONSIDERING SOURCE C:\Users\elsku\newest\winafl\third_party\TinyInst\third_party\xed\datafiles\knc\xed-operand-values
-interface-uisa.c source 1
ADDING SOURCE C:\Users\elsku\newest\winafl\third_party\TinyInst\third_party\xed\datafiles\knc\xed-operand-values-inte
rface-uisa.c source 1
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/avx512f/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/avx512cd/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/avx512-skx/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/cnl/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/avx512ifma/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/avx512vbmi/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/icl/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/wbnoinvd/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/pconfig/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/bitalg/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/vbmi2/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/gfni-vaes-vpcl/files-ss
e.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/gfni-vaes-vpcl/files-av
x-avx512.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/vpopcntdq-vl/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/tgl/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/vp2intersect/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/keylocker/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/adl/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/hreset/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/avx-vnni/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/spr/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/uintr/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/amx-spr/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/enqcmd/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/tsx-ldtrk/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/serialize/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/future/files.cfg
[EXTF PROCESSING] C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/xed/datafiles/tdx/files.cfg
[EMIT BUILD DEFINES HEADER FILE]
R: 0 P: 0 C: 0 E: 0 / 35 msecs
R: 0 P: 0 C: 0 E: 0 / 67 msecs
[XED KIT BUILD COMPLETE]
[ELAPSED TIME] 6 secs
[RETVAL=0]
Building Custom Rule C:/Users/elsku/newest/winafl/third_party/TinyInst/third_party/CMakeLists.txt
Building Custom Rule C:/Users/elsku/newest/winafl/third_party/TinyInst/CMakeLists.txt
x86_helpers.cpp
x86_assembler.cpp
x86_litecov.cpp
debugger.cpp
winunwind.cpp
common.cpp
tinyinst.cpp
coverage.cpp
litecov.cpp
hook.cpp
Generating Code...
tinyinst.vcxproj -> C:\Users\elsku\newest\winafl\build64\third_party\TinyInst\Debug\tinyinst.lib
Building Custom Rule C:/Users/elsku/newest/winafl/CMakeLists.txt
tinyinst_covmap.cpp
tinyinst_afl.cpp
Generating Code...
winafl_tinyinst.vcxproj -> C:\Users\elsku\newest\winafl\build64\Debug\winafl_tinyinst.lib
Building Custom Rule C:/Users/elsku/newest/winafl/CMakeLists.txt
afl-fuzz.c
tinyinst.lib(common.obj) : error LNK2038: mismatch detected for '_ITERATOR_DEBUG_LEVEL': value '2' doesn't match value
'0' in winafl_tinyinst.lib(tinyinst_afl.obj) [C:\Users\elsku\newest\winafl\build64\afl-fuzz.vcxproj]
tinyinst.lib(common.obj) : error LNK2038: mismatch detected for 'RuntimeLibrary': value 'MDd_DynamicDebug' doesn't matc
h value 'MD_DynamicRelease' in winafl_tinyinst.lib(tinyinst_afl.obj) [C:\Users\elsku\newest\winafl\build64\afl-fuzz.vcx
proj]
tinyinst.lib(debugger.obj) : error LNK2038: mismatch detected for '_ITERATOR_DEBUG_LEVEL': value '2' doesn't match valu
e '0' in winafl_tinyinst.lib(tinyinst_afl.obj) [C:\Users\elsku\newest\winafl\build64\afl-fuzz.vcxproj]
tinyinst.lib(debugger.obj) : error LNK2038: mismatch detected for 'RuntimeLibrary': value 'MDd_DynamicDebug' doesn't ma
tch value 'MD_DynamicRelease' in winafl_tinyinst.lib(tinyinst_afl.obj) [C:\Users\elsku\newest\winafl\build64\afl-fuzz.v
cxproj]
tinyinst.lib(tinyinst.obj) : error LNK2038: mismatch detected for '_ITERATOR_DEBUG_LEVEL': value '2' doesn't match valu
e '0' in winafl_tinyinst.lib(tinyinst_afl.obj) [C:\Users\elsku\newest\winafl\build64\afl-fuzz.vcxproj]
tinyinst.lib(tinyinst.obj) : error LNK2038: mismatch detected for 'RuntimeLibrary': value 'MDd_DynamicDebug' doesn't ma
tch value 'MD_DynamicRelease' in winafl_tinyinst.lib(tinyinst_afl.obj) [C:\Users\elsku\newest\winafl\build64\afl-fuzz.v
cxproj]
tinyinst.lib(winunwind.obj) : error LNK2038: mismatch detected for '_ITERATOR_DEBUG_LEVEL': value '2' doesn't match val
ue '0' in winafl_tinyinst.lib(tinyinst_afl.obj) [C:\Users\elsku\newest\winafl\build64\afl-fuzz.vcxproj]
tinyinst.lib(winunwind.obj) : error LNK2038: mismatch detected for 'RuntimeLibrary': value 'MDd_DynamicDebug' doesn't m
atch value 'MD_DynamicRelease' in winafl_tinyinst.lib(tinyinst_afl.obj) [C:\Users\elsku\newest\winafl\build64\afl-fuzz.
vcxproj]
tinyinst.lib(x86_assembler.obj) : error LNK2038: mismatch detected for '_ITERATOR_DEBUG_LEVEL': value '2' doesn't match
value '0' in winafl_tinyinst.lib(tinyinst_afl.obj) [C:\Users\elsku\newest\winafl\build64\afl-fuzz.vcxproj]
tinyinst.lib(x86_assembler.obj) : error LNK2038: mismatch detected for 'RuntimeLibrary': value 'MDd_DynamicDebug' doesn
't match value 'MD_DynamicRelease' in winafl_tinyinst.lib(tinyinst_afl.obj) [C:\Users\elsku\newest\winafl\build64\afl-f
uzz.vcxproj]
LINK : warning LNK4098: defaultlib 'MSVCRTD' conflicts with use of other libs; use /NODEFAULTLIB:library [C:\Users\elsk
u\newest\winafl\build64\afl-fuzz.vcxproj]
LINK : warning LNK4098: defaultlib 'LIBCMT' conflicts with use of other libs; use /NODEFAULTLIB:library [C:\Users\elsku
\newest\winafl\build64\afl-fuzz.vcxproj]
tinyinst.lib(x86_assembler.obj) : error LNK2001: unresolved external symbol __imp__invalid_parameter [C:\Users\elsku\ne
west\winafl\build64\afl-fuzz.vcxproj]
tinyinst.lib(common.obj) : error LNK2001: unresolved external symbol __imp__invalid_parameter [C:\Users\elsku\newest\wi
nafl\build64\afl-fuzz.vcxproj]
tinyinst.lib(debugger.obj) : error LNK2001: unresolved external symbol __imp__invalid_parameter [C:\Users\elsku\newest\
winafl\build64\afl-fuzz.vcxproj]
tinyinst.lib(tinyinst.obj) : error LNK2001: unresolved external symbol __imp__invalid_parameter [C:\Users\elsku\newest\
winafl\build64\afl-fuzz.vcxproj]
tinyinst.lib(winunwind.obj) : error LNK2001: unresolved external symbol __imp__invalid_parameter [C:\Users\elsku\newest
\winafl\build64\afl-fuzz.vcxproj]
tinyinst.lib(x86_assembler.obj) : error LNK2001: unresolved external symbol __imp__CrtDbgReport [C:\Users\elsku\newest\
winafl\build64\afl-fuzz.vcxproj]
tinyinst.lib(common.obj) : error LNK2001: unresolved external symbol __imp__CrtDbgReport [C:\Users\elsku\newest\winafl\
build64\afl-fuzz.vcxproj]
tinyinst.lib(debugger.obj) : error LNK2001: unresolved external symbol __imp__CrtDbgReport [C:\Users\elsku\newest\winaf
l\build64\afl-fuzz.vcxproj]
tinyinst.lib(tinyinst.obj) : error LNK2001: unresolved external symbol __imp__CrtDbgReport [C:\Users\elsku\newest\winaf
l\build64\afl-fuzz.vcxproj]
tinyinst.lib(winunwind.obj) : error LNK2001: unresolved external symbol __imp__CrtDbgReport [C:\Users\elsku\newest\wina
fl\build64\afl-fuzz.vcxproj]
C:\Users\elsku\newest\winafl\build64\bin\Debug\afl-fuzz.exe : fatal error LNK1120: 2 unresolved externals [C:\Users\els
ku\newest\winafl\build64\afl-fuzz.vcxproj]
Building Custom Rule C:/Users/elsku/newest/winafl/CMakeLists.txt
afl-showmap.c
afl-showmap.vcxproj -> C:\Users\elsku\newest\winafl\build64\bin\Debug\afl-showmap.exe
Building Custom Rule C:/Users/elsku/newest/winafl/CMakeLists.txt
afl-tmin.c
So compiling winafl with debug mode enabled seems to be broken too (I think).
I tried running it with this command here (note the lack of "-generate_unwind"):
.\afl-fuzz.exe -T 100000 -d -i corpus -o findings -y -t 60000 -f input.data -- -instrument_module MSOSVG.DLL -stack_offset 1024 -trace_basic_blocks -iterations 100000 -target_module fuzzer.exe -target_offset 0x2100 -nargs 1 -persist -- ".\fuzzer.exe" "@@"
and I am getting this output:
C:\Users\elsku\fuzzingmssvg\src>.\afl-fuzz.exe -T 100000 -d -i corpus -o findings -y -t 60000 -f input.data -- -instrument_module MSOSVG.DLL -stack_offset 1024 -trace_basic_blocks -iterations 100000 -target_module fuzzer.exe -target_offset 0x2100 -nargs 1 -persist -- ".\fuzzer.exe" "@@"
WinAFL 1.17 by <[email protected]>
Based on AFL 2.43b by <[email protected]>
[+] You have 12 CPU cores with average utilization of 0%.
[+] Try parallel jobs - see afl_docs\parallel_fuzzing.txt.
[*] Checking CPU core loadout...
[+] Found a free CPU core, binding to #0.
[+] Process affinity is set to 1.
[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Scanning 'corpus'...
[+] No auto-generated dictionary tokens to reuse.
[*] Creating hard links for all input files...
[*] Attempting dry run with 'id_000000'...
Calling the bullshit...
Instrumented module MSOSVG.DLL, code size: 1339392
poopoooooooo
Reading to file...
Now calling fuzz...
Called fuzz function...
TRACE: Executing basic block, original at 00007FFEC48F2A30, instrumented at 00007FFEC43D0009
TRACE: Executing basic block, original at 00007FFEC49F4060, instrumented at 00007FFEC43D0194
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEC49F407E, instrumented at 00007FFEC43D01FC
TRACE: Executing basic block, original at 00007FFEC49F408F, instrumented at 00007FFEC43D02CD
TRACE: Executing basic block, original at 00007FFEC48F2A43, instrumented at 00007FFEC43D0047
TRACE: Executing basic block, original at 00007FFEC48F2A62, instrumented at 00007FFEC43D00DB
TRACE: Executing basic block, original at 00007FFEC48F2A7F, instrumented at 00007FFEC43D016D
Calling create_svg_func
TRACE: Executing basic block, original at 00007FFEC49F4020, instrumented at 00007FFEC43D034B
TRACE: Executing basic block, original at 00007FFEC48F645C, instrumented at 00007FFEC43D038F
TRACE: Executing basic block, original at 00007FFEC493502C, instrumented at 00007FFEC43ED2EB
TRACE: Executing basic block, original at 00007FFEC493505E, instrumented at 00007FFEC43ED369
TRACE: Executing basic block, original at 00007FFEC4A30F44, instrumented at 00007FFEC47BDE26
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEC4A30F5A, instrumented at 00007FFEC47BDE86
TRACE: Executing basic block, original at 00007FFEC4A30F5F, instrumented at 00007FFEC47BDEB6
TRACE: Executing basic block, original at 00007FFEC4A30FA9, instrumented at 00007FFEC47BE00F
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEC493506A, instrumented at 00007FFEC43ED3A0
TRACE: Executing basic block, original at 00007FFEC4935073, instrumented at 00007FFEC43ED3D4
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEC4A3053E, instrumented at 00007FFEC47BF55B
TRACE: Executing basic block, original at 00007FFEC4A303DA, instrumented at 00007FFEC47BF588
TRACE: Executing basic block, original at 00007FFEC4A32310, instrumented at 00007FFEC47BF690
TRACE: Executing basic block, original at 00007FFEC4A31F68, instrumented at 00007FFEC47BF6E5
TRACE: Executing basic block, original at 00007FFEC4A31F7E, instrumented at 00007FFEC47BF726
TRACE: Executing basic block, original at 00007FFEC4A32014, instrumented at 00007FFEC47BFA3E
TRACE: Executing basic block, original at 00007FFEC4A3202F, instrumented at 00007FFEC47BFA84
TRACE: Executing basic block, original at 00007FFEC4A32034, instrumented at 00007FFEC47BFAB4
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEC4A32041, instrumented at 00007FFEC47BFB0B
TRACE: Executing basic block, original at 00007FFEC4A3204E, instrumented at 00007FFEC47BFB67
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEC4A3205E, instrumented at 00007FFEC47BFBC1
TRACE: Executing basic block, original at 00007FFEC4A32063, instrumented at 00007FFEC47BFBF1
TRACE: Executing basic block, original at 00007FFEC4A3207A, instrumented at 00007FFEC47BFC52
TRACE: Executing basic block, original at 00007FFEC4A3207F, instrumented at 00007FFEC47BFC82
TRACE: Executing basic block, original at 00007FFEC4A32093, instrumented at 00007FFEC47BFCF9
TRACE: Executing basic block, original at 00007FFEC4A32098, instrumented at 00007FFEC47BFD29
TRACE: Executing basic block, original at 00007FFEC4A320A7, instrumented at 00007FFEC47BFDAC
TRACE: Executing basic block, original at 00007FFEC4A31F83, instrumented at 00007FFEC47BF756
TRACE: Executing basic block, original at 00007FFEC4A31F8C, instrumented at 00007FFEC47BF78A
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEC4A32750, instrumented at 00007FFEC47C1620
TRACE: Executing basic block, original at 00007FFEC4A31FA0, instrumented at 00007FFEC47BF7E8
TRACE: Executing basic block, original at 00007FFEC4A31FBB, instrumented at 00007FFEC47BF8B4
TRACE: Executing basic block, original at 00007FFEC4A31FCD, instrumented at 00007FFEC47BF8F1
TRACE: Executing basic block, original at 00007FFEC4A321E8, instrumented at 00007FFEC47BFDD8
TRACE: Executing basic block, original at 00007FFEC4A3214C, instrumented at 00007FFEC47BFE25
TRACE: Executing basic block, original at 00007FFEC4A3217C, instrumented at 00007FFEC47BFE80
TRACE: Executing basic block, original at 00007FFEC4A3218B, instrumented at 00007FFEC47BFEBA
TRACE: Executing basic block, original at 00007FFEC4A321A7, instrumented at 00007FFEC47BFF01
TRACE: Executing basic block, original at 00007FFEC4A321AF, instrumented at 00007FFEC47BFF34
TRACE: Executing basic block, original at 00007FFEC4A321B9, instrumented at 00007FFEC47BFF69
TRACE: Executing basic block, original at 00007FFEC4A321A7, instrumented at 00007FFEC47BFF01
TRACE: Executing basic block, original at 00007FFEC4A321AF, instrumented at 00007FFEC47BFF34
TRACE: Executing basic block, original at 00007FFEC4A321B9, instrumented at 00007FFEC47BFF69
TRACE: Executing basic block, original at 00007FFEC4A321A7, instrumented at 00007FFEC47BFF01
TRACE: Executing basic block, original at 00007FFEC4A321AF, instrumented at 00007FFEC47BFF34
TRACE: Executing basic block, original at 00007FFEC4A321B9, instrumented at 00007FFEC47BFF69
TRACE: Executing basic block, original at 00007FFEC4A321A7, instrumented at 00007FFEC47BFF01
TRACE: Executing basic block, original at 00007FFEC4A321AF, instrumented at 00007FFEC47BFF34
TRACE: Executing basic block, original at 00007FFEC4A321B9, instrumented at 00007FFEC47BFF69
TRACE: Executing basic block, original at 00007FFEC4A321A7, instrumented at 00007FFEC47BFF01
TRACE: Executing basic block, original at 00007FFEC4A321AF, instrumented at 00007FFEC47BFF34
TRACE: Executing basic block, original at 00007FFEC4A321D7, instrumented at 00007FFEC47BFFD3
TRACE: Executing basic block, original at 00007FFEC4A321C7, instrumented at 00007FFEC47C0006
TRACE: Executing basic block, original at 00007FFEC4A3220A, instrumented at 00007FFEC47C0037
TRACE: Executing basic block, original at 00007FFEC4A3221A, instrumented at 00007FFEC47C0096
TRACE: Executing basic block, original at 00007FFEC4A32223, instrumented at 00007FFEC47C00CA
TRACE: Executing basic block, original at 00007FFEC4A3223E, instrumented at 00007FFEC47C0372
TRACE: Executing basic block, original at 00007FFEC4A320B4, instrumented at 00007FFEC47C0147
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEC4A320D8, instrumented at 00007FFEC47C01B5
TRACE: Executing basic block, original at 00007FFEC4A320E2, instrumented at 00007FFEC47C021C
TRACE: Executing basic block, original at 00007FFEC4A3213B, instrumented at 00007FFEC47C0340
TRACE: Executing basic block, original at 00007FFEC4A3224A, instrumented at 00007FFEC47C03A9
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEC4A3225D, instrumented at 00007FFEC47C0406
TRACE: Executing basic block, original at 00007FFEC4A32266, instrumented at 00007FFEC47C046B
TRACE: Executing basic block, original at 00007FFEC4A31FDE, instrumented at 00007FFEC47BF92D
TRACE: Executing basic block, original at 00007FFEC4A32014, instrumented at 00007FFEC47BFA3E
TRACE: Executing basic block, original at 00007FFEC4A3202F, instrumented at 00007FFEC47BFA84
TRACE: Executing basic block, original at 00007FFEC4A320A0, instrumented at 00007FFEC47BFD55
TRACE: Executing basic block, original at 00007FFEC4A320A7, instrumented at 00007FFEC47BFDAC
TRACE: Executing basic block, original at 00007FFEC4A31FE3, instrumented at 00007FFEC47BF95D
TRACE: Executing basic block, original at 00007FFEC4A31FE7, instrumented at 00007FFEC47BF98C
TRACE: Executing basic block, original at 00007FFEC4A32750, instrumented at 00007FFEC47C1620
TRACE: Executing basic block, original at 00007FFEC4A3233A, instrumented at 00007FFEC47C049C
TRACE: Executing basic block, original at 00007FFEC4A323C4, instrumented at 00007FFEC47C0957
TRACE: Executing basic block, original at 00007FFEC4A323E3, instrumented at 00007FFEC47C09A1
TRACE: Executing basic block, original at 00007FFEC4A323FD, instrumented at 00007FFEC47C0A18
TRACE: Executing basic block, original at 00007FFEC4A3242A, instrumented at 00007FFEC47C0B19
TRACE: Executing basic block, original at 00007FFEC4A32433, instrumented at 00007FFEC47C0B4D
TRACE: Executing basic block, original at 00007FFEC4A3244D, instrumented at 00007FFEC47C0C07
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEC4A3245C, instrumented at 00007FFEC47C0C60
TRACE: Executing basic block, original at 00007FFEC4A324B9, instrumented at 00007FFEC47C0E68
TRACE: Executing basic block, original at 00007FFEC4A324CD, instrumented at 00007FFEC47C0EF1
TRACE: Executing basic block, original at 00007FFEC4A324EF, instrumented at 00007FFEC47C0FF0
TRACE: Executing basic block, original at 00007FFEC4A324F8, instrumented at 00007FFEC47C1024
TRACE: Executing basic block, original at 00007FFEC4A3252D, instrumented at 00007FFEC47C115B
TRACE: Executing basic block, original at 00007FFEC4A3253A, instrumented at 00007FFEC47C11B2
TRACE: Executing basic block, original at 00007FFEC4A32597, instrumented at 00007FFEC47C13FF
TRACE: Executing basic block, original at 00007FFEC4A325C2, instrumented at 00007FFEC47C14D6
TRACE: Executing basic block, original at 00007FFEC4A32278, instrumented at 00007FFEC47C0560
TRACE: Executing basic block, original at 00007FFEC4A32288, instrumented at 00007FFEC47C059B
TRACE: Executing basic block, original at 00007FFEC4A32014, instrumented at 00007FFEC47BFA3E
TRACE: Executing basic block, original at 00007FFEC4A3202F, instrumented at 00007FFEC47BFA84
TRACE: Executing basic block, original at 00007FFEC4A320A0, instrumented at 00007FFEC47BFD55
TRACE: Executing basic block, original at 00007FFEC4A320A7, instrumented at 00007FFEC47BFDAC
TRACE: Executing basic block, original at 00007FFEC4A3228D, instrumented at 00007FFEC47C05CB
TRACE: Executing basic block, original at 00007FFEC4A32291, instrumented at 00007FFEC47C05FA
TRACE: Executing basic block, original at 00007FFEC4A32750, instrumented at 00007FFEC47C1620
TRACE: Executing basic block, original at 00007FFEC4A322A5, instrumented at 00007FFEC47C0658
TRACE: Executing basic block, original at 00007FFEC4A322C3, instrumented at 00007FFEC47C0727
TRACE: Executing basic block, original at 00007FFEC4A322CC, instrumented at 00007FFEC47C075B
TRACE: Executing basic block, original at 00007FFEC4A321E8, instrumented at 00007FFEC47BFDD8
TRACE: Executing basic block, original at 00007FFEC4A3214C, instrumented at 00007FFEC47BFE25
TRACE: Executing basic block, original at 00007FFEC4A3217C, instrumented at 00007FFEC47BFE80
TRACE: Executing basic block, original at 00007FFEC4A3218B, instrumented at 00007FFEC47BFEBA
TRACE: Executing basic block, original at 00007FFEC4A321A7, instrumented at 00007FFEC47BFF01
TRACE: Executing basic block, original at 00007FFEC4A321AF, instrumented at 00007FFEC47BFF34
TRACE: Executing basic block, original at 00007FFEC4A321B9, instrumented at 00007FFEC47BFF69
TRACE: Executing basic block, original at 00007FFEC4A321A7, instrumented at 00007FFEC47BFF01
TRACE: Executing basic block, original at 00007FFEC4A321AF, instrumented at 00007FFEC47BFF34
TRACE: Executing basic block, original at 00007FFEC4A321B9, instrumented at 00007FFEC47BFF69
TRACE: Executing basic block, original at 00007FFEC4A321A7, instrumented at 00007FFEC47BFF01
TRACE: Executing basic block, original at 00007FFEC4A321AF, instrumented at 00007FFEC47BFF34
TRACE: Executing basic block, original at 00007FFEC4A321B9, instrumented at 00007FFEC47BFF69
TRACE: Executing basic block, original at 00007FFEC4A321A7, instrumented at 00007FFEC47BFF01
TRACE: Executing basic block, original at 00007FFEC4A321AF, instrumented at 00007FFEC47BFF34
TRACE: Executing basic block, original at 00007FFEC4A321B9, instrumented at 00007FFEC47BFF69
TRACE: Executing basic block, original at 00007FFEC4A321A7, instrumented at 00007FFEC47BFF01
TRACE: Executing basic block, original at 00007FFEC4A321AF, instrumented at 00007FFEC47BFF34
TRACE: Executing basic block, original at 00007FFEC4A321D7, instrumented at 00007FFEC47BFFD3
TRACE: Executing basic block, original at 00007FFEC4A321C7, instrumented at 00007FFEC47C0006
TRACE: Executing basic block, original at 00007FFEC4A3220A, instrumented at 00007FFEC47C0037
TRACE: Executing basic block, original at 00007FFEC4A3221A, instrumented at 00007FFEC47C0096
TRACE: Executing basic block, original at 00007FFEC4A3224A, instrumented at 00007FFEC47C03A9
TRACE: Executing basic block, original at 00007FFEC4A3225D, instrumented at 00007FFEC47C0406
TRACE: Executing basic block, original at 00007FFEC4A32266, instrumented at 00007FFEC47C046B
TRACE: Executing basic block, original at 00007FFEC4A322DC, instrumented at 00007FFEC47C0796
TRACE: Executing basic block, original at 00007FFEC4A32014, instrumented at 00007FFEC47BFA3E
TRACE: Executing basic block, original at 00007FFEC4A3202F, instrumented at 00007FFEC47BFA84
TRACE: Executing basic block, original at 00007FFEC4A320A0, instrumented at 00007FFEC47BFD55
TRACE: Executing basic block, original at 00007FFEC4A320A7, instrumented at 00007FFEC47BFDAC
TRACE: Executing basic block, original at 00007FFEC4A322E1, instrumented at 00007FFEC47C07C6
TRACE: Executing basic block, original at 00007FFEC4A322E5, instrumented at 00007FFEC47C07F5
TRACE: Executing basic block, original at 00007FFEC4A32750, instrumented at 00007FFEC47C1620
TRACE: Executing basic block, original at 00007FFEC4A322F9, instrumented at 00007FFEC47C0853
TRACE: Executing basic block, original at 00007FFEC4A32306, instrumented at 00007FFEC47C08AA
TRACE: Executing basic block, original at 00007FFEC4A325C7, instrumented at 00007FFEC47C1506
TRACE: Executing basic block, original at 00007FFEC4A30419, instrumented at 00007FFEC47BF5F2
TRACE: Executing basic block, original at 00007FFEC4A30452, instrumented at 00007FFEC47BF64E
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEC4935079, instrumented at 00007FFEC43ED424
TRACE: Executing basic block, original at 00007FFEC4A30ED8, instrumented at 00007FFEC47BDCEA
TRACE: Executing basic block, original at 00007FFEC4A30EEE, instrumented at 00007FFEC47BDD4A
TRACE: Executing basic block, original at 00007FFEC4A30F2E, instrumented at 00007FFEC47BDDD4
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEC493508B, instrumented at 00007FFEC43ED461
TRACE: Executing basic block, original at 00007FFEC4935053, instrumented at 00007FFEC43ED33D
TRACE: Executing basic block, original at 00007FFEC48F6493, instrumented at 00007FFEC43D03F1
TRACE: Executing basic block, original at 00007FFEC48F64A7, instrumented at 00007FFEC43D044F
TRACE: Executing basic block, original at 00007FFEC48F64B2, instrumented at 00007FFEC43D04CF
TRACE: Executing basic block, original at 00007FFEC48F3424, instrumented at 00007FFEC43D050D
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEC48F3496, instrumented at 00007FFEC43D05C9
TRACE: Executing basic block, original at 00007FFEC48F34B0, instrumented at 00007FFEC43D060E
TRACE: Executing basic block, original at 00007FFEC4A32750, instrumented at 00007FFEC47C1620
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEC48F34C0, instrumented at 00007FFEC43D0668
TRACE: Executing basic block, original at 00007FFEC48F47A0, instrumented at 00007FFEC43D081F
TRACE: Executing basic block, original at 00007FFEC4A32680, instrumented at 00007FFEC47BF1C5
TRACE: Executing basic block, original at 00007FFEC4A326C0, instrumented at 00007FFEC47BF296
TRACE: Executing basic block, original at 00007FFEC48F47C2, instrumented at 00007FFEC43D086C
TRACE: Executing basic block, original at 00007FFEC4A32750, instrumented at 00007FFEC47C1620
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEC48F4804, instrumented at 00007FFEC43D08F8
TRACE: Executing basic block, original at 00007FFEC48F480C, instrumented at 00007FFEC43D092B
TRACE: Executing basic block, original at 00007FFEC4A32750, instrumented at 00007FFEC47C1620
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEC48F4830, instrumented at 00007FFEC43D0999
TRACE: Executing basic block, original at 00007FFEC48F4838, instrumented at 00007FFEC43D09CC
TRACE: Executing basic block, original at 00007FFEC48F4842, instrumented at 00007FFEC43D0A01
TRACE: Executing basic block, original at 00007FFEC48F4857, instrumented at 00007FFEC43D0A6C
TRACE: Executing basic block, original at 00007FFEC48F4865, instrumented at 00007FFEC43D0AC9
TRACE: Executing basic block, original at 00007FFEC48F4873, instrumented at 00007FFEC43D0B26
TRACE: Executing basic block, original at 00007FFEC4A32750, instrumented at 00007FFEC47C1620
TRACE: Executing basic block, original at 00007FFEC48F48C0, instrumented at 00007FFEC43D0CE2
TRACE: Executing basic block, original at 00007FFEC48F48C8, instrumented at 00007FFEC43D0D15
TRACE: Executing basic block, original at 00007FFEC48F48D4, instrumented at 00007FFEC43D0D4C
TRACE: Executing basic block, original at 00007FFEC48F4994, instrumented at 00007FFEC43D1086
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEC48F49BA, instrumented at 00007FFEC43D10F6
TRACE: Executing basic block, original at 00007FFEC48F49D2, instrumented at 00007FFEC43D11AE
TRACE: Executing basic block, original at 00007FFEC48F49D8, instrumented at 00007FFEC43D11DF
TRACE: Executing basic block, original at 00007FFEC48F4A1E, instrumented at 00007FFEC43D12F7
TRACE: Executing basic block, original at 00007FFEC48F4A29, instrumented at 00007FFEC43D1391
TRACE: Executing basic block, original at 00007FFEC48F4A7F, instrumented at 00007FFEC43D1461
TRACE: Executing basic block, original at 00007FFEC48F8F44, instrumented at 00007FFEC43DB7B1
TRACE: Executing basic block, original at 00007FFEC48F8F88, instrumented at 00007FFEC43DB820
TRACE: Executing basic block, original at 00007FFEC48F8F9C, instrumented at 00007FFEC43DB85F
TRACE: Executing basic block, original at 00007FFEC48F8FAD, instrumented at 00007FFEC43DB89B
TRACE: Executing basic block, original at 00007FFEC48F91E4, instrumented at 00007FFEC43DC245
TRACE: Executing basic block, original at 00007FFEC48F9206, instrumented at 00007FFEC43DC292
TRACE: Executing basic block, original at 00007FFEC48F920D, instrumented at 00007FFEC43DC2C4
TRACE: Executing basic block, original at 00007FFEC48F923B, instrumented at 00007FFEC43DC3E1
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEC48F9241, instrumented at 00007FFEC43DC431
TRACE: Executing basic block, original at 00007FFEC48F924D, instrumented at 00007FFEC43DC4E7
TRACE: Executing basic block, original at 00007FFEC48F8FCA, instrumented at 00007FFEC43DB91D
TRACE: Executing basic block, original at 00007FFEC48F9048, instrumented at 00007FFEC43DBBB0
TRACE: Executing basic block, original at 00007FFEC4A325F0, instrumented at 00007FFEC47BF17F
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEC48F9050, instrumented at 00007FFEC43DBBE3
TRACE: Executing basic block, original at 00007FFEC4A325F0, instrumented at 00007FFEC47BF17F
TRACE: Executing basic block, original at 00007FFEC48F905E, instrumented at 00007FFEC43DBC1C
TRACE: Executing basic block, original at 00007FFEC48F4A98, instrumented at 00007FFEC43D14A5
TRACE: Executing basic block, original at 00007FFEC48F4AB0, instrumented at 00007FFEC43D14E8
TRACE: Executing basic block, original at 00007FFEC48F4ABE, instrumented at 00007FFEC43D1554
TRACE: Executing basic block, original at 00007FFEC48F4AE5, instrumented at 00007FFEC43D15F5
TRACE: Executing basic block, original at 00007FFEC48F4AF7, instrumented at 00007FFEC43D16F3
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEC48F4B1E, instrumented at 00007FFEC43D1764
TRACE: Executing basic block, original at 00007FFEC48F4B34, instrumented at 00007FFEC43D17EF
TRACE: Executing basic block, original at 00007FFEC48F4B4D, instrumented at 00007FFEC43D1833
TRACE: Executing basic block, original at 00007FFEC48F4B58, instrumented at 00007FFEC43D1869
TRACE: Executing basic block, original at 00007FFEC48F4B85, instrumented at 00007FFEC43D1986
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEC48F4B8B, instrumented at 00007FFEC43D19D6
TRACE: Executing basic block, original at 00007FFEC4A30E50, instrumented at 00007FFEC47BDC0E
TRACE: Executing basic block, original at 00007FFEC4A30E59, instrumented at 00007FFEC47BDC42
TRACE: Executing basic block, original at 00007FFEC4A30E64, instrumented at 00007FFEC47BDC78
TRACE: Executing basic block, original at 00007FFEC48F4B9D, instrumented at 00007FFEC43D1A13
TRACE: Executing basic block, original at 00007FFEC48F34D9, instrumented at 00007FFEC43D06EF
TRACE: Executing basic block, original at 00007FFEC48F4C78, instrumented at 00007FFEC43D1F53
TRACE: Executing basic block, original at 00007FFEC4A32680, instrumented at 00007FFEC47BF1C5
TRACE: Executing basic block, original at 00007FFEC4A326C0, instrumented at 00007FFEC47BF296
TRACE: Executing basic block, original at 00007FFEC48F4C9C, instrumented at 00007FFEC43D1FA2
TRACE: Executing basic block, original at 00007FFEC48F4CD5, instrumented at 00007FFEC43D2006
TRACE: Executing basic block, original at 00007FFEC4A32750, instrumented at 00007FFEC47C1620
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEC48F4CF0, instrumented at 00007FFEC43D206B
TRACE: Executing basic block, original at 00007FFEC48F4CF9, instrumented at 00007FFEC43D209F
TRACE: Executing basic block, original at 00007FFEC48F4D15, instrumented at 00007FFEC43D2164
TRACE: Executing basic block, original at 00007FFEC48F4E2B, instrumented at 00007FFEC43D27A0
TRACE: Executing basic block, original at 00007FFEC48F4E42, instrumented at 00007FFEC43D282C
TRACE: Executing basic block, original at 00007FFEC48F4E52, instrumented at 00007FFEC43D2886
TRACE: Executing basic block, original at 00007FFEC48F4E5E, instrumented at 00007FFEC43D2944
TRACE: Executing basic block, original at 00007FFEC4900EAC, instrumented at 00007FFEC43DD2AE
TRACE: Executing basic block, original at 00007FFEC4900F08, instrumented at 00007FFEC43DD354
TRACE: Executing basic block, original at 00007FFEC4900F14, instrumented at 00007FFEC43DD444
TRACE: Executing basic block, original at 00007FFEC4908B60, instrumented at 00007FFEC43E471C
TRACE: Executing basic block, original at 00007FFEC4908B99, instrumented at 00007FFEC43E4780
TRACE: Executing basic block, original at 00007FFEC4908BAC, instrumented at 00007FFEC43E47BE
TRACE: Executing basic block, original at 00007FFEC4908C07, instrumented at 00007FFEC43E4983
TRACE: Executing basic block, original at 00007FFEC4908C36, instrumented at 00007FFEC43E4ADF
TRACE: Executing basic block, original at 00007FFEC4908C3F, instrumented at 00007FFEC43E4B32
TRACE: Executing basic block, original at 00007FFEC4908BBD, instrumented at 00007FFEC43E4AA1
TRACE: Executing basic block, original at 00007FFEC4908BF6, instrumented at 00007FFEC43E494E
TRACE: Executing basic block, original at 00007FFEC4908C60, instrumented at 00007FFEC43E4CC9
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C65, instrumented at 00007FFEC43E4CF9
TRACE: Executing basic block, original at 00007FFEC4908C86, instrumented at 00007FFEC43E4DA5
TRACE: Executing basic block, original at 00007FFEC4900F58, instrumented at 00007FFEC43DD4B3
TRACE: Executing basic block, original at 00007FFEC4900F74, instrumented at 00007FFEC43DD519
TRACE: Executing basic block, original at 00007FFEC4900F80, instrumented at 00007FFEC43DD5F8
TRACE: Executing basic block, original at 00007FFEC4908B60, instrumented at 00007FFEC43E471C
TRACE: Executing basic block, original at 00007FFEC4908B99, instrumented at 00007FFEC43E4780
TRACE: Executing basic block, original at 00007FFEC4908BAC, instrumented at 00007FFEC43E47BE
TRACE: Executing basic block, original at 00007FFEC4908C07, instrumented at 00007FFEC43E4983
TRACE: Executing basic block, original at 00007FFEC4908C36, instrumented at 00007FFEC43E4ADF
TRACE: Executing basic block, original at 00007FFEC4908C3F, instrumented at 00007FFEC43E4B32
TRACE: Executing basic block, original at 00007FFEC4908BBD, instrumented at 00007FFEC43E4AA1
TRACE: Executing basic block, original at 00007FFEC4908BF6, instrumented at 00007FFEC43E494E
TRACE: Executing basic block, original at 00007FFEC4908C60, instrumented at 00007FFEC43E4CC9
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C65, instrumented at 00007FFEC43E4CF9
TRACE: Executing basic block, original at 00007FFEC4908C86, instrumented at 00007FFEC43E4DA5
TRACE: Executing basic block, original at 00007FFEC4900FB3, instrumented at 00007FFEC43DD656
TRACE: Executing basic block, original at 00007FFEC4900FD2, instrumented at 00007FFEC43DD6BF
TRACE: Executing basic block, original at 00007FFEC4900FDE, instrumented at 00007FFEC43DD79E
TRACE: Executing basic block, original at 00007FFEC4908B60, instrumented at 00007FFEC43E471C
TRACE: Executing basic block, original at 00007FFEC4908B99, instrumented at 00007FFEC43E4780
TRACE: Executing basic block, original at 00007FFEC4908BAC, instrumented at 00007FFEC43E47BE
TRACE: Executing basic block, original at 00007FFEC4908C07, instrumented at 00007FFEC43E4983
TRACE: Executing basic block, original at 00007FFEC4908C36, instrumented at 00007FFEC43E4ADF
TRACE: Executing basic block, original at 00007FFEC4908C3F, instrumented at 00007FFEC43E4B32
TRACE: Executing basic block, original at 00007FFEC4908BBD, instrumented at 00007FFEC43E4AA1
TRACE: Executing basic block, original at 00007FFEC4908BF6, instrumented at 00007FFEC43E494E
TRACE: Executing basic block, original at 00007FFEC4908C60, instrumented at 00007FFEC43E4CC9
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C65, instrumented at 00007FFEC43E4CF9
TRACE: Executing basic block, original at 00007FFEC4908C86, instrumented at 00007FFEC43E4DA5
TRACE: Executing basic block, original at 00007FFEC4901011, instrumented at 00007FFEC43DD7FC
TRACE: Executing basic block, original at 00007FFEC4901030, instrumented at 00007FFEC43DD865
TRACE: Executing basic block, original at 00007FFEC490103C, instrumented at 00007FFEC43DD944
TRACE: Executing basic block, original at 00007FFEC4908B60, instrumented at 00007FFEC43E471C
TRACE: Executing basic block, original at 00007FFEC4908B99, instrumented at 00007FFEC43E4780
TRACE: Executing basic block, original at 00007FFEC4908BAC, instrumented at 00007FFEC43E47BE
TRACE: Executing basic block, original at 00007FFEC4908C07, instrumented at 00007FFEC43E4983
TRACE: Executing basic block, original at 00007FFEC4908C36, instrumented at 00007FFEC43E4ADF
TRACE: Executing basic block, original at 00007FFEC4908C3F, instrumented at 00007FFEC43E4B32
TRACE: Executing basic block, original at 00007FFEC4908BBD, instrumented at 00007FFEC43E4AA1
TRACE: Executing basic block, original at 00007FFEC4908BF6, instrumented at 00007FFEC43E494E
TRACE: Executing basic block, original at 00007FFEC4908C60, instrumented at 00007FFEC43E4CC9
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C65, instrumented at 00007FFEC43E4CF9
TRACE: Executing basic block, original at 00007FFEC4908C86, instrumented at 00007FFEC43E4DA5
TRACE: Executing basic block, original at 00007FFEC490106F, instrumented at 00007FFEC43DD9A2
TRACE: Executing basic block, original at 00007FFEC490108E, instrumented at 00007FFEC43DDA0B
TRACE: Executing basic block, original at 00007FFEC490109A, instrumented at 00007FFEC43DDAEA
TRACE: Executing basic block, original at 00007FFEC4908B60, instrumented at 00007FFEC43E471C
TRACE: Executing basic block, original at 00007FFEC4908B99, instrumented at 00007FFEC43E4780
TRACE: Executing basic block, original at 00007FFEC4908BAC, instrumented at 00007FFEC43E47BE
TRACE: Executing basic block, original at 00007FFEC4908C07, instrumented at 00007FFEC43E4983
TRACE: Executing basic block, original at 00007FFEC4908C36, instrumented at 00007FFEC43E4ADF
TRACE: Executing basic block, original at 00007FFEC4908C3F, instrumented at 00007FFEC43E4B32
TRACE: Executing basic block, original at 00007FFEC4908BBD, instrumented at 00007FFEC43E4AA1
TRACE: Executing basic block, original at 00007FFEC4908BF6, instrumented at 00007FFEC43E494E
TRACE: Executing basic block, original at 00007FFEC4908C60, instrumented at 00007FFEC43E4CC9
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C65, instrumented at 00007FFEC43E4CF9
TRACE: Executing basic block, original at 00007FFEC4908C86, instrumented at 00007FFEC43E4DA5
TRACE: Executing basic block, original at 00007FFEC49010CD, instrumented at 00007FFEC43DDB48
TRACE: Executing basic block, original at 00007FFEC49010EC, instrumented at 00007FFEC43DDBB1
TRACE: Executing basic block, original at 00007FFEC49010F8, instrumented at 00007FFEC43DDC90
TRACE: Executing basic block, original at 00007FFEC4908B60, instrumented at 00007FFEC43E471C
TRACE: Executing basic block, original at 00007FFEC4908B99, instrumented at 00007FFEC43E4780
TRACE: Executing basic block, original at 00007FFEC4908BAC, instrumented at 00007FFEC43E47BE
TRACE: Executing basic block, original at 00007FFEC4908C07, instrumented at 00007FFEC43E4983
TRACE: Executing basic block, original at 00007FFEC4908C36, instrumented at 00007FFEC43E4ADF
TRACE: Executing basic block, original at 00007FFEC4908C3F, instrumented at 00007FFEC43E4B32
TRACE: Executing basic block, original at 00007FFEC4908BBD, instrumented at 00007FFEC43E4AA1
TRACE: Executing basic block, original at 00007FFEC4908BF6, instrumented at 00007FFEC43E494E
TRACE: Executing basic block, original at 00007FFEC4908C60, instrumented at 00007FFEC43E4CC9
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C65, instrumented at 00007FFEC43E4CF9
TRACE: Executing basic block, original at 00007FFEC4908C86, instrumented at 00007FFEC43E4DA5
TRACE: Executing basic block, original at 00007FFEC490112B, instrumented at 00007FFEC43DDCEE
TRACE: Executing basic block, original at 00007FFEC490114A, instrumented at 00007FFEC43DDD57
TRACE: Executing basic block, original at 00007FFEC490115C, instrumented at 00007FFEC43DDE3C
TRACE: Executing basic block, original at 00007FFEC4908B60, instrumented at 00007FFEC43E471C
TRACE: Executing basic block, original at 00007FFEC4908B99, instrumented at 00007FFEC43E4780
TRACE: Executing basic block, original at 00007FFEC4908BAC, instrumented at 00007FFEC43E47BE
TRACE: Executing basic block, original at 00007FFEC4908C07, instrumented at 00007FFEC43E4983
TRACE: Executing basic block, original at 00007FFEC4908C36, instrumented at 00007FFEC43E4ADF
TRACE: Executing basic block, original at 00007FFEC4908C3F, instrumented at 00007FFEC43E4B32
TRACE: Executing basic block, original at 00007FFEC4908BBD, instrumented at 00007FFEC43E4AA1
TRACE: Executing basic block, original at 00007FFEC4908BF6, instrumented at 00007FFEC43E494E
TRACE: Executing basic block, original at 00007FFEC4908C60, instrumented at 00007FFEC43E4CC9
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C59, instrumented at 00007FFEC43E4C92
TRACE: Executing basic block, original at 00007FFEC4908C65, instrumented at 00007FFEC43E4CF9
TRACE: Executing basic block, original at 00007FFEC4908C86, instrumented at 00007FFEC43E4DA5
TRACE: Executing basic block, original at 00007FFEC490118F, instrumented at 00007FFEC43DDE9A
TRACE: Executing basic block, original at 00007FFEC49011C4, instrumented at 00007FFEC43DDF19
TRACE: Executing basic block, original at 00007FFEC49011D0, instrumented at 00007FFEC43DE042
TRACE: Executing basic block, original at 00007FFEC490122E, instrumented at 00007FFEC43DE0EA
TRACE: Executing basic block, original at 00007FFEC490123A, instrumented at 00007FFEC43DE1BF
TRACE: Executing basic block, original at 00007FFEC4A31DEC, instrumented at 00007FFEC47BEE12
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEC4901263, instrumented at 00007FFEC43DE213
TRACE: Executing basic block, original at 00007FFEC49012BB, instrumented at 00007FFEC43DE2B5
TRACE: Executing basic block, original at 00007FFEC49012CF, instrumented at 00007FFEC43DE389
TRACE: Executing basic block, original at 00007FFEC4913B84, instrumented at 00007FFEC43E7295
TRACE: Executing basic block, original at 00007FFEC4913B99, instrumented at 00007FFEC43E72D5
TRACE: Executing basic block, original at 00007FFEC4913BF9, instrumented at 00007FFEC43E7546
TRACE: Executing basic block, original at 00007FFEC49012EF, instrumented at 00007FFEC43DE3D4
TRACE: Executing basic block, original at 00007FFEC490130B, instrumented at 00007FFEC43DE446
TRACE: Executing basic block, original at 00007FFEC48F7690, instrumented at 00007FFEC43D6D9E
TRACE: Executing basic block, original at 00007FFEC48F76F4, instrumented at 00007FFEC43D7481
TRACE: Executing basic block, original at 00007FFEC4901314, instrumented at 00007FFEC43DE47A
TRACE: Executing basic block, original at 00007FFEC4901330, instrumented at 00007FFEC43DE4E0
TRACE: Executing basic block, original at 00007FFEC4901345, instrumented at 00007FFEC43DE5A8
TRACE: Executing basic block, original at 00007FFEC4915C30, instrumented at 00007FFEC43E7572
TRACE: Executing basic block, original at 00007FFEC48FD834, instrumented at 00007FFEC43E75C2
TRACE: Executing basic block, original at 00007FFEC48FD8BE, instrumented at 00007FFEC43E7696
TRACE: Executing basic block, original at 00007FFEC48FD8D7, instrumented at 00007FFEC43E7763
TRACE: Executing basic block, original at 00007FFEC48FD8EB, instrumented at 00007FFEC43E77A2
TRACE: Executing basic block, original at 00007FFEC48FD100, instrumented at 00007FFEC43DF886
TRACE: Executing basic block, original at 00007FFEC48FD118, instrumented at 00007FFEC43DF8C9
TRACE: Executing basic block, original at 00007FFEC490908C, instrumented at 00007FFEC43E4FFE
TRACE: Executing basic block, original at 00007FFEC49090B3, instrumented at 00007FFEC43E506F
TRACE: Executing basic block, original at 00007FFEC49090C2, instrumented at 00007FFEC43E512E
TRACE: Executing basic block, original at 00007FFEC4A31DEC, instrumented at 00007FFEC47BEE12
TRACE: Executing basic block, original at 00007FFEC49090D2, instrumented at 00007FFEC43E5169
TRACE: Executing basic block, original at 00007FFEC49274CC, instrumented at 00007FFEC43EB480
TRACE: Executing basic block, original at 00007FFEC492E458, instrumented at 00007FFEC43ED07C
TRACE: Executing basic block, original at 00007FFEC4A31DEC, instrumented at 00007FFEC47BEE12
TRACE: Executing basic block, original at 00007FFEC492E5C9, instrumented at 00007FFEC43ED218
TRACE: Executing basic block, original at 00007FFEC49274E3, instrumented at 00007FFEC43EB4C2
TRACE: Executing basic block, original at 00007FFEC4A31DEC, instrumented at 00007FFEC47BEE12
TRACE: Executing basic block, original at 00007FFEC4927664, instrumented at 00007FFEC43EB66E
TRACE: Executing basic block, original at 00007FFEC49090DA, instrumented at 00007FFEC43E519C
TRACE: Executing basic block, original at 00007FFEC4A31DEC, instrumented at 00007FFEC47BEE12
TRACE: Executing basic block, original at 00007FFEC4909174, instrumented at 00007FFEC43E5261
TRACE: Executing basic block, original at 00007FFEC48FD122, instrumented at 00007FFEC43DF8FE
TRACE: Executing basic block, original at 00007FFEC48FD153, instrumented at 00007FFEC43DF9FA
TRACE: Executing basic block, original at 00007FFEC48FD17A, instrumented at 00007FFEC43DFAEC
TRACE: Executing basic block, original at 00007FFEC48FD18C, instrumented at 00007FFEC43DFB78
TRACE: Executing basic block, original at 00007FFEC48FD192, instrumented at 00007FFEC43DFBA9
TRACE: Executing basic block, original at 00007FFEC490CDE4, instrumented at 00007FFEC43E6A56
TRACE: Executing basic block, original at 00007FFEC491DAEC, instrumented at 00007FFEC43EAE4E
TRACE: Executing basic block, original at 00007FFEC491DB04, instrumented at 00007FFEC43EAE91
TRACE: Executing basic block, original at 00007FFEC491DB22, instrumented at 00007FFEC43EAFAF
TRACE: Executing basic block, original at 00007FFEC48F9120, instrumented at 00007FFEC43DFE2A
TRACE: Executing basic block, original at 00007FFEC48F9157, instrumented at 00007FFEC43DBFEA
TRACE: Executing basic block, original at 00007FFEC48F9166, instrumented at 00007FFEC43DC024
TRACE: Executing basic block, original at 00007FFEC48F916B, instrumented at 00007FFEC43DC054
TRACE: Executing basic block, original at 00007FFEC48F91C8, instrumented at 00007FFEC43DC190
TRACE: Executing basic block, original at 00007FFEC491DB27, instrumented at 00007FFEC43EAFDF
TRACE: Executing basic block, original at 00007FFEC491DB7B, instrumented at 00007FFEC43EB1CC
TRACE: Executing basic block, original at 00007FFEC490CE7A, instrumented at 00007FFEC43E6B17
TRACE: Executing basic block, original at 00007FFEC491DAEC, instrumented at 00007FFEC43EAE4E
TRACE: Executing basic block, original at 00007FFEC491DB04, instrumented at 00007FFEC43EAE91
TRACE: Executing basic block, original at 00007FFEC491DB22, instrumented at 00007FFEC43EAFAF
TRACE: Executing basic block, original at 00007FFEC48F9120, instrumented at 00007FFEC43DFE2A
TRACE: Executing basic block, original at 00007FFEC48F9157, instrumented at 00007FFEC43DBFEA
TRACE: Executing basic block, original at 00007FFEC48F9166, instrumented at 00007FFEC43DC024
TRACE: Executing basic block, original at 00007FFEC48F916B, instrumented at 00007FFEC43DC054
TRACE: Executing basic block, original at 00007FFEC48F91C8, instrumented at 00007FFEC43DC190
TRACE: Executing basic block, original at 00007FFEC491DB27, instrumented at 00007FFEC43EAFDF
TRACE: Executing basic block, original at 00007FFEC491DB7B, instrumented at 00007FFEC43EB1CC
TRACE: Executing basic block, original at 00007FFEC490CE93, instrumented at 00007FFEC43E6B5B
TRACE: Executing basic block, original at 00007FFEC491DAEC, instrumented at 00007FFEC43EAE4E
TRACE: Executing basic block, original at 00007FFEC491DB04, instrumented at 00007FFEC43EAE91
TRACE: Executing basic block, original at 00007FFEC491DB22, instrumented at 00007FFEC43EAFAF
TRACE: Executing basic block, original at 00007FFEC48F9120, instrumented at 00007FFEC43DFE2A
TRACE: Executing basic block, original at 00007FFEC48F9157, instrumented at 00007FFEC43DBFEA
TRACE: Executing basic block, original at 00007FFEC48F9166, instrumented at 00007FFEC43DC024
TRACE: Executing basic block, original at 00007FFEC48F916B, instrumented at 00007FFEC43DC054
TRACE: Executing basic block, original at 00007FFEC48F91C8, instrumented at 00007FFEC43DC190
TRACE: Executing basic block, original at 00007FFEC491DB27, instrumented at 00007FFEC43EAFDF
TRACE: Executing basic block, original at 00007FFEC491DB7B, instrumented at 00007FFEC43EB1CC
TRACE: Executing basic block, original at 00007FFEC490CEAC, instrumented at 00007FFEC43E6B9F
TRACE: Executing basic block, original at 00007FFEC48FD19B, instrumented at 00007FFEC43DFBDD
TRACE: Executing basic block, original at 00007FFEC48FD903, instrumented at 00007FFEC43E7820
TRACE: Executing basic block, original at 00007FFEC4913B84, instrumented at 00007FFEC43E7295
TRACE: Executing basic block, original at 00007FFEC4913B99, instrumented at 00007FFEC43E72D5
TRACE: Executing basic block, original at 00007FFEC4913BF9, instrumented at 00007FFEC43E7546
TRACE: Executing basic block, original at 00007FFEC48FD917, instrumented at 00007FFEC43E785F
TRACE: Executing basic block, original at 00007FFEC48F7690, instrumented at 00007FFEC43D6D9E
TRACE: Executing basic block, original at 00007FFEC48F76F4, instrumented at 00007FFEC43D7481
TRACE: Executing basic block, original at 00007FFEC48FD92D, instrumented at 00007FFEC43E78A0
TRACE: Executing basic block, original at 00007FFEC4915C55, instrumented at 00007FFEC43E7968
TRACE: Executing basic block, original at 00007FFEC48FE234, instrumented at 00007FFEC43E7A46
TRACE: Executing basic block, original at 00007FFEC48FE2B7, instrumented at 00007FFEC43E7AF4
TRACE: Executing basic block, original at 00007FFEC48FD100, instrumented at 00007FFEC43DF886
TRACE: Executing basic block, original at 00007FFEC48FD19B, instrumented at 00007FFEC43DFBDD
TRACE: Executing basic block, original at 00007FFEC48FE2BC, instrumented at 00007FFEC43E7B24
TRACE: Executing basic block, original at 00007FFEC48FD100, instrumented at 00007FFEC43DF886
TRACE: Executing basic block, original at 00007FFEC48FD19B, instrumented at 00007FFEC43DFBDD
TRACE: Executing basic block, original at 00007FFEC48FE2C7, instrumented at 00007FFEC43E7B5A
TRACE: Executing basic block, original at 00007FFEC4915D08, instrumented at 00007FFEC43E7C25
TRACE: Executing basic block, original at 00007FFEC4901358, instrumented at 00007FFEC43DE5E6
TRACE: Executing basic block, original at 00007FFEC490136B, instrumented at 00007FFEC43DE66E
TRACE: Executing basic block, original at 00007FFEC490138C, instrumented at 00007FFEC43DE740
TRACE: Executing basic block, original at 00007FFEC48F4E70, instrumented at 00007FFEC43D2981
TRACE: Executing basic block, original at 00007FFEC48F4E94, instrumented at 00007FFEC43D3A63
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEC48F4ECE, instrumented at 00007FFEC43D3AE7
TRACE: Executing basic block, original at 00007FFEC48F4ED9, instrumented at 00007FFEC43D3B1D
TRACE: Executing basic block, original at 00007FFEC48F4EE2, instrumented at 00007FFEC43D3B51
TRACE: Executing basic block, original at 00007FFEC48F5046, instrumented at 00007FFEC43D48BF
TRACE: Executing basic block, original at 00007FFEC4A2F0DC, instrumented at 00007FFEC47BD6F7
TRACE: Executing basic block, original at 00007FFEC4A2E95C, instrumented at 00007FFEC47BD735
TRACE: Executing basic block, original at 00007FFEC4A2F0EF, instrumented at 00007FFEC47BD77B
TRACE: Executing basic block, original at 00007FFEC4A2EA18, instrumented at 00007FFEC47BD2A7
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEC4A2EA32, instrumented at 00007FFEC47BD30B
TRACE: Executing basic block, original at 00007FFEC4A2EA55, instrumented at 00007FFEC47BD40B
TRACE: Executing basic block, original at 00007FFEC4A32750, instrumented at 00007FFEC47C1620
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEC4A2EFE0, instrumented at 00007FFEC47C1A2B
TRACE: Executing basic block, original at 00007FFEC4A2F004, instrumented at 00007FFEC47C1AEF
TRACE: Executing basic block, original at 00007FFEC4A2F027, instrumented at 00007FFEC47C1B78
TRACE: Executing basic block, original at 00007FFEC4A2EFF1, instrumented at 00007FFEC47C1A67
TRACE: Executing basic block, original at 00007FFEC4A326CE, instrumented at 00007FFEC47BF2C5
TRACE: Breakpoint
Exception at address 00007FFEFFA14C2E
[-] Oops, the program crashed with one of the test cases provided. There are
several possible explanations:
- The test case causes known crashes under normal working conditions. If
so, please remove it. The fuzzer should be seeded with interesting
inputs - but not ones that cause an outright crash.
- Least likely, there is a horrible bug in the fuzzer. If other options
fail, poke <[email protected]> for troubleshooting tips.
[-] PROGRAM ABORT : Test case 'id_000000' results in a crash
Location : perform_dry_run(), C:\Users\elsku\newtools\aflfuzz\winafl\afl-fuzz.c:3321
Then when running with this here:
.\afl-fuzz.exe -T 100000 -d -i corpus -o findings -y -t 60000 -f input.data -- -instrument_module MSOSVG.DLL -trace_basic_blocks -iterations 100000 -target_module fuzzer.exe -target_offset 0x2100 -nargs 1 -persist -- ".\fuzzer.exe" "@@"
I get this output:
C:\Users\elsku\fuzzingmssvg\src>.\afl-fuzz.exe -T 100000 -d -i corpus -o findings -y -t 60000 -f input.data -- -instrument_module MSOSVG.DLL -trace_basic_blocks -iterations 100000 -target_module fuzzer.exe -target_offset 0x2100 -nargs 1 -persist -- ".\fuzzer.exe" "@@"
WinAFL 1.17 by <[email protected]>
Based on AFL 2.43b by <[email protected]>
[+] You have 12 CPU cores with average utilization of 0%.
[+] Try parallel jobs - see afl_docs\parallel_fuzzing.txt.
[*] Checking CPU core loadout...
[+] Found a free CPU core, binding to #0.
[+] Process affinity is set to 1.
[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Scanning 'corpus'...
[+] No auto-generated dictionary tokens to reuse.
[*] Creating hard links for all input files...
[*] Attempting dry run with 'id_000000'...
Calling the bullshit...
Instrumented module MSOSVG.DLL, code size: 1339392
poopoooooooo
Reading to file...
Now calling fuzz...
Called fuzz function...
TRACE: Executing basic block, original at 00007FFEBD4B2A30, instrumented at 00007FFEBCF90009
TRACE: Executing basic block, original at 00007FFEBD5B4060, instrumented at 00007FFEBCF90124
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEBD5B407E, instrumented at 00007FFEBCF90174
TRACE: Executing basic block, original at 00007FFEBD5B408F, instrumented at 00007FFEBCF9020D
TRACE: Executing basic block, original at 00007FFEBD4B2A43, instrumented at 00007FFEBCF90037
TRACE: Executing basic block, original at 00007FFEBD4B2A62, instrumented at 00007FFEBCF900A3
TRACE: Executing basic block, original at 00007FFEBD4B2A7F, instrumented at 00007FFEBCF9010D
Calling create_svg_func
TRACE: Executing basic block, original at 00007FFEBD5B4020, instrumented at 00007FFEBCF90273
TRACE: Executing basic block, original at 00007FFEBD4B645C, instrumented at 00007FFEBCF902A7
TRACE: Executing basic block, original at 00007FFEBD4F502C, instrumented at 00007FFEBCFA5AA3
TRACE: Executing basic block, original at 00007FFEBD4F505E, instrumented at 00007FFEBCFA5B01
TRACE: Executing basic block, original at 00007FFEBD5F0F44, instrumented at 00007FFEBD264E86
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEBD5F0F5A, instrumented at 00007FFEBD264ECE
TRACE: Executing basic block, original at 00007FFEBD5F0F5F, instrumented at 00007FFEBD264EEE
TRACE: Executing basic block, original at 00007FFEBD5F0FA9, instrumented at 00007FFEBD264FE7
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEBD4F506A, instrumented at 00007FFEBCFA5B28
TRACE: Executing basic block, original at 00007FFEBD4F5073, instrumented at 00007FFEBCFA5B4C
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEBD5F053E, instrumented at 00007FFEBD265F4B
TRACE: Executing basic block, original at 00007FFEBD5F03DA, instrumented at 00007FFEBD265F68
TRACE: Executing basic block, original at 00007FFEBD5F2310, instrumented at 00007FFEBD266038
TRACE: Executing basic block, original at 00007FFEBD5F1F68, instrumented at 00007FFEBD26607D
TRACE: Executing basic block, original at 00007FFEBD5F1F7E, instrumented at 00007FFEBD2660AE
TRACE: Executing basic block, original at 00007FFEBD5F2014, instrumented at 00007FFEBD2662D6
TRACE: Executing basic block, original at 00007FFEBD5F202F, instrumented at 00007FFEBD26630C
TRACE: Executing basic block, original at 00007FFEBD5F2034, instrumented at 00007FFEBD26632C
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEBD5F2041, instrumented at 00007FFEBD26636B
TRACE: Executing basic block, original at 00007FFEBD5F204E, instrumented at 00007FFEBD2663A7
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEBD5F205E, instrumented at 00007FFEBD2663E9
TRACE: Executing basic block, original at 00007FFEBD5F2063, instrumented at 00007FFEBD266409
TRACE: Executing basic block, original at 00007FFEBD5F207A, instrumented at 00007FFEBD266452
TRACE: Executing basic block, original at 00007FFEBD5F207F, instrumented at 00007FFEBD266472
TRACE: Executing basic block, original at 00007FFEBD5F2093, instrumented at 00007FFEBD2664C9
TRACE: Executing basic block, original at 00007FFEBD5F2098, instrumented at 00007FFEBD2664E9
TRACE: Executing basic block, original at 00007FFEBD5F20A7, instrumented at 00007FFEBD26653C
TRACE: Executing basic block, original at 00007FFEBD5F1F83, instrumented at 00007FFEBD2660CE
TRACE: Executing basic block, original at 00007FFEBD5F1F8C, instrumented at 00007FFEBD2660F2
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEBD5F2750, instrumented at 00007FFEBD2676E0
TRACE: Executing basic block, original at 00007FFEBD5F1FA0, instrumented at 00007FFEBD266138
TRACE: Executing basic block, original at 00007FFEBD5F1FBB, instrumented at 00007FFEBD2661C4
TRACE: Executing basic block, original at 00007FFEBD5F1FCD, instrumented at 00007FFEBD2661F1
TRACE: Executing basic block, original at 00007FFEBD5F21E8, instrumented at 00007FFEBD266558
TRACE: Executing basic block, original at 00007FFEBD5F214C, instrumented at 00007FFEBD266595
TRACE: Executing basic block, original at 00007FFEBD5F217C, instrumented at 00007FFEBD2665E0
TRACE: Executing basic block, original at 00007FFEBD5F218B, instrumented at 00007FFEBD26660A
TRACE: Executing basic block, original at 00007FFEBD5F21A7, instrumented at 00007FFEBD266641
TRACE: Executing basic block, original at 00007FFEBD5F21AF, instrumented at 00007FFEBD266664
TRACE: Executing basic block, original at 00007FFEBD5F21B9, instrumented at 00007FFEBD266689
TRACE: Executing basic block, original at 00007FFEBD5F21A7, instrumented at 00007FFEBD266641
TRACE: Executing basic block, original at 00007FFEBD5F21AF, instrumented at 00007FFEBD266664
TRACE: Executing basic block, original at 00007FFEBD5F21B9, instrumented at 00007FFEBD266689
TRACE: Executing basic block, original at 00007FFEBD5F21A7, instrumented at 00007FFEBD266641
TRACE: Executing basic block, original at 00007FFEBD5F21AF, instrumented at 00007FFEBD266664
TRACE: Executing basic block, original at 00007FFEBD5F21B9, instrumented at 00007FFEBD266689
TRACE: Executing basic block, original at 00007FFEBD5F21A7, instrumented at 00007FFEBD266641
TRACE: Executing basic block, original at 00007FFEBD5F21AF, instrumented at 00007FFEBD266664
TRACE: Executing basic block, original at 00007FFEBD5F21B9, instrumented at 00007FFEBD266689
TRACE: Executing basic block, original at 00007FFEBD5F21A7, instrumented at 00007FFEBD266641
TRACE: Executing basic block, original at 00007FFEBD5F21AF, instrumented at 00007FFEBD266664
TRACE: Executing basic block, original at 00007FFEBD5F21D7, instrumented at 00007FFEBD2666D3
TRACE: Executing basic block, original at 00007FFEBD5F21C7, instrumented at 00007FFEBD2666F6
TRACE: Executing basic block, original at 00007FFEBD5F220A, instrumented at 00007FFEBD266717
TRACE: Executing basic block, original at 00007FFEBD5F221A, instrumented at 00007FFEBD266756
TRACE: Executing basic block, original at 00007FFEBD5F2223, instrumented at 00007FFEBD26677A
TRACE: Executing basic block, original at 00007FFEBD5F223E, instrumented at 00007FFEBD266972
TRACE: Executing basic block, original at 00007FFEBD5F20B4, instrumented at 00007FFEBD2667D7
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEBD5F20D8, instrumented at 00007FFEBD26682D
TRACE: Executing basic block, original at 00007FFEBD5F20E2, instrumented at 00007FFEBD266874
TRACE: Executing basic block, original at 00007FFEBD5F213B, instrumented at 00007FFEBD266950
TRACE: Executing basic block, original at 00007FFEBD5F224A, instrumented at 00007FFEBD266999
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEBD5F225D, instrumented at 00007FFEBD2669DE
TRACE: Executing basic block, original at 00007FFEBD5F2266, instrumented at 00007FFEBD266A23
TRACE: Executing basic block, original at 00007FFEBD5F1FDE, instrumented at 00007FFEBD26621D
TRACE: Executing basic block, original at 00007FFEBD5F2014, instrumented at 00007FFEBD2662D6
TRACE: Executing basic block, original at 00007FFEBD5F202F, instrumented at 00007FFEBD26630C
TRACE: Executing basic block, original at 00007FFEBD5F20A0, instrumented at 00007FFEBD266505
TRACE: Executing basic block, original at 00007FFEBD5F20A7, instrumented at 00007FFEBD26653C
TRACE: Executing basic block, original at 00007FFEBD5F1FE3, instrumented at 00007FFEBD26623D
TRACE: Executing basic block, original at 00007FFEBD5F1FE7, instrumented at 00007FFEBD26625C
TRACE: Executing basic block, original at 00007FFEBD5F2750, instrumented at 00007FFEBD2676E0
TRACE: Executing basic block, original at 00007FFEBD5F233A, instrumented at 00007FFEBD266A44
TRACE: Executing basic block, original at 00007FFEBD5F23C4, instrumented at 00007FFEBD266DA7
TRACE: Executing basic block, original at 00007FFEBD5F23E3, instrumented at 00007FFEBD266DE1
TRACE: Executing basic block, original at 00007FFEBD5F23FD, instrumented at 00007FFEBD266E38
TRACE: Executing basic block, original at 00007FFEBD5F242A, instrumented at 00007FFEBD266EF1
TRACE: Executing basic block, original at 00007FFEBD5F2433, instrumented at 00007FFEBD266F15
TRACE: Executing basic block, original at 00007FFEBD5F244D, instrumented at 00007FFEBD266F97
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEBD5F245C, instrumented at 00007FFEBD266FD8
TRACE: Executing basic block, original at 00007FFEBD5F24B9, instrumented at 00007FFEBD267148
TRACE: Executing basic block, original at 00007FFEBD5F24CD, instrumented at 00007FFEBD2671A9
TRACE: Executing basic block, original at 00007FFEBD5F24EF, instrumented at 00007FFEBD267260
TRACE: Executing basic block, original at 00007FFEBD5F24F8, instrumented at 00007FFEBD267284
TRACE: Executing basic block, original at 00007FFEBD5F252D, instrumented at 00007FFEBD26735B
TRACE: Executing basic block, original at 00007FFEBD5F253A, instrumented at 00007FFEBD26739A
TRACE: Executing basic block, original at 00007FFEBD5F2597, instrumented at 00007FFEBD26753F
TRACE: Executing basic block, original at 00007FFEBD5F25C2, instrumented at 00007FFEBD2675DE
TRACE: Executing basic block, original at 00007FFEBD5F2278, instrumented at 00007FFEBD266AE8
TRACE: Executing basic block, original at 00007FFEBD5F2288, instrumented at 00007FFEBD266B13
TRACE: Executing basic block, original at 00007FFEBD5F2014, instrumented at 00007FFEBD2662D6
TRACE: Executing basic block, original at 00007FFEBD5F202F, instrumented at 00007FFEBD26630C
TRACE: Executing basic block, original at 00007FFEBD5F20A0, instrumented at 00007FFEBD266505
TRACE: Executing basic block, original at 00007FFEBD5F20A7, instrumented at 00007FFEBD26653C
TRACE: Executing basic block, original at 00007FFEBD5F228D, instrumented at 00007FFEBD266B33
TRACE: Executing basic block, original at 00007FFEBD5F2291, instrumented at 00007FFEBD266B52
TRACE: Executing basic block, original at 00007FFEBD5F2750, instrumented at 00007FFEBD2676E0
TRACE: Executing basic block, original at 00007FFEBD5F22A5, instrumented at 00007FFEBD266B98
TRACE: Executing basic block, original at 00007FFEBD5F22C3, instrumented at 00007FFEBD266C27
TRACE: Executing basic block, original at 00007FFEBD5F22CC, instrumented at 00007FFEBD266C4B
TRACE: Executing basic block, original at 00007FFEBD5F21E8, instrumented at 00007FFEBD266558
TRACE: Executing basic block, original at 00007FFEBD5F214C, instrumented at 00007FFEBD266595
TRACE: Executing basic block, original at 00007FFEBD5F217C, instrumented at 00007FFEBD2665E0
TRACE: Executing basic block, original at 00007FFEBD5F218B, instrumented at 00007FFEBD26660A
TRACE: Executing basic block, original at 00007FFEBD5F21A7, instrumented at 00007FFEBD266641
TRACE: Executing basic block, original at 00007FFEBD5F21AF, instrumented at 00007FFEBD266664
TRACE: Executing basic block, original at 00007FFEBD5F21B9, instrumented at 00007FFEBD266689
TRACE: Executing basic block, original at 00007FFEBD5F21A7, instrumented at 00007FFEBD266641
TRACE: Executing basic block, original at 00007FFEBD5F21AF, instrumented at 00007FFEBD266664
TRACE: Executing basic block, original at 00007FFEBD5F21B9, instrumented at 00007FFEBD266689
TRACE: Executing basic block, original at 00007FFEBD5F21A7, instrumented at 00007FFEBD266641
TRACE: Executing basic block, original at 00007FFEBD5F21AF, instrumented at 00007FFEBD266664
TRACE: Executing basic block, original at 00007FFEBD5F21B9, instrumented at 00007FFEBD266689
TRACE: Executing basic block, original at 00007FFEBD5F21A7, instrumented at 00007FFEBD266641
TRACE: Executing basic block, original at 00007FFEBD5F21AF, instrumented at 00007FFEBD266664
TRACE: Executing basic block, original at 00007FFEBD5F21B9, instrumented at 00007FFEBD266689
TRACE: Executing basic block, original at 00007FFEBD5F21A7, instrumented at 00007FFEBD266641
TRACE: Executing basic block, original at 00007FFEBD5F21AF, instrumented at 00007FFEBD266664
TRACE: Executing basic block, original at 00007FFEBD5F21D7, instrumented at 00007FFEBD2666D3
TRACE: Executing basic block, original at 00007FFEBD5F21C7, instrumented at 00007FFEBD2666F6
TRACE: Executing basic block, original at 00007FFEBD5F220A, instrumented at 00007FFEBD266717
TRACE: Executing basic block, original at 00007FFEBD5F221A, instrumented at 00007FFEBD266756
TRACE: Executing basic block, original at 00007FFEBD5F224A, instrumented at 00007FFEBD266999
TRACE: Executing basic block, original at 00007FFEBD5F225D, instrumented at 00007FFEBD2669DE
TRACE: Executing basic block, original at 00007FFEBD5F2266, instrumented at 00007FFEBD266A23
TRACE: Executing basic block, original at 00007FFEBD5F22DC, instrumented at 00007FFEBD266C76
TRACE: Executing basic block, original at 00007FFEBD5F2014, instrumented at 00007FFEBD2662D6
TRACE: Executing basic block, original at 00007FFEBD5F202F, instrumented at 00007FFEBD26630C
TRACE: Executing basic block, original at 00007FFEBD5F20A0, instrumented at 00007FFEBD266505
TRACE: Executing basic block, original at 00007FFEBD5F20A7, instrumented at 00007FFEBD26653C
TRACE: Executing basic block, original at 00007FFEBD5F22E1, instrumented at 00007FFEBD266C96
TRACE: Executing basic block, original at 00007FFEBD5F22E5, instrumented at 00007FFEBD266CB5
TRACE: Executing basic block, original at 00007FFEBD5F2750, instrumented at 00007FFEBD2676E0
TRACE: Executing basic block, original at 00007FFEBD5F22F9, instrumented at 00007FFEBD266CFB
TRACE: Executing basic block, original at 00007FFEBD5F2306, instrumented at 00007FFEBD266D32
TRACE: Executing basic block, original at 00007FFEBD5F25C7, instrumented at 00007FFEBD2675FE
TRACE: Executing basic block, original at 00007FFEBD5F0419, instrumented at 00007FFEBD265FC2
TRACE: Executing basic block, original at 00007FFEBD5F0452, instrumented at 00007FFEBD26600E
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEBD4F5079, instrumented at 00007FFEBCFA5B84
TRACE: Executing basic block, original at 00007FFEBD5F0ED8, instrumented at 00007FFEBD264D92
TRACE: Executing basic block, original at 00007FFEBD5F0EEE, instrumented at 00007FFEBD264DDA
TRACE: Executing basic block, original at 00007FFEBD5F0F2E, instrumented at 00007FFEBD264E4C
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEBD4F508B, instrumented at 00007FFEBCFA5BB1
TRACE: Executing basic block, original at 00007FFEBD4F5053, instrumented at 00007FFEBCFA5AE5
TRACE: Executing basic block, original at 00007FFEBD4B6493, instrumented at 00007FFEBCF902F9
TRACE: Executing basic block, original at 00007FFEBD4B64A7, instrumented at 00007FFEBCF9033F
TRACE: Executing basic block, original at 00007FFEBD4B64B2, instrumented at 00007FFEBCF90397
TRACE: Executing basic block, original at 00007FFEBD4B3424, instrumented at 00007FFEBCF903C5
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEBD4B3496, instrumented at 00007FFEBCF90469
TRACE: Executing basic block, original at 00007FFEBD4B34B0, instrumented at 00007FFEBCF9049E
TRACE: Executing basic block, original at 00007FFEBD5F2750, instrumented at 00007FFEBD2676E0
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEBD4B34C0, instrumented at 00007FFEBCF904E0
TRACE: Executing basic block, original at 00007FFEBD4B47A0, instrumented at 00007FFEBCF9061F
TRACE: Executing basic block, original at 00007FFEBD5F2680, instrumented at 00007FFEBD265CC5
TRACE: Executing basic block, original at 00007FFEBD5F26C0, instrumented at 00007FFEBD265D66
TRACE: Executing basic block, original at 00007FFEBD4B47C2, instrumented at 00007FFEBCF9065C
TRACE: Executing basic block, original at 00007FFEBD5F2750, instrumented at 00007FFEBD2676E0
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEBD4B4804, instrumented at 00007FFEBCF906D0
TRACE: Executing basic block, original at 00007FFEBD4B480C, instrumented at 00007FFEBCF906F3
TRACE: Executing basic block, original at 00007FFEBD5F2750, instrumented at 00007FFEBD2676E0
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEBD4B4830, instrumented at 00007FFEBCF90749
TRACE: Executing basic block, original at 00007FFEBD4B4838, instrumented at 00007FFEBCF9076C
TRACE: Executing basic block, original at 00007FFEBD4B4842, instrumented at 00007FFEBCF90791
TRACE: Executing basic block, original at 00007FFEBD4B4857, instrumented at 00007FFEBCF907DC
TRACE: Executing basic block, original at 00007FFEBD4B4865, instrumented at 00007FFEBCF90819
TRACE: Executing basic block, original at 00007FFEBD4B4873, instrumented at 00007FFEBCF90856
TRACE: Executing basic block, original at 00007FFEBD5F2750, instrumented at 00007FFEBD2676E0
TRACE: Executing basic block, original at 00007FFEBD4B48C0, instrumented at 00007FFEBCF909CA
TRACE: Executing basic block, original at 00007FFEBD4B48C8, instrumented at 00007FFEBCF909ED
TRACE: Executing basic block, original at 00007FFEBD4B48D4, instrumented at 00007FFEBCF90A14
TRACE: Executing basic block, original at 00007FFEBD4B4994, instrumented at 00007FFEBCF90C5E
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEBD4B49BA, instrumented at 00007FFEBCF90CB6
TRACE: Executing basic block, original at 00007FFEBD4B49D2, instrumented at 00007FFEBCF90D36
TRACE: Executing basic block, original at 00007FFEBD4B49D8, instrumented at 00007FFEBCF90D57
TRACE: Executing basic block, original at 00007FFEBD4B4A1E, instrumented at 00007FFEBCF90E1F
TRACE: Executing basic block, original at 00007FFEBD4B4A29, instrumented at 00007FFEBCF90E89
TRACE: Executing basic block, original at 00007FFEBD4B4A7F, instrumented at 00007FFEBCF90F29
TRACE: Executing basic block, original at 00007FFEBD4B8F44, instrumented at 00007FFEBCF98589
TRACE: Executing basic block, original at 00007FFEBD4B8F88, instrumented at 00007FFEBCF985E8
TRACE: Executing basic block, original at 00007FFEBD4B8F9C, instrumented at 00007FFEBCF98617
TRACE: Executing basic block, original at 00007FFEBD4B8FAD, instrumented at 00007FFEBCF98643
TRACE: Executing basic block, original at 00007FFEBD4B91E4, instrumented at 00007FFEBCF98D5D
TRACE: Executing basic block, original at 00007FFEBD4B9206, instrumented at 00007FFEBCF98D9A
TRACE: Executing basic block, original at 00007FFEBD4B920D, instrumented at 00007FFEBCF98DBC
TRACE: Executing basic block, original at 00007FFEBD4B923B, instrumented at 00007FFEBCF98E81
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEBD4B9241, instrumented at 00007FFEBCF98EB9
TRACE: Executing basic block, original at 00007FFEBD4B924D, instrumented at 00007FFEBCF98F37
TRACE: Executing basic block, original at 00007FFEBD4B8FCA, instrumented at 00007FFEBCF986A5
TRACE: Executing basic block, original at 00007FFEBD4B9048, instrumented at 00007FFEBCF98880
TRACE: Executing basic block, original at 00007FFEBD5F25F0, instrumented at 00007FFEBD265C97
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEBD4B9050, instrumented at 00007FFEBCF988A3
TRACE: Executing basic block, original at 00007FFEBD5F25F0, instrumented at 00007FFEBD265C97
TRACE: Executing basic block, original at 00007FFEBD4B905E, instrumented at 00007FFEBCF988CC
TRACE: Executing basic block, original at 00007FFEBD4B4A98, instrumented at 00007FFEBCF90F5D
TRACE: Executing basic block, original at 00007FFEBD4B4AB0, instrumented at 00007FFEBCF90F90
TRACE: Executing basic block, original at 00007FFEBD4B4ABE, instrumented at 00007FFEBCF90FDC
TRACE: Executing basic block, original at 00007FFEBD4B4AE5, instrumented at 00007FFEBCF9104D
TRACE: Executing basic block, original at 00007FFEBD4B4AF7, instrumented at 00007FFEBCF91103
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEBD4B4B1E, instrumented at 00007FFEBCF9115C
TRACE: Executing basic block, original at 00007FFEBD4B4B34, instrumented at 00007FFEBCF911BF
TRACE: Executing basic block, original at 00007FFEBD4B4B4D, instrumented at 00007FFEBCF911F3
TRACE: Executing basic block, original at 00007FFEBD4B4B58, instrumented at 00007FFEBCF91219
TRACE: Executing basic block, original at 00007FFEBD4B4B85, instrumented at 00007FFEBCF912E6
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEBD4B4B8B, instrumented at 00007FFEBCF9131E
TRACE: Executing basic block, original at 00007FFEBD5F0E50, instrumented at 00007FFEBD264D06
TRACE: Executing basic block, original at 00007FFEBD5F0E59, instrumented at 00007FFEBD264D2A
TRACE: Executing basic block, original at 00007FFEBD5F0E64, instrumented at 00007FFEBD264D50
TRACE: Executing basic block, original at 00007FFEBD4B4B9D, instrumented at 00007FFEBCF9134B
TRACE: Executing basic block, original at 00007FFEBD4B34D9, instrumented at 00007FFEBCF90547
TRACE: Executing basic block, original at 00007FFEBD4B4C78, instrumented at 00007FFEBCF91703
TRACE: Executing basic block, original at 00007FFEBD5F2680, instrumented at 00007FFEBD265CC5
TRACE: Executing basic block, original at 00007FFEBD5F26C0, instrumented at 00007FFEBD265D66
TRACE: Executing basic block, original at 00007FFEBD4B4C9C, instrumented at 00007FFEBCF91742
TRACE: Executing basic block, original at 00007FFEBD4B4CD5, instrumented at 00007FFEBCF91796
TRACE: Executing basic block, original at 00007FFEBD5F2750, instrumented at 00007FFEBD2676E0
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEBD4B4CF0, instrumented at 00007FFEBCF917E3
TRACE: Executing basic block, original at 00007FFEBD4B4CF9, instrumented at 00007FFEBCF91807
TRACE: Executing basic block, original at 00007FFEBD4B4D15, instrumented at 00007FFEBCF91894
TRACE: Executing basic block, original at 00007FFEBD4B4E2B, instrumented at 00007FFEBCF91D08
TRACE: Executing basic block, original at 00007FFEBD4B4E42, instrumented at 00007FFEBCF91D6C
TRACE: Executing basic block, original at 00007FFEBD4B4E52, instrumented at 00007FFEBCF91DAE
TRACE: Executing basic block, original at 00007FFEBD4B4E5E, instrumented at 00007FFEBCF91E34
TRACE: Executing basic block, original at 00007FFEBD4C0EAC, instrumented at 00007FFEBCF99936
TRACE: Executing basic block, original at 00007FFEBD4C0F08, instrumented at 00007FFEBCF999C4
TRACE: Executing basic block, original at 00007FFEBD4C0F14, instrumented at 00007FFEBCF99A7C
TRACE: Executing basic block, original at 00007FFEBD4C8B60, instrumented at 00007FFEBCF9EF24
TRACE: Executing basic block, original at 00007FFEBD4C8B99, instrumented at 00007FFEBCF9EF78
TRACE: Executing basic block, original at 00007FFEBD4C8BAC, instrumented at 00007FFEBCF9EFA6
TRACE: Executing basic block, original at 00007FFEBD4C8C07, instrumented at 00007FFEBCF9F0EB
TRACE: Executing basic block, original at 00007FFEBD4C8C36, instrumented at 00007FFEBCF9F1DF
TRACE: Executing basic block, original at 00007FFEBD4C8C3F, instrumented at 00007FFEBCF9F21A
TRACE: Executing basic block, original at 00007FFEBD4C8BBD, instrumented at 00007FFEBCF9F1B1
TRACE: Executing basic block, original at 00007FFEBD4C8BF6, instrumented at 00007FFEBCF9F0C6
TRACE: Executing basic block, original at 00007FFEBD4C8C60, instrumented at 00007FFEBCF9F339
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C65, instrumented at 00007FFEBCF9F359
TRACE: Executing basic block, original at 00007FFEBD4C8C86, instrumented at 00007FFEBCF9F3D5
TRACE: Executing basic block, original at 00007FFEBD4C0F58, instrumented at 00007FFEBCF99ADB
TRACE: Executing basic block, original at 00007FFEBD4C0F74, instrumented at 00007FFEBCF99B29
TRACE: Executing basic block, original at 00007FFEBD4C0F80, instrumented at 00007FFEBCF99BD0
TRACE: Executing basic block, original at 00007FFEBD4C8B60, instrumented at 00007FFEBCF9EF24
TRACE: Executing basic block, original at 00007FFEBD4C8B99, instrumented at 00007FFEBCF9EF78
TRACE: Executing basic block, original at 00007FFEBD4C8BAC, instrumented at 00007FFEBCF9EFA6
TRACE: Executing basic block, original at 00007FFEBD4C8C07, instrumented at 00007FFEBCF9F0EB
TRACE: Executing basic block, original at 00007FFEBD4C8C36, instrumented at 00007FFEBCF9F1DF
TRACE: Executing basic block, original at 00007FFEBD4C8C3F, instrumented at 00007FFEBCF9F21A
TRACE: Executing basic block, original at 00007FFEBD4C8BBD, instrumented at 00007FFEBCF9F1B1
TRACE: Executing basic block, original at 00007FFEBD4C8BF6, instrumented at 00007FFEBCF9F0C6
TRACE: Executing basic block, original at 00007FFEBD4C8C60, instrumented at 00007FFEBCF9F339
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C65, instrumented at 00007FFEBCF9F359
TRACE: Executing basic block, original at 00007FFEBD4C8C86, instrumented at 00007FFEBCF9F3D5
TRACE: Executing basic block, original at 00007FFEBD4C0FB3, instrumented at 00007FFEBCF99C1E
TRACE: Executing basic block, original at 00007FFEBD4C0FD2, instrumented at 00007FFEBCF99C6F
TRACE: Executing basic block, original at 00007FFEBD4C0FDE, instrumented at 00007FFEBCF99D16
TRACE: Executing basic block, original at 00007FFEBD4C8B60, instrumented at 00007FFEBCF9EF24
TRACE: Executing basic block, original at 00007FFEBD4C8B99, instrumented at 00007FFEBCF9EF78
TRACE: Executing basic block, original at 00007FFEBD4C8BAC, instrumented at 00007FFEBCF9EFA6
TRACE: Executing basic block, original at 00007FFEBD4C8C07, instrumented at 00007FFEBCF9F0EB
TRACE: Executing basic block, original at 00007FFEBD4C8C36, instrumented at 00007FFEBCF9F1DF
TRACE: Executing basic block, original at 00007FFEBD4C8C3F, instrumented at 00007FFEBCF9F21A
TRACE: Executing basic block, original at 00007FFEBD4C8BBD, instrumented at 00007FFEBCF9F1B1
TRACE: Executing basic block, original at 00007FFEBD4C8BF6, instrumented at 00007FFEBCF9F0C6
TRACE: Executing basic block, original at 00007FFEBD4C8C60, instrumented at 00007FFEBCF9F339
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C65, instrumented at 00007FFEBCF9F359
TRACE: Executing basic block, original at 00007FFEBD4C8C86, instrumented at 00007FFEBCF9F3D5
TRACE: Executing basic block, original at 00007FFEBD4C1011, instrumented at 00007FFEBCF99D64
TRACE: Executing basic block, original at 00007FFEBD4C1030, instrumented at 00007FFEBCF99DB5
TRACE: Executing basic block, original at 00007FFEBD4C103C, instrumented at 00007FFEBCF99E5C
TRACE: Executing basic block, original at 00007FFEBD4C8B60, instrumented at 00007FFEBCF9EF24
TRACE: Executing basic block, original at 00007FFEBD4C8B99, instrumented at 00007FFEBCF9EF78
TRACE: Executing basic block, original at 00007FFEBD4C8BAC, instrumented at 00007FFEBCF9EFA6
TRACE: Executing basic block, original at 00007FFEBD4C8C07, instrumented at 00007FFEBCF9F0EB
TRACE: Executing basic block, original at 00007FFEBD4C8C36, instrumented at 00007FFEBCF9F1DF
TRACE: Executing basic block, original at 00007FFEBD4C8C3F, instrumented at 00007FFEBCF9F21A
TRACE: Executing basic block, original at 00007FFEBD4C8BBD, instrumented at 00007FFEBCF9F1B1
TRACE: Executing basic block, original at 00007FFEBD4C8BF6, instrumented at 00007FFEBCF9F0C6
TRACE: Executing basic block, original at 00007FFEBD4C8C60, instrumented at 00007FFEBCF9F339
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C65, instrumented at 00007FFEBCF9F359
TRACE: Executing basic block, original at 00007FFEBD4C8C86, instrumented at 00007FFEBCF9F3D5
TRACE: Executing basic block, original at 00007FFEBD4C106F, instrumented at 00007FFEBCF99EAA
TRACE: Executing basic block, original at 00007FFEBD4C108E, instrumented at 00007FFEBCF99EFB
TRACE: Executing basic block, original at 00007FFEBD4C109A, instrumented at 00007FFEBCF99FA2
TRACE: Executing basic block, original at 00007FFEBD4C8B60, instrumented at 00007FFEBCF9EF24
TRACE: Executing basic block, original at 00007FFEBD4C8B99, instrumented at 00007FFEBCF9EF78
TRACE: Executing basic block, original at 00007FFEBD4C8BAC, instrumented at 00007FFEBCF9EFA6
TRACE: Executing basic block, original at 00007FFEBD4C8C07, instrumented at 00007FFEBCF9F0EB
TRACE: Executing basic block, original at 00007FFEBD4C8C36, instrumented at 00007FFEBCF9F1DF
TRACE: Executing basic block, original at 00007FFEBD4C8C3F, instrumented at 00007FFEBCF9F21A
TRACE: Executing basic block, original at 00007FFEBD4C8BBD, instrumented at 00007FFEBCF9F1B1
TRACE: Executing basic block, original at 00007FFEBD4C8BF6, instrumented at 00007FFEBCF9F0C6
TRACE: Executing basic block, original at 00007FFEBD4C8C60, instrumented at 00007FFEBCF9F339
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C65, instrumented at 00007FFEBCF9F359
TRACE: Executing basic block, original at 00007FFEBD4C8C86, instrumented at 00007FFEBCF9F3D5
TRACE: Executing basic block, original at 00007FFEBD4C10CD, instrumented at 00007FFEBCF99FF0
TRACE: Executing basic block, original at 00007FFEBD4C10EC, instrumented at 00007FFEBCF9A041
TRACE: Executing basic block, original at 00007FFEBD4C10F8, instrumented at 00007FFEBCF9A0E8
TRACE: Executing basic block, original at 00007FFEBD4C8B60, instrumented at 00007FFEBCF9EF24
TRACE: Executing basic block, original at 00007FFEBD4C8B99, instrumented at 00007FFEBCF9EF78
TRACE: Executing basic block, original at 00007FFEBD4C8BAC, instrumented at 00007FFEBCF9EFA6
TRACE: Executing basic block, original at 00007FFEBD4C8C07, instrumented at 00007FFEBCF9F0EB
TRACE: Executing basic block, original at 00007FFEBD4C8C36, instrumented at 00007FFEBCF9F1DF
TRACE: Executing basic block, original at 00007FFEBD4C8C3F, instrumented at 00007FFEBCF9F21A
TRACE: Executing basic block, original at 00007FFEBD4C8BBD, instrumented at 00007FFEBCF9F1B1
TRACE: Executing basic block, original at 00007FFEBD4C8BF6, instrumented at 00007FFEBCF9F0C6
TRACE: Executing basic block, original at 00007FFEBD4C8C60, instrumented at 00007FFEBCF9F339
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C65, instrumented at 00007FFEBCF9F359
TRACE: Executing basic block, original at 00007FFEBD4C8C86, instrumented at 00007FFEBCF9F3D5
TRACE: Executing basic block, original at 00007FFEBD4C112B, instrumented at 00007FFEBCF9A136
TRACE: Executing basic block, original at 00007FFEBD4C114A, instrumented at 00007FFEBCF9A187
TRACE: Executing basic block, original at 00007FFEBD4C115C, instrumented at 00007FFEBCF9A234
TRACE: Executing basic block, original at 00007FFEBD4C8B60, instrumented at 00007FFEBCF9EF24
TRACE: Executing basic block, original at 00007FFEBD4C8B99, instrumented at 00007FFEBCF9EF78
TRACE: Executing basic block, original at 00007FFEBD4C8BAC, instrumented at 00007FFEBCF9EFA6
TRACE: Executing basic block, original at 00007FFEBD4C8C07, instrumented at 00007FFEBCF9F0EB
TRACE: Executing basic block, original at 00007FFEBD4C8C36, instrumented at 00007FFEBCF9F1DF
TRACE: Executing basic block, original at 00007FFEBD4C8C3F, instrumented at 00007FFEBCF9F21A
TRACE: Executing basic block, original at 00007FFEBD4C8BBD, instrumented at 00007FFEBCF9F1B1
TRACE: Executing basic block, original at 00007FFEBD4C8BF6, instrumented at 00007FFEBCF9F0C6
TRACE: Executing basic block, original at 00007FFEBD4C8C60, instrumented at 00007FFEBCF9F339
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C59, instrumented at 00007FFEBCF9F312
TRACE: Executing basic block, original at 00007FFEBD4C8C65, instrumented at 00007FFEBCF9F359
TRACE: Executing basic block, original at 00007FFEBD4C8C86, instrumented at 00007FFEBCF9F3D5
TRACE: Executing basic block, original at 00007FFEBD4C118F, instrumented at 00007FFEBCF9A282
TRACE: Executing basic block, original at 00007FFEBD4C11C4, instrumented at 00007FFEBCF9A2E9
TRACE: Executing basic block, original at 00007FFEBD4C11D0, instrumented at 00007FFEBCF9A3D2
TRACE: Executing basic block, original at 00007FFEBD4C122E, instrumented at 00007FFEBCF9A462
TRACE: Executing basic block, original at 00007FFEBD4C123A, instrumented at 00007FFEBCF9A4FF
TRACE: Executing basic block, original at 00007FFEBD5F1DEC, instrumented at 00007FFEBD265A3A
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEBD4C1263, instrumented at 00007FFEBCF9A543
TRACE: Executing basic block, original at 00007FFEBD4C12BB, instrumented at 00007FFEBCF9A5CD
TRACE: Executing basic block, original at 00007FFEBD4C12CF, instrumented at 00007FFEBCF9A669
TRACE: Executing basic block, original at 00007FFEBD4D3B84, instrumented at 00007FFEBCFA123D
TRACE: Executing basic block, original at 00007FFEBD4D3B99, instrumented at 00007FFEBCFA126D
TRACE: Executing basic block, original at 00007FFEBD4D3BF9, instrumented at 00007FFEBCFA1426
TRACE: Executing basic block, original at 00007FFEBD4C12EF, instrumented at 00007FFEBCF9A6A4
TRACE: Executing basic block, original at 00007FFEBD4C130B, instrumented at 00007FFEBCF9A6F6
TRACE: Executing basic block, original at 00007FFEBD4B7690, instrumented at 00007FFEBCF94FC6
TRACE: Executing basic block, original at 00007FFEBD4B76F4, instrumented at 00007FFEBCF954B1
TRACE: Executing basic block, original at 00007FFEBD4C1314, instrumented at 00007FFEBCF9A71A
TRACE: Executing basic block, original at 00007FFEBD4C1330, instrumented at 00007FFEBCF9A768
TRACE: Executing basic block, original at 00007FFEBD4C1345, instrumented at 00007FFEBCF9A7F8
TRACE: Executing basic block, original at 00007FFEBD4D5C30, instrumented at 00007FFEBCFA1442
TRACE: Executing basic block, original at 00007FFEBD4BD834, instrumented at 00007FFEBCFA1482
TRACE: Executing basic block, original at 00007FFEBD4BD8BE, instrumented at 00007FFEBCFA153E
TRACE: Executing basic block, original at 00007FFEBD4BD8D7, instrumented at 00007FFEBCFA15D3
TRACE: Executing basic block, original at 00007FFEBD4BD8EB, instrumented at 00007FFEBCFA1602
TRACE: Executing basic block, original at 00007FFEBD4BD100, instrumented at 00007FFEBCF9B5D6
TRACE: Executing basic block, original at 00007FFEBD4BD118, instrumented at 00007FFEBCF9B609
TRACE: Executing basic block, original at 00007FFEBD4C908C, instrumented at 00007FFEBCF9F586
TRACE: Executing basic block, original at 00007FFEBD4C90B3, instrumented at 00007FFEBCF9F5DF
TRACE: Executing basic block, original at 00007FFEBD4C90C2, instrumented at 00007FFEBCF9F666
TRACE: Executing basic block, original at 00007FFEBD5F1DEC, instrumented at 00007FFEBD265A3A
TRACE: Executing basic block, original at 00007FFEBD4C90D2, instrumented at 00007FFEBCF9F691
TRACE: Executing basic block, original at 00007FFEBD4E74CC, instrumented at 00007FFEBCFA4270
TRACE: Executing basic block, original at 00007FFEBD4EE458, instrumented at 00007FFEBCFA5854
TRACE: Executing basic block, original at 00007FFEBD5F1DEC, instrumented at 00007FFEBD265A3A
TRACE: Executing basic block, original at 00007FFEBD4EE5C9, instrumented at 00007FFEBCFA59E0
TRACE: Executing basic block, original at 00007FFEBD4E74E3, instrumented at 00007FFEBCFA42A2
TRACE: Executing basic block, original at 00007FFEBD5F1DEC, instrumented at 00007FFEBD265A3A
TRACE: Executing basic block, original at 00007FFEBD4E7664, instrumented at 00007FFEBCFA443E
TRACE: Executing basic block, original at 00007FFEBD4C90DA, instrumented at 00007FFEBCF9F6B4
TRACE: Executing basic block, original at 00007FFEBD5F1DEC, instrumented at 00007FFEBD265A3A
TRACE: Executing basic block, original at 00007FFEBD4C9174, instrumented at 00007FFEBCF9F769
TRACE: Executing basic block, original at 00007FFEBD4BD122, instrumented at 00007FFEBCF9B62E
TRACE: Executing basic block, original at 00007FFEBD4BD153, instrumented at 00007FFEBCF9B6E2
TRACE: Executing basic block, original at 00007FFEBD4BD17A, instrumented at 00007FFEBCF9B78C
TRACE: Executing basic block, original at 00007FFEBD4BD18C, instrumented at 00007FFEBCF9B7E8
TRACE: Executing basic block, original at 00007FFEBD4BD192, instrumented at 00007FFEBCF9B809
TRACE: Executing basic block, original at 00007FFEBD4CCDE4, instrumented at 00007FFEBCFA0BEE
TRACE: Executing basic block, original at 00007FFEBD4DDAEC, instrumented at 00007FFEBCFA3DFE
TRACE: Executing basic block, original at 00007FFEBD4DDB04, instrumented at 00007FFEBCFA3E31
TRACE: Executing basic block, original at 00007FFEBD4DDB22, instrumented at 00007FFEBCFA3EEF
TRACE: Executing basic block, original at 00007FFEBD4B9120, instrumented at 00007FFEBCF9B9D2
TRACE: Executing basic block, original at 00007FFEBD4B9157, instrumented at 00007FFEBCF98BA2
TRACE: Executing basic block, original at 00007FFEBD4B9166, instrumented at 00007FFEBCF98BCC
TRACE: Executing basic block, original at 00007FFEBD4B916B, instrumented at 00007FFEBCF98BEC
TRACE: Executing basic block, original at 00007FFEBD4B91C8, instrumented at 00007FFEBCF98CD8
TRACE: Executing basic block, original at 00007FFEBD4DDB27, instrumented at 00007FFEBCFA3F0F
TRACE: Executing basic block, original at 00007FFEBD4DDB7B, instrumented at 00007FFEBCFA406C
TRACE: Executing basic block, original at 00007FFEBD4CCE7A, instrumented at 00007FFEBCFA0C9F
TRACE: Executing basic block, original at 00007FFEBD4DDAEC, instrumented at 00007FFEBCFA3DFE
TRACE: Executing basic block, original at 00007FFEBD4DDB04, instrumented at 00007FFEBCFA3E31
TRACE: Executing basic block, original at 00007FFEBD4DDB22, instrumented at 00007FFEBCFA3EEF
TRACE: Executing basic block, original at 00007FFEBD4B9120, instrumented at 00007FFEBCF9B9D2
TRACE: Executing basic block, original at 00007FFEBD4B9157, instrumented at 00007FFEBCF98BA2
TRACE: Executing basic block, original at 00007FFEBD4B9166, instrumented at 00007FFEBCF98BCC
TRACE: Executing basic block, original at 00007FFEBD4B916B, instrumented at 00007FFEBCF98BEC
TRACE: Executing basic block, original at 00007FFEBD4B91C8, instrumented at 00007FFEBCF98CD8
TRACE: Executing basic block, original at 00007FFEBD4DDB27, instrumented at 00007FFEBCFA3F0F
TRACE: Executing basic block, original at 00007FFEBD4DDB7B, instrumented at 00007FFEBCFA406C
TRACE: Executing basic block, original at 00007FFEBD4CCE93, instrumented at 00007FFEBCFA0CD3
TRACE: Executing basic block, original at 00007FFEBD4DDAEC, instrumented at 00007FFEBCFA3DFE
TRACE: Executing basic block, original at 00007FFEBD4DDB04, instrumented at 00007FFEBCFA3E31
TRACE: Executing basic block, original at 00007FFEBD4DDB22, instrumented at 00007FFEBCFA3EEF
TRACE: Executing basic block, original at 00007FFEBD4B9120, instrumented at 00007FFEBCF9B9D2
TRACE: Executing basic block, original at 00007FFEBD4B9157, instrumented at 00007FFEBCF98BA2
TRACE: Executing basic block, original at 00007FFEBD4B9166, instrumented at 00007FFEBCF98BCC
TRACE: Executing basic block, original at 00007FFEBD4B916B, instrumented at 00007FFEBCF98BEC
TRACE: Executing basic block, original at 00007FFEBD4B91C8, instrumented at 00007FFEBCF98CD8
TRACE: Executing basic block, original at 00007FFEBD4DDB27, instrumented at 00007FFEBCFA3F0F
TRACE: Executing basic block, original at 00007FFEBD4DDB7B, instrumented at 00007FFEBCFA406C
TRACE: Executing basic block, original at 00007FFEBD4CCEAC, instrumented at 00007FFEBCFA0D07
TRACE: Executing basic block, original at 00007FFEBD4BD19B, instrumented at 00007FFEBCF9B82D
TRACE: Executing basic block, original at 00007FFEBD4BD903, instrumented at 00007FFEBCFA1660
TRACE: Executing basic block, original at 00007FFEBD4D3B84, instrumented at 00007FFEBCFA123D
TRACE: Executing basic block, original at 00007FFEBD4D3B99, instrumented at 00007FFEBCFA126D
TRACE: Executing basic block, original at 00007FFEBD4D3BF9, instrumented at 00007FFEBCFA1426
TRACE: Executing basic block, original at 00007FFEBD4BD917, instrumented at 00007FFEBCFA168F
TRACE: Executing basic block, original at 00007FFEBD4B7690, instrumented at 00007FFEBCF94FC6
TRACE: Executing basic block, original at 00007FFEBD4B76F4, instrumented at 00007FFEBCF954B1
TRACE: Executing basic block, original at 00007FFEBD4BD92D, instrumented at 00007FFEBCFA16C0
TRACE: Executing basic block, original at 00007FFEBD4D5C55, instrumented at 00007FFEBCFA1778
TRACE: Executing basic block, original at 00007FFEBD4BE234, instrumented at 00007FFEBCFA1846
TRACE: Executing basic block, original at 00007FFEBD4BE2B7, instrumented at 00007FFEBCFA18E4
TRACE: Executing basic block, original at 00007FFEBD4BD100, instrumented at 00007FFEBCF9B5D6
TRACE: Executing basic block, original at 00007FFEBD4BD19B, instrumented at 00007FFEBCF9B82D
TRACE: Executing basic block, original at 00007FFEBD4BE2BC, instrumented at 00007FFEBCFA1904
TRACE: Executing basic block, original at 00007FFEBD4BD100, instrumented at 00007FFEBCF9B5D6
TRACE: Executing basic block, original at 00007FFEBD4BD19B, instrumented at 00007FFEBCF9B82D
TRACE: Executing basic block, original at 00007FFEBD4BE2C7, instrumented at 00007FFEBCFA192A
TRACE: Executing basic block, original at 00007FFEBD4D5D08, instrumented at 00007FFEBCFA19BD
TRACE: Executing basic block, original at 00007FFEBD4C1358, instrumented at 00007FFEBCF9A826
TRACE: Executing basic block, original at 00007FFEBD4C136B, instrumented at 00007FFEBCF9A886
TRACE: Executing basic block, original at 00007FFEBD4C138C, instrumented at 00007FFEBCF9A920
TRACE: Executing basic block, original at 00007FFEBD4B4E70, instrumented at 00007FFEBCF91E61
TRACE: Executing basic block, original at 00007FFEBD4B4E94, instrumented at 00007FFEBCF92A93
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEBD4B4ECE, instrumented at 00007FFEBCF92AFF
TRACE: Executing basic block, original at 00007FFEBD4B4ED9, instrumented at 00007FFEBCF92B25
TRACE: Executing basic block, original at 00007FFEBD4B4EE2, instrumented at 00007FFEBCF92B49
TRACE: Executing basic block, original at 00007FFEBD4B5046, instrumented at 00007FFEBCF934EF
TRACE: Executing basic block, original at 00007FFEBD5EF0DC, instrumented at 00007FFEBD264967
TRACE: Executing basic block, original at 00007FFEBD5EE95C, instrumented at 00007FFEBD264995
TRACE: Executing basic block, original at 00007FFEBD5EF0EF, instrumented at 00007FFEBD2649CB
TRACE: Executing basic block, original at 00007FFEBD5EEA18, instrumented at 00007FFEBD264647
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEBD5EEA32, instrumented at 00007FFEBD264693
TRACE: Executing basic block, original at 00007FFEBD5EEA55, instrumented at 00007FFEBD264743
TRACE: Executing basic block, original at 00007FFEBD5F2750, instrumented at 00007FFEBD2676E0
TRACE: Breakpoint
TRACE: Executing basic block, original at 00007FFEBD5EEFE0, instrumented at 00007FFEBD267A3B
TRACE: Executing basic block, original at 00007FFEBD5EF004, instrumented at 00007FFEBD267ACF
TRACE: Executing basic block, original at 00007FFEBD5EF027, instrumented at 00007FFEBD267B38
TRACE: Executing basic block, original at 00007FFEBD5EEFF1, instrumented at 00007FFEBD267A67
TRACE: Executing basic block, original at 00007FFEBD5F26CE, instrumented at 00007FFEBD265D85
TRACE: Breakpoint
[!] WARNING: Process exit during target function
[-] The program took more than 60000 ms to process one of the initial test cases.
In WinAFL, this error could also mean incorrect instrumentation params.
Please make sure instrumentation runs correctly using the debug mode
(see the README) before attempting to run afl-fuzz.
[-] PROGRAM ABORT : Test case 'id_000000' results in a timeout
Location : perform_dry_run(), C:\Users\elsku\newtools\aflfuzz\winafl\afl-fuzz.c:3254
So it exits instead of crashing...
Using it like this:
.\afl-fuzz.exe -T 100000 -d -i corpus -o findings -y -t 60000 -f input.data -- -instrument_module MSOSVG.DLL -patch_return_addresses -trace_basic_blocks -stack_offset 2048 -iterations 100000 -target_module fuzzer.exe -target_offset 0x2100 -nargs 1 -persist -- ".\fuzzer.exe" "@@"
seems to actually fuzz, but doesn't generate any coverage. This is most likely a bug in my fuzzing harness and not in winafl. Thanks for the help!
I am not sure if this should be closed now.