ok github.com/google/syzkaller/dashboard/app (cached) ? github.com/google/syzkaller/dashboard/dashapi [no test files] ok github.com/google/syzkaller/executor 1.117s ok github.com/google/syzkaller/pkg/ast 3.109s ok github.com/google/syzkaller/pkg/bisect 57.180s ok github.com/google/syzkaller/pkg/build 2.522s ? github.com/google/syzkaller/pkg/cmdprof [no test files] ok github.com/google/syzkaller/pkg/compiler 10.546s ok github.com/google/syzkaller/pkg/config (cached) ? github.com/google/syzkaller/pkg/cover [no test files] --- FAIL: TestGenerate (6.92s) --- FAIL: TestGenerate/freebsd/386 (1.01s) csource_test.go:67: seed=1606188029519861735 --- FAIL: TestGenerate/freebsd/386/12 (1.48s) csource_test.go:123: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:true Trace:false} program: setsockopt$inet_opts(0xffffffffffffff9c, 0x0, 0x0, &(0x7f0000000000)="ec04a904b9d2ea02fab2df1d9de39f3f5aa2344397e186204d39d74da156e7c6cd98195b7b83c652b06b6222bdef3363961bf47e9b530fbf65bae3607b60941e2715bd678fcebc5524bcefd3184d", 0x4e) ioctl$DIOCSETIFFLAG(0xffffffffffffffff, 0xc0284459, &(0x7f0000000180)={0x10, &(0x7f0000000080)="de11c2a774191d70f51e7c3e375c2814ac72c2d5d0404a2e3d5baf92161f3b451efe9c4c79d7660668f6073e2f76c5f2145195e8c1a4ec34b6f69c1b582768207b28a979f05adc14a3357fe7c493fc81a9177524631bb209be637f8695747fa7cf1c68ac691f169c1b8fb67d7a3776ddfc620ffbe6831f74d2f2d089a4ffecf510a99702258c58ea9e871d4f4ab9a347aabdbb03585b37b5c79436c0c1160a5876b61bbf0c814bb49a27a36082df13cb2f9de2f942b6ac7e158880cfc03cfdccca9fc0f2347eb543a343b4c92707fe736a86a35d58e26f6fd2e9ec8f82", 0x7, 0x5a764000, 0x6}) recvfrom$inet6(0xffffffffffffff9c, &(0x7f00000001c0)=""/23, 0x17, 0x2, &(0x7f0000000200)={0x1c, 0x1c, 0x3, 0x6, @loopback, 0x2d99}, 0x1c) r0 = shm_open2(&(0x7f0000000240)='./file0\x00', 0x800, 0x0, 0x7, &(0x7f0000000280)='\x00') sendfile(r0, 0xffffffffffffff9c, 0x8, 0x800, &(0x7f00000015c0)={&(0x7f0000000540)=[{&(0x7f00000002c0)="efacade58ab0192351a102ada32ad1f41e429edf6c4a513ac6d669cadb222eb68297ab8f9f7b3234d0c6cfa280ad14dc1c4c34175119446d79a030d48b57304eb90b428c202382d86cd71e9c1ecc8d3e2d764aae3714cb591eb027e46943e23eb7656875867e603cf13892a74c42bb1844c27f7f454f9661f1dbb35004ada4d6d75b1df342e967493d207d6b8b4edcbf9d1e378445573684ed139b671abf6576edf8d7342cd8649d376970acbde224a7b0b6a975a8ba0a768ed6abe16c1b694f65dd4231f48c2884", 0xc8}, {&(0x7f00000003c0)="a6e4fe186c760ac2ebbcf9efda5e22e2df6f153fccda1c16976037d03ee004c3fbba5d35b6c083130fc705f95889ba6adbe5e3a7a5e70136a0ca085b7e504d0df55fe184a9bd7a82", 0x48}, {&(0x7f0000000440)="c7e00030b3c4541743ee6513", 0xc}, {&(0x7f0000000480)="a4a67a4e72492b9fab6379e4c0f35b22b69b6e7aefc56beefa857ae28543", 0x1e}, {&(0x7f00000004c0)="8f095f8df1c6bc4dfc1d826f02dfa7794bebf9e7ffc7160f276a53d1abc996fca8c8dbc7c79c09cd5f954775c9e8fc1cf2e0e3c054fb54b662d1b45f5235fdbf860c3fed3dc34ceb30c44baa4ded7de7e9533f4dca146db0db35a93ba654d49011d9cb98d1576b731b9c2bb58c0df4edee6ef5ae1f8b6bc9646f5b4ade4dd52a", 0x80}], 0x5, &(0x7f0000001580)=[{&(0x7f0000000580)="8edaafd215ce7b65c301b4c92651648d0898187ccdb01a4d76b5e301ed4dc9a8863dc7f7ae3bad050227e374a16898e6004c8414847ad74972edac24dc8af73efdef3cfa98e46ff109f6639f4f1417146e2a2c1834c974f3e464ef4b9c88085227ad382c926de3191e689632fad2e80be97123084f70ff095d026a80f01d73752db200c3609bc6e8bbc9187cb85a6519bafc4f15ecca30558d8fc19c9c8cfb94a2f1e70345adf2b01814e7376e9f4492a3bf3883e22df30568632f51c3a6b363d5a968937e1ee977a34f412d00ad70c1c91a7c39ead08d366e10ffc0552b5deae8e1fbee08abf3eade68a0ea2f89f27c3b9a4eb1d202932a128b552adfa688556cce27e1a831daca249c6c8c8af9f50e793b7f86a971eb6ea8ac68fe0646ced0185775d71aece79e93cdeb67ee01e931c345a23ee4a612e131da8b80ac0ad845a4e2712cc43b244df22df822b2b336d8ab18588b607526a1e5951fe7393d5cbef86c42988f3e8b5fb0de54c9aabe6ae7c13cec0506ae837b795539d412fe96e4c546a7d9c9d2830ed163fbc20aab884f5b1159a6ab62d266b2c32597cc06685b789b80f8d2664c87f09956a29dcd3fc0e9ba35d668590e0dcfbcbb6185e1e870324f22b167a2204e271eff9dcbb36c1f52cf2fe376046126cd24de4b8d8e9e367e17179abb59d26cdee75ceab93d2b2400f7086542d957bc80da1069c5f7518e8608fae3f948cb7c272f7e360da0fb84aa2330f996088310c7e42379cc7837b85a646c44d153bed8eb8f95bc3d5411e33ec832ab8156923c7324dfc43386d3419d36603f699a321fd61fc9f9765a2a64b16d47e0870e1971231dc616647028c4b35bea6e59dbdbe9a29a5f46389ecb655711e90f49a98c021493df41177466f02589339a40b3b486a25ccada3caae496314a5a2b54a11cf6fb7e87d84d01ea853e970cf18a1b53db5d156375abe41ad686a4b4b4c2475a31ecdfe5f22ba51f666d22e6c7434c722c7565eeb5346eecd1e25557722166ac7e50929fefbb3f2999d152938f7f3cec1defe5a097a5f3a75932ce2c0364ecaf5ffba084f976b5d1ce16e8fb4d12348a6fd167117f080a89f54ebe8bdc10ed4d34df568042ddc103d02d13b6af17807f2760091123263c3a00d2d69e57145f8a2de9eb50ebe89a3efac53ab73a57744070a5140e0e4e25030edbebe83341fdc545ab2b4aa8a0feb09632d84ef01162d93d0d8fa9510f597ea20032e194df444a83960b99658d076fe3bccde903fb30471fd000fbcd4201a62936c7c718405394e6612ddd77e415ef8879a2761f6678ee0e23f4a1398c83da959e97236c67b0bc39717dfd9cb308a21343c83d43f24ea70a1040a98fb1958de1a35a27ed76c7c7ec82ae3a01b3ca53b118892f2045a5747de14c54a99b438e85ab2af93ef151a39ee0157c6c9d0e4e1ff5b3c6ff6ab0739ff9524221c6b675bb884bbe64a62141592c8cc99760f17abc44706ff37e313c7553dff34cf649e056a05cf62cb379a64c4b3e549eb1c572b917ea715ab1e7cc691545d5092813bf3ef2cd9ff914af31c14bb57dd406a0b48916d5cee27b0d79ec74296257489c835bba62d2e4f89573a121300876ca4611d8066d76b3e79e1d36132cc8d6b99eebaeacef786a598d6dbb43afc42e5415424360970731b273736b062a2753d10f7aa0f6c082fe2d80ea112bea0a05a9b5488ef189057c48429a5ed4d0c3363b7e6dfa252cd886ec7f51bc9eef81c1031786b26bd6f468a02b4d6a494d8876ab986084fc73b584c1619b70fc6825a2ab85c9cd1db81c835a452c01b4438a2851b8e4d5c4a9678946c4e25f7fdf456dc7e61de3dd6f1302b0194db7be1b41fd064cc35d119ce291592aaf8d07f2ceae8b20e3b1a933ec75699f969632ecd6fa91591ea58744edd5466046c809993f4cbffae1d527ed1bb22d9e1e02295d3586de90950247a1b1dfcfc9415942f46c3f194c6cb06e7011e96478bcd3aa33542eb20447e4afa5c48b1372cb07216318b071f898b0e8632ad0df9afe12cf52be135457241e2e49ca492f77b81e9650d2c85282a6ac7844b1946007bef7a0d53b1a5e285749c0d21de5c192c631696d36503daa612ac70e30d3b7349e21bc99bdc4c3a941bd7a33ef35bb3512ae9826c46d8c9a21da2773921bfdaf6fbf649da2b225861b676440258334167f9d7eb1e03d30f3cc279d01ec5ad7eecff29f296ef60355c8c13e045c8ac97805d066f81cf4c859fedbe741bc2737cea891d95c9c69f21aa58edca272dec60c3e77abaf597308e07913584e435786b9ff401a4cbb050335b56a20e652c1d36ff74b8ef2f59578594cd973b79430110b3e943835406288f9a20d0d649dc5630bc50711fed106f325be5fce20ff7672dfdbe14df66d40c430378b7d885c3e7f115b49c84d26c4b309e13af4fd2b4556a9642c48f8a81b64d5dd600f4b29aa2ad3a8df28a84b056070005eb737860583dfc8da5e3144f0ef29580d1940798a6124efe2d180c811da06eda2548165a2a82ea018d8c07a967c063b179ba971c09ce7c19ba96ea34c676e140cf06abd6dc6ce75546e42e71bbb9eeef1547588d9d928aa6ee221eb720d8a073398326cfcb616e34e1dee6fc88c29ddfb4e9cc57e89d33fa4f9fffe48efbbe7c247f825cc24f30df2ba35d7aa2cedb53dbdc0d88a1c68197f1f5fba83ec211892d934e803db2126b667d0f0fbe23bb65e765549ee5bc198458707e4cc826caa4c40f9da0664f9a1f7f4e7f8636012ca46a3bbf545d6b8a7e57b8c432c3aa5065e78983a8add9e1485a6fdd40554490c29dca6ddfa0f9803a621b438c168d1864bd021348e22e6a652137dd7fd0aa854b0037cc299774fe6ea3e76e2b5e888d94071441159256037bf358f941d69fe241beb1eca951a604d3768ab88cc1823b3b45b4c3ed1c75ade6170e5880274beb7d5df0d4f7fff8c00dfc2a49325c61dc8b5008449400d784a66089fe5ae1c4f47826787682832c8c57b74e15cfc63ad03056ee0b8c22ef892a3429bb124cf0a224c036c7c59e3a3908ca49b72089ef815533faa1aaf78ec5ab8a98e56bdd8b4e2579735beb27be0f18cae83c4b854e1179d9f327d81bd035272a12471d6e728fb87eeb2d8a112a2704ca64d5b0044d9262294e6137bffd6f9c23137924661ef102744cb5a0ef9d5eaa3789c934c5ea1237fe071d6ee064d2c3cdc6217c1ba0bde93b06ee69899e7eeb850e583cb23c90722d002f23479533134e1abb6a6e6201357c8ce82906b81a9ff0d5b5447264a3918181664213e7e8d953011c6eda2f683c2ff85f668a56f3a070abceae972741c6e0c6513d35ec8665e110694834e1e2be2f6790fab65fd5b1be7d0b1c0b40af19c03cc291056d3e09d3bee77d9029ec49eaedfa054a9ef943c12e5e81992e41612b6c1d9422858f7ffcf8bb72ea68ce969c8c883f4d8225a3cda94016348dfe77a8a033274c95f2e0e7b1e4c51e132dc653964b10654fca84b729f6c6091ceeb427f147ffc9420942b827ef787eef917e3e36c702fe419561922ebba7e687a81e95b2dce352f208b51736897758814ff99d52a6031af9f92b344c02e9a2d65571f8d8a744b913adfe2a04948e3deed0faadec648c8ed2138acc024d8f14cec7e8cf003585f2f7f0650fde160a891337315bef61174b94224ae4968d22fbf284254e43413194f4bc14d84e2baf591c62420ebceff8a2245b2a4d5f3bc7d0b285f9c2607d3340b9cbc90ab7bee1bbed925dcbbce614470a30a4948c4bb90fcb65220ebedb168af885104219be85cd74ab9f5200640d9ce2937b9a362b17d4b6f41eaee1208906c238862dcbf421eb390624f01f22b653d8edaa3f0d81aafffe5374a46f227dfffe7a0eae723c33b6ab41befaefb6d629f25ad38c6f4879580034c578dfd1ce91b3fd2ffa878a992324ad1181f1ae04a1620ad3ad53821ec579fb29ecc53ab1d35011133d7b59715c228ec45d1662c87ed0287862ffb498cbd0410a391f142489fe6e369e3526b39e05c13c3574b1152341a237eed902ebf49b4b2548795e418c1e57e011061298d3a9dbcf2c2caccad013d03123208adddbe99e9f523dd0379dd537a93508b9aa29d1e7f286aa9983eb5b59ccaecffc31466f7f13ef320efa0c2fe393b5a0fb25e867f7951a6e25656d7e9905bc00c855ad0f4b9c55b33d99fa1358848c037e6ff9c76523764febd6d8ec83f70338e7ff728a52c661b2b0282381d2c169267b11d4dc383e62ae646d1cf9323b2d0cf3c561f81c7d2b0873d96ba97247cc47e222e226a6d151f11f2f50b767bac93a9dcf1711ac45b1c528fa9a9442f2958218a021f3305ec037d590019dd4d83d3441628e4ad6a6c595062c0a7822d090527833786d5e8f31002212661f50006549dd1d3b462456ef126814073c06b96e78406b6d4494d887fe7c794b75399c2c13ffb56f291bd4a7d36155de7e01fa35b7bec8bcacd43c8bb6ca6f09a15003bb8287ce68e1cab702cc309c7bebb0699ab4da85448da0db0340594a8e2e7ac83a32d3e7187c8d45d85b9fba5a29937143d7b011721f515a4945bbefbe554da5d3c7cb5f127fc13793f3732c90a4a58eaec22a93ed04e82e8347c707326436775da4df8add39fe46fd4dc4ff6592098454eb82b14a0d977e7d8f0610cc0f251c7df75fb6e9e64545b2828a15e1894d9586cd6c88f82d469c64d48b8cc3883e81f0172d089e8577e4bde2b5d59e7b9c835a7978081dc009c1867c7b202e554bbf4fe8cbc033bd32c75f12deb3d6533f4a87efd2f031e867b6589d170976120fa40cf08715d5686e719db2b04fc95c88771785854be7fdfd78eb1a9be035f6f674f9fa508aa90da71d5bafdb445d77e7fe38d24625d42a2e003bb3d153ee1e13af32ada0cf208fa2f9445191d558e61e8bde4cdbb790f43bb96285166fde2a5ac6a1deb58c0b00bea388198d49c4f5fe82ae9d61f5210a7257d22d776e77fa61545eaaf370f36c28c7508241d32715f7ec2848cac7f2d4df18a512a3226dfe97c5951d313fc09599fd21bb2900241483a12ffc57598e4f09cb85ae6962f2757050de6eccef034af3a84f250cbf0ea649a7a87b2901d4c6b3ea93225fc2cec0b6c9804e4eda002a3d24da0a55e6d9a0ad1807221bade6da8e84c86e322f7b3e1e087515aefa11de3e198b8187b1adb904a5361590b90915b73eb96342b1ed9e34c5bb68f81396be94b31df136a65868d796c7622dd8e7f78ce81d7db24163ad784d4815ff817bf8811d1293c7e88fe4d7821783191e03b5682ae7c0dadd4a92724aafce024ae0acc8e39cd3eaf4ede024907e50977228df4d3a6a428886fb24f9aa15366bcae6ebb1751402b9f34a38540c09293047fe94373c17a9cccff1a1de322efc3fe334801aa76444dd0d4c017feb9d453eb35f21efe332ed9ae75571ca5778eb4b69d94f769dbf08cafa07a7f42f12f8f2a9e3eb6976e0162c3f23451d974c87f6063bd31db1385811b554c8550ba5130f88d797a8bab3e01b21e5febd2b0f66e8f5842c104107428423a8c8d394c5e19ea717587a92fe070e5b49ec4af4bc632e2f3e80fa65116f38e12d8a218f4f236105e390802b3f9921650ba418177f833261861abeebfaec31989492f7f02d1b062169d3bee9aa399d3dfa9f98d4829e98fe767236f5dd98109439d31999c03519ea38de25b3fe38b420fbe4552e9adedb307fdffc98ea4586d60ee313328c5b6c3ff504ebed28f56698016dd796b9b9e850d7918d8b8", 0x1000}], 0x1}, &(0x7f0000001600), 0x9) ioctl$DIOCXROLLBACK(0xffffffffffffffff, 0xc0104453, &(0x7f0000001640)="6c811ba52c139b40dc5680cb0275fdd440468e4dae07c745ba758cb266742f468fc42da0669f6061cb2c9f921e953451b3135e0174fe8eb1aebb2c3eb8a7fb3fc8dea18e652d01e7184ca65dce04f4679afed2766b067349de7a5ef60b586992919a20382c0a1f20af0c9c7fac61cf18383e36fe56502f5f26b8") freebsd10_pipe(&(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_sctp_SCTP_BINDX_REM_ADDR(r2, 0x84, 0x8002, &(0x7f0000001700)=@in={0x10, 0x2, 0x3, @rand_addr=0x7}, &(0x7f0000001740)=0x10) getsockopt$inet6_sctp_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x20, &(0x7f0000001780), &(0x7f00000017c0)=0x4) getsockopt$inet6_sctp_SCTP_HMAC_IDENT(r1, 0x84, 0x14, &(0x7f0000001800)={0x8, [0x1000, 0x0, 0x8000, 0x200, 0x4000, 0x0, 0x1, 0x0]}, &(0x7f0000001840)=0x14) syz_emit_ethernet(0x93, &(0x7f0000000000)={@random="c90c8a7c337f", @local, [{}], {@ipv4={0x800, {{0x1c, 0x4, 0x0, 0x0, 0x81, 0x65, 0x5, 0x1, 0x46, 0x0, @broadcast, @remote={0xac, 0x14, 0x0}, {[@end, @timestamp={0x44, 0xc, 0x5, 0x0, 0x3, [{[], 0x9}, {[], 0x4}]}, @lsrr={0x83, 0xb, 0x6, [@multicast1, @broadcast]}, @generic={0x0, 0x4, "a4d4"}, @ssrr={0x89, 0x13, 0x4, [@remote={0xac, 0x14, 0x0}, @broadcast, @remote={0xac, 0x14, 0x0}, @empty]}, @ra={0x94, 0x6, 0x9}, @ra={0x94, 0x6, 0x80000001}, @noop, @lsrr={0x83, 0x1f, 0x2, [@multicast2, @multicast1, @loopback, @empty, @loopback, @loopback, @multicast1]}]}}, @generic="8d862d099b6bb2ba6aeaa6abd3e9d582c9"}}}}) syz_execute_func(&(0x7f00000000c0)="c4e1f5f37b05c4c2f547525a808f4e00000000660f381dbc6007000000c4e2ad9174ae7e81fe000000008fe9a099d8e4ffc4c1935c17c4c3e141ae2f109dc2d8") syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x7ff) csource_test.go:124: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static void sandbox_common() { if (setsid() == -1) exit(1); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 128 << 20; setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } int i, call, thread; for (call = 0; call < 13; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 45); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5 * 1000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: memcpy((void*)0x10000000, "\xec\x04\xa9\x04\xb9\xd2\xea\x02\xfa\xb2\xdf\x1d\x9d\xe3\x9f\x3f\x5a\xa2\x34\x43\x97\xe1\x86\x20\x4d\x39\xd7\x4d\xa1\x56\xe7\xc6\xcd\x98\x19\x5b\x7b\x83\xc6\x52\xb0\x6b\x62\x22\xbd\xef\x33\x63\x96\x1b\xf4\x7e\x9b\x53\x0f\xbf\x65\xba\xe3\x60\x7b\x60\x94\x1e\x27\x15\xbd\x67\x8f\xce\xbc\x55\x24\xbc\xef\xd3\x18\x4d", 78); syscall(SYS_setsockopt, 0xffffff9c, 0, 0, 0x10000000, 0x4e); break; case 1: *(uint8_t*)0x10000180 = 0x10; *(uint32_t*)0x10000184 = 0x10000080; memcpy((void*)0x10000080, "\xde\x11\xc2\xa7\x74\x19\x1d\x70\xf5\x1e\x7c\x3e\x37\x5c\x28\x14\xac\x72\xc2\xd5\xd0\x40\x4a\x2e\x3d\x5b\xaf\x92\x16\x1f\x3b\x45\x1e\xfe\x9c\x4c\x79\xd7\x66\x06\x68\xf6\x07\x3e\x2f\x76\xc5\xf2\x14\x51\x95\xe8\xc1\xa4\xec\x34\xb6\xf6\x9c\x1b\x58\x27\x68\x20\x7b\x28\xa9\x79\xf0\x5a\xdc\x14\xa3\x35\x7f\xe7\xc4\x93\xfc\x81\xa9\x17\x75\x24\x63\x1b\xb2\x09\xbe\x63\x7f\x86\x95\x74\x7f\xa7\xcf\x1c\x68\xac\x69\x1f\x16\x9c\x1b\x8f\xb6\x7d\x7a\x37\x76\xdd\xfc\x62\x0f\xfb\xe6\x83\x1f\x74\xd2\xf2\xd0\x89\xa4\xff\xec\xf5\x10\xa9\x97\x02\x25\x8c\x58\xea\x9e\x87\x1d\x4f\x4a\xb9\xa3\x47\xaa\xbd\xbb\x03\x58\x5b\x37\xb5\xc7\x94\x36\xc0\xc1\x16\x0a\x58\x76\xb6\x1b\xbf\x0c\x81\x4b\xb4\x9a\x27\xa3\x60\x82\xdf\x13\xcb\x2f\x9d\xe2\xf9\x42\xb6\xac\x7e\x15\x88\x80\xcf\xc0\x3c\xfd\xcc\xca\x9f\xc0\xf2\x34\x7e\xb5\x43\xa3\x43\xb4\xc9\x27\x07\xfe\x73\x6a\x86\xa3\x5d\x58\xe2\x6f\x6f\xd2\xe9\xec\x8f\x82", 221); *(uint32_t*)0x10000188 = 7; *(uint32_t*)0x1000018c = 0x5a764000; *(uint32_t*)0x10000190 = 6; syscall(SYS_ioctl, -1, 0xc0284459, 0x10000180); break; case 2: *(uint8_t*)0x10000200 = 0x1c; *(uint8_t*)0x10000201 = 0x1c; *(uint16_t*)0x10000202 = htobe16(0x4e23); *(uint32_t*)0x10000204 = 6; *(uint64_t*)0x10000208 = htobe64(0); *(uint64_t*)0x10000210 = htobe64(1); *(uint32_t*)0x10000218 = 0x2d99; syscall(SYS_recvfrom, 0xffffff9c, 0x100001c0, 0x17, 2, 0x10000200, 0x1c); break; case 3: memcpy((void*)0x10000240, "./file0\000", 8); memcpy((void*)0x10000280, "\000", 1); res = syscall(SYS_shm_open2, 0x10000240, 0x800, 0, 7, 0x10000280); if (res != -1) r[0] = res; break; case 4: *(uint32_t*)0x100015c0 = 0x10000540; *(uint32_t*)0x10000540 = 0x100002c0; memcpy((void*)0x100002c0, "\xef\xac\xad\xe5\x8a\xb0\x19\x23\x51\xa1\x02\xad\xa3\x2a\xd1\xf4\x1e\x42\x9e\xdf\x6c\x4a\x51\x3a\xc6\xd6\x69\xca\xdb\x22\x2e\xb6\x82\x97\xab\x8f\x9f\x7b\x32\x34\xd0\xc6\xcf\xa2\x80\xad\x14\xdc\x1c\x4c\x34\x17\x51\x19\x44\x6d\x79\xa0\x30\xd4\x8b\x57\x30\x4e\xb9\x0b\x42\x8c\x20\x23\x82\xd8\x6c\xd7\x1e\x9c\x1e\xcc\x8d\x3e\x2d\x76\x4a\xae\x37\x14\xcb\x59\x1e\xb0\x27\xe4\x69\x43\xe2\x3e\xb7\x65\x68\x75\x86\x7e\x60\x3c\xf1\x38\x92\xa7\x4c\x42\xbb\x18\x44\xc2\x7f\x7f\x45\x4f\x96\x61\xf1\xdb\xb3\x50\x04\xad\xa4\xd6\xd7\x5b\x1d\xf3\x42\xe9\x67\x49\x3d\x20\x7d\x6b\x8b\x4e\xdc\xbf\x9d\x1e\x37\x84\x45\x57\x36\x84\xed\x13\x9b\x67\x1a\xbf\x65\x76\xed\xf8\xd7\x34\x2c\xd8\x64\x9d\x37\x69\x70\xac\xbd\xe2\x24\xa7\xb0\xb6\xa9\x75\xa8\xba\x0a\x76\x8e\xd6\xab\xe1\x6c\x1b\x69\x4f\x65\xdd\x42\x31\xf4\x8c\x28\x84", 200); *(uint32_t*)0x10000544 = 0xc8; *(uint32_t*)0x10000548 = 0x100003c0; memcpy((void*)0x100003c0, "\xa6\xe4\xfe\x18\x6c\x76\x0a\xc2\xeb\xbc\xf9\xef\xda\x5e\x22\xe2\xdf\x6f\x15\x3f\xcc\xda\x1c\x16\x97\x60\x37\xd0\x3e\xe0\x04\xc3\xfb\xba\x5d\x35\xb6\xc0\x83\x13\x0f\xc7\x05\xf9\x58\x89\xba\x6a\xdb\xe5\xe3\xa7\xa5\xe7\x01\x36\xa0\xca\x08\x5b\x7e\x50\x4d\x0d\xf5\x5f\xe1\x84\xa9\xbd\x7a\x82", 72); *(uint32_t*)0x1000054c = 0x48; *(uint32_t*)0x10000550 = 0x10000440; memcpy((void*)0x10000440, "\xc7\xe0\x00\x30\xb3\xc4\x54\x17\x43\xee\x65\x13", 12); *(uint32_t*)0x10000554 = 0xc; *(uint32_t*)0x10000558 = 0x10000480; memcpy((void*)0x10000480, "\xa4\xa6\x7a\x4e\x72\x49\x2b\x9f\xab\x63\x79\xe4\xc0\xf3\x5b\x22\xb6\x9b\x6e\x7a\xef\xc5\x6b\xee\xfa\x85\x7a\xe2\x85\x43", 30); *(uint32_t*)0x1000055c = 0x1e; *(uint32_t*)0x10000560 = 0x100004c0; memcpy((void*)0x100004c0, "\x8f\x09\x5f\x8d\xf1\xc6\xbc\x4d\xfc\x1d\x82\x6f\x02\xdf\xa7\x79\x4b\xeb\xf9\xe7\xff\xc7\x16\x0f\x27\x6a\x53\xd1\xab\xc9\x96\xfc\xa8\xc8\xdb\xc7\xc7\x9c\x09\xcd\x5f\x95\x47\x75\xc9\xe8\xfc\x1c\xf2\xe0\xe3\xc0\x54\xfb\x54\xb6\x62\xd1\xb4\x5f\x52\x35\xfd\xbf\x86\x0c\x3f\xed\x3d\xc3\x4c\xeb\x30\xc4\x4b\xaa\x4d\xed\x7d\xe7\xe9\x53\x3f\x4d\xca\x14\x6d\xb0\xdb\x35\xa9\x3b\xa6\x54\xd4\x90\x11\xd9\xcb\x98\xd1\x57\x6b\x73\x1b\x9c\x2b\xb5\x8c\x0d\xf4\xed\xee\x6e\xf5\xae\x1f\x8b\x6b\xc9\x64\x6f\x5b\x4a\xde\x4d\xd5\x2a", 128); *(uint32_t*)0x10000564 = 0x80; *(uint32_t*)0x100015c4 = 5; *(uint32_t*)0x100015c8 = 0x10001580; *(uint32_t*)0x10001580 = 0x10000580; memcpy((void*)0x10000580, "\x8e\xda\xaf\xd2\x15\xce\x7b\x65\xc3\x01\xb4\xc9\x26\x51\x64\x8d\x08\x98\x18\x7c\xcd\xb0\x1a\x4d\x76\xb5\xe3\x01\xed\x4d\xc9\xa8\x86\x3d\xc7\xf7\xae\x3b\xad\x05\x02\x27\xe3\x74\xa1\x68\x98\xe6\x00\x4c\x84\x14\x84\x7a\xd7\x49\x72\xed\xac\x24\xdc\x8a\xf7\x3e\xfd\xef\x3c\xfa\x98\xe4\x6f\xf1\x09\xf6\x63\x9f\x4f\x14\x17\x14\x6e\x2a\x2c\x18\x34\xc9\x74\xf3\xe4\x64\xef\x4b\x9c\x88\x08\x52\x27\xad\x38\x2c\x92\x6d\xe3\x19\x1e\x68\x96\x32\xfa\xd2\xe8\x0b\xe9\x71\x23\x08\x4f\x70\xff\x09\x5d\x02\x6a\x80\xf0\x1d\x73\x75\x2d\xb2\x00\xc3\x60\x9b\xc6\xe8\xbb\xc9\x18\x7c\xb8\x5a\x65\x19\xba\xfc\x4f\x15\xec\xca\x30\x55\x8d\x8f\xc1\x9c\x9c\x8c\xfb\x94\xa2\xf1\xe7\x03\x45\xad\xf2\xb0\x18\x14\xe7\x37\x6e\x9f\x44\x92\xa3\xbf\x38\x83\xe2\x2d\xf3\x05\x68\x63\x2f\x51\xc3\xa6\xb3\x63\xd5\xa9\x68\x93\x7e\x1e\xe9\x77\xa3\x4f\x41\x2d\x00\xad\x70\xc1\xc9\x1a\x7c\x39\xea\xd0\x8d\x36\x6e\x10\xff\xc0\x55\x2b\x5d\xea\xe8\xe1\xfb\xee\x08\xab\xf3\xea\xde\x68\xa0\xea\x2f\x89\xf2\x7c\x3b\x9a\x4e\xb1\xd2\x02\x93\x2a\x12\x8b\x55\x2a\xdf\xa6\x88\x55\x6c\xce\x27\xe1\xa8\x31\xda\xca\x24\x9c\x6c\x8c\x8a\xf9\xf5\x0e\x79\x3b\x7f\x86\xa9\x71\xeb\x6e\xa8\xac\x68\xfe\x06\x46\xce\xd0\x18\x57\x75\xd7\x1a\xec\xe7\x9e\x93\xcd\xeb\x67\xee\x01\xe9\x31\xc3\x45\xa2\x3e\xe4\xa6\x12\xe1\x31\xda\x8b\x80\xac\x0a\xd8\x45\xa4\xe2\x71\x2c\xc4\x3b\x24\x4d\xf2\x2d\xf8\x22\xb2\xb3\x36\xd8\xab\x18\x58\x8b\x60\x75\x26\xa1\xe5\x95\x1f\xe7\x39\x3d\x5c\xbe\xf8\x6c\x42\x98\x8f\x3e\x8b\x5f\xb0\xde\x54\xc9\xaa\xbe\x6a\xe7\xc1\x3c\xec\x05\x06\xae\x83\x7b\x79\x55\x39\xd4\x12\xfe\x96\xe4\xc5\x46\xa7\xd9\xc9\xd2\x83\x0e\xd1\x63\xfb\xc2\x0a\xab\x88\x4f\x5b\x11\x59\xa6\xab\x62\xd2\x66\xb2\xc3\x25\x97\xcc\x06\x68\x5b\x78\x9b\x80\xf8\xd2\x66\x4c\x87\xf0\x99\x56\xa2\x9d\xcd\x3f\xc0\xe9\xba\x35\xd6\x68\x59\x0e\x0d\xcf\xbc\xbb\x61\x85\xe1\xe8\x70\x32\x4f\x22\xb1\x67\xa2\x20\x4e\x27\x1e\xff\x9d\xcb\xb3\x6c\x1f\x52\xcf\x2f\xe3\x76\x04\x61\x26\xcd\x24\xde\x4b\x8d\x8e\x9e\x36\x7e\x17\x17\x9a\xbb\x59\xd2\x6c\xde\xe7\x5c\xea\xb9\x3d\x2b\x24\x00\xf7\x08\x65\x42\xd9\x57\xbc\x80\xda\x10\x69\xc5\xf7\x51\x8e\x86\x08\xfa\xe3\xf9\x48\xcb\x7c\x27\x2f\x7e\x36\x0d\xa0\xfb\x84\xaa\x23\x30\xf9\x96\x08\x83\x10\xc7\xe4\x23\x79\xcc\x78\x37\xb8\x5a\x64\x6c\x44\xd1\x53\xbe\xd8\xeb\x8f\x95\xbc\x3d\x54\x11\xe3\x3e\xc8\x32\xab\x81\x56\x92\x3c\x73\x24\xdf\xc4\x33\x86\xd3\x41\x9d\x36\x60\x3f\x69\x9a\x32\x1f\xd6\x1f\xc9\xf9\x76\x5a\x2a\x64\xb1\x6d\x47\xe0\x87\x0e\x19\x71\x23\x1d\xc6\x16\x64\x70\x28\xc4\xb3\x5b\xea\x6e\x59\xdb\xdb\xe9\xa2\x9a\x5f\x46\x38\x9e\xcb\x65\x57\x11\xe9\x0f\x49\xa9\x8c\x02\x14\x93\xdf\x41\x17\x74\x66\xf0\x25\x89\x33\x9a\x40\xb3\xb4\x86\xa2\x5c\xca\xda\x3c\xaa\xe4\x96\x31\x4a\x5a\x2b\x54\xa1\x1c\xf6\xfb\x7e\x87\xd8\x4d\x01\xea\x85\x3e\x97\x0c\xf1\x8a\x1b\x53\xdb\x5d\x15\x63\x75\xab\xe4\x1a\xd6\x86\xa4\xb4\xb4\xc2\x47\x5a\x31\xec\xdf\xe5\xf2\x2b\xa5\x1f\x66\x6d\x22\xe6\xc7\x43\x4c\x72\x2c\x75\x65\xee\xb5\x34\x6e\xec\xd1\xe2\x55\x57\x72\x21\x66\xac\x7e\x50\x92\x9f\xef\xbb\x3f\x29\x99\xd1\x52\x93\x8f\x7f\x3c\xec\x1d\xef\xe5\xa0\x97\xa5\xf3\xa7\x59\x32\xce\x2c\x03\x64\xec\xaf\x5f\xfb\xa0\x84\xf9\x76\xb5\xd1\xce\x16\xe8\xfb\x4d\x12\x34\x8a\x6f\xd1\x67\x11\x7f\x08\x0a\x89\xf5\x4e\xbe\x8b\xdc\x10\xed\x4d\x34\xdf\x56\x80\x42\xdd\xc1\x03\xd0\x2d\x13\xb6\xaf\x17\x80\x7f\x27\x60\x09\x11\x23\x26\x3c\x3a\x00\xd2\xd6\x9e\x57\x14\x5f\x8a\x2d\xe9\xeb\x50\xeb\xe8\x9a\x3e\xfa\xc5\x3a\xb7\x3a\x57\x74\x40\x70\xa5\x14\x0e\x0e\x4e\x25\x03\x0e\xdb\xeb\xe8\x33\x41\xfd\xc5\x45\xab\x2b\x4a\xa8\xa0\xfe\xb0\x96\x32\xd8\x4e\xf0\x11\x62\xd9\x3d\x0d\x8f\xa9\x51\x0f\x59\x7e\xa2\x00\x32\xe1\x94\xdf\x44\x4a\x83\x96\x0b\x99\x65\x8d\x07\x6f\xe3\xbc\xcd\xe9\x03\xfb\x30\x47\x1f\xd0\x00\xfb\xcd\x42\x01\xa6\x29\x36\xc7\xc7\x18\x40\x53\x94\xe6\x61\x2d\xdd\x77\xe4\x15\xef\x88\x79\xa2\x76\x1f\x66\x78\xee\x0e\x23\xf4\xa1\x39\x8c\x83\xda\x95\x9e\x97\x23\x6c\x67\xb0\xbc\x39\x71\x7d\xfd\x9c\xb3\x08\xa2\x13\x43\xc8\x3d\x43\xf2\x4e\xa7\x0a\x10\x40\xa9\x8f\xb1\x95\x8d\xe1\xa3\x5a\x27\xed\x76\xc7\xc7\xec\x82\xae\x3a\x01\xb3\xca\x53\xb1\x18\x89\x2f\x20\x45\xa5\x74\x7d\xe1\x4c\x54\xa9\x9b\x43\x8e\x85\xab\x2a\xf9\x3e\xf1\x51\xa3\x9e\xe0\x15\x7c\x6c\x9d\x0e\x4e\x1f\xf5\xb3\xc6\xff\x6a\xb0\x73\x9f\xf9\x52\x42\x21\xc6\xb6\x75\xbb\x88\x4b\xbe\x64\xa6\x21\x41\x59\x2c\x8c\xc9\x97\x60\xf1\x7a\xbc\x44\x70\x6f\xf3\x7e\x31\x3c\x75\x53\xdf\xf3\x4c\xf6\x49\xe0\x56\xa0\x5c\xf6\x2c\xb3\x79\xa6\x4c\x4b\x3e\x54\x9e\xb1\xc5\x72\xb9\x17\xea\x71\x5a\xb1\xe7\xcc\x69\x15\x45\xd5\x09\x28\x13\xbf\x3e\xf2\xcd\x9f\xf9\x14\xaf\x31\xc1\x4b\xb5\x7d\xd4\x06\xa0\xb4\x89\x16\xd5\xce\xe2\x7b\x0d\x79\xec\x74\x29\x62\x57\x48\x9c\x83\x5b\xba\x62\xd2\xe4\xf8\x95\x73\xa1\x21\x30\x08\x76\xca\x46\x11\xd8\x06\x6d\x76\xb3\xe7\x9e\x1d\x36\x13\x2c\xc8\xd6\xb9\x9e\xeb\xae\xac\xef\x78\x6a\x59\x8d\x6d\xbb\x43\xaf\xc4\x2e\x54\x15\x42\x43\x60\x97\x07\x31\xb2\x73\x73\x6b\x06\x2a\x27\x53\xd1\x0f\x7a\xa0\xf6\xc0\x82\xfe\x2d\x80\xea\x11\x2b\xea\x0a\x05\xa9\xb5\x48\x8e\xf1\x89\x05\x7c\x48\x42\x9a\x5e\xd4\xd0\xc3\x36\x3b\x7e\x6d\xfa\x25\x2c\xd8\x86\xec\x7f\x51\xbc\x9e\xef\x81\xc1\x03\x17\x86\xb2\x6b\xd6\xf4\x68\xa0\x2b\x4d\x6a\x49\x4d\x88\x76\xab\x98\x60\x84\xfc\x73\xb5\x84\xc1\x61\x9b\x70\xfc\x68\x25\xa2\xab\x85\xc9\xcd\x1d\xb8\x1c\x83\x5a\x45\x2c\x01\xb4\x43\x8a\x28\x51\xb8\xe4\xd5\xc4\xa9\x67\x89\x46\xc4\xe2\x5f\x7f\xdf\x45\x6d\xc7\xe6\x1d\xe3\xdd\x6f\x13\x02\xb0\x19\x4d\xb7\xbe\x1b\x41\xfd\x06\x4c\xc3\x5d\x11\x9c\xe2\x91\x59\x2a\xaf\x8d\x07\xf2\xce\xae\x8b\x20\xe3\xb1\xa9\x33\xec\x75\x69\x9f\x96\x96\x32\xec\xd6\xfa\x91\x59\x1e\xa5\x87\x44\xed\xd5\x46\x60\x46\xc8\x09\x99\x3f\x4c\xbf\xfa\xe1\xd5\x27\xed\x1b\xb2\x2d\x9e\x1e\x02\x29\x5d\x35\x86\xde\x90\x95\x02\x47\xa1\xb1\xdf\xcf\xc9\x41\x59\x42\xf4\x6c\x3f\x19\x4c\x6c\xb0\x6e\x70\x11\xe9\x64\x78\xbc\xd3\xaa\x33\x54\x2e\xb2\x04\x47\xe4\xaf\xa5\xc4\x8b\x13\x72\xcb\x07\x21\x63\x18\xb0\x71\xf8\x98\xb0\xe8\x63\x2a\xd0\xdf\x9a\xfe\x12\xcf\x52\xbe\x13\x54\x57\x24\x1e\x2e\x49\xca\x49\x2f\x77\xb8\x1e\x96\x50\xd2\xc8\x52\x82\xa6\xac\x78\x44\xb1\x94\x60\x07\xbe\xf7\xa0\xd5\x3b\x1a\x5e\x28\x57\x49\xc0\xd2\x1d\xe5\xc1\x92\xc6\x31\x69\x6d\x36\x50\x3d\xaa\x61\x2a\xc7\x0e\x30\xd3\xb7\x34\x9e\x21\xbc\x99\xbd\xc4\xc3\xa9\x41\xbd\x7a\x33\xef\x35\xbb\x35\x12\xae\x98\x26\xc4\x6d\x8c\x9a\x21\xda\x27\x73\x92\x1b\xfd\xaf\x6f\xbf\x64\x9d\xa2\xb2\x25\x86\x1b\x67\x64\x40\x25\x83\x34\x16\x7f\x9d\x7e\xb1\xe0\x3d\x30\xf3\xcc\x27\x9d\x01\xec\x5a\xd7\xee\xcf\xf2\x9f\x29\x6e\xf6\x03\x55\xc8\xc1\x3e\x04\x5c\x8a\xc9\x78\x05\xd0\x66\xf8\x1c\xf4\xc8\x59\xfe\xdb\xe7\x41\xbc\x27\x37\xce\xa8\x91\xd9\x5c\x9c\x69\xf2\x1a\xa5\x8e\xdc\xa2\x72\xde\xc6\x0c\x3e\x77\xab\xaf\x59\x73\x08\xe0\x79\x13\x58\x4e\x43\x57\x86\xb9\xff\x40\x1a\x4c\xbb\x05\x03\x35\xb5\x6a\x20\xe6\x52\xc1\xd3\x6f\xf7\x4b\x8e\xf2\xf5\x95\x78\x59\x4c\xd9\x73\xb7\x94\x30\x11\x0b\x3e\x94\x38\x35\x40\x62\x88\xf9\xa2\x0d\x0d\x64\x9d\xc5\x63\x0b\xc5\x07\x11\xfe\xd1\x06\xf3\x25\xbe\x5f\xce\x20\xff\x76\x72\xdf\xdb\xe1\x4d\xf6\x6d\x40\xc4\x30\x37\x8b\x7d\x88\x5c\x3e\x7f\x11\x5b\x49\xc8\x4d\x26\xc4\xb3\x09\xe1\x3a\xf4\xfd\x2b\x45\x56\xa9\x64\x2c\x48\xf8\xa8\x1b\x64\xd5\xdd\x60\x0f\x4b\x29\xaa\x2a\xd3\xa8\xdf\x28\xa8\x4b\x05\x60\x70\x00\x5e\xb7\x37\x86\x05\x83\xdf\xc8\xda\x5e\x31\x44\xf0\xef\x29\x58\x0d\x19\x40\x79\x8a\x61\x24\xef\xe2\xd1\x80\xc8\x11\xda\x06\xed\xa2\x54\x81\x65\xa2\xa8\x2e\xa0\x18\xd8\xc0\x7a\x96\x7c\x06\x3b\x17\x9b\xa9\x71\xc0\x9c\xe7\xc1\x9b\xa9\x6e\xa3\x4c\x67\x6e\x14\x0c\xf0\x6a\xbd\x6d\xc6\xce\x75\x54\x6e\x42\xe7\x1b\xbb\x9e\xee\xf1\x54\x75\x88\xd9\xd9\x28\xaa\x6e\xe2\x21\xeb\x72\x0d\x8a\x07\x33\x98\x32\x6c\xfc\xb6\x16\xe3\x4e\x1d\xee\x6f\xc8\x8c\x29\xdd\xfb\x4e\x9c\xc5\x7e\x89\xd3\x3f\xa4\xf9\xff\xfe\x48\xef\xbb\xe7\xc2\x47\xf8\x25\xcc\x24\xf3\x0d\xf2\xba\x35\xd7\xaa\x2c\xed\xb5\x3d\xbd\xc0\xd8\x8a\x1c\x68\x19\x7f\x1f\x5f\xba\x83\xec\x21\x18\x92\xd9\x34\xe8\x03\xdb\x21\x26\xb6\x67\xd0\xf0\xfb\xe2\x3b\xb6\x5e\x76\x55\x49\xee\x5b\xc1\x98\x45\x87\x07\xe4\xcc\x82\x6c\xaa\x4c\x40\xf9\xda\x06\x64\xf9\xa1\xf7\xf4\xe7\xf8\x63\x60\x12\xca\x46\xa3\xbb\xf5\x45\xd6\xb8\xa7\xe5\x7b\x8c\x43\x2c\x3a\xa5\x06\x5e\x78\x98\x3a\x8a\xdd\x9e\x14\x85\xa6\xfd\xd4\x05\x54\x49\x0c\x29\xdc\xa6\xdd\xfa\x0f\x98\x03\xa6\x21\xb4\x38\xc1\x68\xd1\x86\x4b\xd0\x21\x34\x8e\x22\xe6\xa6\x52\x13\x7d\xd7\xfd\x0a\xa8\x54\xb0\x03\x7c\xc2\x99\x77\x4f\xe6\xea\x3e\x76\xe2\xb5\xe8\x88\xd9\x40\x71\x44\x11\x59\x25\x60\x37\xbf\x35\x8f\x94\x1d\x69\xfe\x24\x1b\xeb\x1e\xca\x95\x1a\x60\x4d\x37\x68\xab\x88\xcc\x18\x23\xb3\xb4\x5b\x4c\x3e\xd1\xc7\x5a\xde\x61\x70\xe5\x88\x02\x74\xbe\xb7\xd5\xdf\x0d\x4f\x7f\xff\x8c\x00\xdf\xc2\xa4\x93\x25\xc6\x1d\xc8\xb5\x00\x84\x49\x40\x0d\x78\x4a\x66\x08\x9f\xe5\xae\x1c\x4f\x47\x82\x67\x87\x68\x28\x32\xc8\xc5\x7b\x74\xe1\x5c\xfc\x63\xad\x03\x05\x6e\xe0\xb8\xc2\x2e\xf8\x92\xa3\x42\x9b\xb1\x24\xcf\x0a\x22\x4c\x03\x6c\x7c\x59\xe3\xa3\x90\x8c\xa4\x9b\x72\x08\x9e\xf8\x15\x53\x3f\xaa\x1a\xaf\x78\xec\x5a\xb8\xa9\x8e\x56\xbd\xd8\xb4\xe2\x57\x97\x35\xbe\xb2\x7b\xe0\xf1\x8c\xae\x83\xc4\xb8\x54\xe1\x17\x9d\x9f\x32\x7d\x81\xbd\x03\x52\x72\xa1\x24\x71\xd6\xe7\x28\xfb\x87\xee\xb2\xd8\xa1\x12\xa2\x70\x4c\xa6\x4d\x5b\x00\x44\xd9\x26\x22\x94\xe6\x13\x7b\xff\xd6\xf9\xc2\x31\x37\x92\x46\x61\xef\x10\x27\x44\xcb\x5a\x0e\xf9\xd5\xea\xa3\x78\x9c\x93\x4c\x5e\xa1\x23\x7f\xe0\x71\xd6\xee\x06\x4d\x2c\x3c\xdc\x62\x17\xc1\xba\x0b\xde\x93\xb0\x6e\xe6\x98\x99\xe7\xee\xb8\x50\xe5\x83\xcb\x23\xc9\x07\x22\xd0\x02\xf2\x34\x79\x53\x31\x34\xe1\xab\xb6\xa6\xe6\x20\x13\x57\xc8\xce\x82\x90\x6b\x81\xa9\xff\x0d\x5b\x54\x47\x26\x4a\x39\x18\x18\x16\x64\x21\x3e\x7e\x8d\x95\x30\x11\xc6\xed\xa2\xf6\x83\xc2\xff\x85\xf6\x68\xa5\x6f\x3a\x07\x0a\xbc\xea\xe9\x72\x74\x1c\x6e\x0c\x65\x13\xd3\x5e\xc8\x66\x5e\x11\x06\x94\x83\x4e\x1e\x2b\xe2\xf6\x79\x0f\xab\x65\xfd\x5b\x1b\xe7\xd0\xb1\xc0\xb4\x0a\xf1\x9c\x03\xcc\x29\x10\x56\xd3\xe0\x9d\x3b\xee\x77\xd9\x02\x9e\xc4\x9e\xae\xdf\xa0\x54\xa9\xef\x94\x3c\x12\xe5\xe8\x19\x92\xe4\x16\x12\xb6\xc1\xd9\x42\x28\x58\xf7\xff\xcf\x8b\xb7\x2e\xa6\x8c\xe9\x69\xc8\xc8\x83\xf4\xd8\x22\x5a\x3c\xda\x94\x01\x63\x48\xdf\xe7\x7a\x8a\x03\x32\x74\xc9\x5f\x2e\x0e\x7b\x1e\x4c\x51\xe1\x32\xdc\x65\x39\x64\xb1\x06\x54\xfc\xa8\x4b\x72\x9f\x6c\x60\x91\xce\xeb\x42\x7f\x14\x7f\xfc\x94\x20\x94\x2b\x82\x7e\xf7\x87\xee\xf9\x17\xe3\xe3\x6c\x70\x2f\xe4\x19\x56\x19\x22\xeb\xba\x7e\x68\x7a\x81\xe9\x5b\x2d\xce\x35\x2f\x20\x8b\x51\x73\x68\x97\x75\x88\x14\xff\x99\xd5\x2a\x60\x31\xaf\x9f\x92\xb3\x44\xc0\x2e\x9a\x2d\x65\x57\x1f\x8d\x8a\x74\x4b\x91\x3a\xdf\xe2\xa0\x49\x48\xe3\xde\xed\x0f\xaa\xde\xc6\x48\xc8\xed\x21\x38\xac\xc0\x24\xd8\xf1\x4c\xec\x7e\x8c\xf0\x03\x58\x5f\x2f\x7f\x06\x50\xfd\xe1\x60\xa8\x91\x33\x73\x15\xbe\xf6\x11\x74\xb9\x42\x24\xae\x49\x68\xd2\x2f\xbf\x28\x42\x54\xe4\x34\x13\x19\x4f\x4b\xc1\x4d\x84\xe2\xba\xf5\x91\xc6\x24\x20\xeb\xce\xff\x8a\x22\x45\xb2\xa4\xd5\xf3\xbc\x7d\x0b\x28\x5f\x9c\x26\x07\xd3\x34\x0b\x9c\xbc\x90\xab\x7b\xee\x1b\xbe\xd9\x25\xdc\xbb\xce\x61\x44\x70\xa3\x0a\x49\x48\xc4\xbb\x90\xfc\xb6\x52\x20\xeb\xed\xb1\x68\xaf\x88\x51\x04\x21\x9b\xe8\x5c\xd7\x4a\xb9\xf5\x20\x06\x40\xd9\xce\x29\x37\xb9\xa3\x62\xb1\x7d\x4b\x6f\x41\xea\xee\x12\x08\x90\x6c\x23\x88\x62\xdc\xbf\x42\x1e\xb3\x90\x62\x4f\x01\xf2\x2b\x65\x3d\x8e\xda\xa3\xf0\xd8\x1a\xaf\xff\xe5\x37\x4a\x46\xf2\x27\xdf\xff\xe7\xa0\xea\xe7\x23\xc3\x3b\x6a\xb4\x1b\xef\xae\xfb\x6d\x62\x9f\x25\xad\x38\xc6\xf4\x87\x95\x80\x03\x4c\x57\x8d\xfd\x1c\xe9\x1b\x3f\xd2\xff\xa8\x78\xa9\x92\x32\x4a\xd1\x18\x1f\x1a\xe0\x4a\x16\x20\xad\x3a\xd5\x38\x21\xec\x57\x9f\xb2\x9e\xcc\x53\xab\x1d\x35\x01\x11\x33\xd7\xb5\x97\x15\xc2\x28\xec\x45\xd1\x66\x2c\x87\xed\x02\x87\x86\x2f\xfb\x49\x8c\xbd\x04\x10\xa3\x91\xf1\x42\x48\x9f\xe6\xe3\x69\xe3\x52\x6b\x39\xe0\x5c\x13\xc3\x57\x4b\x11\x52\x34\x1a\x23\x7e\xed\x90\x2e\xbf\x49\xb4\xb2\x54\x87\x95\xe4\x18\xc1\xe5\x7e\x01\x10\x61\x29\x8d\x3a\x9d\xbc\xf2\xc2\xca\xcc\xad\x01\x3d\x03\x12\x32\x08\xad\xdd\xbe\x99\xe9\xf5\x23\xdd\x03\x79\xdd\x53\x7a\x93\x50\x8b\x9a\xa2\x9d\x1e\x7f\x28\x6a\xa9\x98\x3e\xb5\xb5\x9c\xca\xec\xff\xc3\x14\x66\xf7\xf1\x3e\xf3\x20\xef\xa0\xc2\xfe\x39\x3b\x5a\x0f\xb2\x5e\x86\x7f\x79\x51\xa6\xe2\x56\x56\xd7\xe9\x90\x5b\xc0\x0c\x85\x5a\xd0\xf4\xb9\xc5\x5b\x33\xd9\x9f\xa1\x35\x88\x48\xc0\x37\xe6\xff\x9c\x76\x52\x37\x64\xfe\xbd\x6d\x8e\xc8\x3f\x70\x33\x8e\x7f\xf7\x28\xa5\x2c\x66\x1b\x2b\x02\x82\x38\x1d\x2c\x16\x92\x67\xb1\x1d\x4d\xc3\x83\xe6\x2a\xe6\x46\xd1\xcf\x93\x23\xb2\xd0\xcf\x3c\x56\x1f\x81\xc7\xd2\xb0\x87\x3d\x96\xba\x97\x24\x7c\xc4\x7e\x22\x2e\x22\x6a\x6d\x15\x1f\x11\xf2\xf5\x0b\x76\x7b\xac\x93\xa9\xdc\xf1\x71\x1a\xc4\x5b\x1c\x52\x8f\xa9\xa9\x44\x2f\x29\x58\x21\x8a\x02\x1f\x33\x05\xec\x03\x7d\x59\x00\x19\xdd\x4d\x83\xd3\x44\x16\x28\xe4\xad\x6a\x6c\x59\x50\x62\xc0\xa7\x82\x2d\x09\x05\x27\x83\x37\x86\xd5\xe8\xf3\x10\x02\x21\x26\x61\xf5\x00\x06\x54\x9d\xd1\xd3\xb4\x62\x45\x6e\xf1\x26\x81\x40\x73\xc0\x6b\x96\xe7\x84\x06\xb6\xd4\x49\x4d\x88\x7f\xe7\xc7\x94\xb7\x53\x99\xc2\xc1\x3f\xfb\x56\xf2\x91\xbd\x4a\x7d\x36\x15\x5d\xe7\xe0\x1f\xa3\x5b\x7b\xec\x8b\xca\xcd\x43\xc8\xbb\x6c\xa6\xf0\x9a\x15\x00\x3b\xb8\x28\x7c\xe6\x8e\x1c\xab\x70\x2c\xc3\x09\xc7\xbe\xbb\x06\x99\xab\x4d\xa8\x54\x48\xda\x0d\xb0\x34\x05\x94\xa8\xe2\xe7\xac\x83\xa3\x2d\x3e\x71\x87\xc8\xd4\x5d\x85\xb9\xfb\xa5\xa2\x99\x37\x14\x3d\x7b\x01\x17\x21\xf5\x15\xa4\x94\x5b\xbe\xfb\xe5\x54\xda\x5d\x3c\x7c\xb5\xf1\x27\xfc\x13\x79\x3f\x37\x32\xc9\x0a\x4a\x58\xea\xec\x22\xa9\x3e\xd0\x4e\x82\xe8\x34\x7c\x70\x73\x26\x43\x67\x75\xda\x4d\xf8\xad\xd3\x9f\xe4\x6f\xd4\xdc\x4f\xf6\x59\x20\x98\x45\x4e\xb8\x2b\x14\xa0\xd9\x77\xe7\xd8\xf0\x61\x0c\xc0\xf2\x51\xc7\xdf\x75\xfb\x6e\x9e\x64\x54\x5b\x28\x28\xa1\x5e\x18\x94\xd9\x58\x6c\xd6\xc8\x8f\x82\xd4\x69\xc6\x4d\x48\xb8\xcc\x38\x83\xe8\x1f\x01\x72\xd0\x89\xe8\x57\x7e\x4b\xde\x2b\x5d\x59\xe7\xb9\xc8\x35\xa7\x97\x80\x81\xdc\x00\x9c\x18\x67\xc7\xb2\x02\xe5\x54\xbb\xf4\xfe\x8c\xbc\x03\x3b\xd3\x2c\x75\xf1\x2d\xeb\x3d\x65\x33\xf4\xa8\x7e\xfd\x2f\x03\x1e\x86\x7b\x65\x89\xd1\x70\x97\x61\x20\xfa\x40\xcf\x08\x71\x5d\x56\x86\xe7\x19\xdb\x2b\x04\xfc\x95\xc8\x87\x71\x78\x58\x54\xbe\x7f\xdf\xd7\x8e\xb1\xa9\xbe\x03\x5f\x6f\x67\x4f\x9f\xa5\x08\xaa\x90\xda\x71\xd5\xba\xfd\xb4\x45\xd7\x7e\x7f\xe3\x8d\x24\x62\x5d\x42\xa2\xe0\x03\xbb\x3d\x15\x3e\xe1\xe1\x3a\xf3\x2a\xda\x0c\xf2\x08\xfa\x2f\x94\x45\x19\x1d\x55\x8e\x61\xe8\xbd\xe4\xcd\xbb\x79\x0f\x43\xbb\x96\x28\x51\x66\xfd\xe2\xa5\xac\x6a\x1d\xeb\x58\xc0\xb0\x0b\xea\x38\x81\x98\xd4\x9c\x4f\x5f\xe8\x2a\xe9\xd6\x1f\x52\x10\xa7\x25\x7d\x22\xd7\x76\xe7\x7f\xa6\x15\x45\xea\xaf\x37\x0f\x36\xc2\x8c\x75\x08\x24\x1d\x32\x71\x5f\x7e\xc2\x84\x8c\xac\x7f\x2d\x4d\xf1\x8a\x51\x2a\x32\x26\xdf\xe9\x7c\x59\x51\xd3\x13\xfc\x09\x59\x9f\xd2\x1b\xb2\x90\x02\x41\x48\x3a\x12\xff\xc5\x75\x98\xe4\xf0\x9c\xb8\x5a\xe6\x96\x2f\x27\x57\x05\x0d\xe6\xec\xce\xf0\x34\xaf\x3a\x84\xf2\x50\xcb\xf0\xea\x64\x9a\x7a\x87\xb2\x90\x1d\x4c\x6b\x3e\xa9\x32\x25\xfc\x2c\xec\x0b\x6c\x98\x04\xe4\xed\xa0\x02\xa3\xd2\x4d\xa0\xa5\x5e\x6d\x9a\x0a\xd1\x80\x72\x21\xba\xde\x6d\xa8\xe8\x4c\x86\xe3\x22\xf7\xb3\xe1\xe0\x87\x51\x5a\xef\xa1\x1d\xe3\xe1\x98\xb8\x18\x7b\x1a\xdb\x90\x4a\x53\x61\x59\x0b\x90\x91\x5b\x73\xeb\x96\x34\x2b\x1e\xd9\xe3\x4c\x5b\xb6\x8f\x81\x39\x6b\xe9\x4b\x31\xdf\x13\x6a\x65\x86\x8d\x79\x6c\x76\x22\xdd\x8e\x7f\x78\xce\x81\xd7\xdb\x24\x16\x3a\xd7\x84\xd4\x81\x5f\xf8\x17\xbf\x88\x11\xd1\x29\x3c\x7e\x88\xfe\x4d\x78\x21\x78\x31\x91\xe0\x3b\x56\x82\xae\x7c\x0d\xad\xd4\xa9\x27\x24\xaa\xfc\xe0\x24\xae\x0a\xcc\x8e\x39\xcd\x3e\xaf\x4e\xde\x02\x49\x07\xe5\x09\x77\x22\x8d\xf4\xd3\xa6\xa4\x28\x88\x6f\xb2\x4f\x9a\xa1\x53\x66\xbc\xae\x6e\xbb\x17\x51\x40\x2b\x9f\x34\xa3\x85\x40\xc0\x92\x93\x04\x7f\xe9\x43\x73\xc1\x7a\x9c\xcc\xff\x1a\x1d\xe3\x22\xef\xc3\xfe\x33\x48\x01\xaa\x76\x44\x4d\xd0\xd4\xc0\x17\xfe\xb9\xd4\x53\xeb\x35\xf2\x1e\xfe\x33\x2e\xd9\xae\x75\x57\x1c\xa5\x77\x8e\xb4\xb6\x9d\x94\xf7\x69\xdb\xf0\x8c\xaf\xa0\x7a\x7f\x42\xf1\x2f\x8f\x2a\x9e\x3e\xb6\x97\x6e\x01\x62\xc3\xf2\x34\x51\xd9\x74\xc8\x7f\x60\x63\xbd\x31\xdb\x13\x85\x81\x1b\x55\x4c\x85\x50\xba\x51\x30\xf8\x8d\x79\x7a\x8b\xab\x3e\x01\xb2\x1e\x5f\xeb\xd2\xb0\xf6\x6e\x8f\x58\x42\xc1\x04\x10\x74\x28\x42\x3a\x8c\x8d\x39\x4c\x5e\x19\xea\x71\x75\x87\xa9\x2f\xe0\x70\xe5\xb4\x9e\xc4\xaf\x4b\xc6\x32\xe2\xf3\xe8\x0f\xa6\x51\x16\xf3\x8e\x12\xd8\xa2\x18\xf4\xf2\x36\x10\x5e\x39\x08\x02\xb3\xf9\x92\x16\x50\xba\x41\x81\x77\xf8\x33\x26\x18\x61\xab\xee\xbf\xae\xc3\x19\x89\x49\x2f\x7f\x02\xd1\xb0\x62\x16\x9d\x3b\xee\x9a\xa3\x99\xd3\xdf\xa9\xf9\x8d\x48\x29\xe9\x8f\xe7\x67\x23\x6f\x5d\xd9\x81\x09\x43\x9d\x31\x99\x9c\x03\x51\x9e\xa3\x8d\xe2\x5b\x3f\xe3\x8b\x42\x0f\xbe\x45\x52\xe9\xad\xed\xb3\x07\xfd\xff\xc9\x8e\xa4\x58\x6d\x60\xee\x31\x33\x28\xc5\xb6\xc3\xff\x50\x4e\xbe\xd2\x8f\x56\x69\x80\x16\xdd\x79\x6b\x9b\x9e\x85\x0d\x79\x18\xd8\xb8", 4096); *(uint32_t*)0x10001584 = 0x1000; *(uint32_t*)0x100015cc = 1; syscall(SYS_sendfile, (intptr_t)r[0], 0xffffff9c, 8, 0x800ull, 0x100015c0, 0x10001600, 9); break; case 5: memcpy((void*)0x10001640, "\x6c\x81\x1b\xa5\x2c\x13\x9b\x40\xdc\x56\x80\xcb\x02\x75\xfd\xd4\x40\x46\x8e\x4d\xae\x07\xc7\x45\xba\x75\x8c\xb2\x66\x74\x2f\x46\x8f\xc4\x2d\xa0\x66\x9f\x60\x61\xcb\x2c\x9f\x92\x1e\x95\x34\x51\xb3\x13\x5e\x01\x74\xfe\x8e\xb1\xae\xbb\x2c\x3e\xb8\xa7\xfb\x3f\xc8\xde\xa1\x8e\x65\x2d\x01\xe7\x18\x4c\xa6\x5d\xce\x04\xf4\x67\x9a\xfe\xd2\x76\x6b\x06\x73\x49\xde\x7a\x5e\xf6\x0b\x58\x69\x92\x91\x9a\x20\x38\x2c\x0a\x1f\x20\xaf\x0c\x9c\x7f\xac\x61\xcf\x18\x38\x3e\x36\xfe\x56\x50\x2f\x5f\x26\xb8", 122); syscall(SYS_ioctl, -1, 0xc0104453, 0x10001640); break; case 6: res = syscall(SYS_freebsd10_pipe, 0x100016c0); if (res != -1) { r[1] = *(uint32_t*)0x100016c0; r[2] = *(uint32_t*)0x100016c4; } break; case 7: *(uint8_t*)0x10001700 = 0x10; *(uint8_t*)0x10001701 = 2; *(uint16_t*)0x10001702 = htobe16(0x4e23); *(uint32_t*)0x10001704 = htobe32(7); *(uint8_t*)0x10001708 = 0; *(uint8_t*)0x10001709 = 0; *(uint8_t*)0x1000170a = 0; *(uint8_t*)0x1000170b = 0; *(uint8_t*)0x1000170c = 0; *(uint8_t*)0x1000170d = 0; *(uint8_t*)0x1000170e = 0; *(uint8_t*)0x1000170f = 0; *(uint32_t*)0x10001740 = 0x10; syscall(SYS_setsockopt, (intptr_t)r[2], 0x84, 0x8002, 0x10001700, 0x10001740); break; case 8: *(uint32_t*)0x100017c0 = 4; syscall(SYS_getsockopt, -1, 0x84, 0x20, 0x10001780, 0x100017c0); break; case 9: *(uint32_t*)0x10001800 = 8; *(uint16_t*)0x10001804 = 0x1000; *(uint16_t*)0x10001806 = 0; *(uint16_t*)0x10001808 = 0x8000; *(uint16_t*)0x1000180a = 0x200; *(uint16_t*)0x1000180c = 0x4000; *(uint16_t*)0x1000180e = 0; *(uint16_t*)0x10001810 = 1; *(uint16_t*)0x10001812 = 0; *(uint32_t*)0x10001840 = 0x14; syscall(SYS_getsockopt, (intptr_t)r[1], 0x84, 0x14, 0x10001800, 0x10001840); break; case 10: memcpy((void*)0x10000000, "\xc9\x0c\x8a\x7c\x33\x7f", 6); *(uint8_t*)0x10000006 = 0xaa; *(uint8_t*)0x10000007 = 0xaa; *(uint8_t*)0x10000008 = 0xaa; *(uint8_t*)0x10000009 = 0xaa; *(uint8_t*)0x1000000a = 0xaa; *(uint8_t*)0x1000000b = 0xaa; *(uint16_t*)0x1000000c = htobe16(0x8100); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 0, 3); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 3, 1); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 4, 12); *(uint16_t*)0x10000010 = htobe16(0x800); STORE_BY_BITMASK(uint8_t, , 0x10000012, 0x1c, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x10000012, 4, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x10000013, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x10000013, 0, 2, 6); *(uint16_t*)0x10000014 = htobe16(0x81); *(uint16_t*)0x10000016 = htobe16(0x65); *(uint16_t*)0x10000018 = htobe16(5); *(uint8_t*)0x1000001a = 1; *(uint8_t*)0x1000001b = 0x46; *(uint16_t*)0x1000001c = htobe16(0); *(uint32_t*)0x1000001e = htobe32(-1); *(uint8_t*)0x10000022 = 0xac; *(uint8_t*)0x10000023 = 0x14; *(uint8_t*)0x10000024 = 0; *(uint8_t*)0x10000025 = 0xbb; *(uint8_t*)0x10000026 = 0; *(uint8_t*)0x10000027 = 0x44; *(uint8_t*)0x10000028 = 0xc; *(uint8_t*)0x10000029 = 5; STORE_BY_BITMASK(uint8_t, , 0x1000002a, 0, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x1000002a, 3, 4, 4); *(uint32_t*)0x1000002b = htobe32(9); *(uint32_t*)0x1000002f = htobe32(4); *(uint8_t*)0x10000033 = 0x83; *(uint8_t*)0x10000034 = 0xb; *(uint8_t*)0x10000035 = 6; *(uint32_t*)0x10000036 = htobe32(0xe0000001); *(uint32_t*)0x1000003a = htobe32(-1); *(uint8_t*)0x1000003e = 0; *(uint8_t*)0x1000003f = 4; memcpy((void*)0x10000040, "\xa4\xd4", 2); *(uint8_t*)0x10000042 = 0x89; *(uint8_t*)0x10000043 = 0x13; *(uint8_t*)0x10000044 = 4; *(uint8_t*)0x10000045 = 0xac; *(uint8_t*)0x10000046 = 0x14; *(uint8_t*)0x10000047 = 0; *(uint8_t*)0x10000048 = 0xbb; *(uint32_t*)0x10000049 = htobe32(-1); *(uint8_t*)0x1000004d = 0xac; *(uint8_t*)0x1000004e = 0x14; *(uint8_t*)0x1000004f = 0; *(uint8_t*)0x10000050 = 0xbb; *(uint32_t*)0x10000051 = htobe32(0); *(uint8_t*)0x10000055 = 0x94; *(uint8_t*)0x10000056 = 6; *(uint32_t*)0x10000057 = htobe32(9); *(uint8_t*)0x1000005b = 0x94; *(uint8_t*)0x1000005c = 6; *(uint32_t*)0x1000005d = htobe32(0x80000001); *(uint8_t*)0x10000061 = 1; *(uint8_t*)0x10000062 = 0x83; *(uint8_t*)0x10000063 = 0x1f; *(uint8_t*)0x10000064 = 2; *(uint32_t*)0x10000065 = htobe32(0xe0000002); *(uint32_t*)0x10000069 = htobe32(0xe0000001); *(uint32_t*)0x1000006d = htobe32(0x7f000001); *(uint32_t*)0x10000071 = htobe32(0); *(uint32_t*)0x10000075 = htobe32(0x7f000001); *(uint32_t*)0x10000079 = htobe32(0x7f000001); *(uint32_t*)0x1000007d = htobe32(0xe0000001); memcpy((void*)0x10000082, "\x8d\x86\x2d\x09\x9b\x6b\xb2\xba\x6a\xea\xa6\xab\xd3\xe9\xd5\x82\xc9", 17); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x10000012, 112); *(uint16_t*)0x1000001c = csum_inet_digest(&csum_1); break; case 11: memcpy((void*)0x100000c0, "\xc4\xe1\xf5\xf3\x7b\x05\xc4\xc2\xf5\x47\x52\x5a\x80\x8f\x4e\x00\x00\x00\x00\x66\x0f\x38\x1d\xbc\x60\x07\x00\x00\x00\xc4\xe2\xad\x91\x74\xae\x7e\x81\xfe\x00\x00\x00\x00\x8f\xe9\xa0\x99\xd8\xe4\xff\xc4\xc1\x93\x5c\x17\xc4\xc3\xe1\x41\xae\x2f\x10\x9d\xc2\xd8", 64); syz_execute_func(0x100000c0); break; case 12: break; } } int main(void) { syscall(SYS_mmap, 0x10000000, 0x1000000, 7, 0x1012, -1, 0); use_temporary_dir(); do_sandbox_none(); return 0; } :362:17: error: use of undeclared identifier 'SYS_shm_open2' res = syscall(SYS_shm_open2, 0x10000240, 0x800, 0, 7, 0x10000280); ^ 1 error generated. compiler invocation: clang [-o /tmp/syz-executor414676226 -DGOOS_freebsd=1 -DGOARCH_386=1 -DHOSTGOOS_freebsd=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static -lc++ -Wno-overflow] --- FAIL: TestGenerate/freebsd/386/0 (1.64s) csource_test.go:123: opts: {Threaded:false Collide:false Repeat:true RepeatTimes:0 Procs:0 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: setsockopt$inet_opts(0xffffffffffffff9c, 0x0, 0x0, &(0x7f0000000000)="ec04a904b9d2ea02fab2df1d9de39f3f5aa2344397e186204d39d74da156e7c6cd98195b7b83c652b06b6222bdef3363961bf47e9b530fbf65bae3607b60941e2715bd678fcebc5524bcefd3184d", 0x4e) ioctl$DIOCSETIFFLAG(0xffffffffffffffff, 0xc0284459, &(0x7f0000000180)={0x10, &(0x7f0000000080)="de11c2a774191d70f51e7c3e375c2814ac72c2d5d0404a2e3d5baf92161f3b451efe9c4c79d7660668f6073e2f76c5f2145195e8c1a4ec34b6f69c1b582768207b28a979f05adc14a3357fe7c493fc81a9177524631bb209be637f8695747fa7cf1c68ac691f169c1b8fb67d7a3776ddfc620ffbe6831f74d2f2d089a4ffecf510a99702258c58ea9e871d4f4ab9a347aabdbb03585b37b5c79436c0c1160a5876b61bbf0c814bb49a27a36082df13cb2f9de2f942b6ac7e158880cfc03cfdccca9fc0f2347eb543a343b4c92707fe736a86a35d58e26f6fd2e9ec8f82", 0x7, 0x5a764000, 0x6}) recvfrom$inet6(0xffffffffffffff9c, &(0x7f00000001c0)=""/23, 0x17, 0x2, &(0x7f0000000200)={0x1c, 0x1c, 0x3, 0x6, @loopback, 0x2d99}, 0x1c) r0 = shm_open2(&(0x7f0000000240)='./file0\x00', 0x800, 0x0, 0x7, &(0x7f0000000280)='\x00') sendfile(r0, 0xffffffffffffff9c, 0x8, 0x800, &(0x7f00000015c0)={&(0x7f0000000540)=[{&(0x7f00000002c0)="efacade58ab0192351a102ada32ad1f41e429edf6c4a513ac6d669cadb222eb68297ab8f9f7b3234d0c6cfa280ad14dc1c4c34175119446d79a030d48b57304eb90b428c202382d86cd71e9c1ecc8d3e2d764aae3714cb591eb027e46943e23eb7656875867e603cf13892a74c42bb1844c27f7f454f9661f1dbb35004ada4d6d75b1df342e967493d207d6b8b4edcbf9d1e378445573684ed139b671abf6576edf8d7342cd8649d376970acbde224a7b0b6a975a8ba0a768ed6abe16c1b694f65dd4231f48c2884", 0xc8}, {&(0x7f00000003c0)="a6e4fe186c760ac2ebbcf9efda5e22e2df6f153fccda1c16976037d03ee004c3fbba5d35b6c083130fc705f95889ba6adbe5e3a7a5e70136a0ca085b7e504d0df55fe184a9bd7a82", 0x48}, {&(0x7f0000000440)="c7e00030b3c4541743ee6513", 0xc}, {&(0x7f0000000480)="a4a67a4e72492b9fab6379e4c0f35b22b69b6e7aefc56beefa857ae28543", 0x1e}, {&(0x7f00000004c0)="8f095f8df1c6bc4dfc1d826f02dfa7794bebf9e7ffc7160f276a53d1abc996fca8c8dbc7c79c09cd5f954775c9e8fc1cf2e0e3c054fb54b662d1b45f5235fdbf860c3fed3dc34ceb30c44baa4ded7de7e9533f4dca146db0db35a93ba654d49011d9cb98d1576b731b9c2bb58c0df4edee6ef5ae1f8b6bc9646f5b4ade4dd52a", 0x80}], 0x5, &(0x7f0000001580)=[{&(0x7f0000000580)="8edaafd215ce7b65c301b4c92651648d0898187ccdb01a4d76b5e301ed4dc9a8863dc7f7ae3bad050227e374a16898e6004c8414847ad74972edac24dc8af73efdef3cfa98e46ff109f6639f4f1417146e2a2c1834c974f3e464ef4b9c88085227ad382c926de3191e689632fad2e80be97123084f70ff095d026a80f01d73752db200c3609bc6e8bbc9187cb85a6519bafc4f15ecca30558d8fc19c9c8cfb94a2f1e70345adf2b01814e7376e9f4492a3bf3883e22df30568632f51c3a6b363d5a968937e1ee977a34f412d00ad70c1c91a7c39ead08d366e10ffc0552b5deae8e1fbee08abf3eade68a0ea2f89f27c3b9a4eb1d202932a128b552adfa688556cce27e1a831daca249c6c8c8af9f50e793b7f86a971eb6ea8ac68fe0646ced0185775d71aece79e93cdeb67ee01e931c345a23ee4a612e131da8b80ac0ad845a4e2712cc43b244df22df822b2b336d8ab18588b607526a1e5951fe7393d5cbef86c42988f3e8b5fb0de54c9aabe6ae7c13cec0506ae837b795539d412fe96e4c546a7d9c9d2830ed163fbc20aab884f5b1159a6ab62d266b2c32597cc06685b789b80f8d2664c87f09956a29dcd3fc0e9ba35d668590e0dcfbcbb6185e1e870324f22b167a2204e271eff9dcbb36c1f52cf2fe376046126cd24de4b8d8e9e367e17179abb59d26cdee75ceab93d2b2400f7086542d957bc80da1069c5f7518e8608fae3f948cb7c272f7e360da0fb84aa2330f996088310c7e42379cc7837b85a646c44d153bed8eb8f95bc3d5411e33ec832ab8156923c7324dfc43386d3419d36603f699a321fd61fc9f9765a2a64b16d47e0870e1971231dc616647028c4b35bea6e59dbdbe9a29a5f46389ecb655711e90f49a98c021493df41177466f02589339a40b3b486a25ccada3caae496314a5a2b54a11cf6fb7e87d84d01ea853e970cf18a1b53db5d156375abe41ad686a4b4b4c2475a31ecdfe5f22ba51f666d22e6c7434c722c7565eeb5346eecd1e25557722166ac7e50929fefbb3f2999d152938f7f3cec1defe5a097a5f3a75932ce2c0364ecaf5ffba084f976b5d1ce16e8fb4d12348a6fd167117f080a89f54ebe8bdc10ed4d34df568042ddc103d02d13b6af17807f2760091123263c3a00d2d69e57145f8a2de9eb50ebe89a3efac53ab73a57744070a5140e0e4e25030edbebe83341fdc545ab2b4aa8a0feb09632d84ef01162d93d0d8fa9510f597ea20032e194df444a83960b99658d076fe3bccde903fb30471fd000fbcd4201a62936c7c718405394e6612ddd77e415ef8879a2761f6678ee0e23f4a1398c83da959e97236c67b0bc39717dfd9cb308a21343c83d43f24ea70a1040a98fb1958de1a35a27ed76c7c7ec82ae3a01b3ca53b118892f2045a5747de14c54a99b438e85ab2af93ef151a39ee0157c6c9d0e4e1ff5b3c6ff6ab0739ff9524221c6b675bb884bbe64a62141592c8cc99760f17abc44706ff37e313c7553dff34cf649e056a05cf62cb379a64c4b3e549eb1c572b917ea715ab1e7cc691545d5092813bf3ef2cd9ff914af31c14bb57dd406a0b48916d5cee27b0d79ec74296257489c835bba62d2e4f89573a121300876ca4611d8066d76b3e79e1d36132cc8d6b99eebaeacef786a598d6dbb43afc42e5415424360970731b273736b062a2753d10f7aa0f6c082fe2d80ea112bea0a05a9b5488ef189057c48429a5ed4d0c3363b7e6dfa252cd886ec7f51bc9eef81c1031786b26bd6f468a02b4d6a494d8876ab986084fc73b584c1619b70fc6825a2ab85c9cd1db81c835a452c01b4438a2851b8e4d5c4a9678946c4e25f7fdf456dc7e61de3dd6f1302b0194db7be1b41fd064cc35d119ce291592aaf8d07f2ceae8b20e3b1a933ec75699f969632ecd6fa91591ea58744edd5466046c809993f4cbffae1d527ed1bb22d9e1e02295d3586de90950247a1b1dfcfc9415942f46c3f194c6cb06e7011e96478bcd3aa33542eb20447e4afa5c48b1372cb07216318b071f898b0e8632ad0df9afe12cf52be135457241e2e49ca492f77b81e9650d2c85282a6ac7844b1946007bef7a0d53b1a5e285749c0d21de5c192c631696d36503daa612ac70e30d3b7349e21bc99bdc4c3a941bd7a33ef35bb3512ae9826c46d8c9a21da2773921bfdaf6fbf649da2b225861b676440258334167f9d7eb1e03d30f3cc279d01ec5ad7eecff29f296ef60355c8c13e045c8ac97805d066f81cf4c859fedbe741bc2737cea891d95c9c69f21aa58edca272dec60c3e77abaf597308e07913584e435786b9ff401a4cbb050335b56a20e652c1d36ff74b8ef2f59578594cd973b79430110b3e943835406288f9a20d0d649dc5630bc50711fed106f325be5fce20ff7672dfdbe14df66d40c430378b7d885c3e7f115b49c84d26c4b309e13af4fd2b4556a9642c48f8a81b64d5dd600f4b29aa2ad3a8df28a84b056070005eb737860583dfc8da5e3144f0ef29580d1940798a6124efe2d180c811da06eda2548165a2a82ea018d8c07a967c063b179ba971c09ce7c19ba96ea34c676e140cf06abd6dc6ce75546e42e71bbb9eeef1547588d9d928aa6ee221eb720d8a073398326cfcb616e34e1dee6fc88c29ddfb4e9cc57e89d33fa4f9fffe48efbbe7c247f825cc24f30df2ba35d7aa2cedb53dbdc0d88a1c68197f1f5fba83ec211892d934e803db2126b667d0f0fbe23bb65e765549ee5bc198458707e4cc826caa4c40f9da0664f9a1f7f4e7f8636012ca46a3bbf545d6b8a7e57b8c432c3aa5065e78983a8add9e1485a6fdd40554490c29dca6ddfa0f9803a621b438c168d1864bd021348e22e6a652137dd7fd0aa854b0037cc299774fe6ea3e76e2b5e888d94071441159256037bf358f941d69fe241beb1eca951a604d3768ab88cc1823b3b45b4c3ed1c75ade6170e5880274beb7d5df0d4f7fff8c00dfc2a49325c61dc8b5008449400d784a66089fe5ae1c4f47826787682832c8c57b74e15cfc63ad03056ee0b8c22ef892a3429bb124cf0a224c036c7c59e3a3908ca49b72089ef815533faa1aaf78ec5ab8a98e56bdd8b4e2579735beb27be0f18cae83c4b854e1179d9f327d81bd035272a12471d6e728fb87eeb2d8a112a2704ca64d5b0044d9262294e6137bffd6f9c23137924661ef102744cb5a0ef9d5eaa3789c934c5ea1237fe071d6ee064d2c3cdc6217c1ba0bde93b06ee69899e7eeb850e583cb23c90722d002f23479533134e1abb6a6e6201357c8ce82906b81a9ff0d5b5447264a3918181664213e7e8d953011c6eda2f683c2ff85f668a56f3a070abceae972741c6e0c6513d35ec8665e110694834e1e2be2f6790fab65fd5b1be7d0b1c0b40af19c03cc291056d3e09d3bee77d9029ec49eaedfa054a9ef943c12e5e81992e41612b6c1d9422858f7ffcf8bb72ea68ce969c8c883f4d8225a3cda94016348dfe77a8a033274c95f2e0e7b1e4c51e132dc653964b10654fca84b729f6c6091ceeb427f147ffc9420942b827ef787eef917e3e36c702fe419561922ebba7e687a81e95b2dce352f208b51736897758814ff99d52a6031af9f92b344c02e9a2d65571f8d8a744b913adfe2a04948e3deed0faadec648c8ed2138acc024d8f14cec7e8cf003585f2f7f0650fde160a891337315bef61174b94224ae4968d22fbf284254e43413194f4bc14d84e2baf591c62420ebceff8a2245b2a4d5f3bc7d0b285f9c2607d3340b9cbc90ab7bee1bbed925dcbbce614470a30a4948c4bb90fcb65220ebedb168af885104219be85cd74ab9f5200640d9ce2937b9a362b17d4b6f41eaee1208906c238862dcbf421eb390624f01f22b653d8edaa3f0d81aafffe5374a46f227dfffe7a0eae723c33b6ab41befaefb6d629f25ad38c6f4879580034c578dfd1ce91b3fd2ffa878a992324ad1181f1ae04a1620ad3ad53821ec579fb29ecc53ab1d35011133d7b59715c228ec45d1662c87ed0287862ffb498cbd0410a391f142489fe6e369e3526b39e05c13c3574b1152341a237eed902ebf49b4b2548795e418c1e57e011061298d3a9dbcf2c2caccad013d03123208adddbe99e9f523dd0379dd537a93508b9aa29d1e7f286aa9983eb5b59ccaecffc31466f7f13ef320efa0c2fe393b5a0fb25e867f7951a6e25656d7e9905bc00c855ad0f4b9c55b33d99fa1358848c037e6ff9c76523764febd6d8ec83f70338e7ff728a52c661b2b0282381d2c169267b11d4dc383e62ae646d1cf9323b2d0cf3c561f81c7d2b0873d96ba97247cc47e222e226a6d151f11f2f50b767bac93a9dcf1711ac45b1c528fa9a9442f2958218a021f3305ec037d590019dd4d83d3441628e4ad6a6c595062c0a7822d090527833786d5e8f31002212661f50006549dd1d3b462456ef126814073c06b96e78406b6d4494d887fe7c794b75399c2c13ffb56f291bd4a7d36155de7e01fa35b7bec8bcacd43c8bb6ca6f09a15003bb8287ce68e1cab702cc309c7bebb0699ab4da85448da0db0340594a8e2e7ac83a32d3e7187c8d45d85b9fba5a29937143d7b011721f515a4945bbefbe554da5d3c7cb5f127fc13793f3732c90a4a58eaec22a93ed04e82e8347c707326436775da4df8add39fe46fd4dc4ff6592098454eb82b14a0d977e7d8f0610cc0f251c7df75fb6e9e64545b2828a15e1894d9586cd6c88f82d469c64d48b8cc3883e81f0172d089e8577e4bde2b5d59e7b9c835a7978081dc009c1867c7b202e554bbf4fe8cbc033bd32c75f12deb3d6533f4a87efd2f031e867b6589d170976120fa40cf08715d5686e719db2b04fc95c88771785854be7fdfd78eb1a9be035f6f674f9fa508aa90da71d5bafdb445d77e7fe38d24625d42a2e003bb3d153ee1e13af32ada0cf208fa2f9445191d558e61e8bde4cdbb790f43bb96285166fde2a5ac6a1deb58c0b00bea388198d49c4f5fe82ae9d61f5210a7257d22d776e77fa61545eaaf370f36c28c7508241d32715f7ec2848cac7f2d4df18a512a3226dfe97c5951d313fc09599fd21bb2900241483a12ffc57598e4f09cb85ae6962f2757050de6eccef034af3a84f250cbf0ea649a7a87b2901d4c6b3ea93225fc2cec0b6c9804e4eda002a3d24da0a55e6d9a0ad1807221bade6da8e84c86e322f7b3e1e087515aefa11de3e198b8187b1adb904a5361590b90915b73eb96342b1ed9e34c5bb68f81396be94b31df136a65868d796c7622dd8e7f78ce81d7db24163ad784d4815ff817bf8811d1293c7e88fe4d7821783191e03b5682ae7c0dadd4a92724aafce024ae0acc8e39cd3eaf4ede024907e50977228df4d3a6a428886fb24f9aa15366bcae6ebb1751402b9f34a38540c09293047fe94373c17a9cccff1a1de322efc3fe334801aa76444dd0d4c017feb9d453eb35f21efe332ed9ae75571ca5778eb4b69d94f769dbf08cafa07a7f42f12f8f2a9e3eb6976e0162c3f23451d974c87f6063bd31db1385811b554c8550ba5130f88d797a8bab3e01b21e5febd2b0f66e8f5842c104107428423a8c8d394c5e19ea717587a92fe070e5b49ec4af4bc632e2f3e80fa65116f38e12d8a218f4f236105e390802b3f9921650ba418177f833261861abeebfaec31989492f7f02d1b062169d3bee9aa399d3dfa9f98d4829e98fe767236f5dd98109439d31999c03519ea38de25b3fe38b420fbe4552e9adedb307fdffc98ea4586d60ee313328c5b6c3ff504ebed28f56698016dd796b9b9e850d7918d8b8", 0x1000}], 0x1}, &(0x7f0000001600), 0x9) ioctl$DIOCXROLLBACK(0xffffffffffffffff, 0xc0104453, &(0x7f0000001640)="6c811ba52c139b40dc5680cb0275fdd440468e4dae07c745ba758cb266742f468fc42da0669f6061cb2c9f921e953451b3135e0174fe8eb1aebb2c3eb8a7fb3fc8dea18e652d01e7184ca65dce04f4679afed2766b067349de7a5ef60b586992919a20382c0a1f20af0c9c7fac61cf18383e36fe56502f5f26b8") freebsd10_pipe(&(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_sctp_SCTP_BINDX_REM_ADDR(r2, 0x84, 0x8002, &(0x7f0000001700)=@in={0x10, 0x2, 0x3, @rand_addr=0x7}, &(0x7f0000001740)=0x10) getsockopt$inet6_sctp_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x20, &(0x7f0000001780), &(0x7f00000017c0)=0x4) getsockopt$inet6_sctp_SCTP_HMAC_IDENT(r1, 0x84, 0x14, &(0x7f0000001800)={0x8, [0x1000, 0x0, 0x8000, 0x200, 0x4000, 0x0, 0x1, 0x0]}, &(0x7f0000001840)=0x14) syz_emit_ethernet(0x93, &(0x7f0000000000)={@random="c90c8a7c337f", @local, [{}], {@ipv4={0x800, {{0x1c, 0x4, 0x0, 0x0, 0x81, 0x65, 0x5, 0x1, 0x46, 0x0, @broadcast, @remote={0xac, 0x14, 0x0}, {[@end, @timestamp={0x44, 0xc, 0x5, 0x0, 0x3, [{[], 0x9}, {[], 0x4}]}, @lsrr={0x83, 0xb, 0x6, [@multicast1, @broadcast]}, @generic={0x0, 0x4, "a4d4"}, @ssrr={0x89, 0x13, 0x4, [@remote={0xac, 0x14, 0x0}, @broadcast, @remote={0xac, 0x14, 0x0}, @empty]}, @ra={0x94, 0x6, 0x9}, @ra={0x94, 0x6, 0x80000001}, @noop, @lsrr={0x83, 0x1f, 0x2, [@multicast2, @multicast1, @loopback, @empty, @loopback, @loopback, @multicast1]}]}}, @generic="8d862d099b6bb2ba6aeaa6abd3e9d582c9"}}}}) syz_execute_func(&(0x7f00000000c0)="c4e1f5f37b05c4c2f547525a808f4e00000000660f381dbc6007000000c4e2ad9174ae7e81fe000000008fe9a099d8e4ffc4c1935c17c4c3e141ae2f109dc2d8") syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x7ff) csource_test.go:124: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static void sandbox_common() { if (setsid() == -1) exit(1); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 128 << 20; setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5 * 1000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_one(void) { intptr_t res = 0; memcpy((void*)0x10000000, "\xec\x04\xa9\x04\xb9\xd2\xea\x02\xfa\xb2\xdf\x1d\x9d\xe3\x9f\x3f\x5a\xa2\x34\x43\x97\xe1\x86\x20\x4d\x39\xd7\x4d\xa1\x56\xe7\xc6\xcd\x98\x19\x5b\x7b\x83\xc6\x52\xb0\x6b\x62\x22\xbd\xef\x33\x63\x96\x1b\xf4\x7e\x9b\x53\x0f\xbf\x65\xba\xe3\x60\x7b\x60\x94\x1e\x27\x15\xbd\x67\x8f\xce\xbc\x55\x24\xbc\xef\xd3\x18\x4d", 78); syscall(SYS_setsockopt, 0xffffff9c, 0, 0, 0x10000000, 0x4e); *(uint8_t*)0x10000180 = 0x10; *(uint32_t*)0x10000184 = 0x10000080; memcpy((void*)0x10000080, "\xde\x11\xc2\xa7\x74\x19\x1d\x70\xf5\x1e\x7c\x3e\x37\x5c\x28\x14\xac\x72\xc2\xd5\xd0\x40\x4a\x2e\x3d\x5b\xaf\x92\x16\x1f\x3b\x45\x1e\xfe\x9c\x4c\x79\xd7\x66\x06\x68\xf6\x07\x3e\x2f\x76\xc5\xf2\x14\x51\x95\xe8\xc1\xa4\xec\x34\xb6\xf6\x9c\x1b\x58\x27\x68\x20\x7b\x28\xa9\x79\xf0\x5a\xdc\x14\xa3\x35\x7f\xe7\xc4\x93\xfc\x81\xa9\x17\x75\x24\x63\x1b\xb2\x09\xbe\x63\x7f\x86\x95\x74\x7f\xa7\xcf\x1c\x68\xac\x69\x1f\x16\x9c\x1b\x8f\xb6\x7d\x7a\x37\x76\xdd\xfc\x62\x0f\xfb\xe6\x83\x1f\x74\xd2\xf2\xd0\x89\xa4\xff\xec\xf5\x10\xa9\x97\x02\x25\x8c\x58\xea\x9e\x87\x1d\x4f\x4a\xb9\xa3\x47\xaa\xbd\xbb\x03\x58\x5b\x37\xb5\xc7\x94\x36\xc0\xc1\x16\x0a\x58\x76\xb6\x1b\xbf\x0c\x81\x4b\xb4\x9a\x27\xa3\x60\x82\xdf\x13\xcb\x2f\x9d\xe2\xf9\x42\xb6\xac\x7e\x15\x88\x80\xcf\xc0\x3c\xfd\xcc\xca\x9f\xc0\xf2\x34\x7e\xb5\x43\xa3\x43\xb4\xc9\x27\x07\xfe\x73\x6a\x86\xa3\x5d\x58\xe2\x6f\x6f\xd2\xe9\xec\x8f\x82", 221); *(uint32_t*)0x10000188 = 7; *(uint32_t*)0x1000018c = 0x5a764000; *(uint32_t*)0x10000190 = 6; syscall(SYS_ioctl, -1, 0xc0284459, 0x10000180); *(uint8_t*)0x10000200 = 0x1c; *(uint8_t*)0x10000201 = 0x1c; *(uint16_t*)0x10000202 = htobe16(0x4e23); *(uint32_t*)0x10000204 = 6; *(uint64_t*)0x10000208 = htobe64(0); *(uint64_t*)0x10000210 = htobe64(1); *(uint32_t*)0x10000218 = 0x2d99; syscall(SYS_recvfrom, 0xffffff9c, 0x100001c0, 0x17, 2, 0x10000200, 0x1c); memcpy((void*)0x10000240, "./file0\000", 8); memcpy((void*)0x10000280, "\000", 1); res = syscall(SYS_shm_open2, 0x10000240, 0x800, 0, 7, 0x10000280); if (res != -1) r[0] = res; *(uint32_t*)0x100015c0 = 0x10000540; *(uint32_t*)0x10000540 = 0x100002c0; memcpy((void*)0x100002c0, "\xef\xac\xad\xe5\x8a\xb0\x19\x23\x51\xa1\x02\xad\xa3\x2a\xd1\xf4\x1e\x42\x9e\xdf\x6c\x4a\x51\x3a\xc6\xd6\x69\xca\xdb\x22\x2e\xb6\x82\x97\xab\x8f\x9f\x7b\x32\x34\xd0\xc6\xcf\xa2\x80\xad\x14\xdc\x1c\x4c\x34\x17\x51\x19\x44\x6d\x79\xa0\x30\xd4\x8b\x57\x30\x4e\xb9\x0b\x42\x8c\x20\x23\x82\xd8\x6c\xd7\x1e\x9c\x1e\xcc\x8d\x3e\x2d\x76\x4a\xae\x37\x14\xcb\x59\x1e\xb0\x27\xe4\x69\x43\xe2\x3e\xb7\x65\x68\x75\x86\x7e\x60\x3c\xf1\x38\x92\xa7\x4c\x42\xbb\x18\x44\xc2\x7f\x7f\x45\x4f\x96\x61\xf1\xdb\xb3\x50\x04\xad\xa4\xd6\xd7\x5b\x1d\xf3\x42\xe9\x67\x49\x3d\x20\x7d\x6b\x8b\x4e\xdc\xbf\x9d\x1e\x37\x84\x45\x57\x36\x84\xed\x13\x9b\x67\x1a\xbf\x65\x76\xed\xf8\xd7\x34\x2c\xd8\x64\x9d\x37\x69\x70\xac\xbd\xe2\x24\xa7\xb0\xb6\xa9\x75\xa8\xba\x0a\x76\x8e\xd6\xab\xe1\x6c\x1b\x69\x4f\x65\xdd\x42\x31\xf4\x8c\x28\x84", 200); *(uint32_t*)0x10000544 = 0xc8; *(uint32_t*)0x10000548 = 0x100003c0; memcpy((void*)0x100003c0, "\xa6\xe4\xfe\x18\x6c\x76\x0a\xc2\xeb\xbc\xf9\xef\xda\x5e\x22\xe2\xdf\x6f\x15\x3f\xcc\xda\x1c\x16\x97\x60\x37\xd0\x3e\xe0\x04\xc3\xfb\xba\x5d\x35\xb6\xc0\x83\x13\x0f\xc7\x05\xf9\x58\x89\xba\x6a\xdb\xe5\xe3\xa7\xa5\xe7\x01\x36\xa0\xca\x08\x5b\x7e\x50\x4d\x0d\xf5\x5f\xe1\x84\xa9\xbd\x7a\x82", 72); *(uint32_t*)0x1000054c = 0x48; *(uint32_t*)0x10000550 = 0x10000440; memcpy((void*)0x10000440, "\xc7\xe0\x00\x30\xb3\xc4\x54\x17\x43\xee\x65\x13", 12); *(uint32_t*)0x10000554 = 0xc; *(uint32_t*)0x10000558 = 0x10000480; memcpy((void*)0x10000480, "\xa4\xa6\x7a\x4e\x72\x49\x2b\x9f\xab\x63\x79\xe4\xc0\xf3\x5b\x22\xb6\x9b\x6e\x7a\xef\xc5\x6b\xee\xfa\x85\x7a\xe2\x85\x43", 30); *(uint32_t*)0x1000055c = 0x1e; *(uint32_t*)0x10000560 = 0x100004c0; memcpy((void*)0x100004c0, "\x8f\x09\x5f\x8d\xf1\xc6\xbc\x4d\xfc\x1d\x82\x6f\x02\xdf\xa7\x79\x4b\xeb\xf9\xe7\xff\xc7\x16\x0f\x27\x6a\x53\xd1\xab\xc9\x96\xfc\xa8\xc8\xdb\xc7\xc7\x9c\x09\xcd\x5f\x95\x47\x75\xc9\xe8\xfc\x1c\xf2\xe0\xe3\xc0\x54\xfb\x54\xb6\x62\xd1\xb4\x5f\x52\x35\xfd\xbf\x86\x0c\x3f\xed\x3d\xc3\x4c\xeb\x30\xc4\x4b\xaa\x4d\xed\x7d\xe7\xe9\x53\x3f\x4d\xca\x14\x6d\xb0\xdb\x35\xa9\x3b\xa6\x54\xd4\x90\x11\xd9\xcb\x98\xd1\x57\x6b\x73\x1b\x9c\x2b\xb5\x8c\x0d\xf4\xed\xee\x6e\xf5\xae\x1f\x8b\x6b\xc9\x64\x6f\x5b\x4a\xde\x4d\xd5\x2a", 128); *(uint32_t*)0x10000564 = 0x80; *(uint32_t*)0x100015c4 = 5; *(uint32_t*)0x100015c8 = 0x10001580; *(uint32_t*)0x10001580 = 0x10000580; memcpy((void*)0x10000580, "\x8e\xda\xaf\xd2\x15\xce\x7b\x65\xc3\x01\xb4\xc9\x26\x51\x64\x8d\x08\x98\x18\x7c\xcd\xb0\x1a\x4d\x76\xb5\xe3\x01\xed\x4d\xc9\xa8\x86\x3d\xc7\xf7\xae\x3b\xad\x05\x02\x27\xe3\x74\xa1\x68\x98\xe6\x00\x4c\x84\x14\x84\x7a\xd7\x49\x72\xed\xac\x24\xdc\x8a\xf7\x3e\xfd\xef\x3c\xfa\x98\xe4\x6f\xf1\x09\xf6\x63\x9f\x4f\x14\x17\x14\x6e\x2a\x2c\x18\x34\xc9\x74\xf3\xe4\x64\xef\x4b\x9c\x88\x08\x52\x27\xad\x38\x2c\x92\x6d\xe3\x19\x1e\x68\x96\x32\xfa\xd2\xe8\x0b\xe9\x71\x23\x08\x4f\x70\xff\x09\x5d\x02\x6a\x80\xf0\x1d\x73\x75\x2d\xb2\x00\xc3\x60\x9b\xc6\xe8\xbb\xc9\x18\x7c\xb8\x5a\x65\x19\xba\xfc\x4f\x15\xec\xca\x30\x55\x8d\x8f\xc1\x9c\x9c\x8c\xfb\x94\xa2\xf1\xe7\x03\x45\xad\xf2\xb0\x18\x14\xe7\x37\x6e\x9f\x44\x92\xa3\xbf\x38\x83\xe2\x2d\xf3\x05\x68\x63\x2f\x51\xc3\xa6\xb3\x63\xd5\xa9\x68\x93\x7e\x1e\xe9\x77\xa3\x4f\x41\x2d\x00\xad\x70\xc1\xc9\x1a\x7c\x39\xea\xd0\x8d\x36\x6e\x10\xff\xc0\x55\x2b\x5d\xea\xe8\xe1\xfb\xee\x08\xab\xf3\xea\xde\x68\xa0\xea\x2f\x89\xf2\x7c\x3b\x9a\x4e\xb1\xd2\x02\x93\x2a\x12\x8b\x55\x2a\xdf\xa6\x88\x55\x6c\xce\x27\xe1\xa8\x31\xda\xca\x24\x9c\x6c\x8c\x8a\xf9\xf5\x0e\x79\x3b\x7f\x86\xa9\x71\xeb\x6e\xa8\xac\x68\xfe\x06\x46\xce\xd0\x18\x57\x75\xd7\x1a\xec\xe7\x9e\x93\xcd\xeb\x67\xee\x01\xe9\x31\xc3\x45\xa2\x3e\xe4\xa6\x12\xe1\x31\xda\x8b\x80\xac\x0a\xd8\x45\xa4\xe2\x71\x2c\xc4\x3b\x24\x4d\xf2\x2d\xf8\x22\xb2\xb3\x36\xd8\xab\x18\x58\x8b\x60\x75\x26\xa1\xe5\x95\x1f\xe7\x39\x3d\x5c\xbe\xf8\x6c\x42\x98\x8f\x3e\x8b\x5f\xb0\xde\x54\xc9\xaa\xbe\x6a\xe7\xc1\x3c\xec\x05\x06\xae\x83\x7b\x79\x55\x39\xd4\x12\xfe\x96\xe4\xc5\x46\xa7\xd9\xc9\xd2\x83\x0e\xd1\x63\xfb\xc2\x0a\xab\x88\x4f\x5b\x11\x59\xa6\xab\x62\xd2\x66\xb2\xc3\x25\x97\xcc\x06\x68\x5b\x78\x9b\x80\xf8\xd2\x66\x4c\x87\xf0\x99\x56\xa2\x9d\xcd\x3f\xc0\xe9\xba\x35\xd6\x68\x59\x0e\x0d\xcf\xbc\xbb\x61\x85\xe1\xe8\x70\x32\x4f\x22\xb1\x67\xa2\x20\x4e\x27\x1e\xff\x9d\xcb\xb3\x6c\x1f\x52\xcf\x2f\xe3\x76\x04\x61\x26\xcd\x24\xde\x4b\x8d\x8e\x9e\x36\x7e\x17\x17\x9a\xbb\x59\xd2\x6c\xde\xe7\x5c\xea\xb9\x3d\x2b\x24\x00\xf7\x08\x65\x42\xd9\x57\xbc\x80\xda\x10\x69\xc5\xf7\x51\x8e\x86\x08\xfa\xe3\xf9\x48\xcb\x7c\x27\x2f\x7e\x36\x0d\xa0\xfb\x84\xaa\x23\x30\xf9\x96\x08\x83\x10\xc7\xe4\x23\x79\xcc\x78\x37\xb8\x5a\x64\x6c\x44\xd1\x53\xbe\xd8\xeb\x8f\x95\xbc\x3d\x54\x11\xe3\x3e\xc8\x32\xab\x81\x56\x92\x3c\x73\x24\xdf\xc4\x33\x86\xd3\x41\x9d\x36\x60\x3f\x69\x9a\x32\x1f\xd6\x1f\xc9\xf9\x76\x5a\x2a\x64\xb1\x6d\x47\xe0\x87\x0e\x19\x71\x23\x1d\xc6\x16\x64\x70\x28\xc4\xb3\x5b\xea\x6e\x59\xdb\xdb\xe9\xa2\x9a\x5f\x46\x38\x9e\xcb\x65\x57\x11\xe9\x0f\x49\xa9\x8c\x02\x14\x93\xdf\x41\x17\x74\x66\xf0\x25\x89\x33\x9a\x40\xb3\xb4\x86\xa2\x5c\xca\xda\x3c\xaa\xe4\x96\x31\x4a\x5a\x2b\x54\xa1\x1c\xf6\xfb\x7e\x87\xd8\x4d\x01\xea\x85\x3e\x97\x0c\xf1\x8a\x1b\x53\xdb\x5d\x15\x63\x75\xab\xe4\x1a\xd6\x86\xa4\xb4\xb4\xc2\x47\x5a\x31\xec\xdf\xe5\xf2\x2b\xa5\x1f\x66\x6d\x22\xe6\xc7\x43\x4c\x72\x2c\x75\x65\xee\xb5\x34\x6e\xec\xd1\xe2\x55\x57\x72\x21\x66\xac\x7e\x50\x92\x9f\xef\xbb\x3f\x29\x99\xd1\x52\x93\x8f\x7f\x3c\xec\x1d\xef\xe5\xa0\x97\xa5\xf3\xa7\x59\x32\xce\x2c\x03\x64\xec\xaf\x5f\xfb\xa0\x84\xf9\x76\xb5\xd1\xce\x16\xe8\xfb\x4d\x12\x34\x8a\x6f\xd1\x67\x11\x7f\x08\x0a\x89\xf5\x4e\xbe\x8b\xdc\x10\xed\x4d\x34\xdf\x56\x80\x42\xdd\xc1\x03\xd0\x2d\x13\xb6\xaf\x17\x80\x7f\x27\x60\x09\x11\x23\x26\x3c\x3a\x00\xd2\xd6\x9e\x57\x14\x5f\x8a\x2d\xe9\xeb\x50\xeb\xe8\x9a\x3e\xfa\xc5\x3a\xb7\x3a\x57\x74\x40\x70\xa5\x14\x0e\x0e\x4e\x25\x03\x0e\xdb\xeb\xe8\x33\x41\xfd\xc5\x45\xab\x2b\x4a\xa8\xa0\xfe\xb0\x96\x32\xd8\x4e\xf0\x11\x62\xd9\x3d\x0d\x8f\xa9\x51\x0f\x59\x7e\xa2\x00\x32\xe1\x94\xdf\x44\x4a\x83\x96\x0b\x99\x65\x8d\x07\x6f\xe3\xbc\xcd\xe9\x03\xfb\x30\x47\x1f\xd0\x00\xfb\xcd\x42\x01\xa6\x29\x36\xc7\xc7\x18\x40\x53\x94\xe6\x61\x2d\xdd\x77\xe4\x15\xef\x88\x79\xa2\x76\x1f\x66\x78\xee\x0e\x23\xf4\xa1\x39\x8c\x83\xda\x95\x9e\x97\x23\x6c\x67\xb0\xbc\x39\x71\x7d\xfd\x9c\xb3\x08\xa2\x13\x43\xc8\x3d\x43\xf2\x4e\xa7\x0a\x10\x40\xa9\x8f\xb1\x95\x8d\xe1\xa3\x5a\x27\xed\x76\xc7\xc7\xec\x82\xae\x3a\x01\xb3\xca\x53\xb1\x18\x89\x2f\x20\x45\xa5\x74\x7d\xe1\x4c\x54\xa9\x9b\x43\x8e\x85\xab\x2a\xf9\x3e\xf1\x51\xa3\x9e\xe0\x15\x7c\x6c\x9d\x0e\x4e\x1f\xf5\xb3\xc6\xff\x6a\xb0\x73\x9f\xf9\x52\x42\x21\xc6\xb6\x75\xbb\x88\x4b\xbe\x64\xa6\x21\x41\x59\x2c\x8c\xc9\x97\x60\xf1\x7a\xbc\x44\x70\x6f\xf3\x7e\x31\x3c\x75\x53\xdf\xf3\x4c\xf6\x49\xe0\x56\xa0\x5c\xf6\x2c\xb3\x79\xa6\x4c\x4b\x3e\x54\x9e\xb1\xc5\x72\xb9\x17\xea\x71\x5a\xb1\xe7\xcc\x69\x15\x45\xd5\x09\x28\x13\xbf\x3e\xf2\xcd\x9f\xf9\x14\xaf\x31\xc1\x4b\xb5\x7d\xd4\x06\xa0\xb4\x89\x16\xd5\xce\xe2\x7b\x0d\x79\xec\x74\x29\x62\x57\x48\x9c\x83\x5b\xba\x62\xd2\xe4\xf8\x95\x73\xa1\x21\x30\x08\x76\xca\x46\x11\xd8\x06\x6d\x76\xb3\xe7\x9e\x1d\x36\x13\x2c\xc8\xd6\xb9\x9e\xeb\xae\xac\xef\x78\x6a\x59\x8d\x6d\xbb\x43\xaf\xc4\x2e\x54\x15\x42\x43\x60\x97\x07\x31\xb2\x73\x73\x6b\x06\x2a\x27\x53\xd1\x0f\x7a\xa0\xf6\xc0\x82\xfe\x2d\x80\xea\x11\x2b\xea\x0a\x05\xa9\xb5\x48\x8e\xf1\x89\x05\x7c\x48\x42\x9a\x5e\xd4\xd0\xc3\x36\x3b\x7e\x6d\xfa\x25\x2c\xd8\x86\xec\x7f\x51\xbc\x9e\xef\x81\xc1\x03\x17\x86\xb2\x6b\xd6\xf4\x68\xa0\x2b\x4d\x6a\x49\x4d\x88\x76\xab\x98\x60\x84\xfc\x73\xb5\x84\xc1\x61\x9b\x70\xfc\x68\x25\xa2\xab\x85\xc9\xcd\x1d\xb8\x1c\x83\x5a\x45\x2c\x01\xb4\x43\x8a\x28\x51\xb8\xe4\xd5\xc4\xa9\x67\x89\x46\xc4\xe2\x5f\x7f\xdf\x45\x6d\xc7\xe6\x1d\xe3\xdd\x6f\x13\x02\xb0\x19\x4d\xb7\xbe\x1b\x41\xfd\x06\x4c\xc3\x5d\x11\x9c\xe2\x91\x59\x2a\xaf\x8d\x07\xf2\xce\xae\x8b\x20\xe3\xb1\xa9\x33\xec\x75\x69\x9f\x96\x96\x32\xec\xd6\xfa\x91\x59\x1e\xa5\x87\x44\xed\xd5\x46\x60\x46\xc8\x09\x99\x3f\x4c\xbf\xfa\xe1\xd5\x27\xed\x1b\xb2\x2d\x9e\x1e\x02\x29\x5d\x35\x86\xde\x90\x95\x02\x47\xa1\xb1\xdf\xcf\xc9\x41\x59\x42\xf4\x6c\x3f\x19\x4c\x6c\xb0\x6e\x70\x11\xe9\x64\x78\xbc\xd3\xaa\x33\x54\x2e\xb2\x04\x47\xe4\xaf\xa5\xc4\x8b\x13\x72\xcb\x07\x21\x63\x18\xb0\x71\xf8\x98\xb0\xe8\x63\x2a\xd0\xdf\x9a\xfe\x12\xcf\x52\xbe\x13\x54\x57\x24\x1e\x2e\x49\xca\x49\x2f\x77\xb8\x1e\x96\x50\xd2\xc8\x52\x82\xa6\xac\x78\x44\xb1\x94\x60\x07\xbe\xf7\xa0\xd5\x3b\x1a\x5e\x28\x57\x49\xc0\xd2\x1d\xe5\xc1\x92\xc6\x31\x69\x6d\x36\x50\x3d\xaa\x61\x2a\xc7\x0e\x30\xd3\xb7\x34\x9e\x21\xbc\x99\xbd\xc4\xc3\xa9\x41\xbd\x7a\x33\xef\x35\xbb\x35\x12\xae\x98\x26\xc4\x6d\x8c\x9a\x21\xda\x27\x73\x92\x1b\xfd\xaf\x6f\xbf\x64\x9d\xa2\xb2\x25\x86\x1b\x67\x64\x40\x25\x83\x34\x16\x7f\x9d\x7e\xb1\xe0\x3d\x30\xf3\xcc\x27\x9d\x01\xec\x5a\xd7\xee\xcf\xf2\x9f\x29\x6e\xf6\x03\x55\xc8\xc1\x3e\x04\x5c\x8a\xc9\x78\x05\xd0\x66\xf8\x1c\xf4\xc8\x59\xfe\xdb\xe7\x41\xbc\x27\x37\xce\xa8\x91\xd9\x5c\x9c\x69\xf2\x1a\xa5\x8e\xdc\xa2\x72\xde\xc6\x0c\x3e\x77\xab\xaf\x59\x73\x08\xe0\x79\x13\x58\x4e\x43\x57\x86\xb9\xff\x40\x1a\x4c\xbb\x05\x03\x35\xb5\x6a\x20\xe6\x52\xc1\xd3\x6f\xf7\x4b\x8e\xf2\xf5\x95\x78\x59\x4c\xd9\x73\xb7\x94\x30\x11\x0b\x3e\x94\x38\x35\x40\x62\x88\xf9\xa2\x0d\x0d\x64\x9d\xc5\x63\x0b\xc5\x07\x11\xfe\xd1\x06\xf3\x25\xbe\x5f\xce\x20\xff\x76\x72\xdf\xdb\xe1\x4d\xf6\x6d\x40\xc4\x30\x37\x8b\x7d\x88\x5c\x3e\x7f\x11\x5b\x49\xc8\x4d\x26\xc4\xb3\x09\xe1\x3a\xf4\xfd\x2b\x45\x56\xa9\x64\x2c\x48\xf8\xa8\x1b\x64\xd5\xdd\x60\x0f\x4b\x29\xaa\x2a\xd3\xa8\xdf\x28\xa8\x4b\x05\x60\x70\x00\x5e\xb7\x37\x86\x05\x83\xdf\xc8\xda\x5e\x31\x44\xf0\xef\x29\x58\x0d\x19\x40\x79\x8a\x61\x24\xef\xe2\xd1\x80\xc8\x11\xda\x06\xed\xa2\x54\x81\x65\xa2\xa8\x2e\xa0\x18\xd8\xc0\x7a\x96\x7c\x06\x3b\x17\x9b\xa9\x71\xc0\x9c\xe7\xc1\x9b\xa9\x6e\xa3\x4c\x67\x6e\x14\x0c\xf0\x6a\xbd\x6d\xc6\xce\x75\x54\x6e\x42\xe7\x1b\xbb\x9e\xee\xf1\x54\x75\x88\xd9\xd9\x28\xaa\x6e\xe2\x21\xeb\x72\x0d\x8a\x07\x33\x98\x32\x6c\xfc\xb6\x16\xe3\x4e\x1d\xee\x6f\xc8\x8c\x29\xdd\xfb\x4e\x9c\xc5\x7e\x89\xd3\x3f\xa4\xf9\xff\xfe\x48\xef\xbb\xe7\xc2\x47\xf8\x25\xcc\x24\xf3\x0d\xf2\xba\x35\xd7\xaa\x2c\xed\xb5\x3d\xbd\xc0\xd8\x8a\x1c\x68\x19\x7f\x1f\x5f\xba\x83\xec\x21\x18\x92\xd9\x34\xe8\x03\xdb\x21\x26\xb6\x67\xd0\xf0\xfb\xe2\x3b\xb6\x5e\x76\x55\x49\xee\x5b\xc1\x98\x45\x87\x07\xe4\xcc\x82\x6c\xaa\x4c\x40\xf9\xda\x06\x64\xf9\xa1\xf7\xf4\xe7\xf8\x63\x60\x12\xca\x46\xa3\xbb\xf5\x45\xd6\xb8\xa7\xe5\x7b\x8c\x43\x2c\x3a\xa5\x06\x5e\x78\x98\x3a\x8a\xdd\x9e\x14\x85\xa6\xfd\xd4\x05\x54\x49\x0c\x29\xdc\xa6\xdd\xfa\x0f\x98\x03\xa6\x21\xb4\x38\xc1\x68\xd1\x86\x4b\xd0\x21\x34\x8e\x22\xe6\xa6\x52\x13\x7d\xd7\xfd\x0a\xa8\x54\xb0\x03\x7c\xc2\x99\x77\x4f\xe6\xea\x3e\x76\xe2\xb5\xe8\x88\xd9\x40\x71\x44\x11\x59\x25\x60\x37\xbf\x35\x8f\x94\x1d\x69\xfe\x24\x1b\xeb\x1e\xca\x95\x1a\x60\x4d\x37\x68\xab\x88\xcc\x18\x23\xb3\xb4\x5b\x4c\x3e\xd1\xc7\x5a\xde\x61\x70\xe5\x88\x02\x74\xbe\xb7\xd5\xdf\x0d\x4f\x7f\xff\x8c\x00\xdf\xc2\xa4\x93\x25\xc6\x1d\xc8\xb5\x00\x84\x49\x40\x0d\x78\x4a\x66\x08\x9f\xe5\xae\x1c\x4f\x47\x82\x67\x87\x68\x28\x32\xc8\xc5\x7b\x74\xe1\x5c\xfc\x63\xad\x03\x05\x6e\xe0\xb8\xc2\x2e\xf8\x92\xa3\x42\x9b\xb1\x24\xcf\x0a\x22\x4c\x03\x6c\x7c\x59\xe3\xa3\x90\x8c\xa4\x9b\x72\x08\x9e\xf8\x15\x53\x3f\xaa\x1a\xaf\x78\xec\x5a\xb8\xa9\x8e\x56\xbd\xd8\xb4\xe2\x57\x97\x35\xbe\xb2\x7b\xe0\xf1\x8c\xae\x83\xc4\xb8\x54\xe1\x17\x9d\x9f\x32\x7d\x81\xbd\x03\x52\x72\xa1\x24\x71\xd6\xe7\x28\xfb\x87\xee\xb2\xd8\xa1\x12\xa2\x70\x4c\xa6\x4d\x5b\x00\x44\xd9\x26\x22\x94\xe6\x13\x7b\xff\xd6\xf9\xc2\x31\x37\x92\x46\x61\xef\x10\x27\x44\xcb\x5a\x0e\xf9\xd5\xea\xa3\x78\x9c\x93\x4c\x5e\xa1\x23\x7f\xe0\x71\xd6\xee\x06\x4d\x2c\x3c\xdc\x62\x17\xc1\xba\x0b\xde\x93\xb0\x6e\xe6\x98\x99\xe7\xee\xb8\x50\xe5\x83\xcb\x23\xc9\x07\x22\xd0\x02\xf2\x34\x79\x53\x31\x34\xe1\xab\xb6\xa6\xe6\x20\x13\x57\xc8\xce\x82\x90\x6b\x81\xa9\xff\x0d\x5b\x54\x47\x26\x4a\x39\x18\x18\x16\x64\x21\x3e\x7e\x8d\x95\x30\x11\xc6\xed\xa2\xf6\x83\xc2\xff\x85\xf6\x68\xa5\x6f\x3a\x07\x0a\xbc\xea\xe9\x72\x74\x1c\x6e\x0c\x65\x13\xd3\x5e\xc8\x66\x5e\x11\x06\x94\x83\x4e\x1e\x2b\xe2\xf6\x79\x0f\xab\x65\xfd\x5b\x1b\xe7\xd0\xb1\xc0\xb4\x0a\xf1\x9c\x03\xcc\x29\x10\x56\xd3\xe0\x9d\x3b\xee\x77\xd9\x02\x9e\xc4\x9e\xae\xdf\xa0\x54\xa9\xef\x94\x3c\x12\xe5\xe8\x19\x92\xe4\x16\x12\xb6\xc1\xd9\x42\x28\x58\xf7\xff\xcf\x8b\xb7\x2e\xa6\x8c\xe9\x69\xc8\xc8\x83\xf4\xd8\x22\x5a\x3c\xda\x94\x01\x63\x48\xdf\xe7\x7a\x8a\x03\x32\x74\xc9\x5f\x2e\x0e\x7b\x1e\x4c\x51\xe1\x32\xdc\x65\x39\x64\xb1\x06\x54\xfc\xa8\x4b\x72\x9f\x6c\x60\x91\xce\xeb\x42\x7f\x14\x7f\xfc\x94\x20\x94\x2b\x82\x7e\xf7\x87\xee\xf9\x17\xe3\xe3\x6c\x70\x2f\xe4\x19\x56\x19\x22\xeb\xba\x7e\x68\x7a\x81\xe9\x5b\x2d\xce\x35\x2f\x20\x8b\x51\x73\x68\x97\x75\x88\x14\xff\x99\xd5\x2a\x60\x31\xaf\x9f\x92\xb3\x44\xc0\x2e\x9a\x2d\x65\x57\x1f\x8d\x8a\x74\x4b\x91\x3a\xdf\xe2\xa0\x49\x48\xe3\xde\xed\x0f\xaa\xde\xc6\x48\xc8\xed\x21\x38\xac\xc0\x24\xd8\xf1\x4c\xec\x7e\x8c\xf0\x03\x58\x5f\x2f\x7f\x06\x50\xfd\xe1\x60\xa8\x91\x33\x73\x15\xbe\xf6\x11\x74\xb9\x42\x24\xae\x49\x68\xd2\x2f\xbf\x28\x42\x54\xe4\x34\x13\x19\x4f\x4b\xc1\x4d\x84\xe2\xba\xf5\x91\xc6\x24\x20\xeb\xce\xff\x8a\x22\x45\xb2\xa4\xd5\xf3\xbc\x7d\x0b\x28\x5f\x9c\x26\x07\xd3\x34\x0b\x9c\xbc\x90\xab\x7b\xee\x1b\xbe\xd9\x25\xdc\xbb\xce\x61\x44\x70\xa3\x0a\x49\x48\xc4\xbb\x90\xfc\xb6\x52\x20\xeb\xed\xb1\x68\xaf\x88\x51\x04\x21\x9b\xe8\x5c\xd7\x4a\xb9\xf5\x20\x06\x40\xd9\xce\x29\x37\xb9\xa3\x62\xb1\x7d\x4b\x6f\x41\xea\xee\x12\x08\x90\x6c\x23\x88\x62\xdc\xbf\x42\x1e\xb3\x90\x62\x4f\x01\xf2\x2b\x65\x3d\x8e\xda\xa3\xf0\xd8\x1a\xaf\xff\xe5\x37\x4a\x46\xf2\x27\xdf\xff\xe7\xa0\xea\xe7\x23\xc3\x3b\x6a\xb4\x1b\xef\xae\xfb\x6d\x62\x9f\x25\xad\x38\xc6\xf4\x87\x95\x80\x03\x4c\x57\x8d\xfd\x1c\xe9\x1b\x3f\xd2\xff\xa8\x78\xa9\x92\x32\x4a\xd1\x18\x1f\x1a\xe0\x4a\x16\x20\xad\x3a\xd5\x38\x21\xec\x57\x9f\xb2\x9e\xcc\x53\xab\x1d\x35\x01\x11\x33\xd7\xb5\x97\x15\xc2\x28\xec\x45\xd1\x66\x2c\x87\xed\x02\x87\x86\x2f\xfb\x49\x8c\xbd\x04\x10\xa3\x91\xf1\x42\x48\x9f\xe6\xe3\x69\xe3\x52\x6b\x39\xe0\x5c\x13\xc3\x57\x4b\x11\x52\x34\x1a\x23\x7e\xed\x90\x2e\xbf\x49\xb4\xb2\x54\x87\x95\xe4\x18\xc1\xe5\x7e\x01\x10\x61\x29\x8d\x3a\x9d\xbc\xf2\xc2\xca\xcc\xad\x01\x3d\x03\x12\x32\x08\xad\xdd\xbe\x99\xe9\xf5\x23\xdd\x03\x79\xdd\x53\x7a\x93\x50\x8b\x9a\xa2\x9d\x1e\x7f\x28\x6a\xa9\x98\x3e\xb5\xb5\x9c\xca\xec\xff\xc3\x14\x66\xf7\xf1\x3e\xf3\x20\xef\xa0\xc2\xfe\x39\x3b\x5a\x0f\xb2\x5e\x86\x7f\x79\x51\xa6\xe2\x56\x56\xd7\xe9\x90\x5b\xc0\x0c\x85\x5a\xd0\xf4\xb9\xc5\x5b\x33\xd9\x9f\xa1\x35\x88\x48\xc0\x37\xe6\xff\x9c\x76\x52\x37\x64\xfe\xbd\x6d\x8e\xc8\x3f\x70\x33\x8e\x7f\xf7\x28\xa5\x2c\x66\x1b\x2b\x02\x82\x38\x1d\x2c\x16\x92\x67\xb1\x1d\x4d\xc3\x83\xe6\x2a\xe6\x46\xd1\xcf\x93\x23\xb2\xd0\xcf\x3c\x56\x1f\x81\xc7\xd2\xb0\x87\x3d\x96\xba\x97\x24\x7c\xc4\x7e\x22\x2e\x22\x6a\x6d\x15\x1f\x11\xf2\xf5\x0b\x76\x7b\xac\x93\xa9\xdc\xf1\x71\x1a\xc4\x5b\x1c\x52\x8f\xa9\xa9\x44\x2f\x29\x58\x21\x8a\x02\x1f\x33\x05\xec\x03\x7d\x59\x00\x19\xdd\x4d\x83\xd3\x44\x16\x28\xe4\xad\x6a\x6c\x59\x50\x62\xc0\xa7\x82\x2d\x09\x05\x27\x83\x37\x86\xd5\xe8\xf3\x10\x02\x21\x26\x61\xf5\x00\x06\x54\x9d\xd1\xd3\xb4\x62\x45\x6e\xf1\x26\x81\x40\x73\xc0\x6b\x96\xe7\x84\x06\xb6\xd4\x49\x4d\x88\x7f\xe7\xc7\x94\xb7\x53\x99\xc2\xc1\x3f\xfb\x56\xf2\x91\xbd\x4a\x7d\x36\x15\x5d\xe7\xe0\x1f\xa3\x5b\x7b\xec\x8b\xca\xcd\x43\xc8\xbb\x6c\xa6\xf0\x9a\x15\x00\x3b\xb8\x28\x7c\xe6\x8e\x1c\xab\x70\x2c\xc3\x09\xc7\xbe\xbb\x06\x99\xab\x4d\xa8\x54\x48\xda\x0d\xb0\x34\x05\x94\xa8\xe2\xe7\xac\x83\xa3\x2d\x3e\x71\x87\xc8\xd4\x5d\x85\xb9\xfb\xa5\xa2\x99\x37\x14\x3d\x7b\x01\x17\x21\xf5\x15\xa4\x94\x5b\xbe\xfb\xe5\x54\xda\x5d\x3c\x7c\xb5\xf1\x27\xfc\x13\x79\x3f\x37\x32\xc9\x0a\x4a\x58\xea\xec\x22\xa9\x3e\xd0\x4e\x82\xe8\x34\x7c\x70\x73\x26\x43\x67\x75\xda\x4d\xf8\xad\xd3\x9f\xe4\x6f\xd4\xdc\x4f\xf6\x59\x20\x98\x45\x4e\xb8\x2b\x14\xa0\xd9\x77\xe7\xd8\xf0\x61\x0c\xc0\xf2\x51\xc7\xdf\x75\xfb\x6e\x9e\x64\x54\x5b\x28\x28\xa1\x5e\x18\x94\xd9\x58\x6c\xd6\xc8\x8f\x82\xd4\x69\xc6\x4d\x48\xb8\xcc\x38\x83\xe8\x1f\x01\x72\xd0\x89\xe8\x57\x7e\x4b\xde\x2b\x5d\x59\xe7\xb9\xc8\x35\xa7\x97\x80\x81\xdc\x00\x9c\x18\x67\xc7\xb2\x02\xe5\x54\xbb\xf4\xfe\x8c\xbc\x03\x3b\xd3\x2c\x75\xf1\x2d\xeb\x3d\x65\x33\xf4\xa8\x7e\xfd\x2f\x03\x1e\x86\x7b\x65\x89\xd1\x70\x97\x61\x20\xfa\x40\xcf\x08\x71\x5d\x56\x86\xe7\x19\xdb\x2b\x04\xfc\x95\xc8\x87\x71\x78\x58\x54\xbe\x7f\xdf\xd7\x8e\xb1\xa9\xbe\x03\x5f\x6f\x67\x4f\x9f\xa5\x08\xaa\x90\xda\x71\xd5\xba\xfd\xb4\x45\xd7\x7e\x7f\xe3\x8d\x24\x62\x5d\x42\xa2\xe0\x03\xbb\x3d\x15\x3e\xe1\xe1\x3a\xf3\x2a\xda\x0c\xf2\x08\xfa\x2f\x94\x45\x19\x1d\x55\x8e\x61\xe8\xbd\xe4\xcd\xbb\x79\x0f\x43\xbb\x96\x28\x51\x66\xfd\xe2\xa5\xac\x6a\x1d\xeb\x58\xc0\xb0\x0b\xea\x38\x81\x98\xd4\x9c\x4f\x5f\xe8\x2a\xe9\xd6\x1f\x52\x10\xa7\x25\x7d\x22\xd7\x76\xe7\x7f\xa6\x15\x45\xea\xaf\x37\x0f\x36\xc2\x8c\x75\x08\x24\x1d\x32\x71\x5f\x7e\xc2\x84\x8c\xac\x7f\x2d\x4d\xf1\x8a\x51\x2a\x32\x26\xdf\xe9\x7c\x59\x51\xd3\x13\xfc\x09\x59\x9f\xd2\x1b\xb2\x90\x02\x41\x48\x3a\x12\xff\xc5\x75\x98\xe4\xf0\x9c\xb8\x5a\xe6\x96\x2f\x27\x57\x05\x0d\xe6\xec\xce\xf0\x34\xaf\x3a\x84\xf2\x50\xcb\xf0\xea\x64\x9a\x7a\x87\xb2\x90\x1d\x4c\x6b\x3e\xa9\x32\x25\xfc\x2c\xec\x0b\x6c\x98\x04\xe4\xed\xa0\x02\xa3\xd2\x4d\xa0\xa5\x5e\x6d\x9a\x0a\xd1\x80\x72\x21\xba\xde\x6d\xa8\xe8\x4c\x86\xe3\x22\xf7\xb3\xe1\xe0\x87\x51\x5a\xef\xa1\x1d\xe3\xe1\x98\xb8\x18\x7b\x1a\xdb\x90\x4a\x53\x61\x59\x0b\x90\x91\x5b\x73\xeb\x96\x34\x2b\x1e\xd9\xe3\x4c\x5b\xb6\x8f\x81\x39\x6b\xe9\x4b\x31\xdf\x13\x6a\x65\x86\x8d\x79\x6c\x76\x22\xdd\x8e\x7f\x78\xce\x81\xd7\xdb\x24\x16\x3a\xd7\x84\xd4\x81\x5f\xf8\x17\xbf\x88\x11\xd1\x29\x3c\x7e\x88\xfe\x4d\x78\x21\x78\x31\x91\xe0\x3b\x56\x82\xae\x7c\x0d\xad\xd4\xa9\x27\x24\xaa\xfc\xe0\x24\xae\x0a\xcc\x8e\x39\xcd\x3e\xaf\x4e\xde\x02\x49\x07\xe5\x09\x77\x22\x8d\xf4\xd3\xa6\xa4\x28\x88\x6f\xb2\x4f\x9a\xa1\x53\x66\xbc\xae\x6e\xbb\x17\x51\x40\x2b\x9f\x34\xa3\x85\x40\xc0\x92\x93\x04\x7f\xe9\x43\x73\xc1\x7a\x9c\xcc\xff\x1a\x1d\xe3\x22\xef\xc3\xfe\x33\x48\x01\xaa\x76\x44\x4d\xd0\xd4\xc0\x17\xfe\xb9\xd4\x53\xeb\x35\xf2\x1e\xfe\x33\x2e\xd9\xae\x75\x57\x1c\xa5\x77\x8e\xb4\xb6\x9d\x94\xf7\x69\xdb\xf0\x8c\xaf\xa0\x7a\x7f\x42\xf1\x2f\x8f\x2a\x9e\x3e\xb6\x97\x6e\x01\x62\xc3\xf2\x34\x51\xd9\x74\xc8\x7f\x60\x63\xbd\x31\xdb\x13\x85\x81\x1b\x55\x4c\x85\x50\xba\x51\x30\xf8\x8d\x79\x7a\x8b\xab\x3e\x01\xb2\x1e\x5f\xeb\xd2\xb0\xf6\x6e\x8f\x58\x42\xc1\x04\x10\x74\x28\x42\x3a\x8c\x8d\x39\x4c\x5e\x19\xea\x71\x75\x87\xa9\x2f\xe0\x70\xe5\xb4\x9e\xc4\xaf\x4b\xc6\x32\xe2\xf3\xe8\x0f\xa6\x51\x16\xf3\x8e\x12\xd8\xa2\x18\xf4\xf2\x36\x10\x5e\x39\x08\x02\xb3\xf9\x92\x16\x50\xba\x41\x81\x77\xf8\x33\x26\x18\x61\xab\xee\xbf\xae\xc3\x19\x89\x49\x2f\x7f\x02\xd1\xb0\x62\x16\x9d\x3b\xee\x9a\xa3\x99\xd3\xdf\xa9\xf9\x8d\x48\x29\xe9\x8f\xe7\x67\x23\x6f\x5d\xd9\x81\x09\x43\x9d\x31\x99\x9c\x03\x51\x9e\xa3\x8d\xe2\x5b\x3f\xe3\x8b\x42\x0f\xbe\x45\x52\xe9\xad\xed\xb3\x07\xfd\xff\xc9\x8e\xa4\x58\x6d\x60\xee\x31\x33\x28\xc5\xb6\xc3\xff\x50\x4e\xbe\xd2\x8f\x56\x69\x80\x16\xdd\x79\x6b\x9b\x9e\x85\x0d\x79\x18\xd8\xb8", 4096); *(uint32_t*)0x10001584 = 0x1000; *(uint32_t*)0x100015cc = 1; syscall(SYS_sendfile, (intptr_t)r[0], 0xffffff9c, 8, 0x800ull, 0x100015c0, 0x10001600, 9); memcpy((void*)0x10001640, "\x6c\x81\x1b\xa5\x2c\x13\x9b\x40\xdc\x56\x80\xcb\x02\x75\xfd\xd4\x40\x46\x8e\x4d\xae\x07\xc7\x45\xba\x75\x8c\xb2\x66\x74\x2f\x46\x8f\xc4\x2d\xa0\x66\x9f\x60\x61\xcb\x2c\x9f\x92\x1e\x95\x34\x51\xb3\x13\x5e\x01\x74\xfe\x8e\xb1\xae\xbb\x2c\x3e\xb8\xa7\xfb\x3f\xc8\xde\xa1\x8e\x65\x2d\x01\xe7\x18\x4c\xa6\x5d\xce\x04\xf4\x67\x9a\xfe\xd2\x76\x6b\x06\x73\x49\xde\x7a\x5e\xf6\x0b\x58\x69\x92\x91\x9a\x20\x38\x2c\x0a\x1f\x20\xaf\x0c\x9c\x7f\xac\x61\xcf\x18\x38\x3e\x36\xfe\x56\x50\x2f\x5f\x26\xb8", 122); syscall(SYS_ioctl, -1, 0xc0104453, 0x10001640); res = syscall(SYS_freebsd10_pipe, 0x100016c0); if (res != -1) { r[1] = *(uint32_t*)0x100016c0; r[2] = *(uint32_t*)0x100016c4; } *(uint8_t*)0x10001700 = 0x10; *(uint8_t*)0x10001701 = 2; *(uint16_t*)0x10001702 = htobe16(0x4e23); *(uint32_t*)0x10001704 = htobe32(7); *(uint8_t*)0x10001708 = 0; *(uint8_t*)0x10001709 = 0; *(uint8_t*)0x1000170a = 0; *(uint8_t*)0x1000170b = 0; *(uint8_t*)0x1000170c = 0; *(uint8_t*)0x1000170d = 0; *(uint8_t*)0x1000170e = 0; *(uint8_t*)0x1000170f = 0; *(uint32_t*)0x10001740 = 0x10; syscall(SYS_setsockopt, (intptr_t)r[2], 0x84, 0x8002, 0x10001700, 0x10001740); *(uint32_t*)0x100017c0 = 4; syscall(SYS_getsockopt, -1, 0x84, 0x20, 0x10001780, 0x100017c0); *(uint32_t*)0x10001800 = 8; *(uint16_t*)0x10001804 = 0x1000; *(uint16_t*)0x10001806 = 0; *(uint16_t*)0x10001808 = 0x8000; *(uint16_t*)0x1000180a = 0x200; *(uint16_t*)0x1000180c = 0x4000; *(uint16_t*)0x1000180e = 0; *(uint16_t*)0x10001810 = 1; *(uint16_t*)0x10001812 = 0; *(uint32_t*)0x10001840 = 0x14; syscall(SYS_getsockopt, (intptr_t)r[1], 0x84, 0x14, 0x10001800, 0x10001840); memcpy((void*)0x10000000, "\xc9\x0c\x8a\x7c\x33\x7f", 6); *(uint8_t*)0x10000006 = 0xaa; *(uint8_t*)0x10000007 = 0xaa; *(uint8_t*)0x10000008 = 0xaa; *(uint8_t*)0x10000009 = 0xaa; *(uint8_t*)0x1000000a = 0xaa; *(uint8_t*)0x1000000b = 0xaa; *(uint16_t*)0x1000000c = htobe16(0x8100); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 0, 3); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 3, 1); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 4, 12); *(uint16_t*)0x10000010 = htobe16(0x800); STORE_BY_BITMASK(uint8_t, , 0x10000012, 0x1c, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x10000012, 4, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x10000013, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x10000013, 0, 2, 6); *(uint16_t*)0x10000014 = htobe16(0x81); *(uint16_t*)0x10000016 = htobe16(0x65); *(uint16_t*)0x10000018 = htobe16(5); *(uint8_t*)0x1000001a = 1; *(uint8_t*)0x1000001b = 0x46; *(uint16_t*)0x1000001c = htobe16(0); *(uint32_t*)0x1000001e = htobe32(-1); *(uint8_t*)0x10000022 = 0xac; *(uint8_t*)0x10000023 = 0x14; *(uint8_t*)0x10000024 = 0; *(uint8_t*)0x10000025 = 0xbb; *(uint8_t*)0x10000026 = 0; *(uint8_t*)0x10000027 = 0x44; *(uint8_t*)0x10000028 = 0xc; *(uint8_t*)0x10000029 = 5; STORE_BY_BITMASK(uint8_t, , 0x1000002a, 0, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x1000002a, 3, 4, 4); *(uint32_t*)0x1000002b = htobe32(9); *(uint32_t*)0x1000002f = htobe32(4); *(uint8_t*)0x10000033 = 0x83; *(uint8_t*)0x10000034 = 0xb; *(uint8_t*)0x10000035 = 6; *(uint32_t*)0x10000036 = htobe32(0xe0000001); *(uint32_t*)0x1000003a = htobe32(-1); *(uint8_t*)0x1000003e = 0; *(uint8_t*)0x1000003f = 4; memcpy((void*)0x10000040, "\xa4\xd4", 2); *(uint8_t*)0x10000042 = 0x89; *(uint8_t*)0x10000043 = 0x13; *(uint8_t*)0x10000044 = 4; *(uint8_t*)0x10000045 = 0xac; *(uint8_t*)0x10000046 = 0x14; *(uint8_t*)0x10000047 = 0; *(uint8_t*)0x10000048 = 0xbb; *(uint32_t*)0x10000049 = htobe32(-1); *(uint8_t*)0x1000004d = 0xac; *(uint8_t*)0x1000004e = 0x14; *(uint8_t*)0x1000004f = 0; *(uint8_t*)0x10000050 = 0xbb; *(uint32_t*)0x10000051 = htobe32(0); *(uint8_t*)0x10000055 = 0x94; *(uint8_t*)0x10000056 = 6; *(uint32_t*)0x10000057 = htobe32(9); *(uint8_t*)0x1000005b = 0x94; *(uint8_t*)0x1000005c = 6; *(uint32_t*)0x1000005d = htobe32(0x80000001); *(uint8_t*)0x10000061 = 1; *(uint8_t*)0x10000062 = 0x83; *(uint8_t*)0x10000063 = 0x1f; *(uint8_t*)0x10000064 = 2; *(uint32_t*)0x10000065 = htobe32(0xe0000002); *(uint32_t*)0x10000069 = htobe32(0xe0000001); *(uint32_t*)0x1000006d = htobe32(0x7f000001); *(uint32_t*)0x10000071 = htobe32(0); *(uint32_t*)0x10000075 = htobe32(0x7f000001); *(uint32_t*)0x10000079 = htobe32(0x7f000001); *(uint32_t*)0x1000007d = htobe32(0xe0000001); memcpy((void*)0x10000082, "\x8d\x86\x2d\x09\x9b\x6b\xb2\xba\x6a\xea\xa6\xab\xd3\xe9\xd5\x82\xc9", 17); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x10000012, 112); *(uint16_t*)0x1000001c = csum_inet_digest(&csum_1); memcpy((void*)0x100000c0, "\xc4\xe1\xf5\xf3\x7b\x05\xc4\xc2\xf5\x47\x52\x5a\x80\x8f\x4e\x00\x00\x00\x00\x66\x0f\x38\x1d\xbc\x60\x07\x00\x00\x00\xc4\xe2\xad\x91\x74\xae\x7e\x81\xfe\x00\x00\x00\x00\x8f\xe9\xa0\x99\xd8\xe4\xff\xc4\xc1\x93\x5c\x17\xc4\xc3\xe1\x41\xae\x2f\x10\x9d\xc2\xd8", 64); syz_execute_func(0x100000c0); } int main(void) { syscall(SYS_mmap, 0x10000000, 0x1000000, 7, 0x1012, -1, 0); use_temporary_dir(); do_sandbox_none(); return 0; } :213:16: error: use of undeclared identifier 'SYS_shm_open2' res = syscall(SYS_shm_open2, 0x10000240, 0x800, 0, 7, 0x10000280); ^ 1 error generated. compiler invocation: clang [-o /tmp/syz-executor268348537 -DGOOS_freebsd=1 -DGOARCH_386=1 -DHOSTGOOS_freebsd=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static -lc++ -Wno-overflow] --- FAIL: TestGenerate/freebsd/386/13 (1.57s) csource_test.go:123: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:true} program: setsockopt$inet_opts(0xffffffffffffff9c, 0x0, 0x0, &(0x7f0000000000)="ec04a904b9d2ea02fab2df1d9de39f3f5aa2344397e186204d39d74da156e7c6cd98195b7b83c652b06b6222bdef3363961bf47e9b530fbf65bae3607b60941e2715bd678fcebc5524bcefd3184d", 0x4e) ioctl$DIOCSETIFFLAG(0xffffffffffffffff, 0xc0284459, &(0x7f0000000180)={0x10, &(0x7f0000000080)="de11c2a774191d70f51e7c3e375c2814ac72c2d5d0404a2e3d5baf92161f3b451efe9c4c79d7660668f6073e2f76c5f2145195e8c1a4ec34b6f69c1b582768207b28a979f05adc14a3357fe7c493fc81a9177524631bb209be637f8695747fa7cf1c68ac691f169c1b8fb67d7a3776ddfc620ffbe6831f74d2f2d089a4ffecf510a99702258c58ea9e871d4f4ab9a347aabdbb03585b37b5c79436c0c1160a5876b61bbf0c814bb49a27a36082df13cb2f9de2f942b6ac7e158880cfc03cfdccca9fc0f2347eb543a343b4c92707fe736a86a35d58e26f6fd2e9ec8f82", 0x7, 0x5a764000, 0x6}) recvfrom$inet6(0xffffffffffffff9c, &(0x7f00000001c0)=""/23, 0x17, 0x2, &(0x7f0000000200)={0x1c, 0x1c, 0x3, 0x6, @loopback, 0x2d99}, 0x1c) r0 = shm_open2(&(0x7f0000000240)='./file0\x00', 0x800, 0x0, 0x7, &(0x7f0000000280)='\x00') sendfile(r0, 0xffffffffffffff9c, 0x8, 0x800, &(0x7f00000015c0)={&(0x7f0000000540)=[{&(0x7f00000002c0)="efacade58ab0192351a102ada32ad1f41e429edf6c4a513ac6d669cadb222eb68297ab8f9f7b3234d0c6cfa280ad14dc1c4c34175119446d79a030d48b57304eb90b428c202382d86cd71e9c1ecc8d3e2d764aae3714cb591eb027e46943e23eb7656875867e603cf13892a74c42bb1844c27f7f454f9661f1dbb35004ada4d6d75b1df342e967493d207d6b8b4edcbf9d1e378445573684ed139b671abf6576edf8d7342cd8649d376970acbde224a7b0b6a975a8ba0a768ed6abe16c1b694f65dd4231f48c2884", 0xc8}, {&(0x7f00000003c0)="a6e4fe186c760ac2ebbcf9efda5e22e2df6f153fccda1c16976037d03ee004c3fbba5d35b6c083130fc705f95889ba6adbe5e3a7a5e70136a0ca085b7e504d0df55fe184a9bd7a82", 0x48}, {&(0x7f0000000440)="c7e00030b3c4541743ee6513", 0xc}, {&(0x7f0000000480)="a4a67a4e72492b9fab6379e4c0f35b22b69b6e7aefc56beefa857ae28543", 0x1e}, {&(0x7f00000004c0)="8f095f8df1c6bc4dfc1d826f02dfa7794bebf9e7ffc7160f276a53d1abc996fca8c8dbc7c79c09cd5f954775c9e8fc1cf2e0e3c054fb54b662d1b45f5235fdbf860c3fed3dc34ceb30c44baa4ded7de7e9533f4dca146db0db35a93ba654d49011d9cb98d1576b731b9c2bb58c0df4edee6ef5ae1f8b6bc9646f5b4ade4dd52a", 0x80}], 0x5, &(0x7f0000001580)=[{&(0x7f0000000580)="8edaafd215ce7b65c301b4c92651648d0898187ccdb01a4d76b5e301ed4dc9a8863dc7f7ae3bad050227e374a16898e6004c8414847ad74972edac24dc8af73efdef3cfa98e46ff109f6639f4f1417146e2a2c1834c974f3e464ef4b9c88085227ad382c926de3191e689632fad2e80be97123084f70ff095d026a80f01d73752db200c3609bc6e8bbc9187cb85a6519bafc4f15ecca30558d8fc19c9c8cfb94a2f1e70345adf2b01814e7376e9f4492a3bf3883e22df30568632f51c3a6b363d5a968937e1ee977a34f412d00ad70c1c91a7c39ead08d366e10ffc0552b5deae8e1fbee08abf3eade68a0ea2f89f27c3b9a4eb1d202932a128b552adfa688556cce27e1a831daca249c6c8c8af9f50e793b7f86a971eb6ea8ac68fe0646ced0185775d71aece79e93cdeb67ee01e931c345a23ee4a612e131da8b80ac0ad845a4e2712cc43b244df22df822b2b336d8ab18588b607526a1e5951fe7393d5cbef86c42988f3e8b5fb0de54c9aabe6ae7c13cec0506ae837b795539d412fe96e4c546a7d9c9d2830ed163fbc20aab884f5b1159a6ab62d266b2c32597cc06685b789b80f8d2664c87f09956a29dcd3fc0e9ba35d668590e0dcfbcbb6185e1e870324f22b167a2204e271eff9dcbb36c1f52cf2fe376046126cd24de4b8d8e9e367e17179abb59d26cdee75ceab93d2b2400f7086542d957bc80da1069c5f7518e8608fae3f948cb7c272f7e360da0fb84aa2330f996088310c7e42379cc7837b85a646c44d153bed8eb8f95bc3d5411e33ec832ab8156923c7324dfc43386d3419d36603f699a321fd61fc9f9765a2a64b16d47e0870e1971231dc616647028c4b35bea6e59dbdbe9a29a5f46389ecb655711e90f49a98c021493df41177466f02589339a40b3b486a25ccada3caae496314a5a2b54a11cf6fb7e87d84d01ea853e970cf18a1b53db5d156375abe41ad686a4b4b4c2475a31ecdfe5f22ba51f666d22e6c7434c722c7565eeb5346eecd1e25557722166ac7e50929fefbb3f2999d152938f7f3cec1defe5a097a5f3a75932ce2c0364ecaf5ffba084f976b5d1ce16e8fb4d12348a6fd167117f080a89f54ebe8bdc10ed4d34df568042ddc103d02d13b6af17807f2760091123263c3a00d2d69e57145f8a2de9eb50ebe89a3efac53ab73a57744070a5140e0e4e25030edbebe83341fdc545ab2b4aa8a0feb09632d84ef01162d93d0d8fa9510f597ea20032e194df444a83960b99658d076fe3bccde903fb30471fd000fbcd4201a62936c7c718405394e6612ddd77e415ef8879a2761f6678ee0e23f4a1398c83da959e97236c67b0bc39717dfd9cb308a21343c83d43f24ea70a1040a98fb1958de1a35a27ed76c7c7ec82ae3a01b3ca53b118892f2045a5747de14c54a99b438e85ab2af93ef151a39ee0157c6c9d0e4e1ff5b3c6ff6ab0739ff9524221c6b675bb884bbe64a62141592c8cc99760f17abc44706ff37e313c7553dff34cf649e056a05cf62cb379a64c4b3e549eb1c572b917ea715ab1e7cc691545d5092813bf3ef2cd9ff914af31c14bb57dd406a0b48916d5cee27b0d79ec74296257489c835bba62d2e4f89573a121300876ca4611d8066d76b3e79e1d36132cc8d6b99eebaeacef786a598d6dbb43afc42e5415424360970731b273736b062a2753d10f7aa0f6c082fe2d80ea112bea0a05a9b5488ef189057c48429a5ed4d0c3363b7e6dfa252cd886ec7f51bc9eef81c1031786b26bd6f468a02b4d6a494d8876ab986084fc73b584c1619b70fc6825a2ab85c9cd1db81c835a452c01b4438a2851b8e4d5c4a9678946c4e25f7fdf456dc7e61de3dd6f1302b0194db7be1b41fd064cc35d119ce291592aaf8d07f2ceae8b20e3b1a933ec75699f969632ecd6fa91591ea58744edd5466046c809993f4cbffae1d527ed1bb22d9e1e02295d3586de90950247a1b1dfcfc9415942f46c3f194c6cb06e7011e96478bcd3aa33542eb20447e4afa5c48b1372cb07216318b071f898b0e8632ad0df9afe12cf52be135457241e2e49ca492f77b81e9650d2c85282a6ac7844b1946007bef7a0d53b1a5e285749c0d21de5c192c631696d36503daa612ac70e30d3b7349e21bc99bdc4c3a941bd7a33ef35bb3512ae9826c46d8c9a21da2773921bfdaf6fbf649da2b225861b676440258334167f9d7eb1e03d30f3cc279d01ec5ad7eecff29f296ef60355c8c13e045c8ac97805d066f81cf4c859fedbe741bc2737cea891d95c9c69f21aa58edca272dec60c3e77abaf597308e07913584e435786b9ff401a4cbb050335b56a20e652c1d36ff74b8ef2f59578594cd973b79430110b3e943835406288f9a20d0d649dc5630bc50711fed106f325be5fce20ff7672dfdbe14df66d40c430378b7d885c3e7f115b49c84d26c4b309e13af4fd2b4556a9642c48f8a81b64d5dd600f4b29aa2ad3a8df28a84b056070005eb737860583dfc8da5e3144f0ef29580d1940798a6124efe2d180c811da06eda2548165a2a82ea018d8c07a967c063b179ba971c09ce7c19ba96ea34c676e140cf06abd6dc6ce75546e42e71bbb9eeef1547588d9d928aa6ee221eb720d8a073398326cfcb616e34e1dee6fc88c29ddfb4e9cc57e89d33fa4f9fffe48efbbe7c247f825cc24f30df2ba35d7aa2cedb53dbdc0d88a1c68197f1f5fba83ec211892d934e803db2126b667d0f0fbe23bb65e765549ee5bc198458707e4cc826caa4c40f9da0664f9a1f7f4e7f8636012ca46a3bbf545d6b8a7e57b8c432c3aa5065e78983a8add9e1485a6fdd40554490c29dca6ddfa0f9803a621b438c168d1864bd021348e22e6a652137dd7fd0aa854b0037cc299774fe6ea3e76e2b5e888d94071441159256037bf358f941d69fe241beb1eca951a604d3768ab88cc1823b3b45b4c3ed1c75ade6170e5880274beb7d5df0d4f7fff8c00dfc2a49325c61dc8b5008449400d784a66089fe5ae1c4f47826787682832c8c57b74e15cfc63ad03056ee0b8c22ef892a3429bb124cf0a224c036c7c59e3a3908ca49b72089ef815533faa1aaf78ec5ab8a98e56bdd8b4e2579735beb27be0f18cae83c4b854e1179d9f327d81bd035272a12471d6e728fb87eeb2d8a112a2704ca64d5b0044d9262294e6137bffd6f9c23137924661ef102744cb5a0ef9d5eaa3789c934c5ea1237fe071d6ee064d2c3cdc6217c1ba0bde93b06ee69899e7eeb850e583cb23c90722d002f23479533134e1abb6a6e6201357c8ce82906b81a9ff0d5b5447264a3918181664213e7e8d953011c6eda2f683c2ff85f668a56f3a070abceae972741c6e0c6513d35ec8665e110694834e1e2be2f6790fab65fd5b1be7d0b1c0b40af19c03cc291056d3e09d3bee77d9029ec49eaedfa054a9ef943c12e5e81992e41612b6c1d9422858f7ffcf8bb72ea68ce969c8c883f4d8225a3cda94016348dfe77a8a033274c95f2e0e7b1e4c51e132dc653964b10654fca84b729f6c6091ceeb427f147ffc9420942b827ef787eef917e3e36c702fe419561922ebba7e687a81e95b2dce352f208b51736897758814ff99d52a6031af9f92b344c02e9a2d65571f8d8a744b913adfe2a04948e3deed0faadec648c8ed2138acc024d8f14cec7e8cf003585f2f7f0650fde160a891337315bef61174b94224ae4968d22fbf284254e43413194f4bc14d84e2baf591c62420ebceff8a2245b2a4d5f3bc7d0b285f9c2607d3340b9cbc90ab7bee1bbed925dcbbce614470a30a4948c4bb90fcb65220ebedb168af885104219be85cd74ab9f5200640d9ce2937b9a362b17d4b6f41eaee1208906c238862dcbf421eb390624f01f22b653d8edaa3f0d81aafffe5374a46f227dfffe7a0eae723c33b6ab41befaefb6d629f25ad38c6f4879580034c578dfd1ce91b3fd2ffa878a992324ad1181f1ae04a1620ad3ad53821ec579fb29ecc53ab1d35011133d7b59715c228ec45d1662c87ed0287862ffb498cbd0410a391f142489fe6e369e3526b39e05c13c3574b1152341a237eed902ebf49b4b2548795e418c1e57e011061298d3a9dbcf2c2caccad013d03123208adddbe99e9f523dd0379dd537a93508b9aa29d1e7f286aa9983eb5b59ccaecffc31466f7f13ef320efa0c2fe393b5a0fb25e867f7951a6e25656d7e9905bc00c855ad0f4b9c55b33d99fa1358848c037e6ff9c76523764febd6d8ec83f70338e7ff728a52c661b2b0282381d2c169267b11d4dc383e62ae646d1cf9323b2d0cf3c561f81c7d2b0873d96ba97247cc47e222e226a6d151f11f2f50b767bac93a9dcf1711ac45b1c528fa9a9442f2958218a021f3305ec037d590019dd4d83d3441628e4ad6a6c595062c0a7822d090527833786d5e8f31002212661f50006549dd1d3b462456ef126814073c06b96e78406b6d4494d887fe7c794b75399c2c13ffb56f291bd4a7d36155de7e01fa35b7bec8bcacd43c8bb6ca6f09a15003bb8287ce68e1cab702cc309c7bebb0699ab4da85448da0db0340594a8e2e7ac83a32d3e7187c8d45d85b9fba5a29937143d7b011721f515a4945bbefbe554da5d3c7cb5f127fc13793f3732c90a4a58eaec22a93ed04e82e8347c707326436775da4df8add39fe46fd4dc4ff6592098454eb82b14a0d977e7d8f0610cc0f251c7df75fb6e9e64545b2828a15e1894d9586cd6c88f82d469c64d48b8cc3883e81f0172d089e8577e4bde2b5d59e7b9c835a7978081dc009c1867c7b202e554bbf4fe8cbc033bd32c75f12deb3d6533f4a87efd2f031e867b6589d170976120fa40cf08715d5686e719db2b04fc95c88771785854be7fdfd78eb1a9be035f6f674f9fa508aa90da71d5bafdb445d77e7fe38d24625d42a2e003bb3d153ee1e13af32ada0cf208fa2f9445191d558e61e8bde4cdbb790f43bb96285166fde2a5ac6a1deb58c0b00bea388198d49c4f5fe82ae9d61f5210a7257d22d776e77fa61545eaaf370f36c28c7508241d32715f7ec2848cac7f2d4df18a512a3226dfe97c5951d313fc09599fd21bb2900241483a12ffc57598e4f09cb85ae6962f2757050de6eccef034af3a84f250cbf0ea649a7a87b2901d4c6b3ea93225fc2cec0b6c9804e4eda002a3d24da0a55e6d9a0ad1807221bade6da8e84c86e322f7b3e1e087515aefa11de3e198b8187b1adb904a5361590b90915b73eb96342b1ed9e34c5bb68f81396be94b31df136a65868d796c7622dd8e7f78ce81d7db24163ad784d4815ff817bf8811d1293c7e88fe4d7821783191e03b5682ae7c0dadd4a92724aafce024ae0acc8e39cd3eaf4ede024907e50977228df4d3a6a428886fb24f9aa15366bcae6ebb1751402b9f34a38540c09293047fe94373c17a9cccff1a1de322efc3fe334801aa76444dd0d4c017feb9d453eb35f21efe332ed9ae75571ca5778eb4b69d94f769dbf08cafa07a7f42f12f8f2a9e3eb6976e0162c3f23451d974c87f6063bd31db1385811b554c8550ba5130f88d797a8bab3e01b21e5febd2b0f66e8f5842c104107428423a8c8d394c5e19ea717587a92fe070e5b49ec4af4bc632e2f3e80fa65116f38e12d8a218f4f236105e390802b3f9921650ba418177f833261861abeebfaec31989492f7f02d1b062169d3bee9aa399d3dfa9f98d4829e98fe767236f5dd98109439d31999c03519ea38de25b3fe38b420fbe4552e9adedb307fdffc98ea4586d60ee313328c5b6c3ff504ebed28f56698016dd796b9b9e850d7918d8b8", 0x1000}], 0x1}, &(0x7f0000001600), 0x9) ioctl$DIOCXROLLBACK(0xffffffffffffffff, 0xc0104453, &(0x7f0000001640)="6c811ba52c139b40dc5680cb0275fdd440468e4dae07c745ba758cb266742f468fc42da0669f6061cb2c9f921e953451b3135e0174fe8eb1aebb2c3eb8a7fb3fc8dea18e652d01e7184ca65dce04f4679afed2766b067349de7a5ef60b586992919a20382c0a1f20af0c9c7fac61cf18383e36fe56502f5f26b8") freebsd10_pipe(&(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_sctp_SCTP_BINDX_REM_ADDR(r2, 0x84, 0x8002, &(0x7f0000001700)=@in={0x10, 0x2, 0x3, @rand_addr=0x7}, &(0x7f0000001740)=0x10) getsockopt$inet6_sctp_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x20, &(0x7f0000001780), &(0x7f00000017c0)=0x4) getsockopt$inet6_sctp_SCTP_HMAC_IDENT(r1, 0x84, 0x14, &(0x7f0000001800)={0x8, [0x1000, 0x0, 0x8000, 0x200, 0x4000, 0x0, 0x1, 0x0]}, &(0x7f0000001840)=0x14) syz_emit_ethernet(0x93, &(0x7f0000000000)={@random="c90c8a7c337f", @local, [{}], {@ipv4={0x800, {{0x1c, 0x4, 0x0, 0x0, 0x81, 0x65, 0x5, 0x1, 0x46, 0x0, @broadcast, @remote={0xac, 0x14, 0x0}, {[@end, @timestamp={0x44, 0xc, 0x5, 0x0, 0x3, [{[], 0x9}, {[], 0x4}]}, @lsrr={0x83, 0xb, 0x6, [@multicast1, @broadcast]}, @generic={0x0, 0x4, "a4d4"}, @ssrr={0x89, 0x13, 0x4, [@remote={0xac, 0x14, 0x0}, @broadcast, @remote={0xac, 0x14, 0x0}, @empty]}, @ra={0x94, 0x6, 0x9}, @ra={0x94, 0x6, 0x80000001}, @noop, @lsrr={0x83, 0x1f, 0x2, [@multicast2, @multicast1, @loopback, @empty, @loopback, @loopback, @multicast1]}]}}, @generic="8d862d099b6bb2ba6aeaa6abd3e9d582c9"}}}}) syz_execute_func(&(0x7f00000000c0)="c4e1f5f37b05c4c2f547525a808f4e00000000660f381dbc6007000000c4e2ad9174ae7e81fe000000008fe9a099d8e4ffc4c1935c17c4c3e141ae2f109dc2d8") syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x7ff) csource_test.go:124: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static void sandbox_common() { if (setsid() == -1) exit(1); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 128 << 20; setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { fprintf(stderr, "### start\n"); int i, call, thread; for (call = 0; call < 13; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 45); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5 * 1000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: memcpy((void*)0x10000000, "\xec\x04\xa9\x04\xb9\xd2\xea\x02\xfa\xb2\xdf\x1d\x9d\xe3\x9f\x3f\x5a\xa2\x34\x43\x97\xe1\x86\x20\x4d\x39\xd7\x4d\xa1\x56\xe7\xc6\xcd\x98\x19\x5b\x7b\x83\xc6\x52\xb0\x6b\x62\x22\xbd\xef\x33\x63\x96\x1b\xf4\x7e\x9b\x53\x0f\xbf\x65\xba\xe3\x60\x7b\x60\x94\x1e\x27\x15\xbd\x67\x8f\xce\xbc\x55\x24\xbc\xef\xd3\x18\x4d", 78); res = syscall(SYS_setsockopt, 0xffffff9c, 0, 0, 0x10000000, 0x4e); fprintf(stderr, "### call=0 errno=%u\n", res == -1 ? errno : 0); break; case 1: *(uint8_t*)0x10000180 = 0x10; *(uint32_t*)0x10000184 = 0x10000080; memcpy((void*)0x10000080, "\xde\x11\xc2\xa7\x74\x19\x1d\x70\xf5\x1e\x7c\x3e\x37\x5c\x28\x14\xac\x72\xc2\xd5\xd0\x40\x4a\x2e\x3d\x5b\xaf\x92\x16\x1f\x3b\x45\x1e\xfe\x9c\x4c\x79\xd7\x66\x06\x68\xf6\x07\x3e\x2f\x76\xc5\xf2\x14\x51\x95\xe8\xc1\xa4\xec\x34\xb6\xf6\x9c\x1b\x58\x27\x68\x20\x7b\x28\xa9\x79\xf0\x5a\xdc\x14\xa3\x35\x7f\xe7\xc4\x93\xfc\x81\xa9\x17\x75\x24\x63\x1b\xb2\x09\xbe\x63\x7f\x86\x95\x74\x7f\xa7\xcf\x1c\x68\xac\x69\x1f\x16\x9c\x1b\x8f\xb6\x7d\x7a\x37\x76\xdd\xfc\x62\x0f\xfb\xe6\x83\x1f\x74\xd2\xf2\xd0\x89\xa4\xff\xec\xf5\x10\xa9\x97\x02\x25\x8c\x58\xea\x9e\x87\x1d\x4f\x4a\xb9\xa3\x47\xaa\xbd\xbb\x03\x58\x5b\x37\xb5\xc7\x94\x36\xc0\xc1\x16\x0a\x58\x76\xb6\x1b\xbf\x0c\x81\x4b\xb4\x9a\x27\xa3\x60\x82\xdf\x13\xcb\x2f\x9d\xe2\xf9\x42\xb6\xac\x7e\x15\x88\x80\xcf\xc0\x3c\xfd\xcc\xca\x9f\xc0\xf2\x34\x7e\xb5\x43\xa3\x43\xb4\xc9\x27\x07\xfe\x73\x6a\x86\xa3\x5d\x58\xe2\x6f\x6f\xd2\xe9\xec\x8f\x82", 221); *(uint32_t*)0x10000188 = 7; *(uint32_t*)0x1000018c = 0x5a764000; *(uint32_t*)0x10000190 = 6; res = syscall(SYS_ioctl, -1, 0xc0284459, 0x10000180); fprintf(stderr, "### call=1 errno=%u\n", res == -1 ? errno : 0); break; case 2: *(uint8_t*)0x10000200 = 0x1c; *(uint8_t*)0x10000201 = 0x1c; *(uint16_t*)0x10000202 = htobe16(0x4e23); *(uint32_t*)0x10000204 = 6; *(uint64_t*)0x10000208 = htobe64(0); *(uint64_t*)0x10000210 = htobe64(1); *(uint32_t*)0x10000218 = 0x2d99; res = syscall(SYS_recvfrom, 0xffffff9c, 0x100001c0, 0x17, 2, 0x10000200, 0x1c); fprintf(stderr, "### call=2 errno=%u\n", res == -1 ? errno : 0); break; case 3: memcpy((void*)0x10000240, "./file0\000", 8); memcpy((void*)0x10000280, "\000", 1); res = syscall(SYS_shm_open2, 0x10000240, 0x800, 0, 7, 0x10000280); fprintf(stderr, "### call=3 errno=%u\n", res == -1 ? errno : 0); if (res != -1) r[0] = res; break; case 4: *(uint32_t*)0x100015c0 = 0x10000540; *(uint32_t*)0x10000540 = 0x100002c0; memcpy((void*)0x100002c0, "\xef\xac\xad\xe5\x8a\xb0\x19\x23\x51\xa1\x02\xad\xa3\x2a\xd1\xf4\x1e\x42\x9e\xdf\x6c\x4a\x51\x3a\xc6\xd6\x69\xca\xdb\x22\x2e\xb6\x82\x97\xab\x8f\x9f\x7b\x32\x34\xd0\xc6\xcf\xa2\x80\xad\x14\xdc\x1c\x4c\x34\x17\x51\x19\x44\x6d\x79\xa0\x30\xd4\x8b\x57\x30\x4e\xb9\x0b\x42\x8c\x20\x23\x82\xd8\x6c\xd7\x1e\x9c\x1e\xcc\x8d\x3e\x2d\x76\x4a\xae\x37\x14\xcb\x59\x1e\xb0\x27\xe4\x69\x43\xe2\x3e\xb7\x65\x68\x75\x86\x7e\x60\x3c\xf1\x38\x92\xa7\x4c\x42\xbb\x18\x44\xc2\x7f\x7f\x45\x4f\x96\x61\xf1\xdb\xb3\x50\x04\xad\xa4\xd6\xd7\x5b\x1d\xf3\x42\xe9\x67\x49\x3d\x20\x7d\x6b\x8b\x4e\xdc\xbf\x9d\x1e\x37\x84\x45\x57\x36\x84\xed\x13\x9b\x67\x1a\xbf\x65\x76\xed\xf8\xd7\x34\x2c\xd8\x64\x9d\x37\x69\x70\xac\xbd\xe2\x24\xa7\xb0\xb6\xa9\x75\xa8\xba\x0a\x76\x8e\xd6\xab\xe1\x6c\x1b\x69\x4f\x65\xdd\x42\x31\xf4\x8c\x28\x84", 200); *(uint32_t*)0x10000544 = 0xc8; *(uint32_t*)0x10000548 = 0x100003c0; memcpy((void*)0x100003c0, "\xa6\xe4\xfe\x18\x6c\x76\x0a\xc2\xeb\xbc\xf9\xef\xda\x5e\x22\xe2\xdf\x6f\x15\x3f\xcc\xda\x1c\x16\x97\x60\x37\xd0\x3e\xe0\x04\xc3\xfb\xba\x5d\x35\xb6\xc0\x83\x13\x0f\xc7\x05\xf9\x58\x89\xba\x6a\xdb\xe5\xe3\xa7\xa5\xe7\x01\x36\xa0\xca\x08\x5b\x7e\x50\x4d\x0d\xf5\x5f\xe1\x84\xa9\xbd\x7a\x82", 72); *(uint32_t*)0x1000054c = 0x48; *(uint32_t*)0x10000550 = 0x10000440; memcpy((void*)0x10000440, "\xc7\xe0\x00\x30\xb3\xc4\x54\x17\x43\xee\x65\x13", 12); *(uint32_t*)0x10000554 = 0xc; *(uint32_t*)0x10000558 = 0x10000480; memcpy((void*)0x10000480, "\xa4\xa6\x7a\x4e\x72\x49\x2b\x9f\xab\x63\x79\xe4\xc0\xf3\x5b\x22\xb6\x9b\x6e\x7a\xef\xc5\x6b\xee\xfa\x85\x7a\xe2\x85\x43", 30); *(uint32_t*)0x1000055c = 0x1e; *(uint32_t*)0x10000560 = 0x100004c0; memcpy((void*)0x100004c0, "\x8f\x09\x5f\x8d\xf1\xc6\xbc\x4d\xfc\x1d\x82\x6f\x02\xdf\xa7\x79\x4b\xeb\xf9\xe7\xff\xc7\x16\x0f\x27\x6a\x53\xd1\xab\xc9\x96\xfc\xa8\xc8\xdb\xc7\xc7\x9c\x09\xcd\x5f\x95\x47\x75\xc9\xe8\xfc\x1c\xf2\xe0\xe3\xc0\x54\xfb\x54\xb6\x62\xd1\xb4\x5f\x52\x35\xfd\xbf\x86\x0c\x3f\xed\x3d\xc3\x4c\xeb\x30\xc4\x4b\xaa\x4d\xed\x7d\xe7\xe9\x53\x3f\x4d\xca\x14\x6d\xb0\xdb\x35\xa9\x3b\xa6\x54\xd4\x90\x11\xd9\xcb\x98\xd1\x57\x6b\x73\x1b\x9c\x2b\xb5\x8c\x0d\xf4\xed\xee\x6e\xf5\xae\x1f\x8b\x6b\xc9\x64\x6f\x5b\x4a\xde\x4d\xd5\x2a", 128); *(uint32_t*)0x10000564 = 0x80; *(uint32_t*)0x100015c4 = 5; *(uint32_t*)0x100015c8 = 0x10001580; *(uint32_t*)0x10001580 = 0x10000580; memcpy((void*)0x10000580, "\x8e\xda\xaf\xd2\x15\xce\x7b\x65\xc3\x01\xb4\xc9\x26\x51\x64\x8d\x08\x98\x18\x7c\xcd\xb0\x1a\x4d\x76\xb5\xe3\x01\xed\x4d\xc9\xa8\x86\x3d\xc7\xf7\xae\x3b\xad\x05\x02\x27\xe3\x74\xa1\x68\x98\xe6\x00\x4c\x84\x14\x84\x7a\xd7\x49\x72\xed\xac\x24\xdc\x8a\xf7\x3e\xfd\xef\x3c\xfa\x98\xe4\x6f\xf1\x09\xf6\x63\x9f\x4f\x14\x17\x14\x6e\x2a\x2c\x18\x34\xc9\x74\xf3\xe4\x64\xef\x4b\x9c\x88\x08\x52\x27\xad\x38\x2c\x92\x6d\xe3\x19\x1e\x68\x96\x32\xfa\xd2\xe8\x0b\xe9\x71\x23\x08\x4f\x70\xff\x09\x5d\x02\x6a\x80\xf0\x1d\x73\x75\x2d\xb2\x00\xc3\x60\x9b\xc6\xe8\xbb\xc9\x18\x7c\xb8\x5a\x65\x19\xba\xfc\x4f\x15\xec\xca\x30\x55\x8d\x8f\xc1\x9c\x9c\x8c\xfb\x94\xa2\xf1\xe7\x03\x45\xad\xf2\xb0\x18\x14\xe7\x37\x6e\x9f\x44\x92\xa3\xbf\x38\x83\xe2\x2d\xf3\x05\x68\x63\x2f\x51\xc3\xa6\xb3\x63\xd5\xa9\x68\x93\x7e\x1e\xe9\x77\xa3\x4f\x41\x2d\x00\xad\x70\xc1\xc9\x1a\x7c\x39\xea\xd0\x8d\x36\x6e\x10\xff\xc0\x55\x2b\x5d\xea\xe8\xe1\xfb\xee\x08\xab\xf3\xea\xde\x68\xa0\xea\x2f\x89\xf2\x7c\x3b\x9a\x4e\xb1\xd2\x02\x93\x2a\x12\x8b\x55\x2a\xdf\xa6\x88\x55\x6c\xce\x27\xe1\xa8\x31\xda\xca\x24\x9c\x6c\x8c\x8a\xf9\xf5\x0e\x79\x3b\x7f\x86\xa9\x71\xeb\x6e\xa8\xac\x68\xfe\x06\x46\xce\xd0\x18\x57\x75\xd7\x1a\xec\xe7\x9e\x93\xcd\xeb\x67\xee\x01\xe9\x31\xc3\x45\xa2\x3e\xe4\xa6\x12\xe1\x31\xda\x8b\x80\xac\x0a\xd8\x45\xa4\xe2\x71\x2c\xc4\x3b\x24\x4d\xf2\x2d\xf8\x22\xb2\xb3\x36\xd8\xab\x18\x58\x8b\x60\x75\x26\xa1\xe5\x95\x1f\xe7\x39\x3d\x5c\xbe\xf8\x6c\x42\x98\x8f\x3e\x8b\x5f\xb0\xde\x54\xc9\xaa\xbe\x6a\xe7\xc1\x3c\xec\x05\x06\xae\x83\x7b\x79\x55\x39\xd4\x12\xfe\x96\xe4\xc5\x46\xa7\xd9\xc9\xd2\x83\x0e\xd1\x63\xfb\xc2\x0a\xab\x88\x4f\x5b\x11\x59\xa6\xab\x62\xd2\x66\xb2\xc3\x25\x97\xcc\x06\x68\x5b\x78\x9b\x80\xf8\xd2\x66\x4c\x87\xf0\x99\x56\xa2\x9d\xcd\x3f\xc0\xe9\xba\x35\xd6\x68\x59\x0e\x0d\xcf\xbc\xbb\x61\x85\xe1\xe8\x70\x32\x4f\x22\xb1\x67\xa2\x20\x4e\x27\x1e\xff\x9d\xcb\xb3\x6c\x1f\x52\xcf\x2f\xe3\x76\x04\x61\x26\xcd\x24\xde\x4b\x8d\x8e\x9e\x36\x7e\x17\x17\x9a\xbb\x59\xd2\x6c\xde\xe7\x5c\xea\xb9\x3d\x2b\x24\x00\xf7\x08\x65\x42\xd9\x57\xbc\x80\xda\x10\x69\xc5\xf7\x51\x8e\x86\x08\xfa\xe3\xf9\x48\xcb\x7c\x27\x2f\x7e\x36\x0d\xa0\xfb\x84\xaa\x23\x30\xf9\x96\x08\x83\x10\xc7\xe4\x23\x79\xcc\x78\x37\xb8\x5a\x64\x6c\x44\xd1\x53\xbe\xd8\xeb\x8f\x95\xbc\x3d\x54\x11\xe3\x3e\xc8\x32\xab\x81\x56\x92\x3c\x73\x24\xdf\xc4\x33\x86\xd3\x41\x9d\x36\x60\x3f\x69\x9a\x32\x1f\xd6\x1f\xc9\xf9\x76\x5a\x2a\x64\xb1\x6d\x47\xe0\x87\x0e\x19\x71\x23\x1d\xc6\x16\x64\x70\x28\xc4\xb3\x5b\xea\x6e\x59\xdb\xdb\xe9\xa2\x9a\x5f\x46\x38\x9e\xcb\x65\x57\x11\xe9\x0f\x49\xa9\x8c\x02\x14\x93\xdf\x41\x17\x74\x66\xf0\x25\x89\x33\x9a\x40\xb3\xb4\x86\xa2\x5c\xca\xda\x3c\xaa\xe4\x96\x31\x4a\x5a\x2b\x54\xa1\x1c\xf6\xfb\x7e\x87\xd8\x4d\x01\xea\x85\x3e\x97\x0c\xf1\x8a\x1b\x53\xdb\x5d\x15\x63\x75\xab\xe4\x1a\xd6\x86\xa4\xb4\xb4\xc2\x47\x5a\x31\xec\xdf\xe5\xf2\x2b\xa5\x1f\x66\x6d\x22\xe6\xc7\x43\x4c\x72\x2c\x75\x65\xee\xb5\x34\x6e\xec\xd1\xe2\x55\x57\x72\x21\x66\xac\x7e\x50\x92\x9f\xef\xbb\x3f\x29\x99\xd1\x52\x93\x8f\x7f\x3c\xec\x1d\xef\xe5\xa0\x97\xa5\xf3\xa7\x59\x32\xce\x2c\x03\x64\xec\xaf\x5f\xfb\xa0\x84\xf9\x76\xb5\xd1\xce\x16\xe8\xfb\x4d\x12\x34\x8a\x6f\xd1\x67\x11\x7f\x08\x0a\x89\xf5\x4e\xbe\x8b\xdc\x10\xed\x4d\x34\xdf\x56\x80\x42\xdd\xc1\x03\xd0\x2d\x13\xb6\xaf\x17\x80\x7f\x27\x60\x09\x11\x23\x26\x3c\x3a\x00\xd2\xd6\x9e\x57\x14\x5f\x8a\x2d\xe9\xeb\x50\xeb\xe8\x9a\x3e\xfa\xc5\x3a\xb7\x3a\x57\x74\x40\x70\xa5\x14\x0e\x0e\x4e\x25\x03\x0e\xdb\xeb\xe8\x33\x41\xfd\xc5\x45\xab\x2b\x4a\xa8\xa0\xfe\xb0\x96\x32\xd8\x4e\xf0\x11\x62\xd9\x3d\x0d\x8f\xa9\x51\x0f\x59\x7e\xa2\x00\x32\xe1\x94\xdf\x44\x4a\x83\x96\x0b\x99\x65\x8d\x07\x6f\xe3\xbc\xcd\xe9\x03\xfb\x30\x47\x1f\xd0\x00\xfb\xcd\x42\x01\xa6\x29\x36\xc7\xc7\x18\x40\x53\x94\xe6\x61\x2d\xdd\x77\xe4\x15\xef\x88\x79\xa2\x76\x1f\x66\x78\xee\x0e\x23\xf4\xa1\x39\x8c\x83\xda\x95\x9e\x97\x23\x6c\x67\xb0\xbc\x39\x71\x7d\xfd\x9c\xb3\x08\xa2\x13\x43\xc8\x3d\x43\xf2\x4e\xa7\x0a\x10\x40\xa9\x8f\xb1\x95\x8d\xe1\xa3\x5a\x27\xed\x76\xc7\xc7\xec\x82\xae\x3a\x01\xb3\xca\x53\xb1\x18\x89\x2f\x20\x45\xa5\x74\x7d\xe1\x4c\x54\xa9\x9b\x43\x8e\x85\xab\x2a\xf9\x3e\xf1\x51\xa3\x9e\xe0\x15\x7c\x6c\x9d\x0e\x4e\x1f\xf5\xb3\xc6\xff\x6a\xb0\x73\x9f\xf9\x52\x42\x21\xc6\xb6\x75\xbb\x88\x4b\xbe\x64\xa6\x21\x41\x59\x2c\x8c\xc9\x97\x60\xf1\x7a\xbc\x44\x70\x6f\xf3\x7e\x31\x3c\x75\x53\xdf\xf3\x4c\xf6\x49\xe0\x56\xa0\x5c\xf6\x2c\xb3\x79\xa6\x4c\x4b\x3e\x54\x9e\xb1\xc5\x72\xb9\x17\xea\x71\x5a\xb1\xe7\xcc\x69\x15\x45\xd5\x09\x28\x13\xbf\x3e\xf2\xcd\x9f\xf9\x14\xaf\x31\xc1\x4b\xb5\x7d\xd4\x06\xa0\xb4\x89\x16\xd5\xce\xe2\x7b\x0d\x79\xec\x74\x29\x62\x57\x48\x9c\x83\x5b\xba\x62\xd2\xe4\xf8\x95\x73\xa1\x21\x30\x08\x76\xca\x46\x11\xd8\x06\x6d\x76\xb3\xe7\x9e\x1d\x36\x13\x2c\xc8\xd6\xb9\x9e\xeb\xae\xac\xef\x78\x6a\x59\x8d\x6d\xbb\x43\xaf\xc4\x2e\x54\x15\x42\x43\x60\x97\x07\x31\xb2\x73\x73\x6b\x06\x2a\x27\x53\xd1\x0f\x7a\xa0\xf6\xc0\x82\xfe\x2d\x80\xea\x11\x2b\xea\x0a\x05\xa9\xb5\x48\x8e\xf1\x89\x05\x7c\x48\x42\x9a\x5e\xd4\xd0\xc3\x36\x3b\x7e\x6d\xfa\x25\x2c\xd8\x86\xec\x7f\x51\xbc\x9e\xef\x81\xc1\x03\x17\x86\xb2\x6b\xd6\xf4\x68\xa0\x2b\x4d\x6a\x49\x4d\x88\x76\xab\x98\x60\x84\xfc\x73\xb5\x84\xc1\x61\x9b\x70\xfc\x68\x25\xa2\xab\x85\xc9\xcd\x1d\xb8\x1c\x83\x5a\x45\x2c\x01\xb4\x43\x8a\x28\x51\xb8\xe4\xd5\xc4\xa9\x67\x89\x46\xc4\xe2\x5f\x7f\xdf\x45\x6d\xc7\xe6\x1d\xe3\xdd\x6f\x13\x02\xb0\x19\x4d\xb7\xbe\x1b\x41\xfd\x06\x4c\xc3\x5d\x11\x9c\xe2\x91\x59\x2a\xaf\x8d\x07\xf2\xce\xae\x8b\x20\xe3\xb1\xa9\x33\xec\x75\x69\x9f\x96\x96\x32\xec\xd6\xfa\x91\x59\x1e\xa5\x87\x44\xed\xd5\x46\x60\x46\xc8\x09\x99\x3f\x4c\xbf\xfa\xe1\xd5\x27\xed\x1b\xb2\x2d\x9e\x1e\x02\x29\x5d\x35\x86\xde\x90\x95\x02\x47\xa1\xb1\xdf\xcf\xc9\x41\x59\x42\xf4\x6c\x3f\x19\x4c\x6c\xb0\x6e\x70\x11\xe9\x64\x78\xbc\xd3\xaa\x33\x54\x2e\xb2\x04\x47\xe4\xaf\xa5\xc4\x8b\x13\x72\xcb\x07\x21\x63\x18\xb0\x71\xf8\x98\xb0\xe8\x63\x2a\xd0\xdf\x9a\xfe\x12\xcf\x52\xbe\x13\x54\x57\x24\x1e\x2e\x49\xca\x49\x2f\x77\xb8\x1e\x96\x50\xd2\xc8\x52\x82\xa6\xac\x78\x44\xb1\x94\x60\x07\xbe\xf7\xa0\xd5\x3b\x1a\x5e\x28\x57\x49\xc0\xd2\x1d\xe5\xc1\x92\xc6\x31\x69\x6d\x36\x50\x3d\xaa\x61\x2a\xc7\x0e\x30\xd3\xb7\x34\x9e\x21\xbc\x99\xbd\xc4\xc3\xa9\x41\xbd\x7a\x33\xef\x35\xbb\x35\x12\xae\x98\x26\xc4\x6d\x8c\x9a\x21\xda\x27\x73\x92\x1b\xfd\xaf\x6f\xbf\x64\x9d\xa2\xb2\x25\x86\x1b\x67\x64\x40\x25\x83\x34\x16\x7f\x9d\x7e\xb1\xe0\x3d\x30\xf3\xcc\x27\x9d\x01\xec\x5a\xd7\xee\xcf\xf2\x9f\x29\x6e\xf6\x03\x55\xc8\xc1\x3e\x04\x5c\x8a\xc9\x78\x05\xd0\x66\xf8\x1c\xf4\xc8\x59\xfe\xdb\xe7\x41\xbc\x27\x37\xce\xa8\x91\xd9\x5c\x9c\x69\xf2\x1a\xa5\x8e\xdc\xa2\x72\xde\xc6\x0c\x3e\x77\xab\xaf\x59\x73\x08\xe0\x79\x13\x58\x4e\x43\x57\x86\xb9\xff\x40\x1a\x4c\xbb\x05\x03\x35\xb5\x6a\x20\xe6\x52\xc1\xd3\x6f\xf7\x4b\x8e\xf2\xf5\x95\x78\x59\x4c\xd9\x73\xb7\x94\x30\x11\x0b\x3e\x94\x38\x35\x40\x62\x88\xf9\xa2\x0d\x0d\x64\x9d\xc5\x63\x0b\xc5\x07\x11\xfe\xd1\x06\xf3\x25\xbe\x5f\xce\x20\xff\x76\x72\xdf\xdb\xe1\x4d\xf6\x6d\x40\xc4\x30\x37\x8b\x7d\x88\x5c\x3e\x7f\x11\x5b\x49\xc8\x4d\x26\xc4\xb3\x09\xe1\x3a\xf4\xfd\x2b\x45\x56\xa9\x64\x2c\x48\xf8\xa8\x1b\x64\xd5\xdd\x60\x0f\x4b\x29\xaa\x2a\xd3\xa8\xdf\x28\xa8\x4b\x05\x60\x70\x00\x5e\xb7\x37\x86\x05\x83\xdf\xc8\xda\x5e\x31\x44\xf0\xef\x29\x58\x0d\x19\x40\x79\x8a\x61\x24\xef\xe2\xd1\x80\xc8\x11\xda\x06\xed\xa2\x54\x81\x65\xa2\xa8\x2e\xa0\x18\xd8\xc0\x7a\x96\x7c\x06\x3b\x17\x9b\xa9\x71\xc0\x9c\xe7\xc1\x9b\xa9\x6e\xa3\x4c\x67\x6e\x14\x0c\xf0\x6a\xbd\x6d\xc6\xce\x75\x54\x6e\x42\xe7\x1b\xbb\x9e\xee\xf1\x54\x75\x88\xd9\xd9\x28\xaa\x6e\xe2\x21\xeb\x72\x0d\x8a\x07\x33\x98\x32\x6c\xfc\xb6\x16\xe3\x4e\x1d\xee\x6f\xc8\x8c\x29\xdd\xfb\x4e\x9c\xc5\x7e\x89\xd3\x3f\xa4\xf9\xff\xfe\x48\xef\xbb\xe7\xc2\x47\xf8\x25\xcc\x24\xf3\x0d\xf2\xba\x35\xd7\xaa\x2c\xed\xb5\x3d\xbd\xc0\xd8\x8a\x1c\x68\x19\x7f\x1f\x5f\xba\x83\xec\x21\x18\x92\xd9\x34\xe8\x03\xdb\x21\x26\xb6\x67\xd0\xf0\xfb\xe2\x3b\xb6\x5e\x76\x55\x49\xee\x5b\xc1\x98\x45\x87\x07\xe4\xcc\x82\x6c\xaa\x4c\x40\xf9\xda\x06\x64\xf9\xa1\xf7\xf4\xe7\xf8\x63\x60\x12\xca\x46\xa3\xbb\xf5\x45\xd6\xb8\xa7\xe5\x7b\x8c\x43\x2c\x3a\xa5\x06\x5e\x78\x98\x3a\x8a\xdd\x9e\x14\x85\xa6\xfd\xd4\x05\x54\x49\x0c\x29\xdc\xa6\xdd\xfa\x0f\x98\x03\xa6\x21\xb4\x38\xc1\x68\xd1\x86\x4b\xd0\x21\x34\x8e\x22\xe6\xa6\x52\x13\x7d\xd7\xfd\x0a\xa8\x54\xb0\x03\x7c\xc2\x99\x77\x4f\xe6\xea\x3e\x76\xe2\xb5\xe8\x88\xd9\x40\x71\x44\x11\x59\x25\x60\x37\xbf\x35\x8f\x94\x1d\x69\xfe\x24\x1b\xeb\x1e\xca\x95\x1a\x60\x4d\x37\x68\xab\x88\xcc\x18\x23\xb3\xb4\x5b\x4c\x3e\xd1\xc7\x5a\xde\x61\x70\xe5\x88\x02\x74\xbe\xb7\xd5\xdf\x0d\x4f\x7f\xff\x8c\x00\xdf\xc2\xa4\x93\x25\xc6\x1d\xc8\xb5\x00\x84\x49\x40\x0d\x78\x4a\x66\x08\x9f\xe5\xae\x1c\x4f\x47\x82\x67\x87\x68\x28\x32\xc8\xc5\x7b\x74\xe1\x5c\xfc\x63\xad\x03\x05\x6e\xe0\xb8\xc2\x2e\xf8\x92\xa3\x42\x9b\xb1\x24\xcf\x0a\x22\x4c\x03\x6c\x7c\x59\xe3\xa3\x90\x8c\xa4\x9b\x72\x08\x9e\xf8\x15\x53\x3f\xaa\x1a\xaf\x78\xec\x5a\xb8\xa9\x8e\x56\xbd\xd8\xb4\xe2\x57\x97\x35\xbe\xb2\x7b\xe0\xf1\x8c\xae\x83\xc4\xb8\x54\xe1\x17\x9d\x9f\x32\x7d\x81\xbd\x03\x52\x72\xa1\x24\x71\xd6\xe7\x28\xfb\x87\xee\xb2\xd8\xa1\x12\xa2\x70\x4c\xa6\x4d\x5b\x00\x44\xd9\x26\x22\x94\xe6\x13\x7b\xff\xd6\xf9\xc2\x31\x37\x92\x46\x61\xef\x10\x27\x44\xcb\x5a\x0e\xf9\xd5\xea\xa3\x78\x9c\x93\x4c\x5e\xa1\x23\x7f\xe0\x71\xd6\xee\x06\x4d\x2c\x3c\xdc\x62\x17\xc1\xba\x0b\xde\x93\xb0\x6e\xe6\x98\x99\xe7\xee\xb8\x50\xe5\x83\xcb\x23\xc9\x07\x22\xd0\x02\xf2\x34\x79\x53\x31\x34\xe1\xab\xb6\xa6\xe6\x20\x13\x57\xc8\xce\x82\x90\x6b\x81\xa9\xff\x0d\x5b\x54\x47\x26\x4a\x39\x18\x18\x16\x64\x21\x3e\x7e\x8d\x95\x30\x11\xc6\xed\xa2\xf6\x83\xc2\xff\x85\xf6\x68\xa5\x6f\x3a\x07\x0a\xbc\xea\xe9\x72\x74\x1c\x6e\x0c\x65\x13\xd3\x5e\xc8\x66\x5e\x11\x06\x94\x83\x4e\x1e\x2b\xe2\xf6\x79\x0f\xab\x65\xfd\x5b\x1b\xe7\xd0\xb1\xc0\xb4\x0a\xf1\x9c\x03\xcc\x29\x10\x56\xd3\xe0\x9d\x3b\xee\x77\xd9\x02\x9e\xc4\x9e\xae\xdf\xa0\x54\xa9\xef\x94\x3c\x12\xe5\xe8\x19\x92\xe4\x16\x12\xb6\xc1\xd9\x42\x28\x58\xf7\xff\xcf\x8b\xb7\x2e\xa6\x8c\xe9\x69\xc8\xc8\x83\xf4\xd8\x22\x5a\x3c\xda\x94\x01\x63\x48\xdf\xe7\x7a\x8a\x03\x32\x74\xc9\x5f\x2e\x0e\x7b\x1e\x4c\x51\xe1\x32\xdc\x65\x39\x64\xb1\x06\x54\xfc\xa8\x4b\x72\x9f\x6c\x60\x91\xce\xeb\x42\x7f\x14\x7f\xfc\x94\x20\x94\x2b\x82\x7e\xf7\x87\xee\xf9\x17\xe3\xe3\x6c\x70\x2f\xe4\x19\x56\x19\x22\xeb\xba\x7e\x68\x7a\x81\xe9\x5b\x2d\xce\x35\x2f\x20\x8b\x51\x73\x68\x97\x75\x88\x14\xff\x99\xd5\x2a\x60\x31\xaf\x9f\x92\xb3\x44\xc0\x2e\x9a\x2d\x65\x57\x1f\x8d\x8a\x74\x4b\x91\x3a\xdf\xe2\xa0\x49\x48\xe3\xde\xed\x0f\xaa\xde\xc6\x48\xc8\xed\x21\x38\xac\xc0\x24\xd8\xf1\x4c\xec\x7e\x8c\xf0\x03\x58\x5f\x2f\x7f\x06\x50\xfd\xe1\x60\xa8\x91\x33\x73\x15\xbe\xf6\x11\x74\xb9\x42\x24\xae\x49\x68\xd2\x2f\xbf\x28\x42\x54\xe4\x34\x13\x19\x4f\x4b\xc1\x4d\x84\xe2\xba\xf5\x91\xc6\x24\x20\xeb\xce\xff\x8a\x22\x45\xb2\xa4\xd5\xf3\xbc\x7d\x0b\x28\x5f\x9c\x26\x07\xd3\x34\x0b\x9c\xbc\x90\xab\x7b\xee\x1b\xbe\xd9\x25\xdc\xbb\xce\x61\x44\x70\xa3\x0a\x49\x48\xc4\xbb\x90\xfc\xb6\x52\x20\xeb\xed\xb1\x68\xaf\x88\x51\x04\x21\x9b\xe8\x5c\xd7\x4a\xb9\xf5\x20\x06\x40\xd9\xce\x29\x37\xb9\xa3\x62\xb1\x7d\x4b\x6f\x41\xea\xee\x12\x08\x90\x6c\x23\x88\x62\xdc\xbf\x42\x1e\xb3\x90\x62\x4f\x01\xf2\x2b\x65\x3d\x8e\xda\xa3\xf0\xd8\x1a\xaf\xff\xe5\x37\x4a\x46\xf2\x27\xdf\xff\xe7\xa0\xea\xe7\x23\xc3\x3b\x6a\xb4\x1b\xef\xae\xfb\x6d\x62\x9f\x25\xad\x38\xc6\xf4\x87\x95\x80\x03\x4c\x57\x8d\xfd\x1c\xe9\x1b\x3f\xd2\xff\xa8\x78\xa9\x92\x32\x4a\xd1\x18\x1f\x1a\xe0\x4a\x16\x20\xad\x3a\xd5\x38\x21\xec\x57\x9f\xb2\x9e\xcc\x53\xab\x1d\x35\x01\x11\x33\xd7\xb5\x97\x15\xc2\x28\xec\x45\xd1\x66\x2c\x87\xed\x02\x87\x86\x2f\xfb\x49\x8c\xbd\x04\x10\xa3\x91\xf1\x42\x48\x9f\xe6\xe3\x69\xe3\x52\x6b\x39\xe0\x5c\x13\xc3\x57\x4b\x11\x52\x34\x1a\x23\x7e\xed\x90\x2e\xbf\x49\xb4\xb2\x54\x87\x95\xe4\x18\xc1\xe5\x7e\x01\x10\x61\x29\x8d\x3a\x9d\xbc\xf2\xc2\xca\xcc\xad\x01\x3d\x03\x12\x32\x08\xad\xdd\xbe\x99\xe9\xf5\x23\xdd\x03\x79\xdd\x53\x7a\x93\x50\x8b\x9a\xa2\x9d\x1e\x7f\x28\x6a\xa9\x98\x3e\xb5\xb5\x9c\xca\xec\xff\xc3\x14\x66\xf7\xf1\x3e\xf3\x20\xef\xa0\xc2\xfe\x39\x3b\x5a\x0f\xb2\x5e\x86\x7f\x79\x51\xa6\xe2\x56\x56\xd7\xe9\x90\x5b\xc0\x0c\x85\x5a\xd0\xf4\xb9\xc5\x5b\x33\xd9\x9f\xa1\x35\x88\x48\xc0\x37\xe6\xff\x9c\x76\x52\x37\x64\xfe\xbd\x6d\x8e\xc8\x3f\x70\x33\x8e\x7f\xf7\x28\xa5\x2c\x66\x1b\x2b\x02\x82\x38\x1d\x2c\x16\x92\x67\xb1\x1d\x4d\xc3\x83\xe6\x2a\xe6\x46\xd1\xcf\x93\x23\xb2\xd0\xcf\x3c\x56\x1f\x81\xc7\xd2\xb0\x87\x3d\x96\xba\x97\x24\x7c\xc4\x7e\x22\x2e\x22\x6a\x6d\x15\x1f\x11\xf2\xf5\x0b\x76\x7b\xac\x93\xa9\xdc\xf1\x71\x1a\xc4\x5b\x1c\x52\x8f\xa9\xa9\x44\x2f\x29\x58\x21\x8a\x02\x1f\x33\x05\xec\x03\x7d\x59\x00\x19\xdd\x4d\x83\xd3\x44\x16\x28\xe4\xad\x6a\x6c\x59\x50\x62\xc0\xa7\x82\x2d\x09\x05\x27\x83\x37\x86\xd5\xe8\xf3\x10\x02\x21\x26\x61\xf5\x00\x06\x54\x9d\xd1\xd3\xb4\x62\x45\x6e\xf1\x26\x81\x40\x73\xc0\x6b\x96\xe7\x84\x06\xb6\xd4\x49\x4d\x88\x7f\xe7\xc7\x94\xb7\x53\x99\xc2\xc1\x3f\xfb\x56\xf2\x91\xbd\x4a\x7d\x36\x15\x5d\xe7\xe0\x1f\xa3\x5b\x7b\xec\x8b\xca\xcd\x43\xc8\xbb\x6c\xa6\xf0\x9a\x15\x00\x3b\xb8\x28\x7c\xe6\x8e\x1c\xab\x70\x2c\xc3\x09\xc7\xbe\xbb\x06\x99\xab\x4d\xa8\x54\x48\xda\x0d\xb0\x34\x05\x94\xa8\xe2\xe7\xac\x83\xa3\x2d\x3e\x71\x87\xc8\xd4\x5d\x85\xb9\xfb\xa5\xa2\x99\x37\x14\x3d\x7b\x01\x17\x21\xf5\x15\xa4\x94\x5b\xbe\xfb\xe5\x54\xda\x5d\x3c\x7c\xb5\xf1\x27\xfc\x13\x79\x3f\x37\x32\xc9\x0a\x4a\x58\xea\xec\x22\xa9\x3e\xd0\x4e\x82\xe8\x34\x7c\x70\x73\x26\x43\x67\x75\xda\x4d\xf8\xad\xd3\x9f\xe4\x6f\xd4\xdc\x4f\xf6\x59\x20\x98\x45\x4e\xb8\x2b\x14\xa0\xd9\x77\xe7\xd8\xf0\x61\x0c\xc0\xf2\x51\xc7\xdf\x75\xfb\x6e\x9e\x64\x54\x5b\x28\x28\xa1\x5e\x18\x94\xd9\x58\x6c\xd6\xc8\x8f\x82\xd4\x69\xc6\x4d\x48\xb8\xcc\x38\x83\xe8\x1f\x01\x72\xd0\x89\xe8\x57\x7e\x4b\xde\x2b\x5d\x59\xe7\xb9\xc8\x35\xa7\x97\x80\x81\xdc\x00\x9c\x18\x67\xc7\xb2\x02\xe5\x54\xbb\xf4\xfe\x8c\xbc\x03\x3b\xd3\x2c\x75\xf1\x2d\xeb\x3d\x65\x33\xf4\xa8\x7e\xfd\x2f\x03\x1e\x86\x7b\x65\x89\xd1\x70\x97\x61\x20\xfa\x40\xcf\x08\x71\x5d\x56\x86\xe7\x19\xdb\x2b\x04\xfc\x95\xc8\x87\x71\x78\x58\x54\xbe\x7f\xdf\xd7\x8e\xb1\xa9\xbe\x03\x5f\x6f\x67\x4f\x9f\xa5\x08\xaa\x90\xda\x71\xd5\xba\xfd\xb4\x45\xd7\x7e\x7f\xe3\x8d\x24\x62\x5d\x42\xa2\xe0\x03\xbb\x3d\x15\x3e\xe1\xe1\x3a\xf3\x2a\xda\x0c\xf2\x08\xfa\x2f\x94\x45\x19\x1d\x55\x8e\x61\xe8\xbd\xe4\xcd\xbb\x79\x0f\x43\xbb\x96\x28\x51\x66\xfd\xe2\xa5\xac\x6a\x1d\xeb\x58\xc0\xb0\x0b\xea\x38\x81\x98\xd4\x9c\x4f\x5f\xe8\x2a\xe9\xd6\x1f\x52\x10\xa7\x25\x7d\x22\xd7\x76\xe7\x7f\xa6\x15\x45\xea\xaf\x37\x0f\x36\xc2\x8c\x75\x08\x24\x1d\x32\x71\x5f\x7e\xc2\x84\x8c\xac\x7f\x2d\x4d\xf1\x8a\x51\x2a\x32\x26\xdf\xe9\x7c\x59\x51\xd3\x13\xfc\x09\x59\x9f\xd2\x1b\xb2\x90\x02\x41\x48\x3a\x12\xff\xc5\x75\x98\xe4\xf0\x9c\xb8\x5a\xe6\x96\x2f\x27\x57\x05\x0d\xe6\xec\xce\xf0\x34\xaf\x3a\x84\xf2\x50\xcb\xf0\xea\x64\x9a\x7a\x87\xb2\x90\x1d\x4c\x6b\x3e\xa9\x32\x25\xfc\x2c\xec\x0b\x6c\x98\x04\xe4\xed\xa0\x02\xa3\xd2\x4d\xa0\xa5\x5e\x6d\x9a\x0a\xd1\x80\x72\x21\xba\xde\x6d\xa8\xe8\x4c\x86\xe3\x22\xf7\xb3\xe1\xe0\x87\x51\x5a\xef\xa1\x1d\xe3\xe1\x98\xb8\x18\x7b\x1a\xdb\x90\x4a\x53\x61\x59\x0b\x90\x91\x5b\x73\xeb\x96\x34\x2b\x1e\xd9\xe3\x4c\x5b\xb6\x8f\x81\x39\x6b\xe9\x4b\x31\xdf\x13\x6a\x65\x86\x8d\x79\x6c\x76\x22\xdd\x8e\x7f\x78\xce\x81\xd7\xdb\x24\x16\x3a\xd7\x84\xd4\x81\x5f\xf8\x17\xbf\x88\x11\xd1\x29\x3c\x7e\x88\xfe\x4d\x78\x21\x78\x31\x91\xe0\x3b\x56\x82\xae\x7c\x0d\xad\xd4\xa9\x27\x24\xaa\xfc\xe0\x24\xae\x0a\xcc\x8e\x39\xcd\x3e\xaf\x4e\xde\x02\x49\x07\xe5\x09\x77\x22\x8d\xf4\xd3\xa6\xa4\x28\x88\x6f\xb2\x4f\x9a\xa1\x53\x66\xbc\xae\x6e\xbb\x17\x51\x40\x2b\x9f\x34\xa3\x85\x40\xc0\x92\x93\x04\x7f\xe9\x43\x73\xc1\x7a\x9c\xcc\xff\x1a\x1d\xe3\x22\xef\xc3\xfe\x33\x48\x01\xaa\x76\x44\x4d\xd0\xd4\xc0\x17\xfe\xb9\xd4\x53\xeb\x35\xf2\x1e\xfe\x33\x2e\xd9\xae\x75\x57\x1c\xa5\x77\x8e\xb4\xb6\x9d\x94\xf7\x69\xdb\xf0\x8c\xaf\xa0\x7a\x7f\x42\xf1\x2f\x8f\x2a\x9e\x3e\xb6\x97\x6e\x01\x62\xc3\xf2\x34\x51\xd9\x74\xc8\x7f\x60\x63\xbd\x31\xdb\x13\x85\x81\x1b\x55\x4c\x85\x50\xba\x51\x30\xf8\x8d\x79\x7a\x8b\xab\x3e\x01\xb2\x1e\x5f\xeb\xd2\xb0\xf6\x6e\x8f\x58\x42\xc1\x04\x10\x74\x28\x42\x3a\x8c\x8d\x39\x4c\x5e\x19\xea\x71\x75\x87\xa9\x2f\xe0\x70\xe5\xb4\x9e\xc4\xaf\x4b\xc6\x32\xe2\xf3\xe8\x0f\xa6\x51\x16\xf3\x8e\x12\xd8\xa2\x18\xf4\xf2\x36\x10\x5e\x39\x08\x02\xb3\xf9\x92\x16\x50\xba\x41\x81\x77\xf8\x33\x26\x18\x61\xab\xee\xbf\xae\xc3\x19\x89\x49\x2f\x7f\x02\xd1\xb0\x62\x16\x9d\x3b\xee\x9a\xa3\x99\xd3\xdf\xa9\xf9\x8d\x48\x29\xe9\x8f\xe7\x67\x23\x6f\x5d\xd9\x81\x09\x43\x9d\x31\x99\x9c\x03\x51\x9e\xa3\x8d\xe2\x5b\x3f\xe3\x8b\x42\x0f\xbe\x45\x52\xe9\xad\xed\xb3\x07\xfd\xff\xc9\x8e\xa4\x58\x6d\x60\xee\x31\x33\x28\xc5\xb6\xc3\xff\x50\x4e\xbe\xd2\x8f\x56\x69\x80\x16\xdd\x79\x6b\x9b\x9e\x85\x0d\x79\x18\xd8\xb8", 4096); *(uint32_t*)0x10001584 = 0x1000; *(uint32_t*)0x100015cc = 1; res = syscall(SYS_sendfile, (intptr_t)r[0], 0xffffff9c, 8, 0x800ull, 0x100015c0, 0x10001600, 9); fprintf(stderr, "### call=4 errno=%u\n", res == -1 ? errno : 0); break; case 5: memcpy((void*)0x10001640, "\x6c\x81\x1b\xa5\x2c\x13\x9b\x40\xdc\x56\x80\xcb\x02\x75\xfd\xd4\x40\x46\x8e\x4d\xae\x07\xc7\x45\xba\x75\x8c\xb2\x66\x74\x2f\x46\x8f\xc4\x2d\xa0\x66\x9f\x60\x61\xcb\x2c\x9f\x92\x1e\x95\x34\x51\xb3\x13\x5e\x01\x74\xfe\x8e\xb1\xae\xbb\x2c\x3e\xb8\xa7\xfb\x3f\xc8\xde\xa1\x8e\x65\x2d\x01\xe7\x18\x4c\xa6\x5d\xce\x04\xf4\x67\x9a\xfe\xd2\x76\x6b\x06\x73\x49\xde\x7a\x5e\xf6\x0b\x58\x69\x92\x91\x9a\x20\x38\x2c\x0a\x1f\x20\xaf\x0c\x9c\x7f\xac\x61\xcf\x18\x38\x3e\x36\xfe\x56\x50\x2f\x5f\x26\xb8", 122); res = syscall(SYS_ioctl, -1, 0xc0104453, 0x10001640); fprintf(stderr, "### call=5 errno=%u\n", res == -1 ? errno : 0); break; case 6: res = syscall(SYS_freebsd10_pipe, 0x100016c0); fprintf(stderr, "### call=6 errno=%u\n", res == -1 ? errno : 0); if (res != -1) { r[1] = *(uint32_t*)0x100016c0; r[2] = *(uint32_t*)0x100016c4; } break; case 7: *(uint8_t*)0x10001700 = 0x10; *(uint8_t*)0x10001701 = 2; *(uint16_t*)0x10001702 = htobe16(0x4e23); *(uint32_t*)0x10001704 = htobe32(7); *(uint8_t*)0x10001708 = 0; *(uint8_t*)0x10001709 = 0; *(uint8_t*)0x1000170a = 0; *(uint8_t*)0x1000170b = 0; *(uint8_t*)0x1000170c = 0; *(uint8_t*)0x1000170d = 0; *(uint8_t*)0x1000170e = 0; *(uint8_t*)0x1000170f = 0; *(uint32_t*)0x10001740 = 0x10; res = syscall(SYS_setsockopt, (intptr_t)r[2], 0x84, 0x8002, 0x10001700, 0x10001740); fprintf(stderr, "### call=7 errno=%u\n", res == -1 ? errno : 0); break; case 8: *(uint32_t*)0x100017c0 = 4; res = syscall(SYS_getsockopt, -1, 0x84, 0x20, 0x10001780, 0x100017c0); fprintf(stderr, "### call=8 errno=%u\n", res == -1 ? errno : 0); break; case 9: *(uint32_t*)0x10001800 = 8; *(uint16_t*)0x10001804 = 0x1000; *(uint16_t*)0x10001806 = 0; *(uint16_t*)0x10001808 = 0x8000; *(uint16_t*)0x1000180a = 0x200; *(uint16_t*)0x1000180c = 0x4000; *(uint16_t*)0x1000180e = 0; *(uint16_t*)0x10001810 = 1; *(uint16_t*)0x10001812 = 0; *(uint32_t*)0x10001840 = 0x14; res = syscall(SYS_getsockopt, (intptr_t)r[1], 0x84, 0x14, 0x10001800, 0x10001840); fprintf(stderr, "### call=9 errno=%u\n", res == -1 ? errno : 0); break; case 10: memcpy((void*)0x10000000, "\xc9\x0c\x8a\x7c\x33\x7f", 6); *(uint8_t*)0x10000006 = 0xaa; *(uint8_t*)0x10000007 = 0xaa; *(uint8_t*)0x10000008 = 0xaa; *(uint8_t*)0x10000009 = 0xaa; *(uint8_t*)0x1000000a = 0xaa; *(uint8_t*)0x1000000b = 0xaa; *(uint16_t*)0x1000000c = htobe16(0x8100); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 0, 3); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 3, 1); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 4, 12); *(uint16_t*)0x10000010 = htobe16(0x800); STORE_BY_BITMASK(uint8_t, , 0x10000012, 0x1c, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x10000012, 4, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x10000013, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x10000013, 0, 2, 6); *(uint16_t*)0x10000014 = htobe16(0x81); *(uint16_t*)0x10000016 = htobe16(0x65); *(uint16_t*)0x10000018 = htobe16(5); *(uint8_t*)0x1000001a = 1; *(uint8_t*)0x1000001b = 0x46; *(uint16_t*)0x1000001c = htobe16(0); *(uint32_t*)0x1000001e = htobe32(-1); *(uint8_t*)0x10000022 = 0xac; *(uint8_t*)0x10000023 = 0x14; *(uint8_t*)0x10000024 = 0; *(uint8_t*)0x10000025 = 0xbb; *(uint8_t*)0x10000026 = 0; *(uint8_t*)0x10000027 = 0x44; *(uint8_t*)0x10000028 = 0xc; *(uint8_t*)0x10000029 = 5; STORE_BY_BITMASK(uint8_t, , 0x1000002a, 0, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x1000002a, 3, 4, 4); *(uint32_t*)0x1000002b = htobe32(9); *(uint32_t*)0x1000002f = htobe32(4); *(uint8_t*)0x10000033 = 0x83; *(uint8_t*)0x10000034 = 0xb; *(uint8_t*)0x10000035 = 6; *(uint32_t*)0x10000036 = htobe32(0xe0000001); *(uint32_t*)0x1000003a = htobe32(-1); *(uint8_t*)0x1000003e = 0; *(uint8_t*)0x1000003f = 4; memcpy((void*)0x10000040, "\xa4\xd4", 2); *(uint8_t*)0x10000042 = 0x89; *(uint8_t*)0x10000043 = 0x13; *(uint8_t*)0x10000044 = 4; *(uint8_t*)0x10000045 = 0xac; *(uint8_t*)0x10000046 = 0x14; *(uint8_t*)0x10000047 = 0; *(uint8_t*)0x10000048 = 0xbb; *(uint32_t*)0x10000049 = htobe32(-1); *(uint8_t*)0x1000004d = 0xac; *(uint8_t*)0x1000004e = 0x14; *(uint8_t*)0x1000004f = 0; *(uint8_t*)0x10000050 = 0xbb; *(uint32_t*)0x10000051 = htobe32(0); *(uint8_t*)0x10000055 = 0x94; *(uint8_t*)0x10000056 = 6; *(uint32_t*)0x10000057 = htobe32(9); *(uint8_t*)0x1000005b = 0x94; *(uint8_t*)0x1000005c = 6; *(uint32_t*)0x1000005d = htobe32(0x80000001); *(uint8_t*)0x10000061 = 1; *(uint8_t*)0x10000062 = 0x83; *(uint8_t*)0x10000063 = 0x1f; *(uint8_t*)0x10000064 = 2; *(uint32_t*)0x10000065 = htobe32(0xe0000002); *(uint32_t*)0x10000069 = htobe32(0xe0000001); *(uint32_t*)0x1000006d = htobe32(0x7f000001); *(uint32_t*)0x10000071 = htobe32(0); *(uint32_t*)0x10000075 = htobe32(0x7f000001); *(uint32_t*)0x10000079 = htobe32(0x7f000001); *(uint32_t*)0x1000007d = htobe32(0xe0000001); memcpy((void*)0x10000082, "\x8d\x86\x2d\x09\x9b\x6b\xb2\xba\x6a\xea\xa6\xab\xd3\xe9\xd5\x82\xc9", 17); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x10000012, 112); *(uint16_t*)0x1000001c = csum_inet_digest(&csum_1); (void)res; break; case 11: memcpy((void*)0x100000c0, "\xc4\xe1\xf5\xf3\x7b\x05\xc4\xc2\xf5\x47\x52\x5a\x80\x8f\x4e\x00\x00\x00\x00\x66\x0f\x38\x1d\xbc\x60\x07\x00\x00\x00\xc4\xe2\xad\x91\x74\xae\x7e\x81\xfe\x00\x00\x00\x00\x8f\xe9\xa0\x99\xd8\xe4\xff\xc4\xc1\x93\x5c\x17\xc4\xc3\xe1\x41\xae\x2f\x10\x9d\xc2\xd8", 64); res = -1; errno = EFAULT; res = syz_execute_func(0x100000c0); fprintf(stderr, "### call=11 errno=%u\n", res == -1 ? errno : 0); break; case 12: (void)res; break; } } int main(void) { syscall(SYS_mmap, 0x10000000, 0x1000000, 7, 0x1012, -1, 0); use_temporary_dir(); do_sandbox_none(); return 0; } :364:17: error: use of undeclared identifier 'SYS_shm_open2' res = syscall(SYS_shm_open2, 0x10000240, 0x800, 0, 7, 0x10000280); ^ 1 error generated. compiler invocation: clang [-o /tmp/syz-executor531290899 -DGOOS_freebsd=1 -DGOARCH_386=1 -DHOSTGOOS_freebsd=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static -lc++ -Wno-overflow] --- FAIL: TestGenerate/freebsd/386/11 (1.48s) csource_test.go:123: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:true Repro:false Trace:false} program: setsockopt$inet_opts(0xffffffffffffff9c, 0x0, 0x0, &(0x7f0000000000)="ec04a904b9d2ea02fab2df1d9de39f3f5aa2344397e186204d39d74da156e7c6cd98195b7b83c652b06b6222bdef3363961bf47e9b530fbf65bae3607b60941e2715bd678fcebc5524bcefd3184d", 0x4e) ioctl$DIOCSETIFFLAG(0xffffffffffffffff, 0xc0284459, &(0x7f0000000180)={0x10, &(0x7f0000000080)="de11c2a774191d70f51e7c3e375c2814ac72c2d5d0404a2e3d5baf92161f3b451efe9c4c79d7660668f6073e2f76c5f2145195e8c1a4ec34b6f69c1b582768207b28a979f05adc14a3357fe7c493fc81a9177524631bb209be637f8695747fa7cf1c68ac691f169c1b8fb67d7a3776ddfc620ffbe6831f74d2f2d089a4ffecf510a99702258c58ea9e871d4f4ab9a347aabdbb03585b37b5c79436c0c1160a5876b61bbf0c814bb49a27a36082df13cb2f9de2f942b6ac7e158880cfc03cfdccca9fc0f2347eb543a343b4c92707fe736a86a35d58e26f6fd2e9ec8f82", 0x7, 0x5a764000, 0x6}) recvfrom$inet6(0xffffffffffffff9c, &(0x7f00000001c0)=""/23, 0x17, 0x2, &(0x7f0000000200)={0x1c, 0x1c, 0x3, 0x6, @loopback, 0x2d99}, 0x1c) r0 = shm_open2(&(0x7f0000000240)='./file0\x00', 0x800, 0x0, 0x7, &(0x7f0000000280)='\x00') sendfile(r0, 0xffffffffffffff9c, 0x8, 0x800, &(0x7f00000015c0)={&(0x7f0000000540)=[{&(0x7f00000002c0)="efacade58ab0192351a102ada32ad1f41e429edf6c4a513ac6d669cadb222eb68297ab8f9f7b3234d0c6cfa280ad14dc1c4c34175119446d79a030d48b57304eb90b428c202382d86cd71e9c1ecc8d3e2d764aae3714cb591eb027e46943e23eb7656875867e603cf13892a74c42bb1844c27f7f454f9661f1dbb35004ada4d6d75b1df342e967493d207d6b8b4edcbf9d1e378445573684ed139b671abf6576edf8d7342cd8649d376970acbde224a7b0b6a975a8ba0a768ed6abe16c1b694f65dd4231f48c2884", 0xc8}, {&(0x7f00000003c0)="a6e4fe186c760ac2ebbcf9efda5e22e2df6f153fccda1c16976037d03ee004c3fbba5d35b6c083130fc705f95889ba6adbe5e3a7a5e70136a0ca085b7e504d0df55fe184a9bd7a82", 0x48}, {&(0x7f0000000440)="c7e00030b3c4541743ee6513", 0xc}, {&(0x7f0000000480)="a4a67a4e72492b9fab6379e4c0f35b22b69b6e7aefc56beefa857ae28543", 0x1e}, {&(0x7f00000004c0)="8f095f8df1c6bc4dfc1d826f02dfa7794bebf9e7ffc7160f276a53d1abc996fca8c8dbc7c79c09cd5f954775c9e8fc1cf2e0e3c054fb54b662d1b45f5235fdbf860c3fed3dc34ceb30c44baa4ded7de7e9533f4dca146db0db35a93ba654d49011d9cb98d1576b731b9c2bb58c0df4edee6ef5ae1f8b6bc9646f5b4ade4dd52a", 0x80}], 0x5, &(0x7f0000001580)=[{&(0x7f0000000580)="8edaafd215ce7b65c301b4c92651648d0898187ccdb01a4d76b5e301ed4dc9a8863dc7f7ae3bad050227e374a16898e6004c8414847ad74972edac24dc8af73efdef3cfa98e46ff109f6639f4f1417146e2a2c1834c974f3e464ef4b9c88085227ad382c926de3191e689632fad2e80be97123084f70ff095d026a80f01d73752db200c3609bc6e8bbc9187cb85a6519bafc4f15ecca30558d8fc19c9c8cfb94a2f1e70345adf2b01814e7376e9f4492a3bf3883e22df30568632f51c3a6b363d5a968937e1ee977a34f412d00ad70c1c91a7c39ead08d366e10ffc0552b5deae8e1fbee08abf3eade68a0ea2f89f27c3b9a4eb1d202932a128b552adfa688556cce27e1a831daca249c6c8c8af9f50e793b7f86a971eb6ea8ac68fe0646ced0185775d71aece79e93cdeb67ee01e931c345a23ee4a612e131da8b80ac0ad845a4e2712cc43b244df22df822b2b336d8ab18588b607526a1e5951fe7393d5cbef86c42988f3e8b5fb0de54c9aabe6ae7c13cec0506ae837b795539d412fe96e4c546a7d9c9d2830ed163fbc20aab884f5b1159a6ab62d266b2c32597cc06685b789b80f8d2664c87f09956a29dcd3fc0e9ba35d668590e0dcfbcbb6185e1e870324f22b167a2204e271eff9dcbb36c1f52cf2fe376046126cd24de4b8d8e9e367e17179abb59d26cdee75ceab93d2b2400f7086542d957bc80da1069c5f7518e8608fae3f948cb7c272f7e360da0fb84aa2330f996088310c7e42379cc7837b85a646c44d153bed8eb8f95bc3d5411e33ec832ab8156923c7324dfc43386d3419d36603f699a321fd61fc9f9765a2a64b16d47e0870e1971231dc616647028c4b35bea6e59dbdbe9a29a5f46389ecb655711e90f49a98c021493df41177466f02589339a40b3b486a25ccada3caae496314a5a2b54a11cf6fb7e87d84d01ea853e970cf18a1b53db5d156375abe41ad686a4b4b4c2475a31ecdfe5f22ba51f666d22e6c7434c722c7565eeb5346eecd1e25557722166ac7e50929fefbb3f2999d152938f7f3cec1defe5a097a5f3a75932ce2c0364ecaf5ffba084f976b5d1ce16e8fb4d12348a6fd167117f080a89f54ebe8bdc10ed4d34df568042ddc103d02d13b6af17807f2760091123263c3a00d2d69e57145f8a2de9eb50ebe89a3efac53ab73a57744070a5140e0e4e25030edbebe83341fdc545ab2b4aa8a0feb09632d84ef01162d93d0d8fa9510f597ea20032e194df444a83960b99658d076fe3bccde903fb30471fd000fbcd4201a62936c7c718405394e6612ddd77e415ef8879a2761f6678ee0e23f4a1398c83da959e97236c67b0bc39717dfd9cb308a21343c83d43f24ea70a1040a98fb1958de1a35a27ed76c7c7ec82ae3a01b3ca53b118892f2045a5747de14c54a99b438e85ab2af93ef151a39ee0157c6c9d0e4e1ff5b3c6ff6ab0739ff9524221c6b675bb884bbe64a62141592c8cc99760f17abc44706ff37e313c7553dff34cf649e056a05cf62cb379a64c4b3e549eb1c572b917ea715ab1e7cc691545d5092813bf3ef2cd9ff914af31c14bb57dd406a0b48916d5cee27b0d79ec74296257489c835bba62d2e4f89573a121300876ca4611d8066d76b3e79e1d36132cc8d6b99eebaeacef786a598d6dbb43afc42e5415424360970731b273736b062a2753d10f7aa0f6c082fe2d80ea112bea0a05a9b5488ef189057c48429a5ed4d0c3363b7e6dfa252cd886ec7f51bc9eef81c1031786b26bd6f468a02b4d6a494d8876ab986084fc73b584c1619b70fc6825a2ab85c9cd1db81c835a452c01b4438a2851b8e4d5c4a9678946c4e25f7fdf456dc7e61de3dd6f1302b0194db7be1b41fd064cc35d119ce291592aaf8d07f2ceae8b20e3b1a933ec75699f969632ecd6fa91591ea58744edd5466046c809993f4cbffae1d527ed1bb22d9e1e02295d3586de90950247a1b1dfcfc9415942f46c3f194c6cb06e7011e96478bcd3aa33542eb20447e4afa5c48b1372cb07216318b071f898b0e8632ad0df9afe12cf52be135457241e2e49ca492f77b81e9650d2c85282a6ac7844b1946007bef7a0d53b1a5e285749c0d21de5c192c631696d36503daa612ac70e30d3b7349e21bc99bdc4c3a941bd7a33ef35bb3512ae9826c46d8c9a21da2773921bfdaf6fbf649da2b225861b676440258334167f9d7eb1e03d30f3cc279d01ec5ad7eecff29f296ef60355c8c13e045c8ac97805d066f81cf4c859fedbe741bc2737cea891d95c9c69f21aa58edca272dec60c3e77abaf597308e07913584e435786b9ff401a4cbb050335b56a20e652c1d36ff74b8ef2f59578594cd973b79430110b3e943835406288f9a20d0d649dc5630bc50711fed106f325be5fce20ff7672dfdbe14df66d40c430378b7d885c3e7f115b49c84d26c4b309e13af4fd2b4556a9642c48f8a81b64d5dd600f4b29aa2ad3a8df28a84b056070005eb737860583dfc8da5e3144f0ef29580d1940798a6124efe2d180c811da06eda2548165a2a82ea018d8c07a967c063b179ba971c09ce7c19ba96ea34c676e140cf06abd6dc6ce75546e42e71bbb9eeef1547588d9d928aa6ee221eb720d8a073398326cfcb616e34e1dee6fc88c29ddfb4e9cc57e89d33fa4f9fffe48efbbe7c247f825cc24f30df2ba35d7aa2cedb53dbdc0d88a1c68197f1f5fba83ec211892d934e803db2126b667d0f0fbe23bb65e765549ee5bc198458707e4cc826caa4c40f9da0664f9a1f7f4e7f8636012ca46a3bbf545d6b8a7e57b8c432c3aa5065e78983a8add9e1485a6fdd40554490c29dca6ddfa0f9803a621b438c168d1864bd021348e22e6a652137dd7fd0aa854b0037cc299774fe6ea3e76e2b5e888d94071441159256037bf358f941d69fe241beb1eca951a604d3768ab88cc1823b3b45b4c3ed1c75ade6170e5880274beb7d5df0d4f7fff8c00dfc2a49325c61dc8b5008449400d784a66089fe5ae1c4f47826787682832c8c57b74e15cfc63ad03056ee0b8c22ef892a3429bb124cf0a224c036c7c59e3a3908ca49b72089ef815533faa1aaf78ec5ab8a98e56bdd8b4e2579735beb27be0f18cae83c4b854e1179d9f327d81bd035272a12471d6e728fb87eeb2d8a112a2704ca64d5b0044d9262294e6137bffd6f9c23137924661ef102744cb5a0ef9d5eaa3789c934c5ea1237fe071d6ee064d2c3cdc6217c1ba0bde93b06ee69899e7eeb850e583cb23c90722d002f23479533134e1abb6a6e6201357c8ce82906b81a9ff0d5b5447264a3918181664213e7e8d953011c6eda2f683c2ff85f668a56f3a070abceae972741c6e0c6513d35ec8665e110694834e1e2be2f6790fab65fd5b1be7d0b1c0b40af19c03cc291056d3e09d3bee77d9029ec49eaedfa054a9ef943c12e5e81992e41612b6c1d9422858f7ffcf8bb72ea68ce969c8c883f4d8225a3cda94016348dfe77a8a033274c95f2e0e7b1e4c51e132dc653964b10654fca84b729f6c6091ceeb427f147ffc9420942b827ef787eef917e3e36c702fe419561922ebba7e687a81e95b2dce352f208b51736897758814ff99d52a6031af9f92b344c02e9a2d65571f8d8a744b913adfe2a04948e3deed0faadec648c8ed2138acc024d8f14cec7e8cf003585f2f7f0650fde160a891337315bef61174b94224ae4968d22fbf284254e43413194f4bc14d84e2baf591c62420ebceff8a2245b2a4d5f3bc7d0b285f9c2607d3340b9cbc90ab7bee1bbed925dcbbce614470a30a4948c4bb90fcb65220ebedb168af885104219be85cd74ab9f5200640d9ce2937b9a362b17d4b6f41eaee1208906c238862dcbf421eb390624f01f22b653d8edaa3f0d81aafffe5374a46f227dfffe7a0eae723c33b6ab41befaefb6d629f25ad38c6f4879580034c578dfd1ce91b3fd2ffa878a992324ad1181f1ae04a1620ad3ad53821ec579fb29ecc53ab1d35011133d7b59715c228ec45d1662c87ed0287862ffb498cbd0410a391f142489fe6e369e3526b39e05c13c3574b1152341a237eed902ebf49b4b2548795e418c1e57e011061298d3a9dbcf2c2caccad013d03123208adddbe99e9f523dd0379dd537a93508b9aa29d1e7f286aa9983eb5b59ccaecffc31466f7f13ef320efa0c2fe393b5a0fb25e867f7951a6e25656d7e9905bc00c855ad0f4b9c55b33d99fa1358848c037e6ff9c76523764febd6d8ec83f70338e7ff728a52c661b2b0282381d2c169267b11d4dc383e62ae646d1cf9323b2d0cf3c561f81c7d2b0873d96ba97247cc47e222e226a6d151f11f2f50b767bac93a9dcf1711ac45b1c528fa9a9442f2958218a021f3305ec037d590019dd4d83d3441628e4ad6a6c595062c0a7822d090527833786d5e8f31002212661f50006549dd1d3b462456ef126814073c06b96e78406b6d4494d887fe7c794b75399c2c13ffb56f291bd4a7d36155de7e01fa35b7bec8bcacd43c8bb6ca6f09a15003bb8287ce68e1cab702cc309c7bebb0699ab4da85448da0db0340594a8e2e7ac83a32d3e7187c8d45d85b9fba5a29937143d7b011721f515a4945bbefbe554da5d3c7cb5f127fc13793f3732c90a4a58eaec22a93ed04e82e8347c707326436775da4df8add39fe46fd4dc4ff6592098454eb82b14a0d977e7d8f0610cc0f251c7df75fb6e9e64545b2828a15e1894d9586cd6c88f82d469c64d48b8cc3883e81f0172d089e8577e4bde2b5d59e7b9c835a7978081dc009c1867c7b202e554bbf4fe8cbc033bd32c75f12deb3d6533f4a87efd2f031e867b6589d170976120fa40cf08715d5686e719db2b04fc95c88771785854be7fdfd78eb1a9be035f6f674f9fa508aa90da71d5bafdb445d77e7fe38d24625d42a2e003bb3d153ee1e13af32ada0cf208fa2f9445191d558e61e8bde4cdbb790f43bb96285166fde2a5ac6a1deb58c0b00bea388198d49c4f5fe82ae9d61f5210a7257d22d776e77fa61545eaaf370f36c28c7508241d32715f7ec2848cac7f2d4df18a512a3226dfe97c5951d313fc09599fd21bb2900241483a12ffc57598e4f09cb85ae6962f2757050de6eccef034af3a84f250cbf0ea649a7a87b2901d4c6b3ea93225fc2cec0b6c9804e4eda002a3d24da0a55e6d9a0ad1807221bade6da8e84c86e322f7b3e1e087515aefa11de3e198b8187b1adb904a5361590b90915b73eb96342b1ed9e34c5bb68f81396be94b31df136a65868d796c7622dd8e7f78ce81d7db24163ad784d4815ff817bf8811d1293c7e88fe4d7821783191e03b5682ae7c0dadd4a92724aafce024ae0acc8e39cd3eaf4ede024907e50977228df4d3a6a428886fb24f9aa15366bcae6ebb1751402b9f34a38540c09293047fe94373c17a9cccff1a1de322efc3fe334801aa76444dd0d4c017feb9d453eb35f21efe332ed9ae75571ca5778eb4b69d94f769dbf08cafa07a7f42f12f8f2a9e3eb6976e0162c3f23451d974c87f6063bd31db1385811b554c8550ba5130f88d797a8bab3e01b21e5febd2b0f66e8f5842c104107428423a8c8d394c5e19ea717587a92fe070e5b49ec4af4bc632e2f3e80fa65116f38e12d8a218f4f236105e390802b3f9921650ba418177f833261861abeebfaec31989492f7f02d1b062169d3bee9aa399d3dfa9f98d4829e98fe767236f5dd98109439d31999c03519ea38de25b3fe38b420fbe4552e9adedb307fdffc98ea4586d60ee313328c5b6c3ff504ebed28f56698016dd796b9b9e850d7918d8b8", 0x1000}], 0x1}, &(0x7f0000001600), 0x9) ioctl$DIOCXROLLBACK(0xffffffffffffffff, 0xc0104453, &(0x7f0000001640)="6c811ba52c139b40dc5680cb0275fdd440468e4dae07c745ba758cb266742f468fc42da0669f6061cb2c9f921e953451b3135e0174fe8eb1aebb2c3eb8a7fb3fc8dea18e652d01e7184ca65dce04f4679afed2766b067349de7a5ef60b586992919a20382c0a1f20af0c9c7fac61cf18383e36fe56502f5f26b8") freebsd10_pipe(&(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_sctp_SCTP_BINDX_REM_ADDR(r2, 0x84, 0x8002, &(0x7f0000001700)=@in={0x10, 0x2, 0x3, @rand_addr=0x7}, &(0x7f0000001740)=0x10) getsockopt$inet6_sctp_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x20, &(0x7f0000001780), &(0x7f00000017c0)=0x4) getsockopt$inet6_sctp_SCTP_HMAC_IDENT(r1, 0x84, 0x14, &(0x7f0000001800)={0x8, [0x1000, 0x0, 0x8000, 0x200, 0x4000, 0x0, 0x1, 0x0]}, &(0x7f0000001840)=0x14) syz_emit_ethernet(0x93, &(0x7f0000000000)={@random="c90c8a7c337f", @local, [{}], {@ipv4={0x800, {{0x1c, 0x4, 0x0, 0x0, 0x81, 0x65, 0x5, 0x1, 0x46, 0x0, @broadcast, @remote={0xac, 0x14, 0x0}, {[@end, @timestamp={0x44, 0xc, 0x5, 0x0, 0x3, [{[], 0x9}, {[], 0x4}]}, @lsrr={0x83, 0xb, 0x6, [@multicast1, @broadcast]}, @generic={0x0, 0x4, "a4d4"}, @ssrr={0x89, 0x13, 0x4, [@remote={0xac, 0x14, 0x0}, @broadcast, @remote={0xac, 0x14, 0x0}, @empty]}, @ra={0x94, 0x6, 0x9}, @ra={0x94, 0x6, 0x80000001}, @noop, @lsrr={0x83, 0x1f, 0x2, [@multicast2, @multicast1, @loopback, @empty, @loopback, @loopback, @multicast1]}]}}, @generic="8d862d099b6bb2ba6aeaa6abd3e9d582c9"}}}}) syz_execute_func(&(0x7f00000000c0)="c4e1f5f37b05c4c2f547525a808f4e00000000660f381dbc6007000000c4e2ad9174ae7e81fe000000008fe9a099d8e4ffc4c1935c17c4c3e141ae2f109dc2d8") syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x7ff) csource_test.go:124: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static __thread int skip_segv; static __thread jmp_buf segv_env; static void segv_handler(int sig, siginfo_t* info, void* ctx) { uintptr_t addr = (uintptr_t)info->si_addr; const uintptr_t prog_start = 1 << 20; const uintptr_t prog_end = 100 << 20; int skip = __atomic_load_n(&skip_segv, __ATOMIC_RELAXED) != 0; int valid = addr < prog_start || addr > prog_end; if (sig == SIGBUS) { valid = 1; } if (skip && valid) { _longjmp(segv_env, 1); } exit(sig); } static void install_segv_handler(void) { struct sigaction sa; memset(&sa, 0, sizeof(sa)); sa.sa_sigaction = segv_handler; sa.sa_flags = SA_NODEFER | SA_SIGINFO; sigaction(SIGSEGV, &sa, NULL); sigaction(SIGBUS, &sa, NULL); } #define NONFAILING(...) ({ int ok = 1; __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST); if (_setjmp(segv_env) == 0) { __VA_ARGS__; } else ok = 0; __atomic_fetch_sub(&skip_segv, 1, __ATOMIC_SEQ_CST); ok; }) static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static void sandbox_common() { if (setsid() == -1) exit(1); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 128 << 20; setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 13; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 45); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5 * 1000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: NONFAILING(memcpy((void*)0x10000000, "\xec\x04\xa9\x04\xb9\xd2\xea\x02\xfa\xb2\xdf\x1d\x9d\xe3\x9f\x3f\x5a\xa2\x34\x43\x97\xe1\x86\x20\x4d\x39\xd7\x4d\xa1\x56\xe7\xc6\xcd\x98\x19\x5b\x7b\x83\xc6\x52\xb0\x6b\x62\x22\xbd\xef\x33\x63\x96\x1b\xf4\x7e\x9b\x53\x0f\xbf\x65\xba\xe3\x60\x7b\x60\x94\x1e\x27\x15\xbd\x67\x8f\xce\xbc\x55\x24\xbc\xef\xd3\x18\x4d", 78)); syscall(SYS_setsockopt, 0xffffff9c, 0, 0, 0x10000000, 0x4e); break; case 1: NONFAILING(*(uint8_t*)0x10000180 = 0x10); NONFAILING(*(uint32_t*)0x10000184 = 0x10000080); NONFAILING(memcpy((void*)0x10000080, "\xde\x11\xc2\xa7\x74\x19\x1d\x70\xf5\x1e\x7c\x3e\x37\x5c\x28\x14\xac\x72\xc2\xd5\xd0\x40\x4a\x2e\x3d\x5b\xaf\x92\x16\x1f\x3b\x45\x1e\xfe\x9c\x4c\x79\xd7\x66\x06\x68\xf6\x07\x3e\x2f\x76\xc5\xf2\x14\x51\x95\xe8\xc1\xa4\xec\x34\xb6\xf6\x9c\x1b\x58\x27\x68\x20\x7b\x28\xa9\x79\xf0\x5a\xdc\x14\xa3\x35\x7f\xe7\xc4\x93\xfc\x81\xa9\x17\x75\x24\x63\x1b\xb2\x09\xbe\x63\x7f\x86\x95\x74\x7f\xa7\xcf\x1c\x68\xac\x69\x1f\x16\x9c\x1b\x8f\xb6\x7d\x7a\x37\x76\xdd\xfc\x62\x0f\xfb\xe6\x83\x1f\x74\xd2\xf2\xd0\x89\xa4\xff\xec\xf5\x10\xa9\x97\x02\x25\x8c\x58\xea\x9e\x87\x1d\x4f\x4a\xb9\xa3\x47\xaa\xbd\xbb\x03\x58\x5b\x37\xb5\xc7\x94\x36\xc0\xc1\x16\x0a\x58\x76\xb6\x1b\xbf\x0c\x81\x4b\xb4\x9a\x27\xa3\x60\x82\xdf\x13\xcb\x2f\x9d\xe2\xf9\x42\xb6\xac\x7e\x15\x88\x80\xcf\xc0\x3c\xfd\xcc\xca\x9f\xc0\xf2\x34\x7e\xb5\x43\xa3\x43\xb4\xc9\x27\x07\xfe\x73\x6a\x86\xa3\x5d\x58\xe2\x6f\x6f\xd2\xe9\xec\x8f\x82", 221)); NONFAILING(*(uint32_t*)0x10000188 = 7); NONFAILING(*(uint32_t*)0x1000018c = 0x5a764000); NONFAILING(*(uint32_t*)0x10000190 = 6); syscall(SYS_ioctl, -1, 0xc0284459, 0x10000180); break; case 2: NONFAILING(*(uint8_t*)0x10000200 = 0x1c); NONFAILING(*(uint8_t*)0x10000201 = 0x1c); NONFAILING(*(uint16_t*)0x10000202 = htobe16(0x4e23)); NONFAILING(*(uint32_t*)0x10000204 = 6); NONFAILING(*(uint64_t*)0x10000208 = htobe64(0)); NONFAILING(*(uint64_t*)0x10000210 = htobe64(1)); NONFAILING(*(uint32_t*)0x10000218 = 0x2d99); syscall(SYS_recvfrom, 0xffffff9c, 0x100001c0, 0x17, 2, 0x10000200, 0x1c); break; case 3: NONFAILING(memcpy((void*)0x10000240, "./file0\000", 8)); NONFAILING(memcpy((void*)0x10000280, "\000", 1)); res = syscall(SYS_shm_open2, 0x10000240, 0x800, 0, 7, 0x10000280); if (res != -1) r[0] = res; break; case 4: NONFAILING(*(uint32_t*)0x100015c0 = 0x10000540); NONFAILING(*(uint32_t*)0x10000540 = 0x100002c0); NONFAILING(memcpy((void*)0x100002c0, "\xef\xac\xad\xe5\x8a\xb0\x19\x23\x51\xa1\x02\xad\xa3\x2a\xd1\xf4\x1e\x42\x9e\xdf\x6c\x4a\x51\x3a\xc6\xd6\x69\xca\xdb\x22\x2e\xb6\x82\x97\xab\x8f\x9f\x7b\x32\x34\xd0\xc6\xcf\xa2\x80\xad\x14\xdc\x1c\x4c\x34\x17\x51\x19\x44\x6d\x79\xa0\x30\xd4\x8b\x57\x30\x4e\xb9\x0b\x42\x8c\x20\x23\x82\xd8\x6c\xd7\x1e\x9c\x1e\xcc\x8d\x3e\x2d\x76\x4a\xae\x37\x14\xcb\x59\x1e\xb0\x27\xe4\x69\x43\xe2\x3e\xb7\x65\x68\x75\x86\x7e\x60\x3c\xf1\x38\x92\xa7\x4c\x42\xbb\x18\x44\xc2\x7f\x7f\x45\x4f\x96\x61\xf1\xdb\xb3\x50\x04\xad\xa4\xd6\xd7\x5b\x1d\xf3\x42\xe9\x67\x49\x3d\x20\x7d\x6b\x8b\x4e\xdc\xbf\x9d\x1e\x37\x84\x45\x57\x36\x84\xed\x13\x9b\x67\x1a\xbf\x65\x76\xed\xf8\xd7\x34\x2c\xd8\x64\x9d\x37\x69\x70\xac\xbd\xe2\x24\xa7\xb0\xb6\xa9\x75\xa8\xba\x0a\x76\x8e\xd6\xab\xe1\x6c\x1b\x69\x4f\x65\xdd\x42\x31\xf4\x8c\x28\x84", 200)); NONFAILING(*(uint32_t*)0x10000544 = 0xc8); NONFAILING(*(uint32_t*)0x10000548 = 0x100003c0); NONFAILING(memcpy((void*)0x100003c0, "\xa6\xe4\xfe\x18\x6c\x76\x0a\xc2\xeb\xbc\xf9\xef\xda\x5e\x22\xe2\xdf\x6f\x15\x3f\xcc\xda\x1c\x16\x97\x60\x37\xd0\x3e\xe0\x04\xc3\xfb\xba\x5d\x35\xb6\xc0\x83\x13\x0f\xc7\x05\xf9\x58\x89\xba\x6a\xdb\xe5\xe3\xa7\xa5\xe7\x01\x36\xa0\xca\x08\x5b\x7e\x50\x4d\x0d\xf5\x5f\xe1\x84\xa9\xbd\x7a\x82", 72)); NONFAILING(*(uint32_t*)0x1000054c = 0x48); NONFAILING(*(uint32_t*)0x10000550 = 0x10000440); NONFAILING(memcpy((void*)0x10000440, "\xc7\xe0\x00\x30\xb3\xc4\x54\x17\x43\xee\x65\x13", 12)); NONFAILING(*(uint32_t*)0x10000554 = 0xc); NONFAILING(*(uint32_t*)0x10000558 = 0x10000480); NONFAILING(memcpy((void*)0x10000480, "\xa4\xa6\x7a\x4e\x72\x49\x2b\x9f\xab\x63\x79\xe4\xc0\xf3\x5b\x22\xb6\x9b\x6e\x7a\xef\xc5\x6b\xee\xfa\x85\x7a\xe2\x85\x43", 30)); NONFAILING(*(uint32_t*)0x1000055c = 0x1e); NONFAILING(*(uint32_t*)0x10000560 = 0x100004c0); NONFAILING(memcpy((void*)0x100004c0, "\x8f\x09\x5f\x8d\xf1\xc6\xbc\x4d\xfc\x1d\x82\x6f\x02\xdf\xa7\x79\x4b\xeb\xf9\xe7\xff\xc7\x16\x0f\x27\x6a\x53\xd1\xab\xc9\x96\xfc\xa8\xc8\xdb\xc7\xc7\x9c\x09\xcd\x5f\x95\x47\x75\xc9\xe8\xfc\x1c\xf2\xe0\xe3\xc0\x54\xfb\x54\xb6\x62\xd1\xb4\x5f\x52\x35\xfd\xbf\x86\x0c\x3f\xed\x3d\xc3\x4c\xeb\x30\xc4\x4b\xaa\x4d\xed\x7d\xe7\xe9\x53\x3f\x4d\xca\x14\x6d\xb0\xdb\x35\xa9\x3b\xa6\x54\xd4\x90\x11\xd9\xcb\x98\xd1\x57\x6b\x73\x1b\x9c\x2b\xb5\x8c\x0d\xf4\xed\xee\x6e\xf5\xae\x1f\x8b\x6b\xc9\x64\x6f\x5b\x4a\xde\x4d\xd5\x2a", 128)); NONFAILING(*(uint32_t*)0x10000564 = 0x80); NONFAILING(*(uint32_t*)0x100015c4 = 5); NONFAILING(*(uint32_t*)0x100015c8 = 0x10001580); NONFAILING(*(uint32_t*)0x10001580 = 0x10000580); NONFAILING(memcpy((void*)0x10000580, "\x8e\xda\xaf\xd2\x15\xce\x7b\x65\xc3\x01\xb4\xc9\x26\x51\x64\x8d\x08\x98\x18\x7c\xcd\xb0\x1a\x4d\x76\xb5\xe3\x01\xed\x4d\xc9\xa8\x86\x3d\xc7\xf7\xae\x3b\xad\x05\x02\x27\xe3\x74\xa1\x68\x98\xe6\x00\x4c\x84\x14\x84\x7a\xd7\x49\x72\xed\xac\x24\xdc\x8a\xf7\x3e\xfd\xef\x3c\xfa\x98\xe4\x6f\xf1\x09\xf6\x63\x9f\x4f\x14\x17\x14\x6e\x2a\x2c\x18\x34\xc9\x74\xf3\xe4\x64\xef\x4b\x9c\x88\x08\x52\x27\xad\x38\x2c\x92\x6d\xe3\x19\x1e\x68\x96\x32\xfa\xd2\xe8\x0b\xe9\x71\x23\x08\x4f\x70\xff\x09\x5d\x02\x6a\x80\xf0\x1d\x73\x75\x2d\xb2\x00\xc3\x60\x9b\xc6\xe8\xbb\xc9\x18\x7c\xb8\x5a\x65\x19\xba\xfc\x4f\x15\xec\xca\x30\x55\x8d\x8f\xc1\x9c\x9c\x8c\xfb\x94\xa2\xf1\xe7\x03\x45\xad\xf2\xb0\x18\x14\xe7\x37\x6e\x9f\x44\x92\xa3\xbf\x38\x83\xe2\x2d\xf3\x05\x68\x63\x2f\x51\xc3\xa6\xb3\x63\xd5\xa9\x68\x93\x7e\x1e\xe9\x77\xa3\x4f\x41\x2d\x00\xad\x70\xc1\xc9\x1a\x7c\x39\xea\xd0\x8d\x36\x6e\x10\xff\xc0\x55\x2b\x5d\xea\xe8\xe1\xfb\xee\x08\xab\xf3\xea\xde\x68\xa0\xea\x2f\x89\xf2\x7c\x3b\x9a\x4e\xb1\xd2\x02\x93\x2a\x12\x8b\x55\x2a\xdf\xa6\x88\x55\x6c\xce\x27\xe1\xa8\x31\xda\xca\x24\x9c\x6c\x8c\x8a\xf9\xf5\x0e\x79\x3b\x7f\x86\xa9\x71\xeb\x6e\xa8\xac\x68\xfe\x06\x46\xce\xd0\x18\x57\x75\xd7\x1a\xec\xe7\x9e\x93\xcd\xeb\x67\xee\x01\xe9\x31\xc3\x45\xa2\x3e\xe4\xa6\x12\xe1\x31\xda\x8b\x80\xac\x0a\xd8\x45\xa4\xe2\x71\x2c\xc4\x3b\x24\x4d\xf2\x2d\xf8\x22\xb2\xb3\x36\xd8\xab\x18\x58\x8b\x60\x75\x26\xa1\xe5\x95\x1f\xe7\x39\x3d\x5c\xbe\xf8\x6c\x42\x98\x8f\x3e\x8b\x5f\xb0\xde\x54\xc9\xaa\xbe\x6a\xe7\xc1\x3c\xec\x05\x06\xae\x83\x7b\x79\x55\x39\xd4\x12\xfe\x96\xe4\xc5\x46\xa7\xd9\xc9\xd2\x83\x0e\xd1\x63\xfb\xc2\x0a\xab\x88\x4f\x5b\x11\x59\xa6\xab\x62\xd2\x66\xb2\xc3\x25\x97\xcc\x06\x68\x5b\x78\x9b\x80\xf8\xd2\x66\x4c\x87\xf0\x99\x56\xa2\x9d\xcd\x3f\xc0\xe9\xba\x35\xd6\x68\x59\x0e\x0d\xcf\xbc\xbb\x61\x85\xe1\xe8\x70\x32\x4f\x22\xb1\x67\xa2\x20\x4e\x27\x1e\xff\x9d\xcb\xb3\x6c\x1f\x52\xcf\x2f\xe3\x76\x04\x61\x26\xcd\x24\xde\x4b\x8d\x8e\x9e\x36\x7e\x17\x17\x9a\xbb\x59\xd2\x6c\xde\xe7\x5c\xea\xb9\x3d\x2b\x24\x00\xf7\x08\x65\x42\xd9\x57\xbc\x80\xda\x10\x69\xc5\xf7\x51\x8e\x86\x08\xfa\xe3\xf9\x48\xcb\x7c\x27\x2f\x7e\x36\x0d\xa0\xfb\x84\xaa\x23\x30\xf9\x96\x08\x83\x10\xc7\xe4\x23\x79\xcc\x78\x37\xb8\x5a\x64\x6c\x44\xd1\x53\xbe\xd8\xeb\x8f\x95\xbc\x3d\x54\x11\xe3\x3e\xc8\x32\xab\x81\x56\x92\x3c\x73\x24\xdf\xc4\x33\x86\xd3\x41\x9d\x36\x60\x3f\x69\x9a\x32\x1f\xd6\x1f\xc9\xf9\x76\x5a\x2a\x64\xb1\x6d\x47\xe0\x87\x0e\x19\x71\x23\x1d\xc6\x16\x64\x70\x28\xc4\xb3\x5b\xea\x6e\x59\xdb\xdb\xe9\xa2\x9a\x5f\x46\x38\x9e\xcb\x65\x57\x11\xe9\x0f\x49\xa9\x8c\x02\x14\x93\xdf\x41\x17\x74\x66\xf0\x25\x89\x33\x9a\x40\xb3\xb4\x86\xa2\x5c\xca\xda\x3c\xaa\xe4\x96\x31\x4a\x5a\x2b\x54\xa1\x1c\xf6\xfb\x7e\x87\xd8\x4d\x01\xea\x85\x3e\x97\x0c\xf1\x8a\x1b\x53\xdb\x5d\x15\x63\x75\xab\xe4\x1a\xd6\x86\xa4\xb4\xb4\xc2\x47\x5a\x31\xec\xdf\xe5\xf2\x2b\xa5\x1f\x66\x6d\x22\xe6\xc7\x43\x4c\x72\x2c\x75\x65\xee\xb5\x34\x6e\xec\xd1\xe2\x55\x57\x72\x21\x66\xac\x7e\x50\x92\x9f\xef\xbb\x3f\x29\x99\xd1\x52\x93\x8f\x7f\x3c\xec\x1d\xef\xe5\xa0\x97\xa5\xf3\xa7\x59\x32\xce\x2c\x03\x64\xec\xaf\x5f\xfb\xa0\x84\xf9\x76\xb5\xd1\xce\x16\xe8\xfb\x4d\x12\x34\x8a\x6f\xd1\x67\x11\x7f\x08\x0a\x89\xf5\x4e\xbe\x8b\xdc\x10\xed\x4d\x34\xdf\x56\x80\x42\xdd\xc1\x03\xd0\x2d\x13\xb6\xaf\x17\x80\x7f\x27\x60\x09\x11\x23\x26\x3c\x3a\x00\xd2\xd6\x9e\x57\x14\x5f\x8a\x2d\xe9\xeb\x50\xeb\xe8\x9a\x3e\xfa\xc5\x3a\xb7\x3a\x57\x74\x40\x70\xa5\x14\x0e\x0e\x4e\x25\x03\x0e\xdb\xeb\xe8\x33\x41\xfd\xc5\x45\xab\x2b\x4a\xa8\xa0\xfe\xb0\x96\x32\xd8\x4e\xf0\x11\x62\xd9\x3d\x0d\x8f\xa9\x51\x0f\x59\x7e\xa2\x00\x32\xe1\x94\xdf\x44\x4a\x83\x96\x0b\x99\x65\x8d\x07\x6f\xe3\xbc\xcd\xe9\x03\xfb\x30\x47\x1f\xd0\x00\xfb\xcd\x42\x01\xa6\x29\x36\xc7\xc7\x18\x40\x53\x94\xe6\x61\x2d\xdd\x77\xe4\x15\xef\x88\x79\xa2\x76\x1f\x66\x78\xee\x0e\x23\xf4\xa1\x39\x8c\x83\xda\x95\x9e\x97\x23\x6c\x67\xb0\xbc\x39\x71\x7d\xfd\x9c\xb3\x08\xa2\x13\x43\xc8\x3d\x43\xf2\x4e\xa7\x0a\x10\x40\xa9\x8f\xb1\x95\x8d\xe1\xa3\x5a\x27\xed\x76\xc7\xc7\xec\x82\xae\x3a\x01\xb3\xca\x53\xb1\x18\x89\x2f\x20\x45\xa5\x74\x7d\xe1\x4c\x54\xa9\x9b\x43\x8e\x85\xab\x2a\xf9\x3e\xf1\x51\xa3\x9e\xe0\x15\x7c\x6c\x9d\x0e\x4e\x1f\xf5\xb3\xc6\xff\x6a\xb0\x73\x9f\xf9\x52\x42\x21\xc6\xb6\x75\xbb\x88\x4b\xbe\x64\xa6\x21\x41\x59\x2c\x8c\xc9\x97\x60\xf1\x7a\xbc\x44\x70\x6f\xf3\x7e\x31\x3c\x75\x53\xdf\xf3\x4c\xf6\x49\xe0\x56\xa0\x5c\xf6\x2c\xb3\x79\xa6\x4c\x4b\x3e\x54\x9e\xb1\xc5\x72\xb9\x17\xea\x71\x5a\xb1\xe7\xcc\x69\x15\x45\xd5\x09\x28\x13\xbf\x3e\xf2\xcd\x9f\xf9\x14\xaf\x31\xc1\x4b\xb5\x7d\xd4\x06\xa0\xb4\x89\x16\xd5\xce\xe2\x7b\x0d\x79\xec\x74\x29\x62\x57\x48\x9c\x83\x5b\xba\x62\xd2\xe4\xf8\x95\x73\xa1\x21\x30\x08\x76\xca\x46\x11\xd8\x06\x6d\x76\xb3\xe7\x9e\x1d\x36\x13\x2c\xc8\xd6\xb9\x9e\xeb\xae\xac\xef\x78\x6a\x59\x8d\x6d\xbb\x43\xaf\xc4\x2e\x54\x15\x42\x43\x60\x97\x07\x31\xb2\x73\x73\x6b\x06\x2a\x27\x53\xd1\x0f\x7a\xa0\xf6\xc0\x82\xfe\x2d\x80\xea\x11\x2b\xea\x0a\x05\xa9\xb5\x48\x8e\xf1\x89\x05\x7c\x48\x42\x9a\x5e\xd4\xd0\xc3\x36\x3b\x7e\x6d\xfa\x25\x2c\xd8\x86\xec\x7f\x51\xbc\x9e\xef\x81\xc1\x03\x17\x86\xb2\x6b\xd6\xf4\x68\xa0\x2b\x4d\x6a\x49\x4d\x88\x76\xab\x98\x60\x84\xfc\x73\xb5\x84\xc1\x61\x9b\x70\xfc\x68\x25\xa2\xab\x85\xc9\xcd\x1d\xb8\x1c\x83\x5a\x45\x2c\x01\xb4\x43\x8a\x28\x51\xb8\xe4\xd5\xc4\xa9\x67\x89\x46\xc4\xe2\x5f\x7f\xdf\x45\x6d\xc7\xe6\x1d\xe3\xdd\x6f\x13\x02\xb0\x19\x4d\xb7\xbe\x1b\x41\xfd\x06\x4c\xc3\x5d\x11\x9c\xe2\x91\x59\x2a\xaf\x8d\x07\xf2\xce\xae\x8b\x20\xe3\xb1\xa9\x33\xec\x75\x69\x9f\x96\x96\x32\xec\xd6\xfa\x91\x59\x1e\xa5\x87\x44\xed\xd5\x46\x60\x46\xc8\x09\x99\x3f\x4c\xbf\xfa\xe1\xd5\x27\xed\x1b\xb2\x2d\x9e\x1e\x02\x29\x5d\x35\x86\xde\x90\x95\x02\x47\xa1\xb1\xdf\xcf\xc9\x41\x59\x42\xf4\x6c\x3f\x19\x4c\x6c\xb0\x6e\x70\x11\xe9\x64\x78\xbc\xd3\xaa\x33\x54\x2e\xb2\x04\x47\xe4\xaf\xa5\xc4\x8b\x13\x72\xcb\x07\x21\x63\x18\xb0\x71\xf8\x98\xb0\xe8\x63\x2a\xd0\xdf\x9a\xfe\x12\xcf\x52\xbe\x13\x54\x57\x24\x1e\x2e\x49\xca\x49\x2f\x77\xb8\x1e\x96\x50\xd2\xc8\x52\x82\xa6\xac\x78\x44\xb1\x94\x60\x07\xbe\xf7\xa0\xd5\x3b\x1a\x5e\x28\x57\x49\xc0\xd2\x1d\xe5\xc1\x92\xc6\x31\x69\x6d\x36\x50\x3d\xaa\x61\x2a\xc7\x0e\x30\xd3\xb7\x34\x9e\x21\xbc\x99\xbd\xc4\xc3\xa9\x41\xbd\x7a\x33\xef\x35\xbb\x35\x12\xae\x98\x26\xc4\x6d\x8c\x9a\x21\xda\x27\x73\x92\x1b\xfd\xaf\x6f\xbf\x64\x9d\xa2\xb2\x25\x86\x1b\x67\x64\x40\x25\x83\x34\x16\x7f\x9d\x7e\xb1\xe0\x3d\x30\xf3\xcc\x27\x9d\x01\xec\x5a\xd7\xee\xcf\xf2\x9f\x29\x6e\xf6\x03\x55\xc8\xc1\x3e\x04\x5c\x8a\xc9\x78\x05\xd0\x66\xf8\x1c\xf4\xc8\x59\xfe\xdb\xe7\x41\xbc\x27\x37\xce\xa8\x91\xd9\x5c\x9c\x69\xf2\x1a\xa5\x8e\xdc\xa2\x72\xde\xc6\x0c\x3e\x77\xab\xaf\x59\x73\x08\xe0\x79\x13\x58\x4e\x43\x57\x86\xb9\xff\x40\x1a\x4c\xbb\x05\x03\x35\xb5\x6a\x20\xe6\x52\xc1\xd3\x6f\xf7\x4b\x8e\xf2\xf5\x95\x78\x59\x4c\xd9\x73\xb7\x94\x30\x11\x0b\x3e\x94\x38\x35\x40\x62\x88\xf9\xa2\x0d\x0d\x64\x9d\xc5\x63\x0b\xc5\x07\x11\xfe\xd1\x06\xf3\x25\xbe\x5f\xce\x20\xff\x76\x72\xdf\xdb\xe1\x4d\xf6\x6d\x40\xc4\x30\x37\x8b\x7d\x88\x5c\x3e\x7f\x11\x5b\x49\xc8\x4d\x26\xc4\xb3\x09\xe1\x3a\xf4\xfd\x2b\x45\x56\xa9\x64\x2c\x48\xf8\xa8\x1b\x64\xd5\xdd\x60\x0f\x4b\x29\xaa\x2a\xd3\xa8\xdf\x28\xa8\x4b\x05\x60\x70\x00\x5e\xb7\x37\x86\x05\x83\xdf\xc8\xda\x5e\x31\x44\xf0\xef\x29\x58\x0d\x19\x40\x79\x8a\x61\x24\xef\xe2\xd1\x80\xc8\x11\xda\x06\xed\xa2\x54\x81\x65\xa2\xa8\x2e\xa0\x18\xd8\xc0\x7a\x96\x7c\x06\x3b\x17\x9b\xa9\x71\xc0\x9c\xe7\xc1\x9b\xa9\x6e\xa3\x4c\x67\x6e\x14\x0c\xf0\x6a\xbd\x6d\xc6\xce\x75\x54\x6e\x42\xe7\x1b\xbb\x9e\xee\xf1\x54\x75\x88\xd9\xd9\x28\xaa\x6e\xe2\x21\xeb\x72\x0d\x8a\x07\x33\x98\x32\x6c\xfc\xb6\x16\xe3\x4e\x1d\xee\x6f\xc8\x8c\x29\xdd\xfb\x4e\x9c\xc5\x7e\x89\xd3\x3f\xa4\xf9\xff\xfe\x48\xef\xbb\xe7\xc2\x47\xf8\x25\xcc\x24\xf3\x0d\xf2\xba\x35\xd7\xaa\x2c\xed\xb5\x3d\xbd\xc0\xd8\x8a\x1c\x68\x19\x7f\x1f\x5f\xba\x83\xec\x21\x18\x92\xd9\x34\xe8\x03\xdb\x21\x26\xb6\x67\xd0\xf0\xfb\xe2\x3b\xb6\x5e\x76\x55\x49\xee\x5b\xc1\x98\x45\x87\x07\xe4\xcc\x82\x6c\xaa\x4c\x40\xf9\xda\x06\x64\xf9\xa1\xf7\xf4\xe7\xf8\x63\x60\x12\xca\x46\xa3\xbb\xf5\x45\xd6\xb8\xa7\xe5\x7b\x8c\x43\x2c\x3a\xa5\x06\x5e\x78\x98\x3a\x8a\xdd\x9e\x14\x85\xa6\xfd\xd4\x05\x54\x49\x0c\x29\xdc\xa6\xdd\xfa\x0f\x98\x03\xa6\x21\xb4\x38\xc1\x68\xd1\x86\x4b\xd0\x21\x34\x8e\x22\xe6\xa6\x52\x13\x7d\xd7\xfd\x0a\xa8\x54\xb0\x03\x7c\xc2\x99\x77\x4f\xe6\xea\x3e\x76\xe2\xb5\xe8\x88\xd9\x40\x71\x44\x11\x59\x25\x60\x37\xbf\x35\x8f\x94\x1d\x69\xfe\x24\x1b\xeb\x1e\xca\x95\x1a\x60\x4d\x37\x68\xab\x88\xcc\x18\x23\xb3\xb4\x5b\x4c\x3e\xd1\xc7\x5a\xde\x61\x70\xe5\x88\x02\x74\xbe\xb7\xd5\xdf\x0d\x4f\x7f\xff\x8c\x00\xdf\xc2\xa4\x93\x25\xc6\x1d\xc8\xb5\x00\x84\x49\x40\x0d\x78\x4a\x66\x08\x9f\xe5\xae\x1c\x4f\x47\x82\x67\x87\x68\x28\x32\xc8\xc5\x7b\x74\xe1\x5c\xfc\x63\xad\x03\x05\x6e\xe0\xb8\xc2\x2e\xf8\x92\xa3\x42\x9b\xb1\x24\xcf\x0a\x22\x4c\x03\x6c\x7c\x59\xe3\xa3\x90\x8c\xa4\x9b\x72\x08\x9e\xf8\x15\x53\x3f\xaa\x1a\xaf\x78\xec\x5a\xb8\xa9\x8e\x56\xbd\xd8\xb4\xe2\x57\x97\x35\xbe\xb2\x7b\xe0\xf1\x8c\xae\x83\xc4\xb8\x54\xe1\x17\x9d\x9f\x32\x7d\x81\xbd\x03\x52\x72\xa1\x24\x71\xd6\xe7\x28\xfb\x87\xee\xb2\xd8\xa1\x12\xa2\x70\x4c\xa6\x4d\x5b\x00\x44\xd9\x26\x22\x94\xe6\x13\x7b\xff\xd6\xf9\xc2\x31\x37\x92\x46\x61\xef\x10\x27\x44\xcb\x5a\x0e\xf9\xd5\xea\xa3\x78\x9c\x93\x4c\x5e\xa1\x23\x7f\xe0\x71\xd6\xee\x06\x4d\x2c\x3c\xdc\x62\x17\xc1\xba\x0b\xde\x93\xb0\x6e\xe6\x98\x99\xe7\xee\xb8\x50\xe5\x83\xcb\x23\xc9\x07\x22\xd0\x02\xf2\x34\x79\x53\x31\x34\xe1\xab\xb6\xa6\xe6\x20\x13\x57\xc8\xce\x82\x90\x6b\x81\xa9\xff\x0d\x5b\x54\x47\x26\x4a\x39\x18\x18\x16\x64\x21\x3e\x7e\x8d\x95\x30\x11\xc6\xed\xa2\xf6\x83\xc2\xff\x85\xf6\x68\xa5\x6f\x3a\x07\x0a\xbc\xea\xe9\x72\x74\x1c\x6e\x0c\x65\x13\xd3\x5e\xc8\x66\x5e\x11\x06\x94\x83\x4e\x1e\x2b\xe2\xf6\x79\x0f\xab\x65\xfd\x5b\x1b\xe7\xd0\xb1\xc0\xb4\x0a\xf1\x9c\x03\xcc\x29\x10\x56\xd3\xe0\x9d\x3b\xee\x77\xd9\x02\x9e\xc4\x9e\xae\xdf\xa0\x54\xa9\xef\x94\x3c\x12\xe5\xe8\x19\x92\xe4\x16\x12\xb6\xc1\xd9\x42\x28\x58\xf7\xff\xcf\x8b\xb7\x2e\xa6\x8c\xe9\x69\xc8\xc8\x83\xf4\xd8\x22\x5a\x3c\xda\x94\x01\x63\x48\xdf\xe7\x7a\x8a\x03\x32\x74\xc9\x5f\x2e\x0e\x7b\x1e\x4c\x51\xe1\x32\xdc\x65\x39\x64\xb1\x06\x54\xfc\xa8\x4b\x72\x9f\x6c\x60\x91\xce\xeb\x42\x7f\x14\x7f\xfc\x94\x20\x94\x2b\x82\x7e\xf7\x87\xee\xf9\x17\xe3\xe3\x6c\x70\x2f\xe4\x19\x56\x19\x22\xeb\xba\x7e\x68\x7a\x81\xe9\x5b\x2d\xce\x35\x2f\x20\x8b\x51\x73\x68\x97\x75\x88\x14\xff\x99\xd5\x2a\x60\x31\xaf\x9f\x92\xb3\x44\xc0\x2e\x9a\x2d\x65\x57\x1f\x8d\x8a\x74\x4b\x91\x3a\xdf\xe2\xa0\x49\x48\xe3\xde\xed\x0f\xaa\xde\xc6\x48\xc8\xed\x21\x38\xac\xc0\x24\xd8\xf1\x4c\xec\x7e\x8c\xf0\x03\x58\x5f\x2f\x7f\x06\x50\xfd\xe1\x60\xa8\x91\x33\x73\x15\xbe\xf6\x11\x74\xb9\x42\x24\xae\x49\x68\xd2\x2f\xbf\x28\x42\x54\xe4\x34\x13\x19\x4f\x4b\xc1\x4d\x84\xe2\xba\xf5\x91\xc6\x24\x20\xeb\xce\xff\x8a\x22\x45\xb2\xa4\xd5\xf3\xbc\x7d\x0b\x28\x5f\x9c\x26\x07\xd3\x34\x0b\x9c\xbc\x90\xab\x7b\xee\x1b\xbe\xd9\x25\xdc\xbb\xce\x61\x44\x70\xa3\x0a\x49\x48\xc4\xbb\x90\xfc\xb6\x52\x20\xeb\xed\xb1\x68\xaf\x88\x51\x04\x21\x9b\xe8\x5c\xd7\x4a\xb9\xf5\x20\x06\x40\xd9\xce\x29\x37\xb9\xa3\x62\xb1\x7d\x4b\x6f\x41\xea\xee\x12\x08\x90\x6c\x23\x88\x62\xdc\xbf\x42\x1e\xb3\x90\x62\x4f\x01\xf2\x2b\x65\x3d\x8e\xda\xa3\xf0\xd8\x1a\xaf\xff\xe5\x37\x4a\x46\xf2\x27\xdf\xff\xe7\xa0\xea\xe7\x23\xc3\x3b\x6a\xb4\x1b\xef\xae\xfb\x6d\x62\x9f\x25\xad\x38\xc6\xf4\x87\x95\x80\x03\x4c\x57\x8d\xfd\x1c\xe9\x1b\x3f\xd2\xff\xa8\x78\xa9\x92\x32\x4a\xd1\x18\x1f\x1a\xe0\x4a\x16\x20\xad\x3a\xd5\x38\x21\xec\x57\x9f\xb2\x9e\xcc\x53\xab\x1d\x35\x01\x11\x33\xd7\xb5\x97\x15\xc2\x28\xec\x45\xd1\x66\x2c\x87\xed\x02\x87\x86\x2f\xfb\x49\x8c\xbd\x04\x10\xa3\x91\xf1\x42\x48\x9f\xe6\xe3\x69\xe3\x52\x6b\x39\xe0\x5c\x13\xc3\x57\x4b\x11\x52\x34\x1a\x23\x7e\xed\x90\x2e\xbf\x49\xb4\xb2\x54\x87\x95\xe4\x18\xc1\xe5\x7e\x01\x10\x61\x29\x8d\x3a\x9d\xbc\xf2\xc2\xca\xcc\xad\x01\x3d\x03\x12\x32\x08\xad\xdd\xbe\x99\xe9\xf5\x23\xdd\x03\x79\xdd\x53\x7a\x93\x50\x8b\x9a\xa2\x9d\x1e\x7f\x28\x6a\xa9\x98\x3e\xb5\xb5\x9c\xca\xec\xff\xc3\x14\x66\xf7\xf1\x3e\xf3\x20\xef\xa0\xc2\xfe\x39\x3b\x5a\x0f\xb2\x5e\x86\x7f\x79\x51\xa6\xe2\x56\x56\xd7\xe9\x90\x5b\xc0\x0c\x85\x5a\xd0\xf4\xb9\xc5\x5b\x33\xd9\x9f\xa1\x35\x88\x48\xc0\x37\xe6\xff\x9c\x76\x52\x37\x64\xfe\xbd\x6d\x8e\xc8\x3f\x70\x33\x8e\x7f\xf7\x28\xa5\x2c\x66\x1b\x2b\x02\x82\x38\x1d\x2c\x16\x92\x67\xb1\x1d\x4d\xc3\x83\xe6\x2a\xe6\x46\xd1\xcf\x93\x23\xb2\xd0\xcf\x3c\x56\x1f\x81\xc7\xd2\xb0\x87\x3d\x96\xba\x97\x24\x7c\xc4\x7e\x22\x2e\x22\x6a\x6d\x15\x1f\x11\xf2\xf5\x0b\x76\x7b\xac\x93\xa9\xdc\xf1\x71\x1a\xc4\x5b\x1c\x52\x8f\xa9\xa9\x44\x2f\x29\x58\x21\x8a\x02\x1f\x33\x05\xec\x03\x7d\x59\x00\x19\xdd\x4d\x83\xd3\x44\x16\x28\xe4\xad\x6a\x6c\x59\x50\x62\xc0\xa7\x82\x2d\x09\x05\x27\x83\x37\x86\xd5\xe8\xf3\x10\x02\x21\x26\x61\xf5\x00\x06\x54\x9d\xd1\xd3\xb4\x62\x45\x6e\xf1\x26\x81\x40\x73\xc0\x6b\x96\xe7\x84\x06\xb6\xd4\x49\x4d\x88\x7f\xe7\xc7\x94\xb7\x53\x99\xc2\xc1\x3f\xfb\x56\xf2\x91\xbd\x4a\x7d\x36\x15\x5d\xe7\xe0\x1f\xa3\x5b\x7b\xec\x8b\xca\xcd\x43\xc8\xbb\x6c\xa6\xf0\x9a\x15\x00\x3b\xb8\x28\x7c\xe6\x8e\x1c\xab\x70\x2c\xc3\x09\xc7\xbe\xbb\x06\x99\xab\x4d\xa8\x54\x48\xda\x0d\xb0\x34\x05\x94\xa8\xe2\xe7\xac\x83\xa3\x2d\x3e\x71\x87\xc8\xd4\x5d\x85\xb9\xfb\xa5\xa2\x99\x37\x14\x3d\x7b\x01\x17\x21\xf5\x15\xa4\x94\x5b\xbe\xfb\xe5\x54\xda\x5d\x3c\x7c\xb5\xf1\x27\xfc\x13\x79\x3f\x37\x32\xc9\x0a\x4a\x58\xea\xec\x22\xa9\x3e\xd0\x4e\x82\xe8\x34\x7c\x70\x73\x26\x43\x67\x75\xda\x4d\xf8\xad\xd3\x9f\xe4\x6f\xd4\xdc\x4f\xf6\x59\x20\x98\x45\x4e\xb8\x2b\x14\xa0\xd9\x77\xe7\xd8\xf0\x61\x0c\xc0\xf2\x51\xc7\xdf\x75\xfb\x6e\x9e\x64\x54\x5b\x28\x28\xa1\x5e\x18\x94\xd9\x58\x6c\xd6\xc8\x8f\x82\xd4\x69\xc6\x4d\x48\xb8\xcc\x38\x83\xe8\x1f\x01\x72\xd0\x89\xe8\x57\x7e\x4b\xde\x2b\x5d\x59\xe7\xb9\xc8\x35\xa7\x97\x80\x81\xdc\x00\x9c\x18\x67\xc7\xb2\x02\xe5\x54\xbb\xf4\xfe\x8c\xbc\x03\x3b\xd3\x2c\x75\xf1\x2d\xeb\x3d\x65\x33\xf4\xa8\x7e\xfd\x2f\x03\x1e\x86\x7b\x65\x89\xd1\x70\x97\x61\x20\xfa\x40\xcf\x08\x71\x5d\x56\x86\xe7\x19\xdb\x2b\x04\xfc\x95\xc8\x87\x71\x78\x58\x54\xbe\x7f\xdf\xd7\x8e\xb1\xa9\xbe\x03\x5f\x6f\x67\x4f\x9f\xa5\x08\xaa\x90\xda\x71\xd5\xba\xfd\xb4\x45\xd7\x7e\x7f\xe3\x8d\x24\x62\x5d\x42\xa2\xe0\x03\xbb\x3d\x15\x3e\xe1\xe1\x3a\xf3\x2a\xda\x0c\xf2\x08\xfa\x2f\x94\x45\x19\x1d\x55\x8e\x61\xe8\xbd\xe4\xcd\xbb\x79\x0f\x43\xbb\x96\x28\x51\x66\xfd\xe2\xa5\xac\x6a\x1d\xeb\x58\xc0\xb0\x0b\xea\x38\x81\x98\xd4\x9c\x4f\x5f\xe8\x2a\xe9\xd6\x1f\x52\x10\xa7\x25\x7d\x22\xd7\x76\xe7\x7f\xa6\x15\x45\xea\xaf\x37\x0f\x36\xc2\x8c\x75\x08\x24\x1d\x32\x71\x5f\x7e\xc2\x84\x8c\xac\x7f\x2d\x4d\xf1\x8a\x51\x2a\x32\x26\xdf\xe9\x7c\x59\x51\xd3\x13\xfc\x09\x59\x9f\xd2\x1b\xb2\x90\x02\x41\x48\x3a\x12\xff\xc5\x75\x98\xe4\xf0\x9c\xb8\x5a\xe6\x96\x2f\x27\x57\x05\x0d\xe6\xec\xce\xf0\x34\xaf\x3a\x84\xf2\x50\xcb\xf0\xea\x64\x9a\x7a\x87\xb2\x90\x1d\x4c\x6b\x3e\xa9\x32\x25\xfc\x2c\xec\x0b\x6c\x98\x04\xe4\xed\xa0\x02\xa3\xd2\x4d\xa0\xa5\x5e\x6d\x9a\x0a\xd1\x80\x72\x21\xba\xde\x6d\xa8\xe8\x4c\x86\xe3\x22\xf7\xb3\xe1\xe0\x87\x51\x5a\xef\xa1\x1d\xe3\xe1\x98\xb8\x18\x7b\x1a\xdb\x90\x4a\x53\x61\x59\x0b\x90\x91\x5b\x73\xeb\x96\x34\x2b\x1e\xd9\xe3\x4c\x5b\xb6\x8f\x81\x39\x6b\xe9\x4b\x31\xdf\x13\x6a\x65\x86\x8d\x79\x6c\x76\x22\xdd\x8e\x7f\x78\xce\x81\xd7\xdb\x24\x16\x3a\xd7\x84\xd4\x81\x5f\xf8\x17\xbf\x88\x11\xd1\x29\x3c\x7e\x88\xfe\x4d\x78\x21\x78\x31\x91\xe0\x3b\x56\x82\xae\x7c\x0d\xad\xd4\xa9\x27\x24\xaa\xfc\xe0\x24\xae\x0a\xcc\x8e\x39\xcd\x3e\xaf\x4e\xde\x02\x49\x07\xe5\x09\x77\x22\x8d\xf4\xd3\xa6\xa4\x28\x88\x6f\xb2\x4f\x9a\xa1\x53\x66\xbc\xae\x6e\xbb\x17\x51\x40\x2b\x9f\x34\xa3\x85\x40\xc0\x92\x93\x04\x7f\xe9\x43\x73\xc1\x7a\x9c\xcc\xff\x1a\x1d\xe3\x22\xef\xc3\xfe\x33\x48\x01\xaa\x76\x44\x4d\xd0\xd4\xc0\x17\xfe\xb9\xd4\x53\xeb\x35\xf2\x1e\xfe\x33\x2e\xd9\xae\x75\x57\x1c\xa5\x77\x8e\xb4\xb6\x9d\x94\xf7\x69\xdb\xf0\x8c\xaf\xa0\x7a\x7f\x42\xf1\x2f\x8f\x2a\x9e\x3e\xb6\x97\x6e\x01\x62\xc3\xf2\x34\x51\xd9\x74\xc8\x7f\x60\x63\xbd\x31\xdb\x13\x85\x81\x1b\x55\x4c\x85\x50\xba\x51\x30\xf8\x8d\x79\x7a\x8b\xab\x3e\x01\xb2\x1e\x5f\xeb\xd2\xb0\xf6\x6e\x8f\x58\x42\xc1\x04\x10\x74\x28\x42\x3a\x8c\x8d\x39\x4c\x5e\x19\xea\x71\x75\x87\xa9\x2f\xe0\x70\xe5\xb4\x9e\xc4\xaf\x4b\xc6\x32\xe2\xf3\xe8\x0f\xa6\x51\x16\xf3\x8e\x12\xd8\xa2\x18\xf4\xf2\x36\x10\x5e\x39\x08\x02\xb3\xf9\x92\x16\x50\xba\x41\x81\x77\xf8\x33\x26\x18\x61\xab\xee\xbf\xae\xc3\x19\x89\x49\x2f\x7f\x02\xd1\xb0\x62\x16\x9d\x3b\xee\x9a\xa3\x99\xd3\xdf\xa9\xf9\x8d\x48\x29\xe9\x8f\xe7\x67\x23\x6f\x5d\xd9\x81\x09\x43\x9d\x31\x99\x9c\x03\x51\x9e\xa3\x8d\xe2\x5b\x3f\xe3\x8b\x42\x0f\xbe\x45\x52\xe9\xad\xed\xb3\x07\xfd\xff\xc9\x8e\xa4\x58\x6d\x60\xee\x31\x33\x28\xc5\xb6\xc3\xff\x50\x4e\xbe\xd2\x8f\x56\x69\x80\x16\xdd\x79\x6b\x9b\x9e\x85\x0d\x79\x18\xd8\xb8", 4096)); NONFAILING(*(uint32_t*)0x10001584 = 0x1000); NONFAILING(*(uint32_t*)0x100015cc = 1); syscall(SYS_sendfile, (intptr_t)r[0], 0xffffff9c, 8, 0x800ull, 0x100015c0, 0x10001600, 9); break; case 5: NONFAILING(memcpy((void*)0x10001640, "\x6c\x81\x1b\xa5\x2c\x13\x9b\x40\xdc\x56\x80\xcb\x02\x75\xfd\xd4\x40\x46\x8e\x4d\xae\x07\xc7\x45\xba\x75\x8c\xb2\x66\x74\x2f\x46\x8f\xc4\x2d\xa0\x66\x9f\x60\x61\xcb\x2c\x9f\x92\x1e\x95\x34\x51\xb3\x13\x5e\x01\x74\xfe\x8e\xb1\xae\xbb\x2c\x3e\xb8\xa7\xfb\x3f\xc8\xde\xa1\x8e\x65\x2d\x01\xe7\x18\x4c\xa6\x5d\xce\x04\xf4\x67\x9a\xfe\xd2\x76\x6b\x06\x73\x49\xde\x7a\x5e\xf6\x0b\x58\x69\x92\x91\x9a\x20\x38\x2c\x0a\x1f\x20\xaf\x0c\x9c\x7f\xac\x61\xcf\x18\x38\x3e\x36\xfe\x56\x50\x2f\x5f\x26\xb8", 122)); syscall(SYS_ioctl, -1, 0xc0104453, 0x10001640); break; case 6: res = syscall(SYS_freebsd10_pipe, 0x100016c0); if (res != -1) { NONFAILING(r[1] = *(uint32_t*)0x100016c0); NONFAILING(r[2] = *(uint32_t*)0x100016c4); } break; case 7: NONFAILING(*(uint8_t*)0x10001700 = 0x10); NONFAILING(*(uint8_t*)0x10001701 = 2); NONFAILING(*(uint16_t*)0x10001702 = htobe16(0x4e23)); NONFAILING(*(uint32_t*)0x10001704 = htobe32(7)); NONFAILING(*(uint8_t*)0x10001708 = 0); NONFAILING(*(uint8_t*)0x10001709 = 0); NONFAILING(*(uint8_t*)0x1000170a = 0); NONFAILING(*(uint8_t*)0x1000170b = 0); NONFAILING(*(uint8_t*)0x1000170c = 0); NONFAILING(*(uint8_t*)0x1000170d = 0); NONFAILING(*(uint8_t*)0x1000170e = 0); NONFAILING(*(uint8_t*)0x1000170f = 0); NONFAILING(*(uint32_t*)0x10001740 = 0x10); syscall(SYS_setsockopt, (intptr_t)r[2], 0x84, 0x8002, 0x10001700, 0x10001740); break; case 8: NONFAILING(*(uint32_t*)0x100017c0 = 4); syscall(SYS_getsockopt, -1, 0x84, 0x20, 0x10001780, 0x100017c0); break; case 9: NONFAILING(*(uint32_t*)0x10001800 = 8); NONFAILING(*(uint16_t*)0x10001804 = 0x1000); NONFAILING(*(uint16_t*)0x10001806 = 0); NONFAILING(*(uint16_t*)0x10001808 = 0x8000); NONFAILING(*(uint16_t*)0x1000180a = 0x200); NONFAILING(*(uint16_t*)0x1000180c = 0x4000); NONFAILING(*(uint16_t*)0x1000180e = 0); NONFAILING(*(uint16_t*)0x10001810 = 1); NONFAILING(*(uint16_t*)0x10001812 = 0); NONFAILING(*(uint32_t*)0x10001840 = 0x14); syscall(SYS_getsockopt, (intptr_t)r[1], 0x84, 0x14, 0x10001800, 0x10001840); break; case 10: NONFAILING(memcpy((void*)0x10000000, "\xc9\x0c\x8a\x7c\x33\x7f", 6)); NONFAILING(*(uint8_t*)0x10000006 = 0xaa); NONFAILING(*(uint8_t*)0x10000007 = 0xaa); NONFAILING(*(uint8_t*)0x10000008 = 0xaa); NONFAILING(*(uint8_t*)0x10000009 = 0xaa); NONFAILING(*(uint8_t*)0x1000000a = 0xaa); NONFAILING(*(uint8_t*)0x1000000b = 0xaa); NONFAILING(*(uint16_t*)0x1000000c = htobe16(0x8100)); NONFAILING(STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 0, 3)); NONFAILING(STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 3, 1)); NONFAILING(STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 4, 12)); NONFAILING(*(uint16_t*)0x10000010 = htobe16(0x800)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x10000012, 0x1c, 0, 4)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x10000012, 4, 4, 4)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x10000013, 0, 0, 2)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x10000013, 0, 2, 6)); NONFAILING(*(uint16_t*)0x10000014 = htobe16(0x81)); NONFAILING(*(uint16_t*)0x10000016 = htobe16(0x65)); NONFAILING(*(uint16_t*)0x10000018 = htobe16(5)); NONFAILING(*(uint8_t*)0x1000001a = 1); NONFAILING(*(uint8_t*)0x1000001b = 0x46); NONFAILING(*(uint16_t*)0x1000001c = htobe16(0)); NONFAILING(*(uint32_t*)0x1000001e = htobe32(-1)); NONFAILING(*(uint8_t*)0x10000022 = 0xac); NONFAILING(*(uint8_t*)0x10000023 = 0x14); NONFAILING(*(uint8_t*)0x10000024 = 0); NONFAILING(*(uint8_t*)0x10000025 = 0xbb); NONFAILING(*(uint8_t*)0x10000026 = 0); NONFAILING(*(uint8_t*)0x10000027 = 0x44); NONFAILING(*(uint8_t*)0x10000028 = 0xc); NONFAILING(*(uint8_t*)0x10000029 = 5); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x1000002a, 0, 0, 4)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x1000002a, 3, 4, 4)); NONFAILING(*(uint32_t*)0x1000002b = htobe32(9)); NONFAILING(*(uint32_t*)0x1000002f = htobe32(4)); NONFAILING(*(uint8_t*)0x10000033 = 0x83); NONFAILING(*(uint8_t*)0x10000034 = 0xb); NONFAILING(*(uint8_t*)0x10000035 = 6); NONFAILING(*(uint32_t*)0x10000036 = htobe32(0xe0000001)); NONFAILING(*(uint32_t*)0x1000003a = htobe32(-1)); NONFAILING(*(uint8_t*)0x1000003e = 0); NONFAILING(*(uint8_t*)0x1000003f = 4); NONFAILING(memcpy((void*)0x10000040, "\xa4\xd4", 2)); NONFAILING(*(uint8_t*)0x10000042 = 0x89); NONFAILING(*(uint8_t*)0x10000043 = 0x13); NONFAILING(*(uint8_t*)0x10000044 = 4); NONFAILING(*(uint8_t*)0x10000045 = 0xac); NONFAILING(*(uint8_t*)0x10000046 = 0x14); NONFAILING(*(uint8_t*)0x10000047 = 0); NONFAILING(*(uint8_t*)0x10000048 = 0xbb); NONFAILING(*(uint32_t*)0x10000049 = htobe32(-1)); NONFAILING(*(uint8_t*)0x1000004d = 0xac); NONFAILING(*(uint8_t*)0x1000004e = 0x14); NONFAILING(*(uint8_t*)0x1000004f = 0); NONFAILING(*(uint8_t*)0x10000050 = 0xbb); NONFAILING(*(uint32_t*)0x10000051 = htobe32(0)); NONFAILING(*(uint8_t*)0x10000055 = 0x94); NONFAILING(*(uint8_t*)0x10000056 = 6); NONFAILING(*(uint32_t*)0x10000057 = htobe32(9)); NONFAILING(*(uint8_t*)0x1000005b = 0x94); NONFAILING(*(uint8_t*)0x1000005c = 6); NONFAILING(*(uint32_t*)0x1000005d = htobe32(0x80000001)); NONFAILING(*(uint8_t*)0x10000061 = 1); NONFAILING(*(uint8_t*)0x10000062 = 0x83); NONFAILING(*(uint8_t*)0x10000063 = 0x1f); NONFAILING(*(uint8_t*)0x10000064 = 2); NONFAILING(*(uint32_t*)0x10000065 = htobe32(0xe0000002)); NONFAILING(*(uint32_t*)0x10000069 = htobe32(0xe0000001)); NONFAILING(*(uint32_t*)0x1000006d = htobe32(0x7f000001)); NONFAILING(*(uint32_t*)0x10000071 = htobe32(0)); NONFAILING(*(uint32_t*)0x10000075 = htobe32(0x7f000001)); NONFAILING(*(uint32_t*)0x10000079 = htobe32(0x7f000001)); NONFAILING(*(uint32_t*)0x1000007d = htobe32(0xe0000001)); NONFAILING(memcpy((void*)0x10000082, "\x8d\x86\x2d\x09\x9b\x6b\xb2\xba\x6a\xea\xa6\xab\xd3\xe9\xd5\x82\xc9", 17)); struct csum_inet csum_1; csum_inet_init(&csum_1); NONFAILING(csum_inet_update(&csum_1, (const uint8_t*)0x10000012, 112)); NONFAILING(*(uint16_t*)0x1000001c = csum_inet_digest(&csum_1)); break; case 11: NONFAILING(memcpy((void*)0x100000c0, "\xc4\xe1\xf5\xf3\x7b\x05\xc4\xc2\xf5\x47\x52\x5a\x80\x8f\x4e\x00\x00\x00\x00\x66\x0f\x38\x1d\xbc\x60\x07\x00\x00\x00\xc4\xe2\xad\x91\x74\xae\x7e\x81\xfe\x00\x00\x00\x00\x8f\xe9\xa0\x99\xd8\xe4\xff\xc4\xc1\x93\x5c\x17\xc4\xc3\xe1\x41\xae\x2f\x10\x9d\xc2\xd8", 64)); NONFAILING(syz_execute_func(0x100000c0)); break; case 12: break; } } int main(void) { syscall(SYS_mmap, 0x10000000, 0x1000000, 7, 0x1012, -1, 0); install_segv_handler(); use_temporary_dir(); do_sandbox_none(); return 0; } :392:17: error: use of undeclared identifier 'SYS_shm_open2' res = syscall(SYS_shm_open2, 0x10000240, 0x800, 0, 7, 0x10000280); ^ 1 error generated. compiler invocation: clang [-o /tmp/syz-executor393138052 -DGOOS_freebsd=1 -DGOARCH_386=1 -DHOSTGOOS_freebsd=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static -lc++ -Wno-overflow] --- FAIL: TestGenerate/freebsd/386/14 (1.85s) csource_test.go:123: opts: {Threaded:true Collide:true Repeat:true RepeatTimes:0 Procs:2 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:true Trace:false} program: setsockopt$inet_opts(0xffffffffffffff9c, 0x0, 0x0, &(0x7f0000000000)="ec04a904b9d2ea02fab2df1d9de39f3f5aa2344397e186204d39d74da156e7c6cd98195b7b83c652b06b6222bdef3363961bf47e9b530fbf65bae3607b60941e2715bd678fcebc5524bcefd3184d", 0x4e) ioctl$DIOCSETIFFLAG(0xffffffffffffffff, 0xc0284459, &(0x7f0000000180)={0x10, &(0x7f0000000080)="de11c2a774191d70f51e7c3e375c2814ac72c2d5d0404a2e3d5baf92161f3b451efe9c4c79d7660668f6073e2f76c5f2145195e8c1a4ec34b6f69c1b582768207b28a979f05adc14a3357fe7c493fc81a9177524631bb209be637f8695747fa7cf1c68ac691f169c1b8fb67d7a3776ddfc620ffbe6831f74d2f2d089a4ffecf510a99702258c58ea9e871d4f4ab9a347aabdbb03585b37b5c79436c0c1160a5876b61bbf0c814bb49a27a36082df13cb2f9de2f942b6ac7e158880cfc03cfdccca9fc0f2347eb543a343b4c92707fe736a86a35d58e26f6fd2e9ec8f82", 0x7, 0x5a764000, 0x6}) recvfrom$inet6(0xffffffffffffff9c, &(0x7f00000001c0)=""/23, 0x17, 0x2, &(0x7f0000000200)={0x1c, 0x1c, 0x3, 0x6, @loopback, 0x2d99}, 0x1c) r0 = shm_open2(&(0x7f0000000240)='./file0\x00', 0x800, 0x0, 0x7, &(0x7f0000000280)='\x00') sendfile(r0, 0xffffffffffffff9c, 0x8, 0x800, &(0x7f00000015c0)={&(0x7f0000000540)=[{&(0x7f00000002c0)="efacade58ab0192351a102ada32ad1f41e429edf6c4a513ac6d669cadb222eb68297ab8f9f7b3234d0c6cfa280ad14dc1c4c34175119446d79a030d48b57304eb90b428c202382d86cd71e9c1ecc8d3e2d764aae3714cb591eb027e46943e23eb7656875867e603cf13892a74c42bb1844c27f7f454f9661f1dbb35004ada4d6d75b1df342e967493d207d6b8b4edcbf9d1e378445573684ed139b671abf6576edf8d7342cd8649d376970acbde224a7b0b6a975a8ba0a768ed6abe16c1b694f65dd4231f48c2884", 0xc8}, {&(0x7f00000003c0)="a6e4fe186c760ac2ebbcf9efda5e22e2df6f153fccda1c16976037d03ee004c3fbba5d35b6c083130fc705f95889ba6adbe5e3a7a5e70136a0ca085b7e504d0df55fe184a9bd7a82", 0x48}, {&(0x7f0000000440)="c7e00030b3c4541743ee6513", 0xc}, {&(0x7f0000000480)="a4a67a4e72492b9fab6379e4c0f35b22b69b6e7aefc56beefa857ae28543", 0x1e}, {&(0x7f00000004c0)="8f095f8df1c6bc4dfc1d826f02dfa7794bebf9e7ffc7160f276a53d1abc996fca8c8dbc7c79c09cd5f954775c9e8fc1cf2e0e3c054fb54b662d1b45f5235fdbf860c3fed3dc34ceb30c44baa4ded7de7e9533f4dca146db0db35a93ba654d49011d9cb98d1576b731b9c2bb58c0df4edee6ef5ae1f8b6bc9646f5b4ade4dd52a", 0x80}], 0x5, &(0x7f0000001580)=[{&(0x7f0000000580)="8edaafd215ce7b65c301b4c92651648d0898187ccdb01a4d76b5e301ed4dc9a8863dc7f7ae3bad050227e374a16898e6004c8414847ad74972edac24dc8af73efdef3cfa98e46ff109f6639f4f1417146e2a2c1834c974f3e464ef4b9c88085227ad382c926de3191e689632fad2e80be97123084f70ff095d026a80f01d73752db200c3609bc6e8bbc9187cb85a6519bafc4f15ecca30558d8fc19c9c8cfb94a2f1e70345adf2b01814e7376e9f4492a3bf3883e22df30568632f51c3a6b363d5a968937e1ee977a34f412d00ad70c1c91a7c39ead08d366e10ffc0552b5deae8e1fbee08abf3eade68a0ea2f89f27c3b9a4eb1d202932a128b552adfa688556cce27e1a831daca249c6c8c8af9f50e793b7f86a971eb6ea8ac68fe0646ced0185775d71aece79e93cdeb67ee01e931c345a23ee4a612e131da8b80ac0ad845a4e2712cc43b244df22df822b2b336d8ab18588b607526a1e5951fe7393d5cbef86c42988f3e8b5fb0de54c9aabe6ae7c13cec0506ae837b795539d412fe96e4c546a7d9c9d2830ed163fbc20aab884f5b1159a6ab62d266b2c32597cc06685b789b80f8d2664c87f09956a29dcd3fc0e9ba35d668590e0dcfbcbb6185e1e870324f22b167a2204e271eff9dcbb36c1f52cf2fe376046126cd24de4b8d8e9e367e17179abb59d26cdee75ceab93d2b2400f7086542d957bc80da1069c5f7518e8608fae3f948cb7c272f7e360da0fb84aa2330f996088310c7e42379cc7837b85a646c44d153bed8eb8f95bc3d5411e33ec832ab8156923c7324dfc43386d3419d36603f699a321fd61fc9f9765a2a64b16d47e0870e1971231dc616647028c4b35bea6e59dbdbe9a29a5f46389ecb655711e90f49a98c021493df41177466f02589339a40b3b486a25ccada3caae496314a5a2b54a11cf6fb7e87d84d01ea853e970cf18a1b53db5d156375abe41ad686a4b4b4c2475a31ecdfe5f22ba51f666d22e6c7434c722c7565eeb5346eecd1e25557722166ac7e50929fefbb3f2999d152938f7f3cec1defe5a097a5f3a75932ce2c0364ecaf5ffba084f976b5d1ce16e8fb4d12348a6fd167117f080a89f54ebe8bdc10ed4d34df568042ddc103d02d13b6af17807f2760091123263c3a00d2d69e57145f8a2de9eb50ebe89a3efac53ab73a57744070a5140e0e4e25030edbebe83341fdc545ab2b4aa8a0feb09632d84ef01162d93d0d8fa9510f597ea20032e194df444a83960b99658d076fe3bccde903fb30471fd000fbcd4201a62936c7c718405394e6612ddd77e415ef8879a2761f6678ee0e23f4a1398c83da959e97236c67b0bc39717dfd9cb308a21343c83d43f24ea70a1040a98fb1958de1a35a27ed76c7c7ec82ae3a01b3ca53b118892f2045a5747de14c54a99b438e85ab2af93ef151a39ee0157c6c9d0e4e1ff5b3c6ff6ab0739ff9524221c6b675bb884bbe64a62141592c8cc99760f17abc44706ff37e313c7553dff34cf649e056a05cf62cb379a64c4b3e549eb1c572b917ea715ab1e7cc691545d5092813bf3ef2cd9ff914af31c14bb57dd406a0b48916d5cee27b0d79ec74296257489c835bba62d2e4f89573a121300876ca4611d8066d76b3e79e1d36132cc8d6b99eebaeacef786a598d6dbb43afc42e5415424360970731b273736b062a2753d10f7aa0f6c082fe2d80ea112bea0a05a9b5488ef189057c48429a5ed4d0c3363b7e6dfa252cd886ec7f51bc9eef81c1031786b26bd6f468a02b4d6a494d8876ab986084fc73b584c1619b70fc6825a2ab85c9cd1db81c835a452c01b4438a2851b8e4d5c4a9678946c4e25f7fdf456dc7e61de3dd6f1302b0194db7be1b41fd064cc35d119ce291592aaf8d07f2ceae8b20e3b1a933ec75699f969632ecd6fa91591ea58744edd5466046c809993f4cbffae1d527ed1bb22d9e1e02295d3586de90950247a1b1dfcfc9415942f46c3f194c6cb06e7011e96478bcd3aa33542eb20447e4afa5c48b1372cb07216318b071f898b0e8632ad0df9afe12cf52be135457241e2e49ca492f77b81e9650d2c85282a6ac7844b1946007bef7a0d53b1a5e285749c0d21de5c192c631696d36503daa612ac70e30d3b7349e21bc99bdc4c3a941bd7a33ef35bb3512ae9826c46d8c9a21da2773921bfdaf6fbf649da2b225861b676440258334167f9d7eb1e03d30f3cc279d01ec5ad7eecff29f296ef60355c8c13e045c8ac97805d066f81cf4c859fedbe741bc2737cea891d95c9c69f21aa58edca272dec60c3e77abaf597308e07913584e435786b9ff401a4cbb050335b56a20e652c1d36ff74b8ef2f59578594cd973b79430110b3e943835406288f9a20d0d649dc5630bc50711fed106f325be5fce20ff7672dfdbe14df66d40c430378b7d885c3e7f115b49c84d26c4b309e13af4fd2b4556a9642c48f8a81b64d5dd600f4b29aa2ad3a8df28a84b056070005eb737860583dfc8da5e3144f0ef29580d1940798a6124efe2d180c811da06eda2548165a2a82ea018d8c07a967c063b179ba971c09ce7c19ba96ea34c676e140cf06abd6dc6ce75546e42e71bbb9eeef1547588d9d928aa6ee221eb720d8a073398326cfcb616e34e1dee6fc88c29ddfb4e9cc57e89d33fa4f9fffe48efbbe7c247f825cc24f30df2ba35d7aa2cedb53dbdc0d88a1c68197f1f5fba83ec211892d934e803db2126b667d0f0fbe23bb65e765549ee5bc198458707e4cc826caa4c40f9da0664f9a1f7f4e7f8636012ca46a3bbf545d6b8a7e57b8c432c3aa5065e78983a8add9e1485a6fdd40554490c29dca6ddfa0f9803a621b438c168d1864bd021348e22e6a652137dd7fd0aa854b0037cc299774fe6ea3e76e2b5e888d94071441159256037bf358f941d69fe241beb1eca951a604d3768ab88cc1823b3b45b4c3ed1c75ade6170e5880274beb7d5df0d4f7fff8c00dfc2a49325c61dc8b5008449400d784a66089fe5ae1c4f47826787682832c8c57b74e15cfc63ad03056ee0b8c22ef892a3429bb124cf0a224c036c7c59e3a3908ca49b72089ef815533faa1aaf78ec5ab8a98e56bdd8b4e2579735beb27be0f18cae83c4b854e1179d9f327d81bd035272a12471d6e728fb87eeb2d8a112a2704ca64d5b0044d9262294e6137bffd6f9c23137924661ef102744cb5a0ef9d5eaa3789c934c5ea1237fe071d6ee064d2c3cdc6217c1ba0bde93b06ee69899e7eeb850e583cb23c90722d002f23479533134e1abb6a6e6201357c8ce82906b81a9ff0d5b5447264a3918181664213e7e8d953011c6eda2f683c2ff85f668a56f3a070abceae972741c6e0c6513d35ec8665e110694834e1e2be2f6790fab65fd5b1be7d0b1c0b40af19c03cc291056d3e09d3bee77d9029ec49eaedfa054a9ef943c12e5e81992e41612b6c1d9422858f7ffcf8bb72ea68ce969c8c883f4d8225a3cda94016348dfe77a8a033274c95f2e0e7b1e4c51e132dc653964b10654fca84b729f6c6091ceeb427f147ffc9420942b827ef787eef917e3e36c702fe419561922ebba7e687a81e95b2dce352f208b51736897758814ff99d52a6031af9f92b344c02e9a2d65571f8d8a744b913adfe2a04948e3deed0faadec648c8ed2138acc024d8f14cec7e8cf003585f2f7f0650fde160a891337315bef61174b94224ae4968d22fbf284254e43413194f4bc14d84e2baf591c62420ebceff8a2245b2a4d5f3bc7d0b285f9c2607d3340b9cbc90ab7bee1bbed925dcbbce614470a30a4948c4bb90fcb65220ebedb168af885104219be85cd74ab9f5200640d9ce2937b9a362b17d4b6f41eaee1208906c238862dcbf421eb390624f01f22b653d8edaa3f0d81aafffe5374a46f227dfffe7a0eae723c33b6ab41befaefb6d629f25ad38c6f4879580034c578dfd1ce91b3fd2ffa878a992324ad1181f1ae04a1620ad3ad53821ec579fb29ecc53ab1d35011133d7b59715c228ec45d1662c87ed0287862ffb498cbd0410a391f142489fe6e369e3526b39e05c13c3574b1152341a237eed902ebf49b4b2548795e418c1e57e011061298d3a9dbcf2c2caccad013d03123208adddbe99e9f523dd0379dd537a93508b9aa29d1e7f286aa9983eb5b59ccaecffc31466f7f13ef320efa0c2fe393b5a0fb25e867f7951a6e25656d7e9905bc00c855ad0f4b9c55b33d99fa1358848c037e6ff9c76523764febd6d8ec83f70338e7ff728a52c661b2b0282381d2c169267b11d4dc383e62ae646d1cf9323b2d0cf3c561f81c7d2b0873d96ba97247cc47e222e226a6d151f11f2f50b767bac93a9dcf1711ac45b1c528fa9a9442f2958218a021f3305ec037d590019dd4d83d3441628e4ad6a6c595062c0a7822d090527833786d5e8f31002212661f50006549dd1d3b462456ef126814073c06b96e78406b6d4494d887fe7c794b75399c2c13ffb56f291bd4a7d36155de7e01fa35b7bec8bcacd43c8bb6ca6f09a15003bb8287ce68e1cab702cc309c7bebb0699ab4da85448da0db0340594a8e2e7ac83a32d3e7187c8d45d85b9fba5a29937143d7b011721f515a4945bbefbe554da5d3c7cb5f127fc13793f3732c90a4a58eaec22a93ed04e82e8347c707326436775da4df8add39fe46fd4dc4ff6592098454eb82b14a0d977e7d8f0610cc0f251c7df75fb6e9e64545b2828a15e1894d9586cd6c88f82d469c64d48b8cc3883e81f0172d089e8577e4bde2b5d59e7b9c835a7978081dc009c1867c7b202e554bbf4fe8cbc033bd32c75f12deb3d6533f4a87efd2f031e867b6589d170976120fa40cf08715d5686e719db2b04fc95c88771785854be7fdfd78eb1a9be035f6f674f9fa508aa90da71d5bafdb445d77e7fe38d24625d42a2e003bb3d153ee1e13af32ada0cf208fa2f9445191d558e61e8bde4cdbb790f43bb96285166fde2a5ac6a1deb58c0b00bea388198d49c4f5fe82ae9d61f5210a7257d22d776e77fa61545eaaf370f36c28c7508241d32715f7ec2848cac7f2d4df18a512a3226dfe97c5951d313fc09599fd21bb2900241483a12ffc57598e4f09cb85ae6962f2757050de6eccef034af3a84f250cbf0ea649a7a87b2901d4c6b3ea93225fc2cec0b6c9804e4eda002a3d24da0a55e6d9a0ad1807221bade6da8e84c86e322f7b3e1e087515aefa11de3e198b8187b1adb904a5361590b90915b73eb96342b1ed9e34c5bb68f81396be94b31df136a65868d796c7622dd8e7f78ce81d7db24163ad784d4815ff817bf8811d1293c7e88fe4d7821783191e03b5682ae7c0dadd4a92724aafce024ae0acc8e39cd3eaf4ede024907e50977228df4d3a6a428886fb24f9aa15366bcae6ebb1751402b9f34a38540c09293047fe94373c17a9cccff1a1de322efc3fe334801aa76444dd0d4c017feb9d453eb35f21efe332ed9ae75571ca5778eb4b69d94f769dbf08cafa07a7f42f12f8f2a9e3eb6976e0162c3f23451d974c87f6063bd31db1385811b554c8550ba5130f88d797a8bab3e01b21e5febd2b0f66e8f5842c104107428423a8c8d394c5e19ea717587a92fe070e5b49ec4af4bc632e2f3e80fa65116f38e12d8a218f4f236105e390802b3f9921650ba418177f833261861abeebfaec31989492f7f02d1b062169d3bee9aa399d3dfa9f98d4829e98fe767236f5dd98109439d31999c03519ea38de25b3fe38b420fbe4552e9adedb307fdffc98ea4586d60ee313328c5b6c3ff504ebed28f56698016dd796b9b9e850d7918d8b8", 0x1000}], 0x1}, &(0x7f0000001600), 0x9) ioctl$DIOCXROLLBACK(0xffffffffffffffff, 0xc0104453, &(0x7f0000001640)="6c811ba52c139b40dc5680cb0275fdd440468e4dae07c745ba758cb266742f468fc42da0669f6061cb2c9f921e953451b3135e0174fe8eb1aebb2c3eb8a7fb3fc8dea18e652d01e7184ca65dce04f4679afed2766b067349de7a5ef60b586992919a20382c0a1f20af0c9c7fac61cf18383e36fe56502f5f26b8") freebsd10_pipe(&(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_sctp_SCTP_BINDX_REM_ADDR(r2, 0x84, 0x8002, &(0x7f0000001700)=@in={0x10, 0x2, 0x3, @rand_addr=0x7}, &(0x7f0000001740)=0x10) getsockopt$inet6_sctp_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x20, &(0x7f0000001780), &(0x7f00000017c0)=0x4) getsockopt$inet6_sctp_SCTP_HMAC_IDENT(r1, 0x84, 0x14, &(0x7f0000001800)={0x8, [0x1000, 0x0, 0x8000, 0x200, 0x4000, 0x0, 0x1, 0x0]}, &(0x7f0000001840)=0x14) syz_emit_ethernet(0x93, &(0x7f0000000000)={@random="c90c8a7c337f", @local, [{}], {@ipv4={0x800, {{0x1c, 0x4, 0x0, 0x0, 0x81, 0x65, 0x5, 0x1, 0x46, 0x0, @broadcast, @remote={0xac, 0x14, 0x0}, {[@end, @timestamp={0x44, 0xc, 0x5, 0x0, 0x3, [{[], 0x9}, {[], 0x4}]}, @lsrr={0x83, 0xb, 0x6, [@multicast1, @broadcast]}, @generic={0x0, 0x4, "a4d4"}, @ssrr={0x89, 0x13, 0x4, [@remote={0xac, 0x14, 0x0}, @broadcast, @remote={0xac, 0x14, 0x0}, @empty]}, @ra={0x94, 0x6, 0x9}, @ra={0x94, 0x6, 0x80000001}, @noop, @lsrr={0x83, 0x1f, 0x2, [@multicast2, @multicast1, @loopback, @empty, @loopback, @loopback, @multicast1]}]}}, @generic="8d862d099b6bb2ba6aeaa6abd3e9d582c9"}}}}) syz_execute_func(&(0x7f00000000c0)="c4e1f5f37b05c4c2f547525a808f4e00000000660f381dbc6007000000c4e2ad9174ae7e81fe000000008fe9a099d8e4ffc4c1935c17c4c3e141ae2f109dc2d8") syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x7ff) csource_test.go:124: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static void sandbox_common() { if (setsid() == -1) exit(1); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 128 << 20; setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } int i, call, thread; int collide = 0; again: for (call = 0; call < 13; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (collide && (call % 2) == 0) break; event_timedwait(&th->done, 45); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); if (!collide) { collide = 1; goto again; } } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5 * 1000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: memcpy((void*)0x10000000, "\xec\x04\xa9\x04\xb9\xd2\xea\x02\xfa\xb2\xdf\x1d\x9d\xe3\x9f\x3f\x5a\xa2\x34\x43\x97\xe1\x86\x20\x4d\x39\xd7\x4d\xa1\x56\xe7\xc6\xcd\x98\x19\x5b\x7b\x83\xc6\x52\xb0\x6b\x62\x22\xbd\xef\x33\x63\x96\x1b\xf4\x7e\x9b\x53\x0f\xbf\x65\xba\xe3\x60\x7b\x60\x94\x1e\x27\x15\xbd\x67\x8f\xce\xbc\x55\x24\xbc\xef\xd3\x18\x4d", 78); syscall(SYS_setsockopt, 0xffffff9c, 0, 0, 0x10000000, 0x4e); break; case 1: *(uint8_t*)0x10000180 = 0x10; *(uint32_t*)0x10000184 = 0x10000080; memcpy((void*)0x10000080, "\xde\x11\xc2\xa7\x74\x19\x1d\x70\xf5\x1e\x7c\x3e\x37\x5c\x28\x14\xac\x72\xc2\xd5\xd0\x40\x4a\x2e\x3d\x5b\xaf\x92\x16\x1f\x3b\x45\x1e\xfe\x9c\x4c\x79\xd7\x66\x06\x68\xf6\x07\x3e\x2f\x76\xc5\xf2\x14\x51\x95\xe8\xc1\xa4\xec\x34\xb6\xf6\x9c\x1b\x58\x27\x68\x20\x7b\x28\xa9\x79\xf0\x5a\xdc\x14\xa3\x35\x7f\xe7\xc4\x93\xfc\x81\xa9\x17\x75\x24\x63\x1b\xb2\x09\xbe\x63\x7f\x86\x95\x74\x7f\xa7\xcf\x1c\x68\xac\x69\x1f\x16\x9c\x1b\x8f\xb6\x7d\x7a\x37\x76\xdd\xfc\x62\x0f\xfb\xe6\x83\x1f\x74\xd2\xf2\xd0\x89\xa4\xff\xec\xf5\x10\xa9\x97\x02\x25\x8c\x58\xea\x9e\x87\x1d\x4f\x4a\xb9\xa3\x47\xaa\xbd\xbb\x03\x58\x5b\x37\xb5\xc7\x94\x36\xc0\xc1\x16\x0a\x58\x76\xb6\x1b\xbf\x0c\x81\x4b\xb4\x9a\x27\xa3\x60\x82\xdf\x13\xcb\x2f\x9d\xe2\xf9\x42\xb6\xac\x7e\x15\x88\x80\xcf\xc0\x3c\xfd\xcc\xca\x9f\xc0\xf2\x34\x7e\xb5\x43\xa3\x43\xb4\xc9\x27\x07\xfe\x73\x6a\x86\xa3\x5d\x58\xe2\x6f\x6f\xd2\xe9\xec\x8f\x82", 221); *(uint32_t*)0x10000188 = 7; *(uint32_t*)0x1000018c = 0x5a764000; *(uint32_t*)0x10000190 = 6; syscall(SYS_ioctl, -1, 0xc0284459, 0x10000180); break; case 2: *(uint8_t*)0x10000200 = 0x1c; *(uint8_t*)0x10000201 = 0x1c; *(uint16_t*)0x10000202 = htobe16(0x4e23 + procid*4); *(uint32_t*)0x10000204 = 6; *(uint64_t*)0x10000208 = htobe64(0); *(uint64_t*)0x10000210 = htobe64(1); *(uint32_t*)0x10000218 = 0x2d99; syscall(SYS_recvfrom, 0xffffff9c, 0x100001c0, 0x17, 2, 0x10000200, 0x1c); break; case 3: memcpy((void*)0x10000240, "./file0\000", 8); memcpy((void*)0x10000280, "\000", 1); res = syscall(SYS_shm_open2, 0x10000240, 0x800, 0, 7, 0x10000280); if (res != -1) r[0] = res; break; case 4: *(uint32_t*)0x100015c0 = 0x10000540; *(uint32_t*)0x10000540 = 0x100002c0; memcpy((void*)0x100002c0, "\xef\xac\xad\xe5\x8a\xb0\x19\x23\x51\xa1\x02\xad\xa3\x2a\xd1\xf4\x1e\x42\x9e\xdf\x6c\x4a\x51\x3a\xc6\xd6\x69\xca\xdb\x22\x2e\xb6\x82\x97\xab\x8f\x9f\x7b\x32\x34\xd0\xc6\xcf\xa2\x80\xad\x14\xdc\x1c\x4c\x34\x17\x51\x19\x44\x6d\x79\xa0\x30\xd4\x8b\x57\x30\x4e\xb9\x0b\x42\x8c\x20\x23\x82\xd8\x6c\xd7\x1e\x9c\x1e\xcc\x8d\x3e\x2d\x76\x4a\xae\x37\x14\xcb\x59\x1e\xb0\x27\xe4\x69\x43\xe2\x3e\xb7\x65\x68\x75\x86\x7e\x60\x3c\xf1\x38\x92\xa7\x4c\x42\xbb\x18\x44\xc2\x7f\x7f\x45\x4f\x96\x61\xf1\xdb\xb3\x50\x04\xad\xa4\xd6\xd7\x5b\x1d\xf3\x42\xe9\x67\x49\x3d\x20\x7d\x6b\x8b\x4e\xdc\xbf\x9d\x1e\x37\x84\x45\x57\x36\x84\xed\x13\x9b\x67\x1a\xbf\x65\x76\xed\xf8\xd7\x34\x2c\xd8\x64\x9d\x37\x69\x70\xac\xbd\xe2\x24\xa7\xb0\xb6\xa9\x75\xa8\xba\x0a\x76\x8e\xd6\xab\xe1\x6c\x1b\x69\x4f\x65\xdd\x42\x31\xf4\x8c\x28\x84", 200); *(uint32_t*)0x10000544 = 0xc8; *(uint32_t*)0x10000548 = 0x100003c0; memcpy((void*)0x100003c0, "\xa6\xe4\xfe\x18\x6c\x76\x0a\xc2\xeb\xbc\xf9\xef\xda\x5e\x22\xe2\xdf\x6f\x15\x3f\xcc\xda\x1c\x16\x97\x60\x37\xd0\x3e\xe0\x04\xc3\xfb\xba\x5d\x35\xb6\xc0\x83\x13\x0f\xc7\x05\xf9\x58\x89\xba\x6a\xdb\xe5\xe3\xa7\xa5\xe7\x01\x36\xa0\xca\x08\x5b\x7e\x50\x4d\x0d\xf5\x5f\xe1\x84\xa9\xbd\x7a\x82", 72); *(uint32_t*)0x1000054c = 0x48; *(uint32_t*)0x10000550 = 0x10000440; memcpy((void*)0x10000440, "\xc7\xe0\x00\x30\xb3\xc4\x54\x17\x43\xee\x65\x13", 12); *(uint32_t*)0x10000554 = 0xc; *(uint32_t*)0x10000558 = 0x10000480; memcpy((void*)0x10000480, "\xa4\xa6\x7a\x4e\x72\x49\x2b\x9f\xab\x63\x79\xe4\xc0\xf3\x5b\x22\xb6\x9b\x6e\x7a\xef\xc5\x6b\xee\xfa\x85\x7a\xe2\x85\x43", 30); *(uint32_t*)0x1000055c = 0x1e; *(uint32_t*)0x10000560 = 0x100004c0; memcpy((void*)0x100004c0, "\x8f\x09\x5f\x8d\xf1\xc6\xbc\x4d\xfc\x1d\x82\x6f\x02\xdf\xa7\x79\x4b\xeb\xf9\xe7\xff\xc7\x16\x0f\x27\x6a\x53\xd1\xab\xc9\x96\xfc\xa8\xc8\xdb\xc7\xc7\x9c\x09\xcd\x5f\x95\x47\x75\xc9\xe8\xfc\x1c\xf2\xe0\xe3\xc0\x54\xfb\x54\xb6\x62\xd1\xb4\x5f\x52\x35\xfd\xbf\x86\x0c\x3f\xed\x3d\xc3\x4c\xeb\x30\xc4\x4b\xaa\x4d\xed\x7d\xe7\xe9\x53\x3f\x4d\xca\x14\x6d\xb0\xdb\x35\xa9\x3b\xa6\x54\xd4\x90\x11\xd9\xcb\x98\xd1\x57\x6b\x73\x1b\x9c\x2b\xb5\x8c\x0d\xf4\xed\xee\x6e\xf5\xae\x1f\x8b\x6b\xc9\x64\x6f\x5b\x4a\xde\x4d\xd5\x2a", 128); *(uint32_t*)0x10000564 = 0x80; *(uint32_t*)0x100015c4 = 5; *(uint32_t*)0x100015c8 = 0x10001580; *(uint32_t*)0x10001580 = 0x10000580; memcpy((void*)0x10000580, "\x8e\xda\xaf\xd2\x15\xce\x7b\x65\xc3\x01\xb4\xc9\x26\x51\x64\x8d\x08\x98\x18\x7c\xcd\xb0\x1a\x4d\x76\xb5\xe3\x01\xed\x4d\xc9\xa8\x86\x3d\xc7\xf7\xae\x3b\xad\x05\x02\x27\xe3\x74\xa1\x68\x98\xe6\x00\x4c\x84\x14\x84\x7a\xd7\x49\x72\xed\xac\x24\xdc\x8a\xf7\x3e\xfd\xef\x3c\xfa\x98\xe4\x6f\xf1\x09\xf6\x63\x9f\x4f\x14\x17\x14\x6e\x2a\x2c\x18\x34\xc9\x74\xf3\xe4\x64\xef\x4b\x9c\x88\x08\x52\x27\xad\x38\x2c\x92\x6d\xe3\x19\x1e\x68\x96\x32\xfa\xd2\xe8\x0b\xe9\x71\x23\x08\x4f\x70\xff\x09\x5d\x02\x6a\x80\xf0\x1d\x73\x75\x2d\xb2\x00\xc3\x60\x9b\xc6\xe8\xbb\xc9\x18\x7c\xb8\x5a\x65\x19\xba\xfc\x4f\x15\xec\xca\x30\x55\x8d\x8f\xc1\x9c\x9c\x8c\xfb\x94\xa2\xf1\xe7\x03\x45\xad\xf2\xb0\x18\x14\xe7\x37\x6e\x9f\x44\x92\xa3\xbf\x38\x83\xe2\x2d\xf3\x05\x68\x63\x2f\x51\xc3\xa6\xb3\x63\xd5\xa9\x68\x93\x7e\x1e\xe9\x77\xa3\x4f\x41\x2d\x00\xad\x70\xc1\xc9\x1a\x7c\x39\xea\xd0\x8d\x36\x6e\x10\xff\xc0\x55\x2b\x5d\xea\xe8\xe1\xfb\xee\x08\xab\xf3\xea\xde\x68\xa0\xea\x2f\x89\xf2\x7c\x3b\x9a\x4e\xb1\xd2\x02\x93\x2a\x12\x8b\x55\x2a\xdf\xa6\x88\x55\x6c\xce\x27\xe1\xa8\x31\xda\xca\x24\x9c\x6c\x8c\x8a\xf9\xf5\x0e\x79\x3b\x7f\x86\xa9\x71\xeb\x6e\xa8\xac\x68\xfe\x06\x46\xce\xd0\x18\x57\x75\xd7\x1a\xec\xe7\x9e\x93\xcd\xeb\x67\xee\x01\xe9\x31\xc3\x45\xa2\x3e\xe4\xa6\x12\xe1\x31\xda\x8b\x80\xac\x0a\xd8\x45\xa4\xe2\x71\x2c\xc4\x3b\x24\x4d\xf2\x2d\xf8\x22\xb2\xb3\x36\xd8\xab\x18\x58\x8b\x60\x75\x26\xa1\xe5\x95\x1f\xe7\x39\x3d\x5c\xbe\xf8\x6c\x42\x98\x8f\x3e\x8b\x5f\xb0\xde\x54\xc9\xaa\xbe\x6a\xe7\xc1\x3c\xec\x05\x06\xae\x83\x7b\x79\x55\x39\xd4\x12\xfe\x96\xe4\xc5\x46\xa7\xd9\xc9\xd2\x83\x0e\xd1\x63\xfb\xc2\x0a\xab\x88\x4f\x5b\x11\x59\xa6\xab\x62\xd2\x66\xb2\xc3\x25\x97\xcc\x06\x68\x5b\x78\x9b\x80\xf8\xd2\x66\x4c\x87\xf0\x99\x56\xa2\x9d\xcd\x3f\xc0\xe9\xba\x35\xd6\x68\x59\x0e\x0d\xcf\xbc\xbb\x61\x85\xe1\xe8\x70\x32\x4f\x22\xb1\x67\xa2\x20\x4e\x27\x1e\xff\x9d\xcb\xb3\x6c\x1f\x52\xcf\x2f\xe3\x76\x04\x61\x26\xcd\x24\xde\x4b\x8d\x8e\x9e\x36\x7e\x17\x17\x9a\xbb\x59\xd2\x6c\xde\xe7\x5c\xea\xb9\x3d\x2b\x24\x00\xf7\x08\x65\x42\xd9\x57\xbc\x80\xda\x10\x69\xc5\xf7\x51\x8e\x86\x08\xfa\xe3\xf9\x48\xcb\x7c\x27\x2f\x7e\x36\x0d\xa0\xfb\x84\xaa\x23\x30\xf9\x96\x08\x83\x10\xc7\xe4\x23\x79\xcc\x78\x37\xb8\x5a\x64\x6c\x44\xd1\x53\xbe\xd8\xeb\x8f\x95\xbc\x3d\x54\x11\xe3\x3e\xc8\x32\xab\x81\x56\x92\x3c\x73\x24\xdf\xc4\x33\x86\xd3\x41\x9d\x36\x60\x3f\x69\x9a\x32\x1f\xd6\x1f\xc9\xf9\x76\x5a\x2a\x64\xb1\x6d\x47\xe0\x87\x0e\x19\x71\x23\x1d\xc6\x16\x64\x70\x28\xc4\xb3\x5b\xea\x6e\x59\xdb\xdb\xe9\xa2\x9a\x5f\x46\x38\x9e\xcb\x65\x57\x11\xe9\x0f\x49\xa9\x8c\x02\x14\x93\xdf\x41\x17\x74\x66\xf0\x25\x89\x33\x9a\x40\xb3\xb4\x86\xa2\x5c\xca\xda\x3c\xaa\xe4\x96\x31\x4a\x5a\x2b\x54\xa1\x1c\xf6\xfb\x7e\x87\xd8\x4d\x01\xea\x85\x3e\x97\x0c\xf1\x8a\x1b\x53\xdb\x5d\x15\x63\x75\xab\xe4\x1a\xd6\x86\xa4\xb4\xb4\xc2\x47\x5a\x31\xec\xdf\xe5\xf2\x2b\xa5\x1f\x66\x6d\x22\xe6\xc7\x43\x4c\x72\x2c\x75\x65\xee\xb5\x34\x6e\xec\xd1\xe2\x55\x57\x72\x21\x66\xac\x7e\x50\x92\x9f\xef\xbb\x3f\x29\x99\xd1\x52\x93\x8f\x7f\x3c\xec\x1d\xef\xe5\xa0\x97\xa5\xf3\xa7\x59\x32\xce\x2c\x03\x64\xec\xaf\x5f\xfb\xa0\x84\xf9\x76\xb5\xd1\xce\x16\xe8\xfb\x4d\x12\x34\x8a\x6f\xd1\x67\x11\x7f\x08\x0a\x89\xf5\x4e\xbe\x8b\xdc\x10\xed\x4d\x34\xdf\x56\x80\x42\xdd\xc1\x03\xd0\x2d\x13\xb6\xaf\x17\x80\x7f\x27\x60\x09\x11\x23\x26\x3c\x3a\x00\xd2\xd6\x9e\x57\x14\x5f\x8a\x2d\xe9\xeb\x50\xeb\xe8\x9a\x3e\xfa\xc5\x3a\xb7\x3a\x57\x74\x40\x70\xa5\x14\x0e\x0e\x4e\x25\x03\x0e\xdb\xeb\xe8\x33\x41\xfd\xc5\x45\xab\x2b\x4a\xa8\xa0\xfe\xb0\x96\x32\xd8\x4e\xf0\x11\x62\xd9\x3d\x0d\x8f\xa9\x51\x0f\x59\x7e\xa2\x00\x32\xe1\x94\xdf\x44\x4a\x83\x96\x0b\x99\x65\x8d\x07\x6f\xe3\xbc\xcd\xe9\x03\xfb\x30\x47\x1f\xd0\x00\xfb\xcd\x42\x01\xa6\x29\x36\xc7\xc7\x18\x40\x53\x94\xe6\x61\x2d\xdd\x77\xe4\x15\xef\x88\x79\xa2\x76\x1f\x66\x78\xee\x0e\x23\xf4\xa1\x39\x8c\x83\xda\x95\x9e\x97\x23\x6c\x67\xb0\xbc\x39\x71\x7d\xfd\x9c\xb3\x08\xa2\x13\x43\xc8\x3d\x43\xf2\x4e\xa7\x0a\x10\x40\xa9\x8f\xb1\x95\x8d\xe1\xa3\x5a\x27\xed\x76\xc7\xc7\xec\x82\xae\x3a\x01\xb3\xca\x53\xb1\x18\x89\x2f\x20\x45\xa5\x74\x7d\xe1\x4c\x54\xa9\x9b\x43\x8e\x85\xab\x2a\xf9\x3e\xf1\x51\xa3\x9e\xe0\x15\x7c\x6c\x9d\x0e\x4e\x1f\xf5\xb3\xc6\xff\x6a\xb0\x73\x9f\xf9\x52\x42\x21\xc6\xb6\x75\xbb\x88\x4b\xbe\x64\xa6\x21\x41\x59\x2c\x8c\xc9\x97\x60\xf1\x7a\xbc\x44\x70\x6f\xf3\x7e\x31\x3c\x75\x53\xdf\xf3\x4c\xf6\x49\xe0\x56\xa0\x5c\xf6\x2c\xb3\x79\xa6\x4c\x4b\x3e\x54\x9e\xb1\xc5\x72\xb9\x17\xea\x71\x5a\xb1\xe7\xcc\x69\x15\x45\xd5\x09\x28\x13\xbf\x3e\xf2\xcd\x9f\xf9\x14\xaf\x31\xc1\x4b\xb5\x7d\xd4\x06\xa0\xb4\x89\x16\xd5\xce\xe2\x7b\x0d\x79\xec\x74\x29\x62\x57\x48\x9c\x83\x5b\xba\x62\xd2\xe4\xf8\x95\x73\xa1\x21\x30\x08\x76\xca\x46\x11\xd8\x06\x6d\x76\xb3\xe7\x9e\x1d\x36\x13\x2c\xc8\xd6\xb9\x9e\xeb\xae\xac\xef\x78\x6a\x59\x8d\x6d\xbb\x43\xaf\xc4\x2e\x54\x15\x42\x43\x60\x97\x07\x31\xb2\x73\x73\x6b\x06\x2a\x27\x53\xd1\x0f\x7a\xa0\xf6\xc0\x82\xfe\x2d\x80\xea\x11\x2b\xea\x0a\x05\xa9\xb5\x48\x8e\xf1\x89\x05\x7c\x48\x42\x9a\x5e\xd4\xd0\xc3\x36\x3b\x7e\x6d\xfa\x25\x2c\xd8\x86\xec\x7f\x51\xbc\x9e\xef\x81\xc1\x03\x17\x86\xb2\x6b\xd6\xf4\x68\xa0\x2b\x4d\x6a\x49\x4d\x88\x76\xab\x98\x60\x84\xfc\x73\xb5\x84\xc1\x61\x9b\x70\xfc\x68\x25\xa2\xab\x85\xc9\xcd\x1d\xb8\x1c\x83\x5a\x45\x2c\x01\xb4\x43\x8a\x28\x51\xb8\xe4\xd5\xc4\xa9\x67\x89\x46\xc4\xe2\x5f\x7f\xdf\x45\x6d\xc7\xe6\x1d\xe3\xdd\x6f\x13\x02\xb0\x19\x4d\xb7\xbe\x1b\x41\xfd\x06\x4c\xc3\x5d\x11\x9c\xe2\x91\x59\x2a\xaf\x8d\x07\xf2\xce\xae\x8b\x20\xe3\xb1\xa9\x33\xec\x75\x69\x9f\x96\x96\x32\xec\xd6\xfa\x91\x59\x1e\xa5\x87\x44\xed\xd5\x46\x60\x46\xc8\x09\x99\x3f\x4c\xbf\xfa\xe1\xd5\x27\xed\x1b\xb2\x2d\x9e\x1e\x02\x29\x5d\x35\x86\xde\x90\x95\x02\x47\xa1\xb1\xdf\xcf\xc9\x41\x59\x42\xf4\x6c\x3f\x19\x4c\x6c\xb0\x6e\x70\x11\xe9\x64\x78\xbc\xd3\xaa\x33\x54\x2e\xb2\x04\x47\xe4\xaf\xa5\xc4\x8b\x13\x72\xcb\x07\x21\x63\x18\xb0\x71\xf8\x98\xb0\xe8\x63\x2a\xd0\xdf\x9a\xfe\x12\xcf\x52\xbe\x13\x54\x57\x24\x1e\x2e\x49\xca\x49\x2f\x77\xb8\x1e\x96\x50\xd2\xc8\x52\x82\xa6\xac\x78\x44\xb1\x94\x60\x07\xbe\xf7\xa0\xd5\x3b\x1a\x5e\x28\x57\x49\xc0\xd2\x1d\xe5\xc1\x92\xc6\x31\x69\x6d\x36\x50\x3d\xaa\x61\x2a\xc7\x0e\x30\xd3\xb7\x34\x9e\x21\xbc\x99\xbd\xc4\xc3\xa9\x41\xbd\x7a\x33\xef\x35\xbb\x35\x12\xae\x98\x26\xc4\x6d\x8c\x9a\x21\xda\x27\x73\x92\x1b\xfd\xaf\x6f\xbf\x64\x9d\xa2\xb2\x25\x86\x1b\x67\x64\x40\x25\x83\x34\x16\x7f\x9d\x7e\xb1\xe0\x3d\x30\xf3\xcc\x27\x9d\x01\xec\x5a\xd7\xee\xcf\xf2\x9f\x29\x6e\xf6\x03\x55\xc8\xc1\x3e\x04\x5c\x8a\xc9\x78\x05\xd0\x66\xf8\x1c\xf4\xc8\x59\xfe\xdb\xe7\x41\xbc\x27\x37\xce\xa8\x91\xd9\x5c\x9c\x69\xf2\x1a\xa5\x8e\xdc\xa2\x72\xde\xc6\x0c\x3e\x77\xab\xaf\x59\x73\x08\xe0\x79\x13\x58\x4e\x43\x57\x86\xb9\xff\x40\x1a\x4c\xbb\x05\x03\x35\xb5\x6a\x20\xe6\x52\xc1\xd3\x6f\xf7\x4b\x8e\xf2\xf5\x95\x78\x59\x4c\xd9\x73\xb7\x94\x30\x11\x0b\x3e\x94\x38\x35\x40\x62\x88\xf9\xa2\x0d\x0d\x64\x9d\xc5\x63\x0b\xc5\x07\x11\xfe\xd1\x06\xf3\x25\xbe\x5f\xce\x20\xff\x76\x72\xdf\xdb\xe1\x4d\xf6\x6d\x40\xc4\x30\x37\x8b\x7d\x88\x5c\x3e\x7f\x11\x5b\x49\xc8\x4d\x26\xc4\xb3\x09\xe1\x3a\xf4\xfd\x2b\x45\x56\xa9\x64\x2c\x48\xf8\xa8\x1b\x64\xd5\xdd\x60\x0f\x4b\x29\xaa\x2a\xd3\xa8\xdf\x28\xa8\x4b\x05\x60\x70\x00\x5e\xb7\x37\x86\x05\x83\xdf\xc8\xda\x5e\x31\x44\xf0\xef\x29\x58\x0d\x19\x40\x79\x8a\x61\x24\xef\xe2\xd1\x80\xc8\x11\xda\x06\xed\xa2\x54\x81\x65\xa2\xa8\x2e\xa0\x18\xd8\xc0\x7a\x96\x7c\x06\x3b\x17\x9b\xa9\x71\xc0\x9c\xe7\xc1\x9b\xa9\x6e\xa3\x4c\x67\x6e\x14\x0c\xf0\x6a\xbd\x6d\xc6\xce\x75\x54\x6e\x42\xe7\x1b\xbb\x9e\xee\xf1\x54\x75\x88\xd9\xd9\x28\xaa\x6e\xe2\x21\xeb\x72\x0d\x8a\x07\x33\x98\x32\x6c\xfc\xb6\x16\xe3\x4e\x1d\xee\x6f\xc8\x8c\x29\xdd\xfb\x4e\x9c\xc5\x7e\x89\xd3\x3f\xa4\xf9\xff\xfe\x48\xef\xbb\xe7\xc2\x47\xf8\x25\xcc\x24\xf3\x0d\xf2\xba\x35\xd7\xaa\x2c\xed\xb5\x3d\xbd\xc0\xd8\x8a\x1c\x68\x19\x7f\x1f\x5f\xba\x83\xec\x21\x18\x92\xd9\x34\xe8\x03\xdb\x21\x26\xb6\x67\xd0\xf0\xfb\xe2\x3b\xb6\x5e\x76\x55\x49\xee\x5b\xc1\x98\x45\x87\x07\xe4\xcc\x82\x6c\xaa\x4c\x40\xf9\xda\x06\x64\xf9\xa1\xf7\xf4\xe7\xf8\x63\x60\x12\xca\x46\xa3\xbb\xf5\x45\xd6\xb8\xa7\xe5\x7b\x8c\x43\x2c\x3a\xa5\x06\x5e\x78\x98\x3a\x8a\xdd\x9e\x14\x85\xa6\xfd\xd4\x05\x54\x49\x0c\x29\xdc\xa6\xdd\xfa\x0f\x98\x03\xa6\x21\xb4\x38\xc1\x68\xd1\x86\x4b\xd0\x21\x34\x8e\x22\xe6\xa6\x52\x13\x7d\xd7\xfd\x0a\xa8\x54\xb0\x03\x7c\xc2\x99\x77\x4f\xe6\xea\x3e\x76\xe2\xb5\xe8\x88\xd9\x40\x71\x44\x11\x59\x25\x60\x37\xbf\x35\x8f\x94\x1d\x69\xfe\x24\x1b\xeb\x1e\xca\x95\x1a\x60\x4d\x37\x68\xab\x88\xcc\x18\x23\xb3\xb4\x5b\x4c\x3e\xd1\xc7\x5a\xde\x61\x70\xe5\x88\x02\x74\xbe\xb7\xd5\xdf\x0d\x4f\x7f\xff\x8c\x00\xdf\xc2\xa4\x93\x25\xc6\x1d\xc8\xb5\x00\x84\x49\x40\x0d\x78\x4a\x66\x08\x9f\xe5\xae\x1c\x4f\x47\x82\x67\x87\x68\x28\x32\xc8\xc5\x7b\x74\xe1\x5c\xfc\x63\xad\x03\x05\x6e\xe0\xb8\xc2\x2e\xf8\x92\xa3\x42\x9b\xb1\x24\xcf\x0a\x22\x4c\x03\x6c\x7c\x59\xe3\xa3\x90\x8c\xa4\x9b\x72\x08\x9e\xf8\x15\x53\x3f\xaa\x1a\xaf\x78\xec\x5a\xb8\xa9\x8e\x56\xbd\xd8\xb4\xe2\x57\x97\x35\xbe\xb2\x7b\xe0\xf1\x8c\xae\x83\xc4\xb8\x54\xe1\x17\x9d\x9f\x32\x7d\x81\xbd\x03\x52\x72\xa1\x24\x71\xd6\xe7\x28\xfb\x87\xee\xb2\xd8\xa1\x12\xa2\x70\x4c\xa6\x4d\x5b\x00\x44\xd9\x26\x22\x94\xe6\x13\x7b\xff\xd6\xf9\xc2\x31\x37\x92\x46\x61\xef\x10\x27\x44\xcb\x5a\x0e\xf9\xd5\xea\xa3\x78\x9c\x93\x4c\x5e\xa1\x23\x7f\xe0\x71\xd6\xee\x06\x4d\x2c\x3c\xdc\x62\x17\xc1\xba\x0b\xde\x93\xb0\x6e\xe6\x98\x99\xe7\xee\xb8\x50\xe5\x83\xcb\x23\xc9\x07\x22\xd0\x02\xf2\x34\x79\x53\x31\x34\xe1\xab\xb6\xa6\xe6\x20\x13\x57\xc8\xce\x82\x90\x6b\x81\xa9\xff\x0d\x5b\x54\x47\x26\x4a\x39\x18\x18\x16\x64\x21\x3e\x7e\x8d\x95\x30\x11\xc6\xed\xa2\xf6\x83\xc2\xff\x85\xf6\x68\xa5\x6f\x3a\x07\x0a\xbc\xea\xe9\x72\x74\x1c\x6e\x0c\x65\x13\xd3\x5e\xc8\x66\x5e\x11\x06\x94\x83\x4e\x1e\x2b\xe2\xf6\x79\x0f\xab\x65\xfd\x5b\x1b\xe7\xd0\xb1\xc0\xb4\x0a\xf1\x9c\x03\xcc\x29\x10\x56\xd3\xe0\x9d\x3b\xee\x77\xd9\x02\x9e\xc4\x9e\xae\xdf\xa0\x54\xa9\xef\x94\x3c\x12\xe5\xe8\x19\x92\xe4\x16\x12\xb6\xc1\xd9\x42\x28\x58\xf7\xff\xcf\x8b\xb7\x2e\xa6\x8c\xe9\x69\xc8\xc8\x83\xf4\xd8\x22\x5a\x3c\xda\x94\x01\x63\x48\xdf\xe7\x7a\x8a\x03\x32\x74\xc9\x5f\x2e\x0e\x7b\x1e\x4c\x51\xe1\x32\xdc\x65\x39\x64\xb1\x06\x54\xfc\xa8\x4b\x72\x9f\x6c\x60\x91\xce\xeb\x42\x7f\x14\x7f\xfc\x94\x20\x94\x2b\x82\x7e\xf7\x87\xee\xf9\x17\xe3\xe3\x6c\x70\x2f\xe4\x19\x56\x19\x22\xeb\xba\x7e\x68\x7a\x81\xe9\x5b\x2d\xce\x35\x2f\x20\x8b\x51\x73\x68\x97\x75\x88\x14\xff\x99\xd5\x2a\x60\x31\xaf\x9f\x92\xb3\x44\xc0\x2e\x9a\x2d\x65\x57\x1f\x8d\x8a\x74\x4b\x91\x3a\xdf\xe2\xa0\x49\x48\xe3\xde\xed\x0f\xaa\xde\xc6\x48\xc8\xed\x21\x38\xac\xc0\x24\xd8\xf1\x4c\xec\x7e\x8c\xf0\x03\x58\x5f\x2f\x7f\x06\x50\xfd\xe1\x60\xa8\x91\x33\x73\x15\xbe\xf6\x11\x74\xb9\x42\x24\xae\x49\x68\xd2\x2f\xbf\x28\x42\x54\xe4\x34\x13\x19\x4f\x4b\xc1\x4d\x84\xe2\xba\xf5\x91\xc6\x24\x20\xeb\xce\xff\x8a\x22\x45\xb2\xa4\xd5\xf3\xbc\x7d\x0b\x28\x5f\x9c\x26\x07\xd3\x34\x0b\x9c\xbc\x90\xab\x7b\xee\x1b\xbe\xd9\x25\xdc\xbb\xce\x61\x44\x70\xa3\x0a\x49\x48\xc4\xbb\x90\xfc\xb6\x52\x20\xeb\xed\xb1\x68\xaf\x88\x51\x04\x21\x9b\xe8\x5c\xd7\x4a\xb9\xf5\x20\x06\x40\xd9\xce\x29\x37\xb9\xa3\x62\xb1\x7d\x4b\x6f\x41\xea\xee\x12\x08\x90\x6c\x23\x88\x62\xdc\xbf\x42\x1e\xb3\x90\x62\x4f\x01\xf2\x2b\x65\x3d\x8e\xda\xa3\xf0\xd8\x1a\xaf\xff\xe5\x37\x4a\x46\xf2\x27\xdf\xff\xe7\xa0\xea\xe7\x23\xc3\x3b\x6a\xb4\x1b\xef\xae\xfb\x6d\x62\x9f\x25\xad\x38\xc6\xf4\x87\x95\x80\x03\x4c\x57\x8d\xfd\x1c\xe9\x1b\x3f\xd2\xff\xa8\x78\xa9\x92\x32\x4a\xd1\x18\x1f\x1a\xe0\x4a\x16\x20\xad\x3a\xd5\x38\x21\xec\x57\x9f\xb2\x9e\xcc\x53\xab\x1d\x35\x01\x11\x33\xd7\xb5\x97\x15\xc2\x28\xec\x45\xd1\x66\x2c\x87\xed\x02\x87\x86\x2f\xfb\x49\x8c\xbd\x04\x10\xa3\x91\xf1\x42\x48\x9f\xe6\xe3\x69\xe3\x52\x6b\x39\xe0\x5c\x13\xc3\x57\x4b\x11\x52\x34\x1a\x23\x7e\xed\x90\x2e\xbf\x49\xb4\xb2\x54\x87\x95\xe4\x18\xc1\xe5\x7e\x01\x10\x61\x29\x8d\x3a\x9d\xbc\xf2\xc2\xca\xcc\xad\x01\x3d\x03\x12\x32\x08\xad\xdd\xbe\x99\xe9\xf5\x23\xdd\x03\x79\xdd\x53\x7a\x93\x50\x8b\x9a\xa2\x9d\x1e\x7f\x28\x6a\xa9\x98\x3e\xb5\xb5\x9c\xca\xec\xff\xc3\x14\x66\xf7\xf1\x3e\xf3\x20\xef\xa0\xc2\xfe\x39\x3b\x5a\x0f\xb2\x5e\x86\x7f\x79\x51\xa6\xe2\x56\x56\xd7\xe9\x90\x5b\xc0\x0c\x85\x5a\xd0\xf4\xb9\xc5\x5b\x33\xd9\x9f\xa1\x35\x88\x48\xc0\x37\xe6\xff\x9c\x76\x52\x37\x64\xfe\xbd\x6d\x8e\xc8\x3f\x70\x33\x8e\x7f\xf7\x28\xa5\x2c\x66\x1b\x2b\x02\x82\x38\x1d\x2c\x16\x92\x67\xb1\x1d\x4d\xc3\x83\xe6\x2a\xe6\x46\xd1\xcf\x93\x23\xb2\xd0\xcf\x3c\x56\x1f\x81\xc7\xd2\xb0\x87\x3d\x96\xba\x97\x24\x7c\xc4\x7e\x22\x2e\x22\x6a\x6d\x15\x1f\x11\xf2\xf5\x0b\x76\x7b\xac\x93\xa9\xdc\xf1\x71\x1a\xc4\x5b\x1c\x52\x8f\xa9\xa9\x44\x2f\x29\x58\x21\x8a\x02\x1f\x33\x05\xec\x03\x7d\x59\x00\x19\xdd\x4d\x83\xd3\x44\x16\x28\xe4\xad\x6a\x6c\x59\x50\x62\xc0\xa7\x82\x2d\x09\x05\x27\x83\x37\x86\xd5\xe8\xf3\x10\x02\x21\x26\x61\xf5\x00\x06\x54\x9d\xd1\xd3\xb4\x62\x45\x6e\xf1\x26\x81\x40\x73\xc0\x6b\x96\xe7\x84\x06\xb6\xd4\x49\x4d\x88\x7f\xe7\xc7\x94\xb7\x53\x99\xc2\xc1\x3f\xfb\x56\xf2\x91\xbd\x4a\x7d\x36\x15\x5d\xe7\xe0\x1f\xa3\x5b\x7b\xec\x8b\xca\xcd\x43\xc8\xbb\x6c\xa6\xf0\x9a\x15\x00\x3b\xb8\x28\x7c\xe6\x8e\x1c\xab\x70\x2c\xc3\x09\xc7\xbe\xbb\x06\x99\xab\x4d\xa8\x54\x48\xda\x0d\xb0\x34\x05\x94\xa8\xe2\xe7\xac\x83\xa3\x2d\x3e\x71\x87\xc8\xd4\x5d\x85\xb9\xfb\xa5\xa2\x99\x37\x14\x3d\x7b\x01\x17\x21\xf5\x15\xa4\x94\x5b\xbe\xfb\xe5\x54\xda\x5d\x3c\x7c\xb5\xf1\x27\xfc\x13\x79\x3f\x37\x32\xc9\x0a\x4a\x58\xea\xec\x22\xa9\x3e\xd0\x4e\x82\xe8\x34\x7c\x70\x73\x26\x43\x67\x75\xda\x4d\xf8\xad\xd3\x9f\xe4\x6f\xd4\xdc\x4f\xf6\x59\x20\x98\x45\x4e\xb8\x2b\x14\xa0\xd9\x77\xe7\xd8\xf0\x61\x0c\xc0\xf2\x51\xc7\xdf\x75\xfb\x6e\x9e\x64\x54\x5b\x28\x28\xa1\x5e\x18\x94\xd9\x58\x6c\xd6\xc8\x8f\x82\xd4\x69\xc6\x4d\x48\xb8\xcc\x38\x83\xe8\x1f\x01\x72\xd0\x89\xe8\x57\x7e\x4b\xde\x2b\x5d\x59\xe7\xb9\xc8\x35\xa7\x97\x80\x81\xdc\x00\x9c\x18\x67\xc7\xb2\x02\xe5\x54\xbb\xf4\xfe\x8c\xbc\x03\x3b\xd3\x2c\x75\xf1\x2d\xeb\x3d\x65\x33\xf4\xa8\x7e\xfd\x2f\x03\x1e\x86\x7b\x65\x89\xd1\x70\x97\x61\x20\xfa\x40\xcf\x08\x71\x5d\x56\x86\xe7\x19\xdb\x2b\x04\xfc\x95\xc8\x87\x71\x78\x58\x54\xbe\x7f\xdf\xd7\x8e\xb1\xa9\xbe\x03\x5f\x6f\x67\x4f\x9f\xa5\x08\xaa\x90\xda\x71\xd5\xba\xfd\xb4\x45\xd7\x7e\x7f\xe3\x8d\x24\x62\x5d\x42\xa2\xe0\x03\xbb\x3d\x15\x3e\xe1\xe1\x3a\xf3\x2a\xda\x0c\xf2\x08\xfa\x2f\x94\x45\x19\x1d\x55\x8e\x61\xe8\xbd\xe4\xcd\xbb\x79\x0f\x43\xbb\x96\x28\x51\x66\xfd\xe2\xa5\xac\x6a\x1d\xeb\x58\xc0\xb0\x0b\xea\x38\x81\x98\xd4\x9c\x4f\x5f\xe8\x2a\xe9\xd6\x1f\x52\x10\xa7\x25\x7d\x22\xd7\x76\xe7\x7f\xa6\x15\x45\xea\xaf\x37\x0f\x36\xc2\x8c\x75\x08\x24\x1d\x32\x71\x5f\x7e\xc2\x84\x8c\xac\x7f\x2d\x4d\xf1\x8a\x51\x2a\x32\x26\xdf\xe9\x7c\x59\x51\xd3\x13\xfc\x09\x59\x9f\xd2\x1b\xb2\x90\x02\x41\x48\x3a\x12\xff\xc5\x75\x98\xe4\xf0\x9c\xb8\x5a\xe6\x96\x2f\x27\x57\x05\x0d\xe6\xec\xce\xf0\x34\xaf\x3a\x84\xf2\x50\xcb\xf0\xea\x64\x9a\x7a\x87\xb2\x90\x1d\x4c\x6b\x3e\xa9\x32\x25\xfc\x2c\xec\x0b\x6c\x98\x04\xe4\xed\xa0\x02\xa3\xd2\x4d\xa0\xa5\x5e\x6d\x9a\x0a\xd1\x80\x72\x21\xba\xde\x6d\xa8\xe8\x4c\x86\xe3\x22\xf7\xb3\xe1\xe0\x87\x51\x5a\xef\xa1\x1d\xe3\xe1\x98\xb8\x18\x7b\x1a\xdb\x90\x4a\x53\x61\x59\x0b\x90\x91\x5b\x73\xeb\x96\x34\x2b\x1e\xd9\xe3\x4c\x5b\xb6\x8f\x81\x39\x6b\xe9\x4b\x31\xdf\x13\x6a\x65\x86\x8d\x79\x6c\x76\x22\xdd\x8e\x7f\x78\xce\x81\xd7\xdb\x24\x16\x3a\xd7\x84\xd4\x81\x5f\xf8\x17\xbf\x88\x11\xd1\x29\x3c\x7e\x88\xfe\x4d\x78\x21\x78\x31\x91\xe0\x3b\x56\x82\xae\x7c\x0d\xad\xd4\xa9\x27\x24\xaa\xfc\xe0\x24\xae\x0a\xcc\x8e\x39\xcd\x3e\xaf\x4e\xde\x02\x49\x07\xe5\x09\x77\x22\x8d\xf4\xd3\xa6\xa4\x28\x88\x6f\xb2\x4f\x9a\xa1\x53\x66\xbc\xae\x6e\xbb\x17\x51\x40\x2b\x9f\x34\xa3\x85\x40\xc0\x92\x93\x04\x7f\xe9\x43\x73\xc1\x7a\x9c\xcc\xff\x1a\x1d\xe3\x22\xef\xc3\xfe\x33\x48\x01\xaa\x76\x44\x4d\xd0\xd4\xc0\x17\xfe\xb9\xd4\x53\xeb\x35\xf2\x1e\xfe\x33\x2e\xd9\xae\x75\x57\x1c\xa5\x77\x8e\xb4\xb6\x9d\x94\xf7\x69\xdb\xf0\x8c\xaf\xa0\x7a\x7f\x42\xf1\x2f\x8f\x2a\x9e\x3e\xb6\x97\x6e\x01\x62\xc3\xf2\x34\x51\xd9\x74\xc8\x7f\x60\x63\xbd\x31\xdb\x13\x85\x81\x1b\x55\x4c\x85\x50\xba\x51\x30\xf8\x8d\x79\x7a\x8b\xab\x3e\x01\xb2\x1e\x5f\xeb\xd2\xb0\xf6\x6e\x8f\x58\x42\xc1\x04\x10\x74\x28\x42\x3a\x8c\x8d\x39\x4c\x5e\x19\xea\x71\x75\x87\xa9\x2f\xe0\x70\xe5\xb4\x9e\xc4\xaf\x4b\xc6\x32\xe2\xf3\xe8\x0f\xa6\x51\x16\xf3\x8e\x12\xd8\xa2\x18\xf4\xf2\x36\x10\x5e\x39\x08\x02\xb3\xf9\x92\x16\x50\xba\x41\x81\x77\xf8\x33\x26\x18\x61\xab\xee\xbf\xae\xc3\x19\x89\x49\x2f\x7f\x02\xd1\xb0\x62\x16\x9d\x3b\xee\x9a\xa3\x99\xd3\xdf\xa9\xf9\x8d\x48\x29\xe9\x8f\xe7\x67\x23\x6f\x5d\xd9\x81\x09\x43\x9d\x31\x99\x9c\x03\x51\x9e\xa3\x8d\xe2\x5b\x3f\xe3\x8b\x42\x0f\xbe\x45\x52\xe9\xad\xed\xb3\x07\xfd\xff\xc9\x8e\xa4\x58\x6d\x60\xee\x31\x33\x28\xc5\xb6\xc3\xff\x50\x4e\xbe\xd2\x8f\x56\x69\x80\x16\xdd\x79\x6b\x9b\x9e\x85\x0d\x79\x18\xd8\xb8", 4096); *(uint32_t*)0x10001584 = 0x1000; *(uint32_t*)0x100015cc = 1; syscall(SYS_sendfile, (intptr_t)r[0], 0xffffff9c, 8, 0x800ull, 0x100015c0, 0x10001600, 9); break; case 5: memcpy((void*)0x10001640, "\x6c\x81\x1b\xa5\x2c\x13\x9b\x40\xdc\x56\x80\xcb\x02\x75\xfd\xd4\x40\x46\x8e\x4d\xae\x07\xc7\x45\xba\x75\x8c\xb2\x66\x74\x2f\x46\x8f\xc4\x2d\xa0\x66\x9f\x60\x61\xcb\x2c\x9f\x92\x1e\x95\x34\x51\xb3\x13\x5e\x01\x74\xfe\x8e\xb1\xae\xbb\x2c\x3e\xb8\xa7\xfb\x3f\xc8\xde\xa1\x8e\x65\x2d\x01\xe7\x18\x4c\xa6\x5d\xce\x04\xf4\x67\x9a\xfe\xd2\x76\x6b\x06\x73\x49\xde\x7a\x5e\xf6\x0b\x58\x69\x92\x91\x9a\x20\x38\x2c\x0a\x1f\x20\xaf\x0c\x9c\x7f\xac\x61\xcf\x18\x38\x3e\x36\xfe\x56\x50\x2f\x5f\x26\xb8", 122); syscall(SYS_ioctl, -1, 0xc0104453, 0x10001640); break; case 6: res = syscall(SYS_freebsd10_pipe, 0x100016c0); if (res != -1) { r[1] = *(uint32_t*)0x100016c0; r[2] = *(uint32_t*)0x100016c4; } break; case 7: *(uint8_t*)0x10001700 = 0x10; *(uint8_t*)0x10001701 = 2; *(uint16_t*)0x10001702 = htobe16(0x4e23 + procid*4); *(uint32_t*)0x10001704 = htobe32(7); *(uint8_t*)0x10001708 = 0; *(uint8_t*)0x10001709 = 0; *(uint8_t*)0x1000170a = 0; *(uint8_t*)0x1000170b = 0; *(uint8_t*)0x1000170c = 0; *(uint8_t*)0x1000170d = 0; *(uint8_t*)0x1000170e = 0; *(uint8_t*)0x1000170f = 0; *(uint32_t*)0x10001740 = 0x10; syscall(SYS_setsockopt, (intptr_t)r[2], 0x84, 0x8002, 0x10001700, 0x10001740); break; case 8: *(uint32_t*)0x100017c0 = 4; syscall(SYS_getsockopt, -1, 0x84, 0x20, 0x10001780, 0x100017c0); break; case 9: *(uint32_t*)0x10001800 = 8; *(uint16_t*)0x10001804 = 0x1000; *(uint16_t*)0x10001806 = 0; *(uint16_t*)0x10001808 = 0x8000; *(uint16_t*)0x1000180a = 0x200; *(uint16_t*)0x1000180c = 0x4000; *(uint16_t*)0x1000180e = 0; *(uint16_t*)0x10001810 = 1; *(uint16_t*)0x10001812 = 0; *(uint32_t*)0x10001840 = 0x14; syscall(SYS_getsockopt, (intptr_t)r[1], 0x84, 0x14, 0x10001800, 0x10001840); break; case 10: memcpy((void*)0x10000000, "\xc9\x0c\x8a\x7c\x33\x7f", 6); *(uint8_t*)0x10000006 = 0xaa; *(uint8_t*)0x10000007 = 0xaa; *(uint8_t*)0x10000008 = 0xaa; *(uint8_t*)0x10000009 = 0xaa; *(uint8_t*)0x1000000a = 0xaa; *(uint8_t*)0x1000000b = 0xaa; *(uint16_t*)0x1000000c = htobe16(0x8100); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 0, 3); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 3, 1); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 4, 12); *(uint16_t*)0x10000010 = htobe16(0x800); STORE_BY_BITMASK(uint8_t, , 0x10000012, 0x1c, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x10000012, 4, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x10000013, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x10000013, 0, 2, 6); *(uint16_t*)0x10000014 = htobe16(0x81); *(uint16_t*)0x10000016 = htobe16(0x65); *(uint16_t*)0x10000018 = htobe16(5); *(uint8_t*)0x1000001a = 1; *(uint8_t*)0x1000001b = 0x46; *(uint16_t*)0x1000001c = htobe16(0); *(uint32_t*)0x1000001e = htobe32(-1); *(uint8_t*)0x10000022 = 0xac; *(uint8_t*)0x10000023 = 0x14; *(uint8_t*)0x10000024 = 0 + procid*1; *(uint8_t*)0x10000025 = 0xbb; *(uint8_t*)0x10000026 = 0; *(uint8_t*)0x10000027 = 0x44; *(uint8_t*)0x10000028 = 0xc; *(uint8_t*)0x10000029 = 5; STORE_BY_BITMASK(uint8_t, , 0x1000002a, 0, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x1000002a, 3, 4, 4); *(uint32_t*)0x1000002b = htobe32(9); *(uint32_t*)0x1000002f = htobe32(4); *(uint8_t*)0x10000033 = 0x83; *(uint8_t*)0x10000034 = 0xb; *(uint8_t*)0x10000035 = 6; *(uint32_t*)0x10000036 = htobe32(0xe0000001); *(uint32_t*)0x1000003a = htobe32(-1); *(uint8_t*)0x1000003e = 0; *(uint8_t*)0x1000003f = 4; memcpy((void*)0x10000040, "\xa4\xd4", 2); *(uint8_t*)0x10000042 = 0x89; *(uint8_t*)0x10000043 = 0x13; *(uint8_t*)0x10000044 = 4; *(uint8_t*)0x10000045 = 0xac; *(uint8_t*)0x10000046 = 0x14; *(uint8_t*)0x10000047 = 0 + procid*1; *(uint8_t*)0x10000048 = 0xbb; *(uint32_t*)0x10000049 = htobe32(-1); *(uint8_t*)0x1000004d = 0xac; *(uint8_t*)0x1000004e = 0x14; *(uint8_t*)0x1000004f = 0 + procid*1; *(uint8_t*)0x10000050 = 0xbb; *(uint32_t*)0x10000051 = htobe32(0); *(uint8_t*)0x10000055 = 0x94; *(uint8_t*)0x10000056 = 6; *(uint32_t*)0x10000057 = htobe32(9); *(uint8_t*)0x1000005b = 0x94; *(uint8_t*)0x1000005c = 6; *(uint32_t*)0x1000005d = htobe32(0x80000001); *(uint8_t*)0x10000061 = 1; *(uint8_t*)0x10000062 = 0x83; *(uint8_t*)0x10000063 = 0x1f; *(uint8_t*)0x10000064 = 2; *(uint32_t*)0x10000065 = htobe32(0xe0000002); *(uint32_t*)0x10000069 = htobe32(0xe0000001); *(uint32_t*)0x1000006d = htobe32(0x7f000001); *(uint32_t*)0x10000071 = htobe32(0); *(uint32_t*)0x10000075 = htobe32(0x7f000001); *(uint32_t*)0x10000079 = htobe32(0x7f000001); *(uint32_t*)0x1000007d = htobe32(0xe0000001); memcpy((void*)0x10000082, "\x8d\x86\x2d\x09\x9b\x6b\xb2\xba\x6a\xea\xa6\xab\xd3\xe9\xd5\x82\xc9", 17); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x10000012, 112); *(uint16_t*)0x1000001c = csum_inet_digest(&csum_1); break; case 11: memcpy((void*)0x100000c0, "\xc4\xe1\xf5\xf3\x7b\x05\xc4\xc2\xf5\x47\x52\x5a\x80\x8f\x4e\x00\x00\x00\x00\x66\x0f\x38\x1d\xbc\x60\x07\x00\x00\x00\xc4\xe2\xad\x91\x74\xae\x7e\x81\xfe\x00\x00\x00\x00\x8f\xe9\xa0\x99\xd8\xe4\xff\xc4\xc1\x93\x5c\x17\xc4\xc3\xe1\x41\xae\x2f\x10\x9d\xc2\xd8", 64); syz_execute_func(0x100000c0); break; case 12: break; } } int main(void) { syscall(SYS_mmap, 0x10000000, 0x1000000, 7, 0x1012, -1, 0); for (procid = 0; procid < 2; procid++) { if (fork() == 0) { use_temporary_dir(); do_sandbox_none(); } } sleep(1000000); return 0; } :372:17: error: use of undeclared identifier 'SYS_shm_open2' res = syscall(SYS_shm_open2, 0x10000240, 0x800, 0, 7, 0x10000280); ^ 1 error generated. compiler invocation: clang [-o /tmp/syz-executor346413910 -DGOOS_freebsd=1 -DGOARCH_386=1 -DHOSTGOOS_freebsd=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static -lc++ -Wno-overflow] --- FAIL: TestGenerate/freebsd/386/4 (1.56s) csource_test.go:123: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:10 Procs:0 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: setsockopt$inet_opts(0xffffffffffffff9c, 0x0, 0x0, &(0x7f0000000000)="ec04a904b9d2ea02fab2df1d9de39f3f5aa2344397e186204d39d74da156e7c6cd98195b7b83c652b06b6222bdef3363961bf47e9b530fbf65bae3607b60941e2715bd678fcebc5524bcefd3184d", 0x4e) ioctl$DIOCSETIFFLAG(0xffffffffffffffff, 0xc0284459, &(0x7f0000000180)={0x10, &(0x7f0000000080)="de11c2a774191d70f51e7c3e375c2814ac72c2d5d0404a2e3d5baf92161f3b451efe9c4c79d7660668f6073e2f76c5f2145195e8c1a4ec34b6f69c1b582768207b28a979f05adc14a3357fe7c493fc81a9177524631bb209be637f8695747fa7cf1c68ac691f169c1b8fb67d7a3776ddfc620ffbe6831f74d2f2d089a4ffecf510a99702258c58ea9e871d4f4ab9a347aabdbb03585b37b5c79436c0c1160a5876b61bbf0c814bb49a27a36082df13cb2f9de2f942b6ac7e158880cfc03cfdccca9fc0f2347eb543a343b4c92707fe736a86a35d58e26f6fd2e9ec8f82", 0x7, 0x5a764000, 0x6}) recvfrom$inet6(0xffffffffffffff9c, &(0x7f00000001c0)=""/23, 0x17, 0x2, &(0x7f0000000200)={0x1c, 0x1c, 0x3, 0x6, @loopback, 0x2d99}, 0x1c) r0 = shm_open2(&(0x7f0000000240)='./file0\x00', 0x800, 0x0, 0x7, &(0x7f0000000280)='\x00') sendfile(r0, 0xffffffffffffff9c, 0x8, 0x800, &(0x7f00000015c0)={&(0x7f0000000540)=[{&(0x7f00000002c0)="efacade58ab0192351a102ada32ad1f41e429edf6c4a513ac6d669cadb222eb68297ab8f9f7b3234d0c6cfa280ad14dc1c4c34175119446d79a030d48b57304eb90b428c202382d86cd71e9c1ecc8d3e2d764aae3714cb591eb027e46943e23eb7656875867e603cf13892a74c42bb1844c27f7f454f9661f1dbb35004ada4d6d75b1df342e967493d207d6b8b4edcbf9d1e378445573684ed139b671abf6576edf8d7342cd8649d376970acbde224a7b0b6a975a8ba0a768ed6abe16c1b694f65dd4231f48c2884", 0xc8}, {&(0x7f00000003c0)="a6e4fe186c760ac2ebbcf9efda5e22e2df6f153fccda1c16976037d03ee004c3fbba5d35b6c083130fc705f95889ba6adbe5e3a7a5e70136a0ca085b7e504d0df55fe184a9bd7a82", 0x48}, {&(0x7f0000000440)="c7e00030b3c4541743ee6513", 0xc}, {&(0x7f0000000480)="a4a67a4e72492b9fab6379e4c0f35b22b69b6e7aefc56beefa857ae28543", 0x1e}, {&(0x7f00000004c0)="8f095f8df1c6bc4dfc1d826f02dfa7794bebf9e7ffc7160f276a53d1abc996fca8c8dbc7c79c09cd5f954775c9e8fc1cf2e0e3c054fb54b662d1b45f5235fdbf860c3fed3dc34ceb30c44baa4ded7de7e9533f4dca146db0db35a93ba654d49011d9cb98d1576b731b9c2bb58c0df4edee6ef5ae1f8b6bc9646f5b4ade4dd52a", 0x80}], 0x5, &(0x7f0000001580)=[{&(0x7f0000000580)="8edaafd215ce7b65c301b4c92651648d0898187ccdb01a4d76b5e301ed4dc9a8863dc7f7ae3bad050227e374a16898e6004c8414847ad74972edac24dc8af73efdef3cfa98e46ff109f6639f4f1417146e2a2c1834c974f3e464ef4b9c88085227ad382c926de3191e689632fad2e80be97123084f70ff095d026a80f01d73752db200c3609bc6e8bbc9187cb85a6519bafc4f15ecca30558d8fc19c9c8cfb94a2f1e70345adf2b01814e7376e9f4492a3bf3883e22df30568632f51c3a6b363d5a968937e1ee977a34f412d00ad70c1c91a7c39ead08d366e10ffc0552b5deae8e1fbee08abf3eade68a0ea2f89f27c3b9a4eb1d202932a128b552adfa688556cce27e1a831daca249c6c8c8af9f50e793b7f86a971eb6ea8ac68fe0646ced0185775d71aece79e93cdeb67ee01e931c345a23ee4a612e131da8b80ac0ad845a4e2712cc43b244df22df822b2b336d8ab18588b607526a1e5951fe7393d5cbef86c42988f3e8b5fb0de54c9aabe6ae7c13cec0506ae837b795539d412fe96e4c546a7d9c9d2830ed163fbc20aab884f5b1159a6ab62d266b2c32597cc06685b789b80f8d2664c87f09956a29dcd3fc0e9ba35d668590e0dcfbcbb6185e1e870324f22b167a2204e271eff9dcbb36c1f52cf2fe376046126cd24de4b8d8e9e367e17179abb59d26cdee75ceab93d2b2400f7086542d957bc80da1069c5f7518e8608fae3f948cb7c272f7e360da0fb84aa2330f996088310c7e42379cc7837b85a646c44d153bed8eb8f95bc3d5411e33ec832ab8156923c7324dfc43386d3419d36603f699a321fd61fc9f9765a2a64b16d47e0870e1971231dc616647028c4b35bea6e59dbdbe9a29a5f46389ecb655711e90f49a98c021493df41177466f02589339a40b3b486a25ccada3caae496314a5a2b54a11cf6fb7e87d84d01ea853e970cf18a1b53db5d156375abe41ad686a4b4b4c2475a31ecdfe5f22ba51f666d22e6c7434c722c7565eeb5346eecd1e25557722166ac7e50929fefbb3f2999d152938f7f3cec1defe5a097a5f3a75932ce2c0364ecaf5ffba084f976b5d1ce16e8fb4d12348a6fd167117f080a89f54ebe8bdc10ed4d34df568042ddc103d02d13b6af17807f2760091123263c3a00d2d69e57145f8a2de9eb50ebe89a3efac53ab73a57744070a5140e0e4e25030edbebe83341fdc545ab2b4aa8a0feb09632d84ef01162d93d0d8fa9510f597ea20032e194df444a83960b99658d076fe3bccde903fb30471fd000fbcd4201a62936c7c718405394e6612ddd77e415ef8879a2761f6678ee0e23f4a1398c83da959e97236c67b0bc39717dfd9cb308a21343c83d43f24ea70a1040a98fb1958de1a35a27ed76c7c7ec82ae3a01b3ca53b118892f2045a5747de14c54a99b438e85ab2af93ef151a39ee0157c6c9d0e4e1ff5b3c6ff6ab0739ff9524221c6b675bb884bbe64a62141592c8cc99760f17abc44706ff37e313c7553dff34cf649e056a05cf62cb379a64c4b3e549eb1c572b917ea715ab1e7cc691545d5092813bf3ef2cd9ff914af31c14bb57dd406a0b48916d5cee27b0d79ec74296257489c835bba62d2e4f89573a121300876ca4611d8066d76b3e79e1d36132cc8d6b99eebaeacef786a598d6dbb43afc42e5415424360970731b273736b062a2753d10f7aa0f6c082fe2d80ea112bea0a05a9b5488ef189057c48429a5ed4d0c3363b7e6dfa252cd886ec7f51bc9eef81c1031786b26bd6f468a02b4d6a494d8876ab986084fc73b584c1619b70fc6825a2ab85c9cd1db81c835a452c01b4438a2851b8e4d5c4a9678946c4e25f7fdf456dc7e61de3dd6f1302b0194db7be1b41fd064cc35d119ce291592aaf8d07f2ceae8b20e3b1a933ec75699f969632ecd6fa91591ea58744edd5466046c809993f4cbffae1d527ed1bb22d9e1e02295d3586de90950247a1b1dfcfc9415942f46c3f194c6cb06e7011e96478bcd3aa33542eb20447e4afa5c48b1372cb07216318b071f898b0e8632ad0df9afe12cf52be135457241e2e49ca492f77b81e9650d2c85282a6ac7844b1946007bef7a0d53b1a5e285749c0d21de5c192c631696d36503daa612ac70e30d3b7349e21bc99bdc4c3a941bd7a33ef35bb3512ae9826c46d8c9a21da2773921bfdaf6fbf649da2b225861b676440258334167f9d7eb1e03d30f3cc279d01ec5ad7eecff29f296ef60355c8c13e045c8ac97805d066f81cf4c859fedbe741bc2737cea891d95c9c69f21aa58edca272dec60c3e77abaf597308e07913584e435786b9ff401a4cbb050335b56a20e652c1d36ff74b8ef2f59578594cd973b79430110b3e943835406288f9a20d0d649dc5630bc50711fed106f325be5fce20ff7672dfdbe14df66d40c430378b7d885c3e7f115b49c84d26c4b309e13af4fd2b4556a9642c48f8a81b64d5dd600f4b29aa2ad3a8df28a84b056070005eb737860583dfc8da5e3144f0ef29580d1940798a6124efe2d180c811da06eda2548165a2a82ea018d8c07a967c063b179ba971c09ce7c19ba96ea34c676e140cf06abd6dc6ce75546e42e71bbb9eeef1547588d9d928aa6ee221eb720d8a073398326cfcb616e34e1dee6fc88c29ddfb4e9cc57e89d33fa4f9fffe48efbbe7c247f825cc24f30df2ba35d7aa2cedb53dbdc0d88a1c68197f1f5fba83ec211892d934e803db2126b667d0f0fbe23bb65e765549ee5bc198458707e4cc826caa4c40f9da0664f9a1f7f4e7f8636012ca46a3bbf545d6b8a7e57b8c432c3aa5065e78983a8add9e1485a6fdd40554490c29dca6ddfa0f9803a621b438c168d1864bd021348e22e6a652137dd7fd0aa854b0037cc299774fe6ea3e76e2b5e888d94071441159256037bf358f941d69fe241beb1eca951a604d3768ab88cc1823b3b45b4c3ed1c75ade6170e5880274beb7d5df0d4f7fff8c00dfc2a49325c61dc8b5008449400d784a66089fe5ae1c4f47826787682832c8c57b74e15cfc63ad03056ee0b8c22ef892a3429bb124cf0a224c036c7c59e3a3908ca49b72089ef815533faa1aaf78ec5ab8a98e56bdd8b4e2579735beb27be0f18cae83c4b854e1179d9f327d81bd035272a12471d6e728fb87eeb2d8a112a2704ca64d5b0044d9262294e6137bffd6f9c23137924661ef102744cb5a0ef9d5eaa3789c934c5ea1237fe071d6ee064d2c3cdc6217c1ba0bde93b06ee69899e7eeb850e583cb23c90722d002f23479533134e1abb6a6e6201357c8ce82906b81a9ff0d5b5447264a3918181664213e7e8d953011c6eda2f683c2ff85f668a56f3a070abceae972741c6e0c6513d35ec8665e110694834e1e2be2f6790fab65fd5b1be7d0b1c0b40af19c03cc291056d3e09d3bee77d9029ec49eaedfa054a9ef943c12e5e81992e41612b6c1d9422858f7ffcf8bb72ea68ce969c8c883f4d8225a3cda94016348dfe77a8a033274c95f2e0e7b1e4c51e132dc653964b10654fca84b729f6c6091ceeb427f147ffc9420942b827ef787eef917e3e36c702fe419561922ebba7e687a81e95b2dce352f208b51736897758814ff99d52a6031af9f92b344c02e9a2d65571f8d8a744b913adfe2a04948e3deed0faadec648c8ed2138acc024d8f14cec7e8cf003585f2f7f0650fde160a891337315bef61174b94224ae4968d22fbf284254e43413194f4bc14d84e2baf591c62420ebceff8a2245b2a4d5f3bc7d0b285f9c2607d3340b9cbc90ab7bee1bbed925dcbbce614470a30a4948c4bb90fcb65220ebedb168af885104219be85cd74ab9f5200640d9ce2937b9a362b17d4b6f41eaee1208906c238862dcbf421eb390624f01f22b653d8edaa3f0d81aafffe5374a46f227dfffe7a0eae723c33b6ab41befaefb6d629f25ad38c6f4879580034c578dfd1ce91b3fd2ffa878a992324ad1181f1ae04a1620ad3ad53821ec579fb29ecc53ab1d35011133d7b59715c228ec45d1662c87ed0287862ffb498cbd0410a391f142489fe6e369e3526b39e05c13c3574b1152341a237eed902ebf49b4b2548795e418c1e57e011061298d3a9dbcf2c2caccad013d03123208adddbe99e9f523dd0379dd537a93508b9aa29d1e7f286aa9983eb5b59ccaecffc31466f7f13ef320efa0c2fe393b5a0fb25e867f7951a6e25656d7e9905bc00c855ad0f4b9c55b33d99fa1358848c037e6ff9c76523764febd6d8ec83f70338e7ff728a52c661b2b0282381d2c169267b11d4dc383e62ae646d1cf9323b2d0cf3c561f81c7d2b0873d96ba97247cc47e222e226a6d151f11f2f50b767bac93a9dcf1711ac45b1c528fa9a9442f2958218a021f3305ec037d590019dd4d83d3441628e4ad6a6c595062c0a7822d090527833786d5e8f31002212661f50006549dd1d3b462456ef126814073c06b96e78406b6d4494d887fe7c794b75399c2c13ffb56f291bd4a7d36155de7e01fa35b7bec8bcacd43c8bb6ca6f09a15003bb8287ce68e1cab702cc309c7bebb0699ab4da85448da0db0340594a8e2e7ac83a32d3e7187c8d45d85b9fba5a29937143d7b011721f515a4945bbefbe554da5d3c7cb5f127fc13793f3732c90a4a58eaec22a93ed04e82e8347c707326436775da4df8add39fe46fd4dc4ff6592098454eb82b14a0d977e7d8f0610cc0f251c7df75fb6e9e64545b2828a15e1894d9586cd6c88f82d469c64d48b8cc3883e81f0172d089e8577e4bde2b5d59e7b9c835a7978081dc009c1867c7b202e554bbf4fe8cbc033bd32c75f12deb3d6533f4a87efd2f031e867b6589d170976120fa40cf08715d5686e719db2b04fc95c88771785854be7fdfd78eb1a9be035f6f674f9fa508aa90da71d5bafdb445d77e7fe38d24625d42a2e003bb3d153ee1e13af32ada0cf208fa2f9445191d558e61e8bde4cdbb790f43bb96285166fde2a5ac6a1deb58c0b00bea388198d49c4f5fe82ae9d61f5210a7257d22d776e77fa61545eaaf370f36c28c7508241d32715f7ec2848cac7f2d4df18a512a3226dfe97c5951d313fc09599fd21bb2900241483a12ffc57598e4f09cb85ae6962f2757050de6eccef034af3a84f250cbf0ea649a7a87b2901d4c6b3ea93225fc2cec0b6c9804e4eda002a3d24da0a55e6d9a0ad1807221bade6da8e84c86e322f7b3e1e087515aefa11de3e198b8187b1adb904a5361590b90915b73eb96342b1ed9e34c5bb68f81396be94b31df136a65868d796c7622dd8e7f78ce81d7db24163ad784d4815ff817bf8811d1293c7e88fe4d7821783191e03b5682ae7c0dadd4a92724aafce024ae0acc8e39cd3eaf4ede024907e50977228df4d3a6a428886fb24f9aa15366bcae6ebb1751402b9f34a38540c09293047fe94373c17a9cccff1a1de322efc3fe334801aa76444dd0d4c017feb9d453eb35f21efe332ed9ae75571ca5778eb4b69d94f769dbf08cafa07a7f42f12f8f2a9e3eb6976e0162c3f23451d974c87f6063bd31db1385811b554c8550ba5130f88d797a8bab3e01b21e5febd2b0f66e8f5842c104107428423a8c8d394c5e19ea717587a92fe070e5b49ec4af4bc632e2f3e80fa65116f38e12d8a218f4f236105e390802b3f9921650ba418177f833261861abeebfaec31989492f7f02d1b062169d3bee9aa399d3dfa9f98d4829e98fe767236f5dd98109439d31999c03519ea38de25b3fe38b420fbe4552e9adedb307fdffc98ea4586d60ee313328c5b6c3ff504ebed28f56698016dd796b9b9e850d7918d8b8", 0x1000}], 0x1}, &(0x7f0000001600), 0x9) ioctl$DIOCXROLLBACK(0xffffffffffffffff, 0xc0104453, &(0x7f0000001640)="6c811ba52c139b40dc5680cb0275fdd440468e4dae07c745ba758cb266742f468fc42da0669f6061cb2c9f921e953451b3135e0174fe8eb1aebb2c3eb8a7fb3fc8dea18e652d01e7184ca65dce04f4679afed2766b067349de7a5ef60b586992919a20382c0a1f20af0c9c7fac61cf18383e36fe56502f5f26b8") freebsd10_pipe(&(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_sctp_SCTP_BINDX_REM_ADDR(r2, 0x84, 0x8002, &(0x7f0000001700)=@in={0x10, 0x2, 0x3, @rand_addr=0x7}, &(0x7f0000001740)=0x10) getsockopt$inet6_sctp_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x20, &(0x7f0000001780), &(0x7f00000017c0)=0x4) getsockopt$inet6_sctp_SCTP_HMAC_IDENT(r1, 0x84, 0x14, &(0x7f0000001800)={0x8, [0x1000, 0x0, 0x8000, 0x200, 0x4000, 0x0, 0x1, 0x0]}, &(0x7f0000001840)=0x14) syz_emit_ethernet(0x93, &(0x7f0000000000)={@random="c90c8a7c337f", @local, [{}], {@ipv4={0x800, {{0x1c, 0x4, 0x0, 0x0, 0x81, 0x65, 0x5, 0x1, 0x46, 0x0, @broadcast, @remote={0xac, 0x14, 0x0}, {[@end, @timestamp={0x44, 0xc, 0x5, 0x0, 0x3, [{[], 0x9}, {[], 0x4}]}, @lsrr={0x83, 0xb, 0x6, [@multicast1, @broadcast]}, @generic={0x0, 0x4, "a4d4"}, @ssrr={0x89, 0x13, 0x4, [@remote={0xac, 0x14, 0x0}, @broadcast, @remote={0xac, 0x14, 0x0}, @empty]}, @ra={0x94, 0x6, 0x9}, @ra={0x94, 0x6, 0x80000001}, @noop, @lsrr={0x83, 0x1f, 0x2, [@multicast2, @multicast1, @loopback, @empty, @loopback, @loopback, @multicast1]}]}}, @generic="8d862d099b6bb2ba6aeaa6abd3e9d582c9"}}}}) syz_execute_func(&(0x7f00000000c0)="c4e1f5f37b05c4c2f547525a808f4e00000000660f381dbc6007000000c4e2ad9174ae7e81fe000000008fe9a099d8e4ffc4c1935c17c4c3e141ae2f109dc2d8") syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x7ff) csource_test.go:124: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static void sandbox_common() { if (setsid() == -1) exit(1); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 128 << 20; setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 13; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 45); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (; iter < 10; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5 * 1000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: memcpy((void*)0x10000000, "\xec\x04\xa9\x04\xb9\xd2\xea\x02\xfa\xb2\xdf\x1d\x9d\xe3\x9f\x3f\x5a\xa2\x34\x43\x97\xe1\x86\x20\x4d\x39\xd7\x4d\xa1\x56\xe7\xc6\xcd\x98\x19\x5b\x7b\x83\xc6\x52\xb0\x6b\x62\x22\xbd\xef\x33\x63\x96\x1b\xf4\x7e\x9b\x53\x0f\xbf\x65\xba\xe3\x60\x7b\x60\x94\x1e\x27\x15\xbd\x67\x8f\xce\xbc\x55\x24\xbc\xef\xd3\x18\x4d", 78); syscall(SYS_setsockopt, 0xffffff9c, 0, 0, 0x10000000, 0x4e); break; case 1: *(uint8_t*)0x10000180 = 0x10; *(uint32_t*)0x10000184 = 0x10000080; memcpy((void*)0x10000080, "\xde\x11\xc2\xa7\x74\x19\x1d\x70\xf5\x1e\x7c\x3e\x37\x5c\x28\x14\xac\x72\xc2\xd5\xd0\x40\x4a\x2e\x3d\x5b\xaf\x92\x16\x1f\x3b\x45\x1e\xfe\x9c\x4c\x79\xd7\x66\x06\x68\xf6\x07\x3e\x2f\x76\xc5\xf2\x14\x51\x95\xe8\xc1\xa4\xec\x34\xb6\xf6\x9c\x1b\x58\x27\x68\x20\x7b\x28\xa9\x79\xf0\x5a\xdc\x14\xa3\x35\x7f\xe7\xc4\x93\xfc\x81\xa9\x17\x75\x24\x63\x1b\xb2\x09\xbe\x63\x7f\x86\x95\x74\x7f\xa7\xcf\x1c\x68\xac\x69\x1f\x16\x9c\x1b\x8f\xb6\x7d\x7a\x37\x76\xdd\xfc\x62\x0f\xfb\xe6\x83\x1f\x74\xd2\xf2\xd0\x89\xa4\xff\xec\xf5\x10\xa9\x97\x02\x25\x8c\x58\xea\x9e\x87\x1d\x4f\x4a\xb9\xa3\x47\xaa\xbd\xbb\x03\x58\x5b\x37\xb5\xc7\x94\x36\xc0\xc1\x16\x0a\x58\x76\xb6\x1b\xbf\x0c\x81\x4b\xb4\x9a\x27\xa3\x60\x82\xdf\x13\xcb\x2f\x9d\xe2\xf9\x42\xb6\xac\x7e\x15\x88\x80\xcf\xc0\x3c\xfd\xcc\xca\x9f\xc0\xf2\x34\x7e\xb5\x43\xa3\x43\xb4\xc9\x27\x07\xfe\x73\x6a\x86\xa3\x5d\x58\xe2\x6f\x6f\xd2\xe9\xec\x8f\x82", 221); *(uint32_t*)0x10000188 = 7; *(uint32_t*)0x1000018c = 0x5a764000; *(uint32_t*)0x10000190 = 6; syscall(SYS_ioctl, -1, 0xc0284459, 0x10000180); break; case 2: *(uint8_t*)0x10000200 = 0x1c; *(uint8_t*)0x10000201 = 0x1c; *(uint16_t*)0x10000202 = htobe16(0x4e23); *(uint32_t*)0x10000204 = 6; *(uint64_t*)0x10000208 = htobe64(0); *(uint64_t*)0x10000210 = htobe64(1); *(uint32_t*)0x10000218 = 0x2d99; syscall(SYS_recvfrom, 0xffffff9c, 0x100001c0, 0x17, 2, 0x10000200, 0x1c); break; case 3: memcpy((void*)0x10000240, "./file0\000", 8); memcpy((void*)0x10000280, "\000", 1); res = syscall(SYS_shm_open2, 0x10000240, 0x800, 0, 7, 0x10000280); if (res != -1) r[0] = res; break; case 4: *(uint32_t*)0x100015c0 = 0x10000540; *(uint32_t*)0x10000540 = 0x100002c0; memcpy((void*)0x100002c0, "\xef\xac\xad\xe5\x8a\xb0\x19\x23\x51\xa1\x02\xad\xa3\x2a\xd1\xf4\x1e\x42\x9e\xdf\x6c\x4a\x51\x3a\xc6\xd6\x69\xca\xdb\x22\x2e\xb6\x82\x97\xab\x8f\x9f\x7b\x32\x34\xd0\xc6\xcf\xa2\x80\xad\x14\xdc\x1c\x4c\x34\x17\x51\x19\x44\x6d\x79\xa0\x30\xd4\x8b\x57\x30\x4e\xb9\x0b\x42\x8c\x20\x23\x82\xd8\x6c\xd7\x1e\x9c\x1e\xcc\x8d\x3e\x2d\x76\x4a\xae\x37\x14\xcb\x59\x1e\xb0\x27\xe4\x69\x43\xe2\x3e\xb7\x65\x68\x75\x86\x7e\x60\x3c\xf1\x38\x92\xa7\x4c\x42\xbb\x18\x44\xc2\x7f\x7f\x45\x4f\x96\x61\xf1\xdb\xb3\x50\x04\xad\xa4\xd6\xd7\x5b\x1d\xf3\x42\xe9\x67\x49\x3d\x20\x7d\x6b\x8b\x4e\xdc\xbf\x9d\x1e\x37\x84\x45\x57\x36\x84\xed\x13\x9b\x67\x1a\xbf\x65\x76\xed\xf8\xd7\x34\x2c\xd8\x64\x9d\x37\x69\x70\xac\xbd\xe2\x24\xa7\xb0\xb6\xa9\x75\xa8\xba\x0a\x76\x8e\xd6\xab\xe1\x6c\x1b\x69\x4f\x65\xdd\x42\x31\xf4\x8c\x28\x84", 200); *(uint32_t*)0x10000544 = 0xc8; *(uint32_t*)0x10000548 = 0x100003c0; memcpy((void*)0x100003c0, "\xa6\xe4\xfe\x18\x6c\x76\x0a\xc2\xeb\xbc\xf9\xef\xda\x5e\x22\xe2\xdf\x6f\x15\x3f\xcc\xda\x1c\x16\x97\x60\x37\xd0\x3e\xe0\x04\xc3\xfb\xba\x5d\x35\xb6\xc0\x83\x13\x0f\xc7\x05\xf9\x58\x89\xba\x6a\xdb\xe5\xe3\xa7\xa5\xe7\x01\x36\xa0\xca\x08\x5b\x7e\x50\x4d\x0d\xf5\x5f\xe1\x84\xa9\xbd\x7a\x82", 72); *(uint32_t*)0x1000054c = 0x48; *(uint32_t*)0x10000550 = 0x10000440; memcpy((void*)0x10000440, "\xc7\xe0\x00\x30\xb3\xc4\x54\x17\x43\xee\x65\x13", 12); *(uint32_t*)0x10000554 = 0xc; *(uint32_t*)0x10000558 = 0x10000480; memcpy((void*)0x10000480, "\xa4\xa6\x7a\x4e\x72\x49\x2b\x9f\xab\x63\x79\xe4\xc0\xf3\x5b\x22\xb6\x9b\x6e\x7a\xef\xc5\x6b\xee\xfa\x85\x7a\xe2\x85\x43", 30); *(uint32_t*)0x1000055c = 0x1e; *(uint32_t*)0x10000560 = 0x100004c0; memcpy((void*)0x100004c0, "\x8f\x09\x5f\x8d\xf1\xc6\xbc\x4d\xfc\x1d\x82\x6f\x02\xdf\xa7\x79\x4b\xeb\xf9\xe7\xff\xc7\x16\x0f\x27\x6a\x53\xd1\xab\xc9\x96\xfc\xa8\xc8\xdb\xc7\xc7\x9c\x09\xcd\x5f\x95\x47\x75\xc9\xe8\xfc\x1c\xf2\xe0\xe3\xc0\x54\xfb\x54\xb6\x62\xd1\xb4\x5f\x52\x35\xfd\xbf\x86\x0c\x3f\xed\x3d\xc3\x4c\xeb\x30\xc4\x4b\xaa\x4d\xed\x7d\xe7\xe9\x53\x3f\x4d\xca\x14\x6d\xb0\xdb\x35\xa9\x3b\xa6\x54\xd4\x90\x11\xd9\xcb\x98\xd1\x57\x6b\x73\x1b\x9c\x2b\xb5\x8c\x0d\xf4\xed\xee\x6e\xf5\xae\x1f\x8b\x6b\xc9\x64\x6f\x5b\x4a\xde\x4d\xd5\x2a", 128); *(uint32_t*)0x10000564 = 0x80; *(uint32_t*)0x100015c4 = 5; *(uint32_t*)0x100015c8 = 0x10001580; *(uint32_t*)0x10001580 = 0x10000580; memcpy((void*)0x10000580, "\x8e\xda\xaf\xd2\x15\xce\x7b\x65\xc3\x01\xb4\xc9\x26\x51\x64\x8d\x08\x98\x18\x7c\xcd\xb0\x1a\x4d\x76\xb5\xe3\x01\xed\x4d\xc9\xa8\x86\x3d\xc7\xf7\xae\x3b\xad\x05\x02\x27\xe3\x74\xa1\x68\x98\xe6\x00\x4c\x84\x14\x84\x7a\xd7\x49\x72\xed\xac\x24\xdc\x8a\xf7\x3e\xfd\xef\x3c\xfa\x98\xe4\x6f\xf1\x09\xf6\x63\x9f\x4f\x14\x17\x14\x6e\x2a\x2c\x18\x34\xc9\x74\xf3\xe4\x64\xef\x4b\x9c\x88\x08\x52\x27\xad\x38\x2c\x92\x6d\xe3\x19\x1e\x68\x96\x32\xfa\xd2\xe8\x0b\xe9\x71\x23\x08\x4f\x70\xff\x09\x5d\x02\x6a\x80\xf0\x1d\x73\x75\x2d\xb2\x00\xc3\x60\x9b\xc6\xe8\xbb\xc9\x18\x7c\xb8\x5a\x65\x19\xba\xfc\x4f\x15\xec\xca\x30\x55\x8d\x8f\xc1\x9c\x9c\x8c\xfb\x94\xa2\xf1\xe7\x03\x45\xad\xf2\xb0\x18\x14\xe7\x37\x6e\x9f\x44\x92\xa3\xbf\x38\x83\xe2\x2d\xf3\x05\x68\x63\x2f\x51\xc3\xa6\xb3\x63\xd5\xa9\x68\x93\x7e\x1e\xe9\x77\xa3\x4f\x41\x2d\x00\xad\x70\xc1\xc9\x1a\x7c\x39\xea\xd0\x8d\x36\x6e\x10\xff\xc0\x55\x2b\x5d\xea\xe8\xe1\xfb\xee\x08\xab\xf3\xea\xde\x68\xa0\xea\x2f\x89\xf2\x7c\x3b\x9a\x4e\xb1\xd2\x02\x93\x2a\x12\x8b\x55\x2a\xdf\xa6\x88\x55\x6c\xce\x27\xe1\xa8\x31\xda\xca\x24\x9c\x6c\x8c\x8a\xf9\xf5\x0e\x79\x3b\x7f\x86\xa9\x71\xeb\x6e\xa8\xac\x68\xfe\x06\x46\xce\xd0\x18\x57\x75\xd7\x1a\xec\xe7\x9e\x93\xcd\xeb\x67\xee\x01\xe9\x31\xc3\x45\xa2\x3e\xe4\xa6\x12\xe1\x31\xda\x8b\x80\xac\x0a\xd8\x45\xa4\xe2\x71\x2c\xc4\x3b\x24\x4d\xf2\x2d\xf8\x22\xb2\xb3\x36\xd8\xab\x18\x58\x8b\x60\x75\x26\xa1\xe5\x95\x1f\xe7\x39\x3d\x5c\xbe\xf8\x6c\x42\x98\x8f\x3e\x8b\x5f\xb0\xde\x54\xc9\xaa\xbe\x6a\xe7\xc1\x3c\xec\x05\x06\xae\x83\x7b\x79\x55\x39\xd4\x12\xfe\x96\xe4\xc5\x46\xa7\xd9\xc9\xd2\x83\x0e\xd1\x63\xfb\xc2\x0a\xab\x88\x4f\x5b\x11\x59\xa6\xab\x62\xd2\x66\xb2\xc3\x25\x97\xcc\x06\x68\x5b\x78\x9b\x80\xf8\xd2\x66\x4c\x87\xf0\x99\x56\xa2\x9d\xcd\x3f\xc0\xe9\xba\x35\xd6\x68\x59\x0e\x0d\xcf\xbc\xbb\x61\x85\xe1\xe8\x70\x32\x4f\x22\xb1\x67\xa2\x20\x4e\x27\x1e\xff\x9d\xcb\xb3\x6c\x1f\x52\xcf\x2f\xe3\x76\x04\x61\x26\xcd\x24\xde\x4b\x8d\x8e\x9e\x36\x7e\x17\x17\x9a\xbb\x59\xd2\x6c\xde\xe7\x5c\xea\xb9\x3d\x2b\x24\x00\xf7\x08\x65\x42\xd9\x57\xbc\x80\xda\x10\x69\xc5\xf7\x51\x8e\x86\x08\xfa\xe3\xf9\x48\xcb\x7c\x27\x2f\x7e\x36\x0d\xa0\xfb\x84\xaa\x23\x30\xf9\x96\x08\x83\x10\xc7\xe4\x23\x79\xcc\x78\x37\xb8\x5a\x64\x6c\x44\xd1\x53\xbe\xd8\xeb\x8f\x95\xbc\x3d\x54\x11\xe3\x3e\xc8\x32\xab\x81\x56\x92\x3c\x73\x24\xdf\xc4\x33\x86\xd3\x41\x9d\x36\x60\x3f\x69\x9a\x32\x1f\xd6\x1f\xc9\xf9\x76\x5a\x2a\x64\xb1\x6d\x47\xe0\x87\x0e\x19\x71\x23\x1d\xc6\x16\x64\x70\x28\xc4\xb3\x5b\xea\x6e\x59\xdb\xdb\xe9\xa2\x9a\x5f\x46\x38\x9e\xcb\x65\x57\x11\xe9\x0f\x49\xa9\x8c\x02\x14\x93\xdf\x41\x17\x74\x66\xf0\x25\x89\x33\x9a\x40\xb3\xb4\x86\xa2\x5c\xca\xda\x3c\xaa\xe4\x96\x31\x4a\x5a\x2b\x54\xa1\x1c\xf6\xfb\x7e\x87\xd8\x4d\x01\xea\x85\x3e\x97\x0c\xf1\x8a\x1b\x53\xdb\x5d\x15\x63\x75\xab\xe4\x1a\xd6\x86\xa4\xb4\xb4\xc2\x47\x5a\x31\xec\xdf\xe5\xf2\x2b\xa5\x1f\x66\x6d\x22\xe6\xc7\x43\x4c\x72\x2c\x75\x65\xee\xb5\x34\x6e\xec\xd1\xe2\x55\x57\x72\x21\x66\xac\x7e\x50\x92\x9f\xef\xbb\x3f\x29\x99\xd1\x52\x93\x8f\x7f\x3c\xec\x1d\xef\xe5\xa0\x97\xa5\xf3\xa7\x59\x32\xce\x2c\x03\x64\xec\xaf\x5f\xfb\xa0\x84\xf9\x76\xb5\xd1\xce\x16\xe8\xfb\x4d\x12\x34\x8a\x6f\xd1\x67\x11\x7f\x08\x0a\x89\xf5\x4e\xbe\x8b\xdc\x10\xed\x4d\x34\xdf\x56\x80\x42\xdd\xc1\x03\xd0\x2d\x13\xb6\xaf\x17\x80\x7f\x27\x60\x09\x11\x23\x26\x3c\x3a\x00\xd2\xd6\x9e\x57\x14\x5f\x8a\x2d\xe9\xeb\x50\xeb\xe8\x9a\x3e\xfa\xc5\x3a\xb7\x3a\x57\x74\x40\x70\xa5\x14\x0e\x0e\x4e\x25\x03\x0e\xdb\xeb\xe8\x33\x41\xfd\xc5\x45\xab\x2b\x4a\xa8\xa0\xfe\xb0\x96\x32\xd8\x4e\xf0\x11\x62\xd9\x3d\x0d\x8f\xa9\x51\x0f\x59\x7e\xa2\x00\x32\xe1\x94\xdf\x44\x4a\x83\x96\x0b\x99\x65\x8d\x07\x6f\xe3\xbc\xcd\xe9\x03\xfb\x30\x47\x1f\xd0\x00\xfb\xcd\x42\x01\xa6\x29\x36\xc7\xc7\x18\x40\x53\x94\xe6\x61\x2d\xdd\x77\xe4\x15\xef\x88\x79\xa2\x76\x1f\x66\x78\xee\x0e\x23\xf4\xa1\x39\x8c\x83\xda\x95\x9e\x97\x23\x6c\x67\xb0\xbc\x39\x71\x7d\xfd\x9c\xb3\x08\xa2\x13\x43\xc8\x3d\x43\xf2\x4e\xa7\x0a\x10\x40\xa9\x8f\xb1\x95\x8d\xe1\xa3\x5a\x27\xed\x76\xc7\xc7\xec\x82\xae\x3a\x01\xb3\xca\x53\xb1\x18\x89\x2f\x20\x45\xa5\x74\x7d\xe1\x4c\x54\xa9\x9b\x43\x8e\x85\xab\x2a\xf9\x3e\xf1\x51\xa3\x9e\xe0\x15\x7c\x6c\x9d\x0e\x4e\x1f\xf5\xb3\xc6\xff\x6a\xb0\x73\x9f\xf9\x52\x42\x21\xc6\xb6\x75\xbb\x88\x4b\xbe\x64\xa6\x21\x41\x59\x2c\x8c\xc9\x97\x60\xf1\x7a\xbc\x44\x70\x6f\xf3\x7e\x31\x3c\x75\x53\xdf\xf3\x4c\xf6\x49\xe0\x56\xa0\x5c\xf6\x2c\xb3\x79\xa6\x4c\x4b\x3e\x54\x9e\xb1\xc5\x72\xb9\x17\xea\x71\x5a\xb1\xe7\xcc\x69\x15\x45\xd5\x09\x28\x13\xbf\x3e\xf2\xcd\x9f\xf9\x14\xaf\x31\xc1\x4b\xb5\x7d\xd4\x06\xa0\xb4\x89\x16\xd5\xce\xe2\x7b\x0d\x79\xec\x74\x29\x62\x57\x48\x9c\x83\x5b\xba\x62\xd2\xe4\xf8\x95\x73\xa1\x21\x30\x08\x76\xca\x46\x11\xd8\x06\x6d\x76\xb3\xe7\x9e\x1d\x36\x13\x2c\xc8\xd6\xb9\x9e\xeb\xae\xac\xef\x78\x6a\x59\x8d\x6d\xbb\x43\xaf\xc4\x2e\x54\x15\x42\x43\x60\x97\x07\x31\xb2\x73\x73\x6b\x06\x2a\x27\x53\xd1\x0f\x7a\xa0\xf6\xc0\x82\xfe\x2d\x80\xea\x11\x2b\xea\x0a\x05\xa9\xb5\x48\x8e\xf1\x89\x05\x7c\x48\x42\x9a\x5e\xd4\xd0\xc3\x36\x3b\x7e\x6d\xfa\x25\x2c\xd8\x86\xec\x7f\x51\xbc\x9e\xef\x81\xc1\x03\x17\x86\xb2\x6b\xd6\xf4\x68\xa0\x2b\x4d\x6a\x49\x4d\x88\x76\xab\x98\x60\x84\xfc\x73\xb5\x84\xc1\x61\x9b\x70\xfc\x68\x25\xa2\xab\x85\xc9\xcd\x1d\xb8\x1c\x83\x5a\x45\x2c\x01\xb4\x43\x8a\x28\x51\xb8\xe4\xd5\xc4\xa9\x67\x89\x46\xc4\xe2\x5f\x7f\xdf\x45\x6d\xc7\xe6\x1d\xe3\xdd\x6f\x13\x02\xb0\x19\x4d\xb7\xbe\x1b\x41\xfd\x06\x4c\xc3\x5d\x11\x9c\xe2\x91\x59\x2a\xaf\x8d\x07\xf2\xce\xae\x8b\x20\xe3\xb1\xa9\x33\xec\x75\x69\x9f\x96\x96\x32\xec\xd6\xfa\x91\x59\x1e\xa5\x87\x44\xed\xd5\x46\x60\x46\xc8\x09\x99\x3f\x4c\xbf\xfa\xe1\xd5\x27\xed\x1b\xb2\x2d\x9e\x1e\x02\x29\x5d\x35\x86\xde\x90\x95\x02\x47\xa1\xb1\xdf\xcf\xc9\x41\x59\x42\xf4\x6c\x3f\x19\x4c\x6c\xb0\x6e\x70\x11\xe9\x64\x78\xbc\xd3\xaa\x33\x54\x2e\xb2\x04\x47\xe4\xaf\xa5\xc4\x8b\x13\x72\xcb\x07\x21\x63\x18\xb0\x71\xf8\x98\xb0\xe8\x63\x2a\xd0\xdf\x9a\xfe\x12\xcf\x52\xbe\x13\x54\x57\x24\x1e\x2e\x49\xca\x49\x2f\x77\xb8\x1e\x96\x50\xd2\xc8\x52\x82\xa6\xac\x78\x44\xb1\x94\x60\x07\xbe\xf7\xa0\xd5\x3b\x1a\x5e\x28\x57\x49\xc0\xd2\x1d\xe5\xc1\x92\xc6\x31\x69\x6d\x36\x50\x3d\xaa\x61\x2a\xc7\x0e\x30\xd3\xb7\x34\x9e\x21\xbc\x99\xbd\xc4\xc3\xa9\x41\xbd\x7a\x33\xef\x35\xbb\x35\x12\xae\x98\x26\xc4\x6d\x8c\x9a\x21\xda\x27\x73\x92\x1b\xfd\xaf\x6f\xbf\x64\x9d\xa2\xb2\x25\x86\x1b\x67\x64\x40\x25\x83\x34\x16\x7f\x9d\x7e\xb1\xe0\x3d\x30\xf3\xcc\x27\x9d\x01\xec\x5a\xd7\xee\xcf\xf2\x9f\x29\x6e\xf6\x03\x55\xc8\xc1\x3e\x04\x5c\x8a\xc9\x78\x05\xd0\x66\xf8\x1c\xf4\xc8\x59\xfe\xdb\xe7\x41\xbc\x27\x37\xce\xa8\x91\xd9\x5c\x9c\x69\xf2\x1a\xa5\x8e\xdc\xa2\x72\xde\xc6\x0c\x3e\x77\xab\xaf\x59\x73\x08\xe0\x79\x13\x58\x4e\x43\x57\x86\xb9\xff\x40\x1a\x4c\xbb\x05\x03\x35\xb5\x6a\x20\xe6\x52\xc1\xd3\x6f\xf7\x4b\x8e\xf2\xf5\x95\x78\x59\x4c\xd9\x73\xb7\x94\x30\x11\x0b\x3e\x94\x38\x35\x40\x62\x88\xf9\xa2\x0d\x0d\x64\x9d\xc5\x63\x0b\xc5\x07\x11\xfe\xd1\x06\xf3\x25\xbe\x5f\xce\x20\xff\x76\x72\xdf\xdb\xe1\x4d\xf6\x6d\x40\xc4\x30\x37\x8b\x7d\x88\x5c\x3e\x7f\x11\x5b\x49\xc8\x4d\x26\xc4\xb3\x09\xe1\x3a\xf4\xfd\x2b\x45\x56\xa9\x64\x2c\x48\xf8\xa8\x1b\x64\xd5\xdd\x60\x0f\x4b\x29\xaa\x2a\xd3\xa8\xdf\x28\xa8\x4b\x05\x60\x70\x00\x5e\xb7\x37\x86\x05\x83\xdf\xc8\xda\x5e\x31\x44\xf0\xef\x29\x58\x0d\x19\x40\x79\x8a\x61\x24\xef\xe2\xd1\x80\xc8\x11\xda\x06\xed\xa2\x54\x81\x65\xa2\xa8\x2e\xa0\x18\xd8\xc0\x7a\x96\x7c\x06\x3b\x17\x9b\xa9\x71\xc0\x9c\xe7\xc1\x9b\xa9\x6e\xa3\x4c\x67\x6e\x14\x0c\xf0\x6a\xbd\x6d\xc6\xce\x75\x54\x6e\x42\xe7\x1b\xbb\x9e\xee\xf1\x54\x75\x88\xd9\xd9\x28\xaa\x6e\xe2\x21\xeb\x72\x0d\x8a\x07\x33\x98\x32\x6c\xfc\xb6\x16\xe3\x4e\x1d\xee\x6f\xc8\x8c\x29\xdd\xfb\x4e\x9c\xc5\x7e\x89\xd3\x3f\xa4\xf9\xff\xfe\x48\xef\xbb\xe7\xc2\x47\xf8\x25\xcc\x24\xf3\x0d\xf2\xba\x35\xd7\xaa\x2c\xed\xb5\x3d\xbd\xc0\xd8\x8a\x1c\x68\x19\x7f\x1f\x5f\xba\x83\xec\x21\x18\x92\xd9\x34\xe8\x03\xdb\x21\x26\xb6\x67\xd0\xf0\xfb\xe2\x3b\xb6\x5e\x76\x55\x49\xee\x5b\xc1\x98\x45\x87\x07\xe4\xcc\x82\x6c\xaa\x4c\x40\xf9\xda\x06\x64\xf9\xa1\xf7\xf4\xe7\xf8\x63\x60\x12\xca\x46\xa3\xbb\xf5\x45\xd6\xb8\xa7\xe5\x7b\x8c\x43\x2c\x3a\xa5\x06\x5e\x78\x98\x3a\x8a\xdd\x9e\x14\x85\xa6\xfd\xd4\x05\x54\x49\x0c\x29\xdc\xa6\xdd\xfa\x0f\x98\x03\xa6\x21\xb4\x38\xc1\x68\xd1\x86\x4b\xd0\x21\x34\x8e\x22\xe6\xa6\x52\x13\x7d\xd7\xfd\x0a\xa8\x54\xb0\x03\x7c\xc2\x99\x77\x4f\xe6\xea\x3e\x76\xe2\xb5\xe8\x88\xd9\x40\x71\x44\x11\x59\x25\x60\x37\xbf\x35\x8f\x94\x1d\x69\xfe\x24\x1b\xeb\x1e\xca\x95\x1a\x60\x4d\x37\x68\xab\x88\xcc\x18\x23\xb3\xb4\x5b\x4c\x3e\xd1\xc7\x5a\xde\x61\x70\xe5\x88\x02\x74\xbe\xb7\xd5\xdf\x0d\x4f\x7f\xff\x8c\x00\xdf\xc2\xa4\x93\x25\xc6\x1d\xc8\xb5\x00\x84\x49\x40\x0d\x78\x4a\x66\x08\x9f\xe5\xae\x1c\x4f\x47\x82\x67\x87\x68\x28\x32\xc8\xc5\x7b\x74\xe1\x5c\xfc\x63\xad\x03\x05\x6e\xe0\xb8\xc2\x2e\xf8\x92\xa3\x42\x9b\xb1\x24\xcf\x0a\x22\x4c\x03\x6c\x7c\x59\xe3\xa3\x90\x8c\xa4\x9b\x72\x08\x9e\xf8\x15\x53\x3f\xaa\x1a\xaf\x78\xec\x5a\xb8\xa9\x8e\x56\xbd\xd8\xb4\xe2\x57\x97\x35\xbe\xb2\x7b\xe0\xf1\x8c\xae\x83\xc4\xb8\x54\xe1\x17\x9d\x9f\x32\x7d\x81\xbd\x03\x52\x72\xa1\x24\x71\xd6\xe7\x28\xfb\x87\xee\xb2\xd8\xa1\x12\xa2\x70\x4c\xa6\x4d\x5b\x00\x44\xd9\x26\x22\x94\xe6\x13\x7b\xff\xd6\xf9\xc2\x31\x37\x92\x46\x61\xef\x10\x27\x44\xcb\x5a\x0e\xf9\xd5\xea\xa3\x78\x9c\x93\x4c\x5e\xa1\x23\x7f\xe0\x71\xd6\xee\x06\x4d\x2c\x3c\xdc\x62\x17\xc1\xba\x0b\xde\x93\xb0\x6e\xe6\x98\x99\xe7\xee\xb8\x50\xe5\x83\xcb\x23\xc9\x07\x22\xd0\x02\xf2\x34\x79\x53\x31\x34\xe1\xab\xb6\xa6\xe6\x20\x13\x57\xc8\xce\x82\x90\x6b\x81\xa9\xff\x0d\x5b\x54\x47\x26\x4a\x39\x18\x18\x16\x64\x21\x3e\x7e\x8d\x95\x30\x11\xc6\xed\xa2\xf6\x83\xc2\xff\x85\xf6\x68\xa5\x6f\x3a\x07\x0a\xbc\xea\xe9\x72\x74\x1c\x6e\x0c\x65\x13\xd3\x5e\xc8\x66\x5e\x11\x06\x94\x83\x4e\x1e\x2b\xe2\xf6\x79\x0f\xab\x65\xfd\x5b\x1b\xe7\xd0\xb1\xc0\xb4\x0a\xf1\x9c\x03\xcc\x29\x10\x56\xd3\xe0\x9d\x3b\xee\x77\xd9\x02\x9e\xc4\x9e\xae\xdf\xa0\x54\xa9\xef\x94\x3c\x12\xe5\xe8\x19\x92\xe4\x16\x12\xb6\xc1\xd9\x42\x28\x58\xf7\xff\xcf\x8b\xb7\x2e\xa6\x8c\xe9\x69\xc8\xc8\x83\xf4\xd8\x22\x5a\x3c\xda\x94\x01\x63\x48\xdf\xe7\x7a\x8a\x03\x32\x74\xc9\x5f\x2e\x0e\x7b\x1e\x4c\x51\xe1\x32\xdc\x65\x39\x64\xb1\x06\x54\xfc\xa8\x4b\x72\x9f\x6c\x60\x91\xce\xeb\x42\x7f\x14\x7f\xfc\x94\x20\x94\x2b\x82\x7e\xf7\x87\xee\xf9\x17\xe3\xe3\x6c\x70\x2f\xe4\x19\x56\x19\x22\xeb\xba\x7e\x68\x7a\x81\xe9\x5b\x2d\xce\x35\x2f\x20\x8b\x51\x73\x68\x97\x75\x88\x14\xff\x99\xd5\x2a\x60\x31\xaf\x9f\x92\xb3\x44\xc0\x2e\x9a\x2d\x65\x57\x1f\x8d\x8a\x74\x4b\x91\x3a\xdf\xe2\xa0\x49\x48\xe3\xde\xed\x0f\xaa\xde\xc6\x48\xc8\xed\x21\x38\xac\xc0\x24\xd8\xf1\x4c\xec\x7e\x8c\xf0\x03\x58\x5f\x2f\x7f\x06\x50\xfd\xe1\x60\xa8\x91\x33\x73\x15\xbe\xf6\x11\x74\xb9\x42\x24\xae\x49\x68\xd2\x2f\xbf\x28\x42\x54\xe4\x34\x13\x19\x4f\x4b\xc1\x4d\x84\xe2\xba\xf5\x91\xc6\x24\x20\xeb\xce\xff\x8a\x22\x45\xb2\xa4\xd5\xf3\xbc\x7d\x0b\x28\x5f\x9c\x26\x07\xd3\x34\x0b\x9c\xbc\x90\xab\x7b\xee\x1b\xbe\xd9\x25\xdc\xbb\xce\x61\x44\x70\xa3\x0a\x49\x48\xc4\xbb\x90\xfc\xb6\x52\x20\xeb\xed\xb1\x68\xaf\x88\x51\x04\x21\x9b\xe8\x5c\xd7\x4a\xb9\xf5\x20\x06\x40\xd9\xce\x29\x37\xb9\xa3\x62\xb1\x7d\x4b\x6f\x41\xea\xee\x12\x08\x90\x6c\x23\x88\x62\xdc\xbf\x42\x1e\xb3\x90\x62\x4f\x01\xf2\x2b\x65\x3d\x8e\xda\xa3\xf0\xd8\x1a\xaf\xff\xe5\x37\x4a\x46\xf2\x27\xdf\xff\xe7\xa0\xea\xe7\x23\xc3\x3b\x6a\xb4\x1b\xef\xae\xfb\x6d\x62\x9f\x25\xad\x38\xc6\xf4\x87\x95\x80\x03\x4c\x57\x8d\xfd\x1c\xe9\x1b\x3f\xd2\xff\xa8\x78\xa9\x92\x32\x4a\xd1\x18\x1f\x1a\xe0\x4a\x16\x20\xad\x3a\xd5\x38\x21\xec\x57\x9f\xb2\x9e\xcc\x53\xab\x1d\x35\x01\x11\x33\xd7\xb5\x97\x15\xc2\x28\xec\x45\xd1\x66\x2c\x87\xed\x02\x87\x86\x2f\xfb\x49\x8c\xbd\x04\x10\xa3\x91\xf1\x42\x48\x9f\xe6\xe3\x69\xe3\x52\x6b\x39\xe0\x5c\x13\xc3\x57\x4b\x11\x52\x34\x1a\x23\x7e\xed\x90\x2e\xbf\x49\xb4\xb2\x54\x87\x95\xe4\x18\xc1\xe5\x7e\x01\x10\x61\x29\x8d\x3a\x9d\xbc\xf2\xc2\xca\xcc\xad\x01\x3d\x03\x12\x32\x08\xad\xdd\xbe\x99\xe9\xf5\x23\xdd\x03\x79\xdd\x53\x7a\x93\x50\x8b\x9a\xa2\x9d\x1e\x7f\x28\x6a\xa9\x98\x3e\xb5\xb5\x9c\xca\xec\xff\xc3\x14\x66\xf7\xf1\x3e\xf3\x20\xef\xa0\xc2\xfe\x39\x3b\x5a\x0f\xb2\x5e\x86\x7f\x79\x51\xa6\xe2\x56\x56\xd7\xe9\x90\x5b\xc0\x0c\x85\x5a\xd0\xf4\xb9\xc5\x5b\x33\xd9\x9f\xa1\x35\x88\x48\xc0\x37\xe6\xff\x9c\x76\x52\x37\x64\xfe\xbd\x6d\x8e\xc8\x3f\x70\x33\x8e\x7f\xf7\x28\xa5\x2c\x66\x1b\x2b\x02\x82\x38\x1d\x2c\x16\x92\x67\xb1\x1d\x4d\xc3\x83\xe6\x2a\xe6\x46\xd1\xcf\x93\x23\xb2\xd0\xcf\x3c\x56\x1f\x81\xc7\xd2\xb0\x87\x3d\x96\xba\x97\x24\x7c\xc4\x7e\x22\x2e\x22\x6a\x6d\x15\x1f\x11\xf2\xf5\x0b\x76\x7b\xac\x93\xa9\xdc\xf1\x71\x1a\xc4\x5b\x1c\x52\x8f\xa9\xa9\x44\x2f\x29\x58\x21\x8a\x02\x1f\x33\x05\xec\x03\x7d\x59\x00\x19\xdd\x4d\x83\xd3\x44\x16\x28\xe4\xad\x6a\x6c\x59\x50\x62\xc0\xa7\x82\x2d\x09\x05\x27\x83\x37\x86\xd5\xe8\xf3\x10\x02\x21\x26\x61\xf5\x00\x06\x54\x9d\xd1\xd3\xb4\x62\x45\x6e\xf1\x26\x81\x40\x73\xc0\x6b\x96\xe7\x84\x06\xb6\xd4\x49\x4d\x88\x7f\xe7\xc7\x94\xb7\x53\x99\xc2\xc1\x3f\xfb\x56\xf2\x91\xbd\x4a\x7d\x36\x15\x5d\xe7\xe0\x1f\xa3\x5b\x7b\xec\x8b\xca\xcd\x43\xc8\xbb\x6c\xa6\xf0\x9a\x15\x00\x3b\xb8\x28\x7c\xe6\x8e\x1c\xab\x70\x2c\xc3\x09\xc7\xbe\xbb\x06\x99\xab\x4d\xa8\x54\x48\xda\x0d\xb0\x34\x05\x94\xa8\xe2\xe7\xac\x83\xa3\x2d\x3e\x71\x87\xc8\xd4\x5d\x85\xb9\xfb\xa5\xa2\x99\x37\x14\x3d\x7b\x01\x17\x21\xf5\x15\xa4\x94\x5b\xbe\xfb\xe5\x54\xda\x5d\x3c\x7c\xb5\xf1\x27\xfc\x13\x79\x3f\x37\x32\xc9\x0a\x4a\x58\xea\xec\x22\xa9\x3e\xd0\x4e\x82\xe8\x34\x7c\x70\x73\x26\x43\x67\x75\xda\x4d\xf8\xad\xd3\x9f\xe4\x6f\xd4\xdc\x4f\xf6\x59\x20\x98\x45\x4e\xb8\x2b\x14\xa0\xd9\x77\xe7\xd8\xf0\x61\x0c\xc0\xf2\x51\xc7\xdf\x75\xfb\x6e\x9e\x64\x54\x5b\x28\x28\xa1\x5e\x18\x94\xd9\x58\x6c\xd6\xc8\x8f\x82\xd4\x69\xc6\x4d\x48\xb8\xcc\x38\x83\xe8\x1f\x01\x72\xd0\x89\xe8\x57\x7e\x4b\xde\x2b\x5d\x59\xe7\xb9\xc8\x35\xa7\x97\x80\x81\xdc\x00\x9c\x18\x67\xc7\xb2\x02\xe5\x54\xbb\xf4\xfe\x8c\xbc\x03\x3b\xd3\x2c\x75\xf1\x2d\xeb\x3d\x65\x33\xf4\xa8\x7e\xfd\x2f\x03\x1e\x86\x7b\x65\x89\xd1\x70\x97\x61\x20\xfa\x40\xcf\x08\x71\x5d\x56\x86\xe7\x19\xdb\x2b\x04\xfc\x95\xc8\x87\x71\x78\x58\x54\xbe\x7f\xdf\xd7\x8e\xb1\xa9\xbe\x03\x5f\x6f\x67\x4f\x9f\xa5\x08\xaa\x90\xda\x71\xd5\xba\xfd\xb4\x45\xd7\x7e\x7f\xe3\x8d\x24\x62\x5d\x42\xa2\xe0\x03\xbb\x3d\x15\x3e\xe1\xe1\x3a\xf3\x2a\xda\x0c\xf2\x08\xfa\x2f\x94\x45\x19\x1d\x55\x8e\x61\xe8\xbd\xe4\xcd\xbb\x79\x0f\x43\xbb\x96\x28\x51\x66\xfd\xe2\xa5\xac\x6a\x1d\xeb\x58\xc0\xb0\x0b\xea\x38\x81\x98\xd4\x9c\x4f\x5f\xe8\x2a\xe9\xd6\x1f\x52\x10\xa7\x25\x7d\x22\xd7\x76\xe7\x7f\xa6\x15\x45\xea\xaf\x37\x0f\x36\xc2\x8c\x75\x08\x24\x1d\x32\x71\x5f\x7e\xc2\x84\x8c\xac\x7f\x2d\x4d\xf1\x8a\x51\x2a\x32\x26\xdf\xe9\x7c\x59\x51\xd3\x13\xfc\x09\x59\x9f\xd2\x1b\xb2\x90\x02\x41\x48\x3a\x12\xff\xc5\x75\x98\xe4\xf0\x9c\xb8\x5a\xe6\x96\x2f\x27\x57\x05\x0d\xe6\xec\xce\xf0\x34\xaf\x3a\x84\xf2\x50\xcb\xf0\xea\x64\x9a\x7a\x87\xb2\x90\x1d\x4c\x6b\x3e\xa9\x32\x25\xfc\x2c\xec\x0b\x6c\x98\x04\xe4\xed\xa0\x02\xa3\xd2\x4d\xa0\xa5\x5e\x6d\x9a\x0a\xd1\x80\x72\x21\xba\xde\x6d\xa8\xe8\x4c\x86\xe3\x22\xf7\xb3\xe1\xe0\x87\x51\x5a\xef\xa1\x1d\xe3\xe1\x98\xb8\x18\x7b\x1a\xdb\x90\x4a\x53\x61\x59\x0b\x90\x91\x5b\x73\xeb\x96\x34\x2b\x1e\xd9\xe3\x4c\x5b\xb6\x8f\x81\x39\x6b\xe9\x4b\x31\xdf\x13\x6a\x65\x86\x8d\x79\x6c\x76\x22\xdd\x8e\x7f\x78\xce\x81\xd7\xdb\x24\x16\x3a\xd7\x84\xd4\x81\x5f\xf8\x17\xbf\x88\x11\xd1\x29\x3c\x7e\x88\xfe\x4d\x78\x21\x78\x31\x91\xe0\x3b\x56\x82\xae\x7c\x0d\xad\xd4\xa9\x27\x24\xaa\xfc\xe0\x24\xae\x0a\xcc\x8e\x39\xcd\x3e\xaf\x4e\xde\x02\x49\x07\xe5\x09\x77\x22\x8d\xf4\xd3\xa6\xa4\x28\x88\x6f\xb2\x4f\x9a\xa1\x53\x66\xbc\xae\x6e\xbb\x17\x51\x40\x2b\x9f\x34\xa3\x85\x40\xc0\x92\x93\x04\x7f\xe9\x43\x73\xc1\x7a\x9c\xcc\xff\x1a\x1d\xe3\x22\xef\xc3\xfe\x33\x48\x01\xaa\x76\x44\x4d\xd0\xd4\xc0\x17\xfe\xb9\xd4\x53\xeb\x35\xf2\x1e\xfe\x33\x2e\xd9\xae\x75\x57\x1c\xa5\x77\x8e\xb4\xb6\x9d\x94\xf7\x69\xdb\xf0\x8c\xaf\xa0\x7a\x7f\x42\xf1\x2f\x8f\x2a\x9e\x3e\xb6\x97\x6e\x01\x62\xc3\xf2\x34\x51\xd9\x74\xc8\x7f\x60\x63\xbd\x31\xdb\x13\x85\x81\x1b\x55\x4c\x85\x50\xba\x51\x30\xf8\x8d\x79\x7a\x8b\xab\x3e\x01\xb2\x1e\x5f\xeb\xd2\xb0\xf6\x6e\x8f\x58\x42\xc1\x04\x10\x74\x28\x42\x3a\x8c\x8d\x39\x4c\x5e\x19\xea\x71\x75\x87\xa9\x2f\xe0\x70\xe5\xb4\x9e\xc4\xaf\x4b\xc6\x32\xe2\xf3\xe8\x0f\xa6\x51\x16\xf3\x8e\x12\xd8\xa2\x18\xf4\xf2\x36\x10\x5e\x39\x08\x02\xb3\xf9\x92\x16\x50\xba\x41\x81\x77\xf8\x33\x26\x18\x61\xab\xee\xbf\xae\xc3\x19\x89\x49\x2f\x7f\x02\xd1\xb0\x62\x16\x9d\x3b\xee\x9a\xa3\x99\xd3\xdf\xa9\xf9\x8d\x48\x29\xe9\x8f\xe7\x67\x23\x6f\x5d\xd9\x81\x09\x43\x9d\x31\x99\x9c\x03\x51\x9e\xa3\x8d\xe2\x5b\x3f\xe3\x8b\x42\x0f\xbe\x45\x52\xe9\xad\xed\xb3\x07\xfd\xff\xc9\x8e\xa4\x58\x6d\x60\xee\x31\x33\x28\xc5\xb6\xc3\xff\x50\x4e\xbe\xd2\x8f\x56\x69\x80\x16\xdd\x79\x6b\x9b\x9e\x85\x0d\x79\x18\xd8\xb8", 4096); *(uint32_t*)0x10001584 = 0x1000; *(uint32_t*)0x100015cc = 1; syscall(SYS_sendfile, (intptr_t)r[0], 0xffffff9c, 8, 0x800ull, 0x100015c0, 0x10001600, 9); break; case 5: memcpy((void*)0x10001640, "\x6c\x81\x1b\xa5\x2c\x13\x9b\x40\xdc\x56\x80\xcb\x02\x75\xfd\xd4\x40\x46\x8e\x4d\xae\x07\xc7\x45\xba\x75\x8c\xb2\x66\x74\x2f\x46\x8f\xc4\x2d\xa0\x66\x9f\x60\x61\xcb\x2c\x9f\x92\x1e\x95\x34\x51\xb3\x13\x5e\x01\x74\xfe\x8e\xb1\xae\xbb\x2c\x3e\xb8\xa7\xfb\x3f\xc8\xde\xa1\x8e\x65\x2d\x01\xe7\x18\x4c\xa6\x5d\xce\x04\xf4\x67\x9a\xfe\xd2\x76\x6b\x06\x73\x49\xde\x7a\x5e\xf6\x0b\x58\x69\x92\x91\x9a\x20\x38\x2c\x0a\x1f\x20\xaf\x0c\x9c\x7f\xac\x61\xcf\x18\x38\x3e\x36\xfe\x56\x50\x2f\x5f\x26\xb8", 122); syscall(SYS_ioctl, -1, 0xc0104453, 0x10001640); break; case 6: res = syscall(SYS_freebsd10_pipe, 0x100016c0); if (res != -1) { r[1] = *(uint32_t*)0x100016c0; r[2] = *(uint32_t*)0x100016c4; } break; case 7: *(uint8_t*)0x10001700 = 0x10; *(uint8_t*)0x10001701 = 2; *(uint16_t*)0x10001702 = htobe16(0x4e23); *(uint32_t*)0x10001704 = htobe32(7); *(uint8_t*)0x10001708 = 0; *(uint8_t*)0x10001709 = 0; *(uint8_t*)0x1000170a = 0; *(uint8_t*)0x1000170b = 0; *(uint8_t*)0x1000170c = 0; *(uint8_t*)0x1000170d = 0; *(uint8_t*)0x1000170e = 0; *(uint8_t*)0x1000170f = 0; *(uint32_t*)0x10001740 = 0x10; syscall(SYS_setsockopt, (intptr_t)r[2], 0x84, 0x8002, 0x10001700, 0x10001740); break; case 8: *(uint32_t*)0x100017c0 = 4; syscall(SYS_getsockopt, -1, 0x84, 0x20, 0x10001780, 0x100017c0); break; case 9: *(uint32_t*)0x10001800 = 8; *(uint16_t*)0x10001804 = 0x1000; *(uint16_t*)0x10001806 = 0; *(uint16_t*)0x10001808 = 0x8000; *(uint16_t*)0x1000180a = 0x200; *(uint16_t*)0x1000180c = 0x4000; *(uint16_t*)0x1000180e = 0; *(uint16_t*)0x10001810 = 1; *(uint16_t*)0x10001812 = 0; *(uint32_t*)0x10001840 = 0x14; syscall(SYS_getsockopt, (intptr_t)r[1], 0x84, 0x14, 0x10001800, 0x10001840); break; case 10: memcpy((void*)0x10000000, "\xc9\x0c\x8a\x7c\x33\x7f", 6); *(uint8_t*)0x10000006 = 0xaa; *(uint8_t*)0x10000007 = 0xaa; *(uint8_t*)0x10000008 = 0xaa; *(uint8_t*)0x10000009 = 0xaa; *(uint8_t*)0x1000000a = 0xaa; *(uint8_t*)0x1000000b = 0xaa; *(uint16_t*)0x1000000c = htobe16(0x8100); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 0, 3); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 3, 1); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 4, 12); *(uint16_t*)0x10000010 = htobe16(0x800); STORE_BY_BITMASK(uint8_t, , 0x10000012, 0x1c, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x10000012, 4, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x10000013, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x10000013, 0, 2, 6); *(uint16_t*)0x10000014 = htobe16(0x81); *(uint16_t*)0x10000016 = htobe16(0x65); *(uint16_t*)0x10000018 = htobe16(5); *(uint8_t*)0x1000001a = 1; *(uint8_t*)0x1000001b = 0x46; *(uint16_t*)0x1000001c = htobe16(0); *(uint32_t*)0x1000001e = htobe32(-1); *(uint8_t*)0x10000022 = 0xac; *(uint8_t*)0x10000023 = 0x14; *(uint8_t*)0x10000024 = 0; *(uint8_t*)0x10000025 = 0xbb; *(uint8_t*)0x10000026 = 0; *(uint8_t*)0x10000027 = 0x44; *(uint8_t*)0x10000028 = 0xc; *(uint8_t*)0x10000029 = 5; STORE_BY_BITMASK(uint8_t, , 0x1000002a, 0, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x1000002a, 3, 4, 4); *(uint32_t*)0x1000002b = htobe32(9); *(uint32_t*)0x1000002f = htobe32(4); *(uint8_t*)0x10000033 = 0x83; *(uint8_t*)0x10000034 = 0xb; *(uint8_t*)0x10000035 = 6; *(uint32_t*)0x10000036 = htobe32(0xe0000001); *(uint32_t*)0x1000003a = htobe32(-1); *(uint8_t*)0x1000003e = 0; *(uint8_t*)0x1000003f = 4; memcpy((void*)0x10000040, "\xa4\xd4", 2); *(uint8_t*)0x10000042 = 0x89; *(uint8_t*)0x10000043 = 0x13; *(uint8_t*)0x10000044 = 4; *(uint8_t*)0x10000045 = 0xac; *(uint8_t*)0x10000046 = 0x14; *(uint8_t*)0x10000047 = 0; *(uint8_t*)0x10000048 = 0xbb; *(uint32_t*)0x10000049 = htobe32(-1); *(uint8_t*)0x1000004d = 0xac; *(uint8_t*)0x1000004e = 0x14; *(uint8_t*)0x1000004f = 0; *(uint8_t*)0x10000050 = 0xbb; *(uint32_t*)0x10000051 = htobe32(0); *(uint8_t*)0x10000055 = 0x94; *(uint8_t*)0x10000056 = 6; *(uint32_t*)0x10000057 = htobe32(9); *(uint8_t*)0x1000005b = 0x94; *(uint8_t*)0x1000005c = 6; *(uint32_t*)0x1000005d = htobe32(0x80000001); *(uint8_t*)0x10000061 = 1; *(uint8_t*)0x10000062 = 0x83; *(uint8_t*)0x10000063 = 0x1f; *(uint8_t*)0x10000064 = 2; *(uint32_t*)0x10000065 = htobe32(0xe0000002); *(uint32_t*)0x10000069 = htobe32(0xe0000001); *(uint32_t*)0x1000006d = htobe32(0x7f000001); *(uint32_t*)0x10000071 = htobe32(0); *(uint32_t*)0x10000075 = htobe32(0x7f000001); *(uint32_t*)0x10000079 = htobe32(0x7f000001); *(uint32_t*)0x1000007d = htobe32(0xe0000001); memcpy((void*)0x10000082, "\x8d\x86\x2d\x09\x9b\x6b\xb2\xba\x6a\xea\xa6\xab\xd3\xe9\xd5\x82\xc9", 17); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x10000012, 112); *(uint16_t*)0x1000001c = csum_inet_digest(&csum_1); break; case 11: memcpy((void*)0x100000c0, "\xc4\xe1\xf5\xf3\x7b\x05\xc4\xc2\xf5\x47\x52\x5a\x80\x8f\x4e\x00\x00\x00\x00\x66\x0f\x38\x1d\xbc\x60\x07\x00\x00\x00\xc4\xe2\xad\x91\x74\xae\x7e\x81\xfe\x00\x00\x00\x00\x8f\xe9\xa0\x99\xd8\xe4\xff\xc4\xc1\x93\x5c\x17\xc4\xc3\xe1\x41\xae\x2f\x10\x9d\xc2\xd8", 64); syz_execute_func(0x100000c0); break; case 12: break; } } int main(void) { syscall(SYS_mmap, 0x10000000, 0x1000000, 7, 0x1012, -1, 0); use_temporary_dir(); do_sandbox_none(); return 0; } :360:17: error: use of undeclared identifier 'SYS_shm_open2' res = syscall(SYS_shm_open2, 0x10000240, 0x800, 0, 7, 0x10000280); ^ 1 error generated. compiler invocation: clang [-o /tmp/syz-executor922590397 -DGOOS_freebsd=1 -DGOARCH_386=1 -DHOSTGOOS_freebsd=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static -lc++ -Wno-overflow] --- FAIL: TestGenerate/freebsd/386/10 (1.74s) csource_test.go:123: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:false HandleSegv:false Repro:false Trace:false} program: setsockopt$inet_opts(0xffffffffffffff9c, 0x0, 0x0, &(0x7f0000000000)="ec04a904b9d2ea02fab2df1d9de39f3f5aa2344397e186204d39d74da156e7c6cd98195b7b83c652b06b6222bdef3363961bf47e9b530fbf65bae3607b60941e2715bd678fcebc5524bcefd3184d", 0x4e) ioctl$DIOCSETIFFLAG(0xffffffffffffffff, 0xc0284459, &(0x7f0000000180)={0x10, &(0x7f0000000080)="de11c2a774191d70f51e7c3e375c2814ac72c2d5d0404a2e3d5baf92161f3b451efe9c4c79d7660668f6073e2f76c5f2145195e8c1a4ec34b6f69c1b582768207b28a979f05adc14a3357fe7c493fc81a9177524631bb209be637f8695747fa7cf1c68ac691f169c1b8fb67d7a3776ddfc620ffbe6831f74d2f2d089a4ffecf510a99702258c58ea9e871d4f4ab9a347aabdbb03585b37b5c79436c0c1160a5876b61bbf0c814bb49a27a36082df13cb2f9de2f942b6ac7e158880cfc03cfdccca9fc0f2347eb543a343b4c92707fe736a86a35d58e26f6fd2e9ec8f82", 0x7, 0x5a764000, 0x6}) recvfrom$inet6(0xffffffffffffff9c, &(0x7f00000001c0)=""/23, 0x17, 0x2, &(0x7f0000000200)={0x1c, 0x1c, 0x3, 0x6, @loopback, 0x2d99}, 0x1c) r0 = shm_open2(&(0x7f0000000240)='./file0\x00', 0x800, 0x0, 0x7, &(0x7f0000000280)='\x00') sendfile(r0, 0xffffffffffffff9c, 0x8, 0x800, &(0x7f00000015c0)={&(0x7f0000000540)=[{&(0x7f00000002c0)="efacade58ab0192351a102ada32ad1f41e429edf6c4a513ac6d669cadb222eb68297ab8f9f7b3234d0c6cfa280ad14dc1c4c34175119446d79a030d48b57304eb90b428c202382d86cd71e9c1ecc8d3e2d764aae3714cb591eb027e46943e23eb7656875867e603cf13892a74c42bb1844c27f7f454f9661f1dbb35004ada4d6d75b1df342e967493d207d6b8b4edcbf9d1e378445573684ed139b671abf6576edf8d7342cd8649d376970acbde224a7b0b6a975a8ba0a768ed6abe16c1b694f65dd4231f48c2884", 0xc8}, {&(0x7f00000003c0)="a6e4fe186c760ac2ebbcf9efda5e22e2df6f153fccda1c16976037d03ee004c3fbba5d35b6c083130fc705f95889ba6adbe5e3a7a5e70136a0ca085b7e504d0df55fe184a9bd7a82", 0x48}, {&(0x7f0000000440)="c7e00030b3c4541743ee6513", 0xc}, {&(0x7f0000000480)="a4a67a4e72492b9fab6379e4c0f35b22b69b6e7aefc56beefa857ae28543", 0x1e}, {&(0x7f00000004c0)="8f095f8df1c6bc4dfc1d826f02dfa7794bebf9e7ffc7160f276a53d1abc996fca8c8dbc7c79c09cd5f954775c9e8fc1cf2e0e3c054fb54b662d1b45f5235fdbf860c3fed3dc34ceb30c44baa4ded7de7e9533f4dca146db0db35a93ba654d49011d9cb98d1576b731b9c2bb58c0df4edee6ef5ae1f8b6bc9646f5b4ade4dd52a", 0x80}], 0x5, &(0x7f0000001580)=[{&(0x7f0000000580)="8edaafd215ce7b65c301b4c92651648d0898187ccdb01a4d76b5e301ed4dc9a8863dc7f7ae3bad050227e374a16898e6004c8414847ad74972edac24dc8af73efdef3cfa98e46ff109f6639f4f1417146e2a2c1834c974f3e464ef4b9c88085227ad382c926de3191e689632fad2e80be97123084f70ff095d026a80f01d73752db200c3609bc6e8bbc9187cb85a6519bafc4f15ecca30558d8fc19c9c8cfb94a2f1e70345adf2b01814e7376e9f4492a3bf3883e22df30568632f51c3a6b363d5a968937e1ee977a34f412d00ad70c1c91a7c39ead08d366e10ffc0552b5deae8e1fbee08abf3eade68a0ea2f89f27c3b9a4eb1d202932a128b552adfa688556cce27e1a831daca249c6c8c8af9f50e793b7f86a971eb6ea8ac68fe0646ced0185775d71aece79e93cdeb67ee01e931c345a23ee4a612e131da8b80ac0ad845a4e2712cc43b244df22df822b2b336d8ab18588b607526a1e5951fe7393d5cbef86c42988f3e8b5fb0de54c9aabe6ae7c13cec0506ae837b795539d412fe96e4c546a7d9c9d2830ed163fbc20aab884f5b1159a6ab62d266b2c32597cc06685b789b80f8d2664c87f09956a29dcd3fc0e9ba35d668590e0dcfbcbb6185e1e870324f22b167a2204e271eff9dcbb36c1f52cf2fe376046126cd24de4b8d8e9e367e17179abb59d26cdee75ceab93d2b2400f7086542d957bc80da1069c5f7518e8608fae3f948cb7c272f7e360da0fb84aa2330f996088310c7e42379cc7837b85a646c44d153bed8eb8f95bc3d5411e33ec832ab8156923c7324dfc43386d3419d36603f699a321fd61fc9f9765a2a64b16d47e0870e1971231dc616647028c4b35bea6e59dbdbe9a29a5f46389ecb655711e90f49a98c021493df41177466f02589339a40b3b486a25ccada3caae496314a5a2b54a11cf6fb7e87d84d01ea853e970cf18a1b53db5d156375abe41ad686a4b4b4c2475a31ecdfe5f22ba51f666d22e6c7434c722c7565eeb5346eecd1e25557722166ac7e50929fefbb3f2999d152938f7f3cec1defe5a097a5f3a75932ce2c0364ecaf5ffba084f976b5d1ce16e8fb4d12348a6fd167117f080a89f54ebe8bdc10ed4d34df568042ddc103d02d13b6af17807f2760091123263c3a00d2d69e57145f8a2de9eb50ebe89a3efac53ab73a57744070a5140e0e4e25030edbebe83341fdc545ab2b4aa8a0feb09632d84ef01162d93d0d8fa9510f597ea20032e194df444a83960b99658d076fe3bccde903fb30471fd000fbcd4201a62936c7c718405394e6612ddd77e415ef8879a2761f6678ee0e23f4a1398c83da959e97236c67b0bc39717dfd9cb308a21343c83d43f24ea70a1040a98fb1958de1a35a27ed76c7c7ec82ae3a01b3ca53b118892f2045a5747de14c54a99b438e85ab2af93ef151a39ee0157c6c9d0e4e1ff5b3c6ff6ab0739ff9524221c6b675bb884bbe64a62141592c8cc99760f17abc44706ff37e313c7553dff34cf649e056a05cf62cb379a64c4b3e549eb1c572b917ea715ab1e7cc691545d5092813bf3ef2cd9ff914af31c14bb57dd406a0b48916d5cee27b0d79ec74296257489c835bba62d2e4f89573a121300876ca4611d8066d76b3e79e1d36132cc8d6b99eebaeacef786a598d6dbb43afc42e5415424360970731b273736b062a2753d10f7aa0f6c082fe2d80ea112bea0a05a9b5488ef189057c48429a5ed4d0c3363b7e6dfa252cd886ec7f51bc9eef81c1031786b26bd6f468a02b4d6a494d8876ab986084fc73b584c1619b70fc6825a2ab85c9cd1db81c835a452c01b4438a2851b8e4d5c4a9678946c4e25f7fdf456dc7e61de3dd6f1302b0194db7be1b41fd064cc35d119ce291592aaf8d07f2ceae8b20e3b1a933ec75699f969632ecd6fa91591ea58744edd5466046c809993f4cbffae1d527ed1bb22d9e1e02295d3586de90950247a1b1dfcfc9415942f46c3f194c6cb06e7011e96478bcd3aa33542eb20447e4afa5c48b1372cb07216318b071f898b0e8632ad0df9afe12cf52be135457241e2e49ca492f77b81e9650d2c85282a6ac7844b1946007bef7a0d53b1a5e285749c0d21de5c192c631696d36503daa612ac70e30d3b7349e21bc99bdc4c3a941bd7a33ef35bb3512ae9826c46d8c9a21da2773921bfdaf6fbf649da2b225861b676440258334167f9d7eb1e03d30f3cc279d01ec5ad7eecff29f296ef60355c8c13e045c8ac97805d066f81cf4c859fedbe741bc2737cea891d95c9c69f21aa58edca272dec60c3e77abaf597308e07913584e435786b9ff401a4cbb050335b56a20e652c1d36ff74b8ef2f59578594cd973b79430110b3e943835406288f9a20d0d649dc5630bc50711fed106f325be5fce20ff7672dfdbe14df66d40c430378b7d885c3e7f115b49c84d26c4b309e13af4fd2b4556a9642c48f8a81b64d5dd600f4b29aa2ad3a8df28a84b056070005eb737860583dfc8da5e3144f0ef29580d1940798a6124efe2d180c811da06eda2548165a2a82ea018d8c07a967c063b179ba971c09ce7c19ba96ea34c676e140cf06abd6dc6ce75546e42e71bbb9eeef1547588d9d928aa6ee221eb720d8a073398326cfcb616e34e1dee6fc88c29ddfb4e9cc57e89d33fa4f9fffe48efbbe7c247f825cc24f30df2ba35d7aa2cedb53dbdc0d88a1c68197f1f5fba83ec211892d934e803db2126b667d0f0fbe23bb65e765549ee5bc198458707e4cc826caa4c40f9da0664f9a1f7f4e7f8636012ca46a3bbf545d6b8a7e57b8c432c3aa5065e78983a8add9e1485a6fdd40554490c29dca6ddfa0f9803a621b438c168d1864bd021348e22e6a652137dd7fd0aa854b0037cc299774fe6ea3e76e2b5e888d94071441159256037bf358f941d69fe241beb1eca951a604d3768ab88cc1823b3b45b4c3ed1c75ade6170e5880274beb7d5df0d4f7fff8c00dfc2a49325c61dc8b5008449400d784a66089fe5ae1c4f47826787682832c8c57b74e15cfc63ad03056ee0b8c22ef892a3429bb124cf0a224c036c7c59e3a3908ca49b72089ef815533faa1aaf78ec5ab8a98e56bdd8b4e2579735beb27be0f18cae83c4b854e1179d9f327d81bd035272a12471d6e728fb87eeb2d8a112a2704ca64d5b0044d9262294e6137bffd6f9c23137924661ef102744cb5a0ef9d5eaa3789c934c5ea1237fe071d6ee064d2c3cdc6217c1ba0bde93b06ee69899e7eeb850e583cb23c90722d002f23479533134e1abb6a6e6201357c8ce82906b81a9ff0d5b5447264a3918181664213e7e8d953011c6eda2f683c2ff85f668a56f3a070abceae972741c6e0c6513d35ec8665e110694834e1e2be2f6790fab65fd5b1be7d0b1c0b40af19c03cc291056d3e09d3bee77d9029ec49eaedfa054a9ef943c12e5e81992e41612b6c1d9422858f7ffcf8bb72ea68ce969c8c883f4d8225a3cda94016348dfe77a8a033274c95f2e0e7b1e4c51e132dc653964b10654fca84b729f6c6091ceeb427f147ffc9420942b827ef787eef917e3e36c702fe419561922ebba7e687a81e95b2dce352f208b51736897758814ff99d52a6031af9f92b344c02e9a2d65571f8d8a744b913adfe2a04948e3deed0faadec648c8ed2138acc024d8f14cec7e8cf003585f2f7f0650fde160a891337315bef61174b94224ae4968d22fbf284254e43413194f4bc14d84e2baf591c62420ebceff8a2245b2a4d5f3bc7d0b285f9c2607d3340b9cbc90ab7bee1bbed925dcbbce614470a30a4948c4bb90fcb65220ebedb168af885104219be85cd74ab9f5200640d9ce2937b9a362b17d4b6f41eaee1208906c238862dcbf421eb390624f01f22b653d8edaa3f0d81aafffe5374a46f227dfffe7a0eae723c33b6ab41befaefb6d629f25ad38c6f4879580034c578dfd1ce91b3fd2ffa878a992324ad1181f1ae04a1620ad3ad53821ec579fb29ecc53ab1d35011133d7b59715c228ec45d1662c87ed0287862ffb498cbd0410a391f142489fe6e369e3526b39e05c13c3574b1152341a237eed902ebf49b4b2548795e418c1e57e011061298d3a9dbcf2c2caccad013d03123208adddbe99e9f523dd0379dd537a93508b9aa29d1e7f286aa9983eb5b59ccaecffc31466f7f13ef320efa0c2fe393b5a0fb25e867f7951a6e25656d7e9905bc00c855ad0f4b9c55b33d99fa1358848c037e6ff9c76523764febd6d8ec83f70338e7ff728a52c661b2b0282381d2c169267b11d4dc383e62ae646d1cf9323b2d0cf3c561f81c7d2b0873d96ba97247cc47e222e226a6d151f11f2f50b767bac93a9dcf1711ac45b1c528fa9a9442f2958218a021f3305ec037d590019dd4d83d3441628e4ad6a6c595062c0a7822d090527833786d5e8f31002212661f50006549dd1d3b462456ef126814073c06b96e78406b6d4494d887fe7c794b75399c2c13ffb56f291bd4a7d36155de7e01fa35b7bec8bcacd43c8bb6ca6f09a15003bb8287ce68e1cab702cc309c7bebb0699ab4da85448da0db0340594a8e2e7ac83a32d3e7187c8d45d85b9fba5a29937143d7b011721f515a4945bbefbe554da5d3c7cb5f127fc13793f3732c90a4a58eaec22a93ed04e82e8347c707326436775da4df8add39fe46fd4dc4ff6592098454eb82b14a0d977e7d8f0610cc0f251c7df75fb6e9e64545b2828a15e1894d9586cd6c88f82d469c64d48b8cc3883e81f0172d089e8577e4bde2b5d59e7b9c835a7978081dc009c1867c7b202e554bbf4fe8cbc033bd32c75f12deb3d6533f4a87efd2f031e867b6589d170976120fa40cf08715d5686e719db2b04fc95c88771785854be7fdfd78eb1a9be035f6f674f9fa508aa90da71d5bafdb445d77e7fe38d24625d42a2e003bb3d153ee1e13af32ada0cf208fa2f9445191d558e61e8bde4cdbb790f43bb96285166fde2a5ac6a1deb58c0b00bea388198d49c4f5fe82ae9d61f5210a7257d22d776e77fa61545eaaf370f36c28c7508241d32715f7ec2848cac7f2d4df18a512a3226dfe97c5951d313fc09599fd21bb2900241483a12ffc57598e4f09cb85ae6962f2757050de6eccef034af3a84f250cbf0ea649a7a87b2901d4c6b3ea93225fc2cec0b6c9804e4eda002a3d24da0a55e6d9a0ad1807221bade6da8e84c86e322f7b3e1e087515aefa11de3e198b8187b1adb904a5361590b90915b73eb96342b1ed9e34c5bb68f81396be94b31df136a65868d796c7622dd8e7f78ce81d7db24163ad784d4815ff817bf8811d1293c7e88fe4d7821783191e03b5682ae7c0dadd4a92724aafce024ae0acc8e39cd3eaf4ede024907e50977228df4d3a6a428886fb24f9aa15366bcae6ebb1751402b9f34a38540c09293047fe94373c17a9cccff1a1de322efc3fe334801aa76444dd0d4c017feb9d453eb35f21efe332ed9ae75571ca5778eb4b69d94f769dbf08cafa07a7f42f12f8f2a9e3eb6976e0162c3f23451d974c87f6063bd31db1385811b554c8550ba5130f88d797a8bab3e01b21e5febd2b0f66e8f5842c104107428423a8c8d394c5e19ea717587a92fe070e5b49ec4af4bc632e2f3e80fa65116f38e12d8a218f4f236105e390802b3f9921650ba418177f833261861abeebfaec31989492f7f02d1b062169d3bee9aa399d3dfa9f98d4829e98fe767236f5dd98109439d31999c03519ea38de25b3fe38b420fbe4552e9adedb307fdffc98ea4586d60ee313328c5b6c3ff504ebed28f56698016dd796b9b9e850d7918d8b8", 0x1000}], 0x1}, &(0x7f0000001600), 0x9) ioctl$DIOCXROLLBACK(0xffffffffffffffff, 0xc0104453, &(0x7f0000001640)="6c811ba52c139b40dc5680cb0275fdd440468e4dae07c745ba758cb266742f468fc42da0669f6061cb2c9f921e953451b3135e0174fe8eb1aebb2c3eb8a7fb3fc8dea18e652d01e7184ca65dce04f4679afed2766b067349de7a5ef60b586992919a20382c0a1f20af0c9c7fac61cf18383e36fe56502f5f26b8") freebsd10_pipe(&(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_sctp_SCTP_BINDX_REM_ADDR(r2, 0x84, 0x8002, &(0x7f0000001700)=@in={0x10, 0x2, 0x3, @rand_addr=0x7}, &(0x7f0000001740)=0x10) getsockopt$inet6_sctp_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x20, &(0x7f0000001780), &(0x7f00000017c0)=0x4) getsockopt$inet6_sctp_SCTP_HMAC_IDENT(r1, 0x84, 0x14, &(0x7f0000001800)={0x8, [0x1000, 0x0, 0x8000, 0x200, 0x4000, 0x0, 0x1, 0x0]}, &(0x7f0000001840)=0x14) syz_emit_ethernet(0x93, &(0x7f0000000000)={@random="c90c8a7c337f", @local, [{}], {@ipv4={0x800, {{0x1c, 0x4, 0x0, 0x0, 0x81, 0x65, 0x5, 0x1, 0x46, 0x0, @broadcast, @remote={0xac, 0x14, 0x0}, {[@end, @timestamp={0x44, 0xc, 0x5, 0x0, 0x3, [{[], 0x9}, {[], 0x4}]}, @lsrr={0x83, 0xb, 0x6, [@multicast1, @broadcast]}, @generic={0x0, 0x4, "a4d4"}, @ssrr={0x89, 0x13, 0x4, [@remote={0xac, 0x14, 0x0}, @broadcast, @remote={0xac, 0x14, 0x0}, @empty]}, @ra={0x94, 0x6, 0x9}, @ra={0x94, 0x6, 0x80000001}, @noop, @lsrr={0x83, 0x1f, 0x2, [@multicast2, @multicast1, @loopback, @empty, @loopback, @loopback, @multicast1]}]}}, @generic="8d862d099b6bb2ba6aeaa6abd3e9d582c9"}}}}) syz_execute_func(&(0x7f00000000c0)="c4e1f5f37b05c4c2f547525a808f4e00000000660f381dbc6007000000c4e2ad9174ae7e81fe000000008fe9a099d8e4ffc4c1935c17c4c3e141ae2f109dc2d8") syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x7ff) csource_test.go:124: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static void sandbox_common() { if (setsid() == -1) exit(1); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 128 << 20; setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 13; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 45); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5 * 1000) continue; kill_and_wait(pid, &status); break; } } } uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: memcpy((void*)0x10000000, "\xec\x04\xa9\x04\xb9\xd2\xea\x02\xfa\xb2\xdf\x1d\x9d\xe3\x9f\x3f\x5a\xa2\x34\x43\x97\xe1\x86\x20\x4d\x39\xd7\x4d\xa1\x56\xe7\xc6\xcd\x98\x19\x5b\x7b\x83\xc6\x52\xb0\x6b\x62\x22\xbd\xef\x33\x63\x96\x1b\xf4\x7e\x9b\x53\x0f\xbf\x65\xba\xe3\x60\x7b\x60\x94\x1e\x27\x15\xbd\x67\x8f\xce\xbc\x55\x24\xbc\xef\xd3\x18\x4d", 78); syscall(SYS_setsockopt, 0xffffff9c, 0, 0, 0x10000000, 0x4e); break; case 1: *(uint8_t*)0x10000180 = 0x10; *(uint32_t*)0x10000184 = 0x10000080; memcpy((void*)0x10000080, "\xde\x11\xc2\xa7\x74\x19\x1d\x70\xf5\x1e\x7c\x3e\x37\x5c\x28\x14\xac\x72\xc2\xd5\xd0\x40\x4a\x2e\x3d\x5b\xaf\x92\x16\x1f\x3b\x45\x1e\xfe\x9c\x4c\x79\xd7\x66\x06\x68\xf6\x07\x3e\x2f\x76\xc5\xf2\x14\x51\x95\xe8\xc1\xa4\xec\x34\xb6\xf6\x9c\x1b\x58\x27\x68\x20\x7b\x28\xa9\x79\xf0\x5a\xdc\x14\xa3\x35\x7f\xe7\xc4\x93\xfc\x81\xa9\x17\x75\x24\x63\x1b\xb2\x09\xbe\x63\x7f\x86\x95\x74\x7f\xa7\xcf\x1c\x68\xac\x69\x1f\x16\x9c\x1b\x8f\xb6\x7d\x7a\x37\x76\xdd\xfc\x62\x0f\xfb\xe6\x83\x1f\x74\xd2\xf2\xd0\x89\xa4\xff\xec\xf5\x10\xa9\x97\x02\x25\x8c\x58\xea\x9e\x87\x1d\x4f\x4a\xb9\xa3\x47\xaa\xbd\xbb\x03\x58\x5b\x37\xb5\xc7\x94\x36\xc0\xc1\x16\x0a\x58\x76\xb6\x1b\xbf\x0c\x81\x4b\xb4\x9a\x27\xa3\x60\x82\xdf\x13\xcb\x2f\x9d\xe2\xf9\x42\xb6\xac\x7e\x15\x88\x80\xcf\xc0\x3c\xfd\xcc\xca\x9f\xc0\xf2\x34\x7e\xb5\x43\xa3\x43\xb4\xc9\x27\x07\xfe\x73\x6a\x86\xa3\x5d\x58\xe2\x6f\x6f\xd2\xe9\xec\x8f\x82", 221); *(uint32_t*)0x10000188 = 7; *(uint32_t*)0x1000018c = 0x5a764000; *(uint32_t*)0x10000190 = 6; syscall(SYS_ioctl, -1, 0xc0284459, 0x10000180); break; case 2: *(uint8_t*)0x10000200 = 0x1c; *(uint8_t*)0x10000201 = 0x1c; *(uint16_t*)0x10000202 = htobe16(0x4e23); *(uint32_t*)0x10000204 = 6; *(uint64_t*)0x10000208 = htobe64(0); *(uint64_t*)0x10000210 = htobe64(1); *(uint32_t*)0x10000218 = 0x2d99; syscall(SYS_recvfrom, 0xffffff9c, 0x100001c0, 0x17, 2, 0x10000200, 0x1c); break; case 3: memcpy((void*)0x10000240, "./file0\000", 8); memcpy((void*)0x10000280, "\000", 1); res = syscall(SYS_shm_open2, 0x10000240, 0x800, 0, 7, 0x10000280); if (res != -1) r[0] = res; break; case 4: *(uint32_t*)0x100015c0 = 0x10000540; *(uint32_t*)0x10000540 = 0x100002c0; memcpy((void*)0x100002c0, "\xef\xac\xad\xe5\x8a\xb0\x19\x23\x51\xa1\x02\xad\xa3\x2a\xd1\xf4\x1e\x42\x9e\xdf\x6c\x4a\x51\x3a\xc6\xd6\x69\xca\xdb\x22\x2e\xb6\x82\x97\xab\x8f\x9f\x7b\x32\x34\xd0\xc6\xcf\xa2\x80\xad\x14\xdc\x1c\x4c\x34\x17\x51\x19\x44\x6d\x79\xa0\x30\xd4\x8b\x57\x30\x4e\xb9\x0b\x42\x8c\x20\x23\x82\xd8\x6c\xd7\x1e\x9c\x1e\xcc\x8d\x3e\x2d\x76\x4a\xae\x37\x14\xcb\x59\x1e\xb0\x27\xe4\x69\x43\xe2\x3e\xb7\x65\x68\x75\x86\x7e\x60\x3c\xf1\x38\x92\xa7\x4c\x42\xbb\x18\x44\xc2\x7f\x7f\x45\x4f\x96\x61\xf1\xdb\xb3\x50\x04\xad\xa4\xd6\xd7\x5b\x1d\xf3\x42\xe9\x67\x49\x3d\x20\x7d\x6b\x8b\x4e\xdc\xbf\x9d\x1e\x37\x84\x45\x57\x36\x84\xed\x13\x9b\x67\x1a\xbf\x65\x76\xed\xf8\xd7\x34\x2c\xd8\x64\x9d\x37\x69\x70\xac\xbd\xe2\x24\xa7\xb0\xb6\xa9\x75\xa8\xba\x0a\x76\x8e\xd6\xab\xe1\x6c\x1b\x69\x4f\x65\xdd\x42\x31\xf4\x8c\x28\x84", 200); *(uint32_t*)0x10000544 = 0xc8; *(uint32_t*)0x10000548 = 0x100003c0; memcpy((void*)0x100003c0, "\xa6\xe4\xfe\x18\x6c\x76\x0a\xc2\xeb\xbc\xf9\xef\xda\x5e\x22\xe2\xdf\x6f\x15\x3f\xcc\xda\x1c\x16\x97\x60\x37\xd0\x3e\xe0\x04\xc3\xfb\xba\x5d\x35\xb6\xc0\x83\x13\x0f\xc7\x05\xf9\x58\x89\xba\x6a\xdb\xe5\xe3\xa7\xa5\xe7\x01\x36\xa0\xca\x08\x5b\x7e\x50\x4d\x0d\xf5\x5f\xe1\x84\xa9\xbd\x7a\x82", 72); *(uint32_t*)0x1000054c = 0x48; *(uint32_t*)0x10000550 = 0x10000440; memcpy((void*)0x10000440, "\xc7\xe0\x00\x30\xb3\xc4\x54\x17\x43\xee\x65\x13", 12); *(uint32_t*)0x10000554 = 0xc; *(uint32_t*)0x10000558 = 0x10000480; memcpy((void*)0x10000480, "\xa4\xa6\x7a\x4e\x72\x49\x2b\x9f\xab\x63\x79\xe4\xc0\xf3\x5b\x22\xb6\x9b\x6e\x7a\xef\xc5\x6b\xee\xfa\x85\x7a\xe2\x85\x43", 30); *(uint32_t*)0x1000055c = 0x1e; *(uint32_t*)0x10000560 = 0x100004c0; memcpy((void*)0x100004c0, "\x8f\x09\x5f\x8d\xf1\xc6\xbc\x4d\xfc\x1d\x82\x6f\x02\xdf\xa7\x79\x4b\xeb\xf9\xe7\xff\xc7\x16\x0f\x27\x6a\x53\xd1\xab\xc9\x96\xfc\xa8\xc8\xdb\xc7\xc7\x9c\x09\xcd\x5f\x95\x47\x75\xc9\xe8\xfc\x1c\xf2\xe0\xe3\xc0\x54\xfb\x54\xb6\x62\xd1\xb4\x5f\x52\x35\xfd\xbf\x86\x0c\x3f\xed\x3d\xc3\x4c\xeb\x30\xc4\x4b\xaa\x4d\xed\x7d\xe7\xe9\x53\x3f\x4d\xca\x14\x6d\xb0\xdb\x35\xa9\x3b\xa6\x54\xd4\x90\x11\xd9\xcb\x98\xd1\x57\x6b\x73\x1b\x9c\x2b\xb5\x8c\x0d\xf4\xed\xee\x6e\xf5\xae\x1f\x8b\x6b\xc9\x64\x6f\x5b\x4a\xde\x4d\xd5\x2a", 128); *(uint32_t*)0x10000564 = 0x80; *(uint32_t*)0x100015c4 = 5; *(uint32_t*)0x100015c8 = 0x10001580; *(uint32_t*)0x10001580 = 0x10000580; memcpy((void*)0x10000580, "\x8e\xda\xaf\xd2\x15\xce\x7b\x65\xc3\x01\xb4\xc9\x26\x51\x64\x8d\x08\x98\x18\x7c\xcd\xb0\x1a\x4d\x76\xb5\xe3\x01\xed\x4d\xc9\xa8\x86\x3d\xc7\xf7\xae\x3b\xad\x05\x02\x27\xe3\x74\xa1\x68\x98\xe6\x00\x4c\x84\x14\x84\x7a\xd7\x49\x72\xed\xac\x24\xdc\x8a\xf7\x3e\xfd\xef\x3c\xfa\x98\xe4\x6f\xf1\x09\xf6\x63\x9f\x4f\x14\x17\x14\x6e\x2a\x2c\x18\x34\xc9\x74\xf3\xe4\x64\xef\x4b\x9c\x88\x08\x52\x27\xad\x38\x2c\x92\x6d\xe3\x19\x1e\x68\x96\x32\xfa\xd2\xe8\x0b\xe9\x71\x23\x08\x4f\x70\xff\x09\x5d\x02\x6a\x80\xf0\x1d\x73\x75\x2d\xb2\x00\xc3\x60\x9b\xc6\xe8\xbb\xc9\x18\x7c\xb8\x5a\x65\x19\xba\xfc\x4f\x15\xec\xca\x30\x55\x8d\x8f\xc1\x9c\x9c\x8c\xfb\x94\xa2\xf1\xe7\x03\x45\xad\xf2\xb0\x18\x14\xe7\x37\x6e\x9f\x44\x92\xa3\xbf\x38\x83\xe2\x2d\xf3\x05\x68\x63\x2f\x51\xc3\xa6\xb3\x63\xd5\xa9\x68\x93\x7e\x1e\xe9\x77\xa3\x4f\x41\x2d\x00\xad\x70\xc1\xc9\x1a\x7c\x39\xea\xd0\x8d\x36\x6e\x10\xff\xc0\x55\x2b\x5d\xea\xe8\xe1\xfb\xee\x08\xab\xf3\xea\xde\x68\xa0\xea\x2f\x89\xf2\x7c\x3b\x9a\x4e\xb1\xd2\x02\x93\x2a\x12\x8b\x55\x2a\xdf\xa6\x88\x55\x6c\xce\x27\xe1\xa8\x31\xda\xca\x24\x9c\x6c\x8c\x8a\xf9\xf5\x0e\x79\x3b\x7f\x86\xa9\x71\xeb\x6e\xa8\xac\x68\xfe\x06\x46\xce\xd0\x18\x57\x75\xd7\x1a\xec\xe7\x9e\x93\xcd\xeb\x67\xee\x01\xe9\x31\xc3\x45\xa2\x3e\xe4\xa6\x12\xe1\x31\xda\x8b\x80\xac\x0a\xd8\x45\xa4\xe2\x71\x2c\xc4\x3b\x24\x4d\xf2\x2d\xf8\x22\xb2\xb3\x36\xd8\xab\x18\x58\x8b\x60\x75\x26\xa1\xe5\x95\x1f\xe7\x39\x3d\x5c\xbe\xf8\x6c\x42\x98\x8f\x3e\x8b\x5f\xb0\xde\x54\xc9\xaa\xbe\x6a\xe7\xc1\x3c\xec\x05\x06\xae\x83\x7b\x79\x55\x39\xd4\x12\xfe\x96\xe4\xc5\x46\xa7\xd9\xc9\xd2\x83\x0e\xd1\x63\xfb\xc2\x0a\xab\x88\x4f\x5b\x11\x59\xa6\xab\x62\xd2\x66\xb2\xc3\x25\x97\xcc\x06\x68\x5b\x78\x9b\x80\xf8\xd2\x66\x4c\x87\xf0\x99\x56\xa2\x9d\xcd\x3f\xc0\xe9\xba\x35\xd6\x68\x59\x0e\x0d\xcf\xbc\xbb\x61\x85\xe1\xe8\x70\x32\x4f\x22\xb1\x67\xa2\x20\x4e\x27\x1e\xff\x9d\xcb\xb3\x6c\x1f\x52\xcf\x2f\xe3\x76\x04\x61\x26\xcd\x24\xde\x4b\x8d\x8e\x9e\x36\x7e\x17\x17\x9a\xbb\x59\xd2\x6c\xde\xe7\x5c\xea\xb9\x3d\x2b\x24\x00\xf7\x08\x65\x42\xd9\x57\xbc\x80\xda\x10\x69\xc5\xf7\x51\x8e\x86\x08\xfa\xe3\xf9\x48\xcb\x7c\x27\x2f\x7e\x36\x0d\xa0\xfb\x84\xaa\x23\x30\xf9\x96\x08\x83\x10\xc7\xe4\x23\x79\xcc\x78\x37\xb8\x5a\x64\x6c\x44\xd1\x53\xbe\xd8\xeb\x8f\x95\xbc\x3d\x54\x11\xe3\x3e\xc8\x32\xab\x81\x56\x92\x3c\x73\x24\xdf\xc4\x33\x86\xd3\x41\x9d\x36\x60\x3f\x69\x9a\x32\x1f\xd6\x1f\xc9\xf9\x76\x5a\x2a\x64\xb1\x6d\x47\xe0\x87\x0e\x19\x71\x23\x1d\xc6\x16\x64\x70\x28\xc4\xb3\x5b\xea\x6e\x59\xdb\xdb\xe9\xa2\x9a\x5f\x46\x38\x9e\xcb\x65\x57\x11\xe9\x0f\x49\xa9\x8c\x02\x14\x93\xdf\x41\x17\x74\x66\xf0\x25\x89\x33\x9a\x40\xb3\xb4\x86\xa2\x5c\xca\xda\x3c\xaa\xe4\x96\x31\x4a\x5a\x2b\x54\xa1\x1c\xf6\xfb\x7e\x87\xd8\x4d\x01\xea\x85\x3e\x97\x0c\xf1\x8a\x1b\x53\xdb\x5d\x15\x63\x75\xab\xe4\x1a\xd6\x86\xa4\xb4\xb4\xc2\x47\x5a\x31\xec\xdf\xe5\xf2\x2b\xa5\x1f\x66\x6d\x22\xe6\xc7\x43\x4c\x72\x2c\x75\x65\xee\xb5\x34\x6e\xec\xd1\xe2\x55\x57\x72\x21\x66\xac\x7e\x50\x92\x9f\xef\xbb\x3f\x29\x99\xd1\x52\x93\x8f\x7f\x3c\xec\x1d\xef\xe5\xa0\x97\xa5\xf3\xa7\x59\x32\xce\x2c\x03\x64\xec\xaf\x5f\xfb\xa0\x84\xf9\x76\xb5\xd1\xce\x16\xe8\xfb\x4d\x12\x34\x8a\x6f\xd1\x67\x11\x7f\x08\x0a\x89\xf5\x4e\xbe\x8b\xdc\x10\xed\x4d\x34\xdf\x56\x80\x42\xdd\xc1\x03\xd0\x2d\x13\xb6\xaf\x17\x80\x7f\x27\x60\x09\x11\x23\x26\x3c\x3a\x00\xd2\xd6\x9e\x57\x14\x5f\x8a\x2d\xe9\xeb\x50\xeb\xe8\x9a\x3e\xfa\xc5\x3a\xb7\x3a\x57\x74\x40\x70\xa5\x14\x0e\x0e\x4e\x25\x03\x0e\xdb\xeb\xe8\x33\x41\xfd\xc5\x45\xab\x2b\x4a\xa8\xa0\xfe\xb0\x96\x32\xd8\x4e\xf0\x11\x62\xd9\x3d\x0d\x8f\xa9\x51\x0f\x59\x7e\xa2\x00\x32\xe1\x94\xdf\x44\x4a\x83\x96\x0b\x99\x65\x8d\x07\x6f\xe3\xbc\xcd\xe9\x03\xfb\x30\x47\x1f\xd0\x00\xfb\xcd\x42\x01\xa6\x29\x36\xc7\xc7\x18\x40\x53\x94\xe6\x61\x2d\xdd\x77\xe4\x15\xef\x88\x79\xa2\x76\x1f\x66\x78\xee\x0e\x23\xf4\xa1\x39\x8c\x83\xda\x95\x9e\x97\x23\x6c\x67\xb0\xbc\x39\x71\x7d\xfd\x9c\xb3\x08\xa2\x13\x43\xc8\x3d\x43\xf2\x4e\xa7\x0a\x10\x40\xa9\x8f\xb1\x95\x8d\xe1\xa3\x5a\x27\xed\x76\xc7\xc7\xec\x82\xae\x3a\x01\xb3\xca\x53\xb1\x18\x89\x2f\x20\x45\xa5\x74\x7d\xe1\x4c\x54\xa9\x9b\x43\x8e\x85\xab\x2a\xf9\x3e\xf1\x51\xa3\x9e\xe0\x15\x7c\x6c\x9d\x0e\x4e\x1f\xf5\xb3\xc6\xff\x6a\xb0\x73\x9f\xf9\x52\x42\x21\xc6\xb6\x75\xbb\x88\x4b\xbe\x64\xa6\x21\x41\x59\x2c\x8c\xc9\x97\x60\xf1\x7a\xbc\x44\x70\x6f\xf3\x7e\x31\x3c\x75\x53\xdf\xf3\x4c\xf6\x49\xe0\x56\xa0\x5c\xf6\x2c\xb3\x79\xa6\x4c\x4b\x3e\x54\x9e\xb1\xc5\x72\xb9\x17\xea\x71\x5a\xb1\xe7\xcc\x69\x15\x45\xd5\x09\x28\x13\xbf\x3e\xf2\xcd\x9f\xf9\x14\xaf\x31\xc1\x4b\xb5\x7d\xd4\x06\xa0\xb4\x89\x16\xd5\xce\xe2\x7b\x0d\x79\xec\x74\x29\x62\x57\x48\x9c\x83\x5b\xba\x62\xd2\xe4\xf8\x95\x73\xa1\x21\x30\x08\x76\xca\x46\x11\xd8\x06\x6d\x76\xb3\xe7\x9e\x1d\x36\x13\x2c\xc8\xd6\xb9\x9e\xeb\xae\xac\xef\x78\x6a\x59\x8d\x6d\xbb\x43\xaf\xc4\x2e\x54\x15\x42\x43\x60\x97\x07\x31\xb2\x73\x73\x6b\x06\x2a\x27\x53\xd1\x0f\x7a\xa0\xf6\xc0\x82\xfe\x2d\x80\xea\x11\x2b\xea\x0a\x05\xa9\xb5\x48\x8e\xf1\x89\x05\x7c\x48\x42\x9a\x5e\xd4\xd0\xc3\x36\x3b\x7e\x6d\xfa\x25\x2c\xd8\x86\xec\x7f\x51\xbc\x9e\xef\x81\xc1\x03\x17\x86\xb2\x6b\xd6\xf4\x68\xa0\x2b\x4d\x6a\x49\x4d\x88\x76\xab\x98\x60\x84\xfc\x73\xb5\x84\xc1\x61\x9b\x70\xfc\x68\x25\xa2\xab\x85\xc9\xcd\x1d\xb8\x1c\x83\x5a\x45\x2c\x01\xb4\x43\x8a\x28\x51\xb8\xe4\xd5\xc4\xa9\x67\x89\x46\xc4\xe2\x5f\x7f\xdf\x45\x6d\xc7\xe6\x1d\xe3\xdd\x6f\x13\x02\xb0\x19\x4d\xb7\xbe\x1b\x41\xfd\x06\x4c\xc3\x5d\x11\x9c\xe2\x91\x59\x2a\xaf\x8d\x07\xf2\xce\xae\x8b\x20\xe3\xb1\xa9\x33\xec\x75\x69\x9f\x96\x96\x32\xec\xd6\xfa\x91\x59\x1e\xa5\x87\x44\xed\xd5\x46\x60\x46\xc8\x09\x99\x3f\x4c\xbf\xfa\xe1\xd5\x27\xed\x1b\xb2\x2d\x9e\x1e\x02\x29\x5d\x35\x86\xde\x90\x95\x02\x47\xa1\xb1\xdf\xcf\xc9\x41\x59\x42\xf4\x6c\x3f\x19\x4c\x6c\xb0\x6e\x70\x11\xe9\x64\x78\xbc\xd3\xaa\x33\x54\x2e\xb2\x04\x47\xe4\xaf\xa5\xc4\x8b\x13\x72\xcb\x07\x21\x63\x18\xb0\x71\xf8\x98\xb0\xe8\x63\x2a\xd0\xdf\x9a\xfe\x12\xcf\x52\xbe\x13\x54\x57\x24\x1e\x2e\x49\xca\x49\x2f\x77\xb8\x1e\x96\x50\xd2\xc8\x52\x82\xa6\xac\x78\x44\xb1\x94\x60\x07\xbe\xf7\xa0\xd5\x3b\x1a\x5e\x28\x57\x49\xc0\xd2\x1d\xe5\xc1\x92\xc6\x31\x69\x6d\x36\x50\x3d\xaa\x61\x2a\xc7\x0e\x30\xd3\xb7\x34\x9e\x21\xbc\x99\xbd\xc4\xc3\xa9\x41\xbd\x7a\x33\xef\x35\xbb\x35\x12\xae\x98\x26\xc4\x6d\x8c\x9a\x21\xda\x27\x73\x92\x1b\xfd\xaf\x6f\xbf\x64\x9d\xa2\xb2\x25\x86\x1b\x67\x64\x40\x25\x83\x34\x16\x7f\x9d\x7e\xb1\xe0\x3d\x30\xf3\xcc\x27\x9d\x01\xec\x5a\xd7\xee\xcf\xf2\x9f\x29\x6e\xf6\x03\x55\xc8\xc1\x3e\x04\x5c\x8a\xc9\x78\x05\xd0\x66\xf8\x1c\xf4\xc8\x59\xfe\xdb\xe7\x41\xbc\x27\x37\xce\xa8\x91\xd9\x5c\x9c\x69\xf2\x1a\xa5\x8e\xdc\xa2\x72\xde\xc6\x0c\x3e\x77\xab\xaf\x59\x73\x08\xe0\x79\x13\x58\x4e\x43\x57\x86\xb9\xff\x40\x1a\x4c\xbb\x05\x03\x35\xb5\x6a\x20\xe6\x52\xc1\xd3\x6f\xf7\x4b\x8e\xf2\xf5\x95\x78\x59\x4c\xd9\x73\xb7\x94\x30\x11\x0b\x3e\x94\x38\x35\x40\x62\x88\xf9\xa2\x0d\x0d\x64\x9d\xc5\x63\x0b\xc5\x07\x11\xfe\xd1\x06\xf3\x25\xbe\x5f\xce\x20\xff\x76\x72\xdf\xdb\xe1\x4d\xf6\x6d\x40\xc4\x30\x37\x8b\x7d\x88\x5c\x3e\x7f\x11\x5b\x49\xc8\x4d\x26\xc4\xb3\x09\xe1\x3a\xf4\xfd\x2b\x45\x56\xa9\x64\x2c\x48\xf8\xa8\x1b\x64\xd5\xdd\x60\x0f\x4b\x29\xaa\x2a\xd3\xa8\xdf\x28\xa8\x4b\x05\x60\x70\x00\x5e\xb7\x37\x86\x05\x83\xdf\xc8\xda\x5e\x31\x44\xf0\xef\x29\x58\x0d\x19\x40\x79\x8a\x61\x24\xef\xe2\xd1\x80\xc8\x11\xda\x06\xed\xa2\x54\x81\x65\xa2\xa8\x2e\xa0\x18\xd8\xc0\x7a\x96\x7c\x06\x3b\x17\x9b\xa9\x71\xc0\x9c\xe7\xc1\x9b\xa9\x6e\xa3\x4c\x67\x6e\x14\x0c\xf0\x6a\xbd\x6d\xc6\xce\x75\x54\x6e\x42\xe7\x1b\xbb\x9e\xee\xf1\x54\x75\x88\xd9\xd9\x28\xaa\x6e\xe2\x21\xeb\x72\x0d\x8a\x07\x33\x98\x32\x6c\xfc\xb6\x16\xe3\x4e\x1d\xee\x6f\xc8\x8c\x29\xdd\xfb\x4e\x9c\xc5\x7e\x89\xd3\x3f\xa4\xf9\xff\xfe\x48\xef\xbb\xe7\xc2\x47\xf8\x25\xcc\x24\xf3\x0d\xf2\xba\x35\xd7\xaa\x2c\xed\xb5\x3d\xbd\xc0\xd8\x8a\x1c\x68\x19\x7f\x1f\x5f\xba\x83\xec\x21\x18\x92\xd9\x34\xe8\x03\xdb\x21\x26\xb6\x67\xd0\xf0\xfb\xe2\x3b\xb6\x5e\x76\x55\x49\xee\x5b\xc1\x98\x45\x87\x07\xe4\xcc\x82\x6c\xaa\x4c\x40\xf9\xda\x06\x64\xf9\xa1\xf7\xf4\xe7\xf8\x63\x60\x12\xca\x46\xa3\xbb\xf5\x45\xd6\xb8\xa7\xe5\x7b\x8c\x43\x2c\x3a\xa5\x06\x5e\x78\x98\x3a\x8a\xdd\x9e\x14\x85\xa6\xfd\xd4\x05\x54\x49\x0c\x29\xdc\xa6\xdd\xfa\x0f\x98\x03\xa6\x21\xb4\x38\xc1\x68\xd1\x86\x4b\xd0\x21\x34\x8e\x22\xe6\xa6\x52\x13\x7d\xd7\xfd\x0a\xa8\x54\xb0\x03\x7c\xc2\x99\x77\x4f\xe6\xea\x3e\x76\xe2\xb5\xe8\x88\xd9\x40\x71\x44\x11\x59\x25\x60\x37\xbf\x35\x8f\x94\x1d\x69\xfe\x24\x1b\xeb\x1e\xca\x95\x1a\x60\x4d\x37\x68\xab\x88\xcc\x18\x23\xb3\xb4\x5b\x4c\x3e\xd1\xc7\x5a\xde\x61\x70\xe5\x88\x02\x74\xbe\xb7\xd5\xdf\x0d\x4f\x7f\xff\x8c\x00\xdf\xc2\xa4\x93\x25\xc6\x1d\xc8\xb5\x00\x84\x49\x40\x0d\x78\x4a\x66\x08\x9f\xe5\xae\x1c\x4f\x47\x82\x67\x87\x68\x28\x32\xc8\xc5\x7b\x74\xe1\x5c\xfc\x63\xad\x03\x05\x6e\xe0\xb8\xc2\x2e\xf8\x92\xa3\x42\x9b\xb1\x24\xcf\x0a\x22\x4c\x03\x6c\x7c\x59\xe3\xa3\x90\x8c\xa4\x9b\x72\x08\x9e\xf8\x15\x53\x3f\xaa\x1a\xaf\x78\xec\x5a\xb8\xa9\x8e\x56\xbd\xd8\xb4\xe2\x57\x97\x35\xbe\xb2\x7b\xe0\xf1\x8c\xae\x83\xc4\xb8\x54\xe1\x17\x9d\x9f\x32\x7d\x81\xbd\x03\x52\x72\xa1\x24\x71\xd6\xe7\x28\xfb\x87\xee\xb2\xd8\xa1\x12\xa2\x70\x4c\xa6\x4d\x5b\x00\x44\xd9\x26\x22\x94\xe6\x13\x7b\xff\xd6\xf9\xc2\x31\x37\x92\x46\x61\xef\x10\x27\x44\xcb\x5a\x0e\xf9\xd5\xea\xa3\x78\x9c\x93\x4c\x5e\xa1\x23\x7f\xe0\x71\xd6\xee\x06\x4d\x2c\x3c\xdc\x62\x17\xc1\xba\x0b\xde\x93\xb0\x6e\xe6\x98\x99\xe7\xee\xb8\x50\xe5\x83\xcb\x23\xc9\x07\x22\xd0\x02\xf2\x34\x79\x53\x31\x34\xe1\xab\xb6\xa6\xe6\x20\x13\x57\xc8\xce\x82\x90\x6b\x81\xa9\xff\x0d\x5b\x54\x47\x26\x4a\x39\x18\x18\x16\x64\x21\x3e\x7e\x8d\x95\x30\x11\xc6\xed\xa2\xf6\x83\xc2\xff\x85\xf6\x68\xa5\x6f\x3a\x07\x0a\xbc\xea\xe9\x72\x74\x1c\x6e\x0c\x65\x13\xd3\x5e\xc8\x66\x5e\x11\x06\x94\x83\x4e\x1e\x2b\xe2\xf6\x79\x0f\xab\x65\xfd\x5b\x1b\xe7\xd0\xb1\xc0\xb4\x0a\xf1\x9c\x03\xcc\x29\x10\x56\xd3\xe0\x9d\x3b\xee\x77\xd9\x02\x9e\xc4\x9e\xae\xdf\xa0\x54\xa9\xef\x94\x3c\x12\xe5\xe8\x19\x92\xe4\x16\x12\xb6\xc1\xd9\x42\x28\x58\xf7\xff\xcf\x8b\xb7\x2e\xa6\x8c\xe9\x69\xc8\xc8\x83\xf4\xd8\x22\x5a\x3c\xda\x94\x01\x63\x48\xdf\xe7\x7a\x8a\x03\x32\x74\xc9\x5f\x2e\x0e\x7b\x1e\x4c\x51\xe1\x32\xdc\x65\x39\x64\xb1\x06\x54\xfc\xa8\x4b\x72\x9f\x6c\x60\x91\xce\xeb\x42\x7f\x14\x7f\xfc\x94\x20\x94\x2b\x82\x7e\xf7\x87\xee\xf9\x17\xe3\xe3\x6c\x70\x2f\xe4\x19\x56\x19\x22\xeb\xba\x7e\x68\x7a\x81\xe9\x5b\x2d\xce\x35\x2f\x20\x8b\x51\x73\x68\x97\x75\x88\x14\xff\x99\xd5\x2a\x60\x31\xaf\x9f\x92\xb3\x44\xc0\x2e\x9a\x2d\x65\x57\x1f\x8d\x8a\x74\x4b\x91\x3a\xdf\xe2\xa0\x49\x48\xe3\xde\xed\x0f\xaa\xde\xc6\x48\xc8\xed\x21\x38\xac\xc0\x24\xd8\xf1\x4c\xec\x7e\x8c\xf0\x03\x58\x5f\x2f\x7f\x06\x50\xfd\xe1\x60\xa8\x91\x33\x73\x15\xbe\xf6\x11\x74\xb9\x42\x24\xae\x49\x68\xd2\x2f\xbf\x28\x42\x54\xe4\x34\x13\x19\x4f\x4b\xc1\x4d\x84\xe2\xba\xf5\x91\xc6\x24\x20\xeb\xce\xff\x8a\x22\x45\xb2\xa4\xd5\xf3\xbc\x7d\x0b\x28\x5f\x9c\x26\x07\xd3\x34\x0b\x9c\xbc\x90\xab\x7b\xee\x1b\xbe\xd9\x25\xdc\xbb\xce\x61\x44\x70\xa3\x0a\x49\x48\xc4\xbb\x90\xfc\xb6\x52\x20\xeb\xed\xb1\x68\xaf\x88\x51\x04\x21\x9b\xe8\x5c\xd7\x4a\xb9\xf5\x20\x06\x40\xd9\xce\x29\x37\xb9\xa3\x62\xb1\x7d\x4b\x6f\x41\xea\xee\x12\x08\x90\x6c\x23\x88\x62\xdc\xbf\x42\x1e\xb3\x90\x62\x4f\x01\xf2\x2b\x65\x3d\x8e\xda\xa3\xf0\xd8\x1a\xaf\xff\xe5\x37\x4a\x46\xf2\x27\xdf\xff\xe7\xa0\xea\xe7\x23\xc3\x3b\x6a\xb4\x1b\xef\xae\xfb\x6d\x62\x9f\x25\xad\x38\xc6\xf4\x87\x95\x80\x03\x4c\x57\x8d\xfd\x1c\xe9\x1b\x3f\xd2\xff\xa8\x78\xa9\x92\x32\x4a\xd1\x18\x1f\x1a\xe0\x4a\x16\x20\xad\x3a\xd5\x38\x21\xec\x57\x9f\xb2\x9e\xcc\x53\xab\x1d\x35\x01\x11\x33\xd7\xb5\x97\x15\xc2\x28\xec\x45\xd1\x66\x2c\x87\xed\x02\x87\x86\x2f\xfb\x49\x8c\xbd\x04\x10\xa3\x91\xf1\x42\x48\x9f\xe6\xe3\x69\xe3\x52\x6b\x39\xe0\x5c\x13\xc3\x57\x4b\x11\x52\x34\x1a\x23\x7e\xed\x90\x2e\xbf\x49\xb4\xb2\x54\x87\x95\xe4\x18\xc1\xe5\x7e\x01\x10\x61\x29\x8d\x3a\x9d\xbc\xf2\xc2\xca\xcc\xad\x01\x3d\x03\x12\x32\x08\xad\xdd\xbe\x99\xe9\xf5\x23\xdd\x03\x79\xdd\x53\x7a\x93\x50\x8b\x9a\xa2\x9d\x1e\x7f\x28\x6a\xa9\x98\x3e\xb5\xb5\x9c\xca\xec\xff\xc3\x14\x66\xf7\xf1\x3e\xf3\x20\xef\xa0\xc2\xfe\x39\x3b\x5a\x0f\xb2\x5e\x86\x7f\x79\x51\xa6\xe2\x56\x56\xd7\xe9\x90\x5b\xc0\x0c\x85\x5a\xd0\xf4\xb9\xc5\x5b\x33\xd9\x9f\xa1\x35\x88\x48\xc0\x37\xe6\xff\x9c\x76\x52\x37\x64\xfe\xbd\x6d\x8e\xc8\x3f\x70\x33\x8e\x7f\xf7\x28\xa5\x2c\x66\x1b\x2b\x02\x82\x38\x1d\x2c\x16\x92\x67\xb1\x1d\x4d\xc3\x83\xe6\x2a\xe6\x46\xd1\xcf\x93\x23\xb2\xd0\xcf\x3c\x56\x1f\x81\xc7\xd2\xb0\x87\x3d\x96\xba\x97\x24\x7c\xc4\x7e\x22\x2e\x22\x6a\x6d\x15\x1f\x11\xf2\xf5\x0b\x76\x7b\xac\x93\xa9\xdc\xf1\x71\x1a\xc4\x5b\x1c\x52\x8f\xa9\xa9\x44\x2f\x29\x58\x21\x8a\x02\x1f\x33\x05\xec\x03\x7d\x59\x00\x19\xdd\x4d\x83\xd3\x44\x16\x28\xe4\xad\x6a\x6c\x59\x50\x62\xc0\xa7\x82\x2d\x09\x05\x27\x83\x37\x86\xd5\xe8\xf3\x10\x02\x21\x26\x61\xf5\x00\x06\x54\x9d\xd1\xd3\xb4\x62\x45\x6e\xf1\x26\x81\x40\x73\xc0\x6b\x96\xe7\x84\x06\xb6\xd4\x49\x4d\x88\x7f\xe7\xc7\x94\xb7\x53\x99\xc2\xc1\x3f\xfb\x56\xf2\x91\xbd\x4a\x7d\x36\x15\x5d\xe7\xe0\x1f\xa3\x5b\x7b\xec\x8b\xca\xcd\x43\xc8\xbb\x6c\xa6\xf0\x9a\x15\x00\x3b\xb8\x28\x7c\xe6\x8e\x1c\xab\x70\x2c\xc3\x09\xc7\xbe\xbb\x06\x99\xab\x4d\xa8\x54\x48\xda\x0d\xb0\x34\x05\x94\xa8\xe2\xe7\xac\x83\xa3\x2d\x3e\x71\x87\xc8\xd4\x5d\x85\xb9\xfb\xa5\xa2\x99\x37\x14\x3d\x7b\x01\x17\x21\xf5\x15\xa4\x94\x5b\xbe\xfb\xe5\x54\xda\x5d\x3c\x7c\xb5\xf1\x27\xfc\x13\x79\x3f\x37\x32\xc9\x0a\x4a\x58\xea\xec\x22\xa9\x3e\xd0\x4e\x82\xe8\x34\x7c\x70\x73\x26\x43\x67\x75\xda\x4d\xf8\xad\xd3\x9f\xe4\x6f\xd4\xdc\x4f\xf6\x59\x20\x98\x45\x4e\xb8\x2b\x14\xa0\xd9\x77\xe7\xd8\xf0\x61\x0c\xc0\xf2\x51\xc7\xdf\x75\xfb\x6e\x9e\x64\x54\x5b\x28\x28\xa1\x5e\x18\x94\xd9\x58\x6c\xd6\xc8\x8f\x82\xd4\x69\xc6\x4d\x48\xb8\xcc\x38\x83\xe8\x1f\x01\x72\xd0\x89\xe8\x57\x7e\x4b\xde\x2b\x5d\x59\xe7\xb9\xc8\x35\xa7\x97\x80\x81\xdc\x00\x9c\x18\x67\xc7\xb2\x02\xe5\x54\xbb\xf4\xfe\x8c\xbc\x03\x3b\xd3\x2c\x75\xf1\x2d\xeb\x3d\x65\x33\xf4\xa8\x7e\xfd\x2f\x03\x1e\x86\x7b\x65\x89\xd1\x70\x97\x61\x20\xfa\x40\xcf\x08\x71\x5d\x56\x86\xe7\x19\xdb\x2b\x04\xfc\x95\xc8\x87\x71\x78\x58\x54\xbe\x7f\xdf\xd7\x8e\xb1\xa9\xbe\x03\x5f\x6f\x67\x4f\x9f\xa5\x08\xaa\x90\xda\x71\xd5\xba\xfd\xb4\x45\xd7\x7e\x7f\xe3\x8d\x24\x62\x5d\x42\xa2\xe0\x03\xbb\x3d\x15\x3e\xe1\xe1\x3a\xf3\x2a\xda\x0c\xf2\x08\xfa\x2f\x94\x45\x19\x1d\x55\x8e\x61\xe8\xbd\xe4\xcd\xbb\x79\x0f\x43\xbb\x96\x28\x51\x66\xfd\xe2\xa5\xac\x6a\x1d\xeb\x58\xc0\xb0\x0b\xea\x38\x81\x98\xd4\x9c\x4f\x5f\xe8\x2a\xe9\xd6\x1f\x52\x10\xa7\x25\x7d\x22\xd7\x76\xe7\x7f\xa6\x15\x45\xea\xaf\x37\x0f\x36\xc2\x8c\x75\x08\x24\x1d\x32\x71\x5f\x7e\xc2\x84\x8c\xac\x7f\x2d\x4d\xf1\x8a\x51\x2a\x32\x26\xdf\xe9\x7c\x59\x51\xd3\x13\xfc\x09\x59\x9f\xd2\x1b\xb2\x90\x02\x41\x48\x3a\x12\xff\xc5\x75\x98\xe4\xf0\x9c\xb8\x5a\xe6\x96\x2f\x27\x57\x05\x0d\xe6\xec\xce\xf0\x34\xaf\x3a\x84\xf2\x50\xcb\xf0\xea\x64\x9a\x7a\x87\xb2\x90\x1d\x4c\x6b\x3e\xa9\x32\x25\xfc\x2c\xec\x0b\x6c\x98\x04\xe4\xed\xa0\x02\xa3\xd2\x4d\xa0\xa5\x5e\x6d\x9a\x0a\xd1\x80\x72\x21\xba\xde\x6d\xa8\xe8\x4c\x86\xe3\x22\xf7\xb3\xe1\xe0\x87\x51\x5a\xef\xa1\x1d\xe3\xe1\x98\xb8\x18\x7b\x1a\xdb\x90\x4a\x53\x61\x59\x0b\x90\x91\x5b\x73\xeb\x96\x34\x2b\x1e\xd9\xe3\x4c\x5b\xb6\x8f\x81\x39\x6b\xe9\x4b\x31\xdf\x13\x6a\x65\x86\x8d\x79\x6c\x76\x22\xdd\x8e\x7f\x78\xce\x81\xd7\xdb\x24\x16\x3a\xd7\x84\xd4\x81\x5f\xf8\x17\xbf\x88\x11\xd1\x29\x3c\x7e\x88\xfe\x4d\x78\x21\x78\x31\x91\xe0\x3b\x56\x82\xae\x7c\x0d\xad\xd4\xa9\x27\x24\xaa\xfc\xe0\x24\xae\x0a\xcc\x8e\x39\xcd\x3e\xaf\x4e\xde\x02\x49\x07\xe5\x09\x77\x22\x8d\xf4\xd3\xa6\xa4\x28\x88\x6f\xb2\x4f\x9a\xa1\x53\x66\xbc\xae\x6e\xbb\x17\x51\x40\x2b\x9f\x34\xa3\x85\x40\xc0\x92\x93\x04\x7f\xe9\x43\x73\xc1\x7a\x9c\xcc\xff\x1a\x1d\xe3\x22\xef\xc3\xfe\x33\x48\x01\xaa\x76\x44\x4d\xd0\xd4\xc0\x17\xfe\xb9\xd4\x53\xeb\x35\xf2\x1e\xfe\x33\x2e\xd9\xae\x75\x57\x1c\xa5\x77\x8e\xb4\xb6\x9d\x94\xf7\x69\xdb\xf0\x8c\xaf\xa0\x7a\x7f\x42\xf1\x2f\x8f\x2a\x9e\x3e\xb6\x97\x6e\x01\x62\xc3\xf2\x34\x51\xd9\x74\xc8\x7f\x60\x63\xbd\x31\xdb\x13\x85\x81\x1b\x55\x4c\x85\x50\xba\x51\x30\xf8\x8d\x79\x7a\x8b\xab\x3e\x01\xb2\x1e\x5f\xeb\xd2\xb0\xf6\x6e\x8f\x58\x42\xc1\x04\x10\x74\x28\x42\x3a\x8c\x8d\x39\x4c\x5e\x19\xea\x71\x75\x87\xa9\x2f\xe0\x70\xe5\xb4\x9e\xc4\xaf\x4b\xc6\x32\xe2\xf3\xe8\x0f\xa6\x51\x16\xf3\x8e\x12\xd8\xa2\x18\xf4\xf2\x36\x10\x5e\x39\x08\x02\xb3\xf9\x92\x16\x50\xba\x41\x81\x77\xf8\x33\x26\x18\x61\xab\xee\xbf\xae\xc3\x19\x89\x49\x2f\x7f\x02\xd1\xb0\x62\x16\x9d\x3b\xee\x9a\xa3\x99\xd3\xdf\xa9\xf9\x8d\x48\x29\xe9\x8f\xe7\x67\x23\x6f\x5d\xd9\x81\x09\x43\x9d\x31\x99\x9c\x03\x51\x9e\xa3\x8d\xe2\x5b\x3f\xe3\x8b\x42\x0f\xbe\x45\x52\xe9\xad\xed\xb3\x07\xfd\xff\xc9\x8e\xa4\x58\x6d\x60\xee\x31\x33\x28\xc5\xb6\xc3\xff\x50\x4e\xbe\xd2\x8f\x56\x69\x80\x16\xdd\x79\x6b\x9b\x9e\x85\x0d\x79\x18\xd8\xb8", 4096); *(uint32_t*)0x10001584 = 0x1000; *(uint32_t*)0x100015cc = 1; syscall(SYS_sendfile, (intptr_t)r[0], 0xffffff9c, 8, 0x800ull, 0x100015c0, 0x10001600, 9); break; case 5: memcpy((void*)0x10001640, "\x6c\x81\x1b\xa5\x2c\x13\x9b\x40\xdc\x56\x80\xcb\x02\x75\xfd\xd4\x40\x46\x8e\x4d\xae\x07\xc7\x45\xba\x75\x8c\xb2\x66\x74\x2f\x46\x8f\xc4\x2d\xa0\x66\x9f\x60\x61\xcb\x2c\x9f\x92\x1e\x95\x34\x51\xb3\x13\x5e\x01\x74\xfe\x8e\xb1\xae\xbb\x2c\x3e\xb8\xa7\xfb\x3f\xc8\xde\xa1\x8e\x65\x2d\x01\xe7\x18\x4c\xa6\x5d\xce\x04\xf4\x67\x9a\xfe\xd2\x76\x6b\x06\x73\x49\xde\x7a\x5e\xf6\x0b\x58\x69\x92\x91\x9a\x20\x38\x2c\x0a\x1f\x20\xaf\x0c\x9c\x7f\xac\x61\xcf\x18\x38\x3e\x36\xfe\x56\x50\x2f\x5f\x26\xb8", 122); syscall(SYS_ioctl, -1, 0xc0104453, 0x10001640); break; case 6: res = syscall(SYS_freebsd10_pipe, 0x100016c0); if (res != -1) { r[1] = *(uint32_t*)0x100016c0; r[2] = *(uint32_t*)0x100016c4; } break; case 7: *(uint8_t*)0x10001700 = 0x10; *(uint8_t*)0x10001701 = 2; *(uint16_t*)0x10001702 = htobe16(0x4e23); *(uint32_t*)0x10001704 = htobe32(7); *(uint8_t*)0x10001708 = 0; *(uint8_t*)0x10001709 = 0; *(uint8_t*)0x1000170a = 0; *(uint8_t*)0x1000170b = 0; *(uint8_t*)0x1000170c = 0; *(uint8_t*)0x1000170d = 0; *(uint8_t*)0x1000170e = 0; *(uint8_t*)0x1000170f = 0; *(uint32_t*)0x10001740 = 0x10; syscall(SYS_setsockopt, (intptr_t)r[2], 0x84, 0x8002, 0x10001700, 0x10001740); break; case 8: *(uint32_t*)0x100017c0 = 4; syscall(SYS_getsockopt, -1, 0x84, 0x20, 0x10001780, 0x100017c0); break; case 9: *(uint32_t*)0x10001800 = 8; *(uint16_t*)0x10001804 = 0x1000; *(uint16_t*)0x10001806 = 0; *(uint16_t*)0x10001808 = 0x8000; *(uint16_t*)0x1000180a = 0x200; *(uint16_t*)0x1000180c = 0x4000; *(uint16_t*)0x1000180e = 0; *(uint16_t*)0x10001810 = 1; *(uint16_t*)0x10001812 = 0; *(uint32_t*)0x10001840 = 0x14; syscall(SYS_getsockopt, (intptr_t)r[1], 0x84, 0x14, 0x10001800, 0x10001840); break; case 10: memcpy((void*)0x10000000, "\xc9\x0c\x8a\x7c\x33\x7f", 6); *(uint8_t*)0x10000006 = 0xaa; *(uint8_t*)0x10000007 = 0xaa; *(uint8_t*)0x10000008 = 0xaa; *(uint8_t*)0x10000009 = 0xaa; *(uint8_t*)0x1000000a = 0xaa; *(uint8_t*)0x1000000b = 0xaa; *(uint16_t*)0x1000000c = htobe16(0x8100); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 0, 3); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 3, 1); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 4, 12); *(uint16_t*)0x10000010 = htobe16(0x800); STORE_BY_BITMASK(uint8_t, , 0x10000012, 0x1c, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x10000012, 4, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x10000013, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x10000013, 0, 2, 6); *(uint16_t*)0x10000014 = htobe16(0x81); *(uint16_t*)0x10000016 = htobe16(0x65); *(uint16_t*)0x10000018 = htobe16(5); *(uint8_t*)0x1000001a = 1; *(uint8_t*)0x1000001b = 0x46; *(uint16_t*)0x1000001c = htobe16(0); *(uint32_t*)0x1000001e = htobe32(-1); *(uint8_t*)0x10000022 = 0xac; *(uint8_t*)0x10000023 = 0x14; *(uint8_t*)0x10000024 = 0; *(uint8_t*)0x10000025 = 0xbb; *(uint8_t*)0x10000026 = 0; *(uint8_t*)0x10000027 = 0x44; *(uint8_t*)0x10000028 = 0xc; *(uint8_t*)0x10000029 = 5; STORE_BY_BITMASK(uint8_t, , 0x1000002a, 0, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x1000002a, 3, 4, 4); *(uint32_t*)0x1000002b = htobe32(9); *(uint32_t*)0x1000002f = htobe32(4); *(uint8_t*)0x10000033 = 0x83; *(uint8_t*)0x10000034 = 0xb; *(uint8_t*)0x10000035 = 6; *(uint32_t*)0x10000036 = htobe32(0xe0000001); *(uint32_t*)0x1000003a = htobe32(-1); *(uint8_t*)0x1000003e = 0; *(uint8_t*)0x1000003f = 4; memcpy((void*)0x10000040, "\xa4\xd4", 2); *(uint8_t*)0x10000042 = 0x89; *(uint8_t*)0x10000043 = 0x13; *(uint8_t*)0x10000044 = 4; *(uint8_t*)0x10000045 = 0xac; *(uint8_t*)0x10000046 = 0x14; *(uint8_t*)0x10000047 = 0; *(uint8_t*)0x10000048 = 0xbb; *(uint32_t*)0x10000049 = htobe32(-1); *(uint8_t*)0x1000004d = 0xac; *(uint8_t*)0x1000004e = 0x14; *(uint8_t*)0x1000004f = 0; *(uint8_t*)0x10000050 = 0xbb; *(uint32_t*)0x10000051 = htobe32(0); *(uint8_t*)0x10000055 = 0x94; *(uint8_t*)0x10000056 = 6; *(uint32_t*)0x10000057 = htobe32(9); *(uint8_t*)0x1000005b = 0x94; *(uint8_t*)0x1000005c = 6; *(uint32_t*)0x1000005d = htobe32(0x80000001); *(uint8_t*)0x10000061 = 1; *(uint8_t*)0x10000062 = 0x83; *(uint8_t*)0x10000063 = 0x1f; *(uint8_t*)0x10000064 = 2; *(uint32_t*)0x10000065 = htobe32(0xe0000002); *(uint32_t*)0x10000069 = htobe32(0xe0000001); *(uint32_t*)0x1000006d = htobe32(0x7f000001); *(uint32_t*)0x10000071 = htobe32(0); *(uint32_t*)0x10000075 = htobe32(0x7f000001); *(uint32_t*)0x10000079 = htobe32(0x7f000001); *(uint32_t*)0x1000007d = htobe32(0xe0000001); memcpy((void*)0x10000082, "\x8d\x86\x2d\x09\x9b\x6b\xb2\xba\x6a\xea\xa6\xab\xd3\xe9\xd5\x82\xc9", 17); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x10000012, 112); *(uint16_t*)0x1000001c = csum_inet_digest(&csum_1); break; case 11: memcpy((void*)0x100000c0, "\xc4\xe1\xf5\xf3\x7b\x05\xc4\xc2\xf5\x47\x52\x5a\x80\x8f\x4e\x00\x00\x00\x00\x66\x0f\x38\x1d\xbc\x60\x07\x00\x00\x00\xc4\xe2\xad\x91\x74\xae\x7e\x81\xfe\x00\x00\x00\x00\x8f\xe9\xa0\x99\xd8\xe4\xff\xc4\xc1\x93\x5c\x17\xc4\xc3\xe1\x41\xae\x2f\x10\x9d\xc2\xd8", 64); syz_execute_func(0x100000c0); break; case 12: break; } } int main(void) { syscall(SYS_mmap, 0x10000000, 0x1000000, 7, 0x1012, -1, 0); do_sandbox_none(); return 0; } :307:17: error: use of undeclared identifier 'SYS_shm_open2' res = syscall(SYS_shm_open2, 0x10000240, 0x800, 0, 7, 0x10000280); ^ 1 error generated. compiler invocation: clang [-o /tmp/syz-executor647851256 -DGOOS_freebsd=1 -DGOARCH_386=1 -DHOSTGOOS_freebsd=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static -lc++ -Wno-overflow] --- FAIL: TestGenerate/freebsd/386/8 (2.23s) csource_test.go:123: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Sandbox:setuid Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: setsockopt$inet_opts(0xffffffffffffff9c, 0x0, 0x0, &(0x7f0000000000)="ec04a904b9d2ea02fab2df1d9de39f3f5aa2344397e186204d39d74da156e7c6cd98195b7b83c652b06b6222bdef3363961bf47e9b530fbf65bae3607b60941e2715bd678fcebc5524bcefd3184d", 0x4e) ioctl$DIOCSETIFFLAG(0xffffffffffffffff, 0xc0284459, &(0x7f0000000180)={0x10, &(0x7f0000000080)="de11c2a774191d70f51e7c3e375c2814ac72c2d5d0404a2e3d5baf92161f3b451efe9c4c79d7660668f6073e2f76c5f2145195e8c1a4ec34b6f69c1b582768207b28a979f05adc14a3357fe7c493fc81a9177524631bb209be637f8695747fa7cf1c68ac691f169c1b8fb67d7a3776ddfc620ffbe6831f74d2f2d089a4ffecf510a99702258c58ea9e871d4f4ab9a347aabdbb03585b37b5c79436c0c1160a5876b61bbf0c814bb49a27a36082df13cb2f9de2f942b6ac7e158880cfc03cfdccca9fc0f2347eb543a343b4c92707fe736a86a35d58e26f6fd2e9ec8f82", 0x7, 0x5a764000, 0x6}) recvfrom$inet6(0xffffffffffffff9c, &(0x7f00000001c0)=""/23, 0x17, 0x2, &(0x7f0000000200)={0x1c, 0x1c, 0x3, 0x6, @loopback, 0x2d99}, 0x1c) r0 = shm_open2(&(0x7f0000000240)='./file0\x00', 0x800, 0x0, 0x7, &(0x7f0000000280)='\x00') sendfile(r0, 0xffffffffffffff9c, 0x8, 0x800, &(0x7f00000015c0)={&(0x7f0000000540)=[{&(0x7f00000002c0)="efacade58ab0192351a102ada32ad1f41e429edf6c4a513ac6d669cadb222eb68297ab8f9f7b3234d0c6cfa280ad14dc1c4c34175119446d79a030d48b57304eb90b428c202382d86cd71e9c1ecc8d3e2d764aae3714cb591eb027e46943e23eb7656875867e603cf13892a74c42bb1844c27f7f454f9661f1dbb35004ada4d6d75b1df342e967493d207d6b8b4edcbf9d1e378445573684ed139b671abf6576edf8d7342cd8649d376970acbde224a7b0b6a975a8ba0a768ed6abe16c1b694f65dd4231f48c2884", 0xc8}, {&(0x7f00000003c0)="a6e4fe186c760ac2ebbcf9efda5e22e2df6f153fccda1c16976037d03ee004c3fbba5d35b6c083130fc705f95889ba6adbe5e3a7a5e70136a0ca085b7e504d0df55fe184a9bd7a82", 0x48}, {&(0x7f0000000440)="c7e00030b3c4541743ee6513", 0xc}, {&(0x7f0000000480)="a4a67a4e72492b9fab6379e4c0f35b22b69b6e7aefc56beefa857ae28543", 0x1e}, {&(0x7f00000004c0)="8f095f8df1c6bc4dfc1d826f02dfa7794bebf9e7ffc7160f276a53d1abc996fca8c8dbc7c79c09cd5f954775c9e8fc1cf2e0e3c054fb54b662d1b45f5235fdbf860c3fed3dc34ceb30c44baa4ded7de7e9533f4dca146db0db35a93ba654d49011d9cb98d1576b731b9c2bb58c0df4edee6ef5ae1f8b6bc9646f5b4ade4dd52a", 0x80}], 0x5, &(0x7f0000001580)=[{&(0x7f0000000580)="8edaafd215ce7b65c301b4c92651648d0898187ccdb01a4d76b5e301ed4dc9a8863dc7f7ae3bad050227e374a16898e6004c8414847ad74972edac24dc8af73efdef3cfa98e46ff109f6639f4f1417146e2a2c1834c974f3e464ef4b9c88085227ad382c926de3191e689632fad2e80be97123084f70ff095d026a80f01d73752db200c3609bc6e8bbc9187cb85a6519bafc4f15ecca30558d8fc19c9c8cfb94a2f1e70345adf2b01814e7376e9f4492a3bf3883e22df30568632f51c3a6b363d5a968937e1ee977a34f412d00ad70c1c91a7c39ead08d366e10ffc0552b5deae8e1fbee08abf3eade68a0ea2f89f27c3b9a4eb1d202932a128b552adfa688556cce27e1a831daca249c6c8c8af9f50e793b7f86a971eb6ea8ac68fe0646ced0185775d71aece79e93cdeb67ee01e931c345a23ee4a612e131da8b80ac0ad845a4e2712cc43b244df22df822b2b336d8ab18588b607526a1e5951fe7393d5cbef86c42988f3e8b5fb0de54c9aabe6ae7c13cec0506ae837b795539d412fe96e4c546a7d9c9d2830ed163fbc20aab884f5b1159a6ab62d266b2c32597cc06685b789b80f8d2664c87f09956a29dcd3fc0e9ba35d668590e0dcfbcbb6185e1e870324f22b167a2204e271eff9dcbb36c1f52cf2fe376046126cd24de4b8d8e9e367e17179abb59d26cdee75ceab93d2b2400f7086542d957bc80da1069c5f7518e8608fae3f948cb7c272f7e360da0fb84aa2330f996088310c7e42379cc7837b85a646c44d153bed8eb8f95bc3d5411e33ec832ab8156923c7324dfc43386d3419d36603f699a321fd61fc9f9765a2a64b16d47e0870e1971231dc616647028c4b35bea6e59dbdbe9a29a5f46389ecb655711e90f49a98c021493df41177466f02589339a40b3b486a25ccada3caae496314a5a2b54a11cf6fb7e87d84d01ea853e970cf18a1b53db5d156375abe41ad686a4b4b4c2475a31ecdfe5f22ba51f666d22e6c7434c722c7565eeb5346eecd1e25557722166ac7e50929fefbb3f2999d152938f7f3cec1defe5a097a5f3a75932ce2c0364ecaf5ffba084f976b5d1ce16e8fb4d12348a6fd167117f080a89f54ebe8bdc10ed4d34df568042ddc103d02d13b6af17807f2760091123263c3a00d2d69e57145f8a2de9eb50ebe89a3efac53ab73a57744070a5140e0e4e25030edbebe83341fdc545ab2b4aa8a0feb09632d84ef01162d93d0d8fa9510f597ea20032e194df444a83960b99658d076fe3bccde903fb30471fd000fbcd4201a62936c7c718405394e6612ddd77e415ef8879a2761f6678ee0e23f4a1398c83da959e97236c67b0bc39717dfd9cb308a21343c83d43f24ea70a1040a98fb1958de1a35a27ed76c7c7ec82ae3a01b3ca53b118892f2045a5747de14c54a99b438e85ab2af93ef151a39ee0157c6c9d0e4e1ff5b3c6ff6ab0739ff9524221c6b675bb884bbe64a62141592c8cc99760f17abc44706ff37e313c7553dff34cf649e056a05cf62cb379a64c4b3e549eb1c572b917ea715ab1e7cc691545d5092813bf3ef2cd9ff914af31c14bb57dd406a0b48916d5cee27b0d79ec74296257489c835bba62d2e4f89573a121300876ca4611d8066d76b3e79e1d36132cc8d6b99eebaeacef786a598d6dbb43afc42e5415424360970731b273736b062a2753d10f7aa0f6c082fe2d80ea112bea0a05a9b5488ef189057c48429a5ed4d0c3363b7e6dfa252cd886ec7f51bc9eef81c1031786b26bd6f468a02b4d6a494d8876ab986084fc73b584c1619b70fc6825a2ab85c9cd1db81c835a452c01b4438a2851b8e4d5c4a9678946c4e25f7fdf456dc7e61de3dd6f1302b0194db7be1b41fd064cc35d119ce291592aaf8d07f2ceae8b20e3b1a933ec75699f969632ecd6fa91591ea58744edd5466046c809993f4cbffae1d527ed1bb22d9e1e02295d3586de90950247a1b1dfcfc9415942f46c3f194c6cb06e7011e96478bcd3aa33542eb20447e4afa5c48b1372cb07216318b071f898b0e8632ad0df9afe12cf52be135457241e2e49ca492f77b81e9650d2c85282a6ac7844b1946007bef7a0d53b1a5e285749c0d21de5c192c631696d36503daa612ac70e30d3b7349e21bc99bdc4c3a941bd7a33ef35bb3512ae9826c46d8c9a21da2773921bfdaf6fbf649da2b225861b676440258334167f9d7eb1e03d30f3cc279d01ec5ad7eecff29f296ef60355c8c13e045c8ac97805d066f81cf4c859fedbe741bc2737cea891d95c9c69f21aa58edca272dec60c3e77abaf597308e07913584e435786b9ff401a4cbb050335b56a20e652c1d36ff74b8ef2f59578594cd973b79430110b3e943835406288f9a20d0d649dc5630bc50711fed106f325be5fce20ff7672dfdbe14df66d40c430378b7d885c3e7f115b49c84d26c4b309e13af4fd2b4556a9642c48f8a81b64d5dd600f4b29aa2ad3a8df28a84b056070005eb737860583dfc8da5e3144f0ef29580d1940798a6124efe2d180c811da06eda2548165a2a82ea018d8c07a967c063b179ba971c09ce7c19ba96ea34c676e140cf06abd6dc6ce75546e42e71bbb9eeef1547588d9d928aa6ee221eb720d8a073398326cfcb616e34e1dee6fc88c29ddfb4e9cc57e89d33fa4f9fffe48efbbe7c247f825cc24f30df2ba35d7aa2cedb53dbdc0d88a1c68197f1f5fba83ec211892d934e803db2126b667d0f0fbe23bb65e765549ee5bc198458707e4cc826caa4c40f9da0664f9a1f7f4e7f8636012ca46a3bbf545d6b8a7e57b8c432c3aa5065e78983a8add9e1485a6fdd40554490c29dca6ddfa0f9803a621b438c168d1864bd021348e22e6a652137dd7fd0aa854b0037cc299774fe6ea3e76e2b5e888d94071441159256037bf358f941d69fe241beb1eca951a604d3768ab88cc1823b3b45b4c3ed1c75ade6170e5880274beb7d5df0d4f7fff8c00dfc2a49325c61dc8b5008449400d784a66089fe5ae1c4f47826787682832c8c57b74e15cfc63ad03056ee0b8c22ef892a3429bb124cf0a224c036c7c59e3a3908ca49b72089ef815533faa1aaf78ec5ab8a98e56bdd8b4e2579735beb27be0f18cae83c4b854e1179d9f327d81bd035272a12471d6e728fb87eeb2d8a112a2704ca64d5b0044d9262294e6137bffd6f9c23137924661ef102744cb5a0ef9d5eaa3789c934c5ea1237fe071d6ee064d2c3cdc6217c1ba0bde93b06ee69899e7eeb850e583cb23c90722d002f23479533134e1abb6a6e6201357c8ce82906b81a9ff0d5b5447264a3918181664213e7e8d953011c6eda2f683c2ff85f668a56f3a070abceae972741c6e0c6513d35ec8665e110694834e1e2be2f6790fab65fd5b1be7d0b1c0b40af19c03cc291056d3e09d3bee77d9029ec49eaedfa054a9ef943c12e5e81992e41612b6c1d9422858f7ffcf8bb72ea68ce969c8c883f4d8225a3cda94016348dfe77a8a033274c95f2e0e7b1e4c51e132dc653964b10654fca84b729f6c6091ceeb427f147ffc9420942b827ef787eef917e3e36c702fe419561922ebba7e687a81e95b2dce352f208b51736897758814ff99d52a6031af9f92b344c02e9a2d65571f8d8a744b913adfe2a04948e3deed0faadec648c8ed2138acc024d8f14cec7e8cf003585f2f7f0650fde160a891337315bef61174b94224ae4968d22fbf284254e43413194f4bc14d84e2baf591c62420ebceff8a2245b2a4d5f3bc7d0b285f9c2607d3340b9cbc90ab7bee1bbed925dcbbce614470a30a4948c4bb90fcb65220ebedb168af885104219be85cd74ab9f5200640d9ce2937b9a362b17d4b6f41eaee1208906c238862dcbf421eb390624f01f22b653d8edaa3f0d81aafffe5374a46f227dfffe7a0eae723c33b6ab41befaefb6d629f25ad38c6f4879580034c578dfd1ce91b3fd2ffa878a992324ad1181f1ae04a1620ad3ad53821ec579fb29ecc53ab1d35011133d7b59715c228ec45d1662c87ed0287862ffb498cbd0410a391f142489fe6e369e3526b39e05c13c3574b1152341a237eed902ebf49b4b2548795e418c1e57e011061298d3a9dbcf2c2caccad013d03123208adddbe99e9f523dd0379dd537a93508b9aa29d1e7f286aa9983eb5b59ccaecffc31466f7f13ef320efa0c2fe393b5a0fb25e867f7951a6e25656d7e9905bc00c855ad0f4b9c55b33d99fa1358848c037e6ff9c76523764febd6d8ec83f70338e7ff728a52c661b2b0282381d2c169267b11d4dc383e62ae646d1cf9323b2d0cf3c561f81c7d2b0873d96ba97247cc47e222e226a6d151f11f2f50b767bac93a9dcf1711ac45b1c528fa9a9442f2958218a021f3305ec037d590019dd4d83d3441628e4ad6a6c595062c0a7822d090527833786d5e8f31002212661f50006549dd1d3b462456ef126814073c06b96e78406b6d4494d887fe7c794b75399c2c13ffb56f291bd4a7d36155de7e01fa35b7bec8bcacd43c8bb6ca6f09a15003bb8287ce68e1cab702cc309c7bebb0699ab4da85448da0db0340594a8e2e7ac83a32d3e7187c8d45d85b9fba5a29937143d7b011721f515a4945bbefbe554da5d3c7cb5f127fc13793f3732c90a4a58eaec22a93ed04e82e8347c707326436775da4df8add39fe46fd4dc4ff6592098454eb82b14a0d977e7d8f0610cc0f251c7df75fb6e9e64545b2828a15e1894d9586cd6c88f82d469c64d48b8cc3883e81f0172d089e8577e4bde2b5d59e7b9c835a7978081dc009c1867c7b202e554bbf4fe8cbc033bd32c75f12deb3d6533f4a87efd2f031e867b6589d170976120fa40cf08715d5686e719db2b04fc95c88771785854be7fdfd78eb1a9be035f6f674f9fa508aa90da71d5bafdb445d77e7fe38d24625d42a2e003bb3d153ee1e13af32ada0cf208fa2f9445191d558e61e8bde4cdbb790f43bb96285166fde2a5ac6a1deb58c0b00bea388198d49c4f5fe82ae9d61f5210a7257d22d776e77fa61545eaaf370f36c28c7508241d32715f7ec2848cac7f2d4df18a512a3226dfe97c5951d313fc09599fd21bb2900241483a12ffc57598e4f09cb85ae6962f2757050de6eccef034af3a84f250cbf0ea649a7a87b2901d4c6b3ea93225fc2cec0b6c9804e4eda002a3d24da0a55e6d9a0ad1807221bade6da8e84c86e322f7b3e1e087515aefa11de3e198b8187b1adb904a5361590b90915b73eb96342b1ed9e34c5bb68f81396be94b31df136a65868d796c7622dd8e7f78ce81d7db24163ad784d4815ff817bf8811d1293c7e88fe4d7821783191e03b5682ae7c0dadd4a92724aafce024ae0acc8e39cd3eaf4ede024907e50977228df4d3a6a428886fb24f9aa15366bcae6ebb1751402b9f34a38540c09293047fe94373c17a9cccff1a1de322efc3fe334801aa76444dd0d4c017feb9d453eb35f21efe332ed9ae75571ca5778eb4b69d94f769dbf08cafa07a7f42f12f8f2a9e3eb6976e0162c3f23451d974c87f6063bd31db1385811b554c8550ba5130f88d797a8bab3e01b21e5febd2b0f66e8f5842c104107428423a8c8d394c5e19ea717587a92fe070e5b49ec4af4bc632e2f3e80fa65116f38e12d8a218f4f236105e390802b3f9921650ba418177f833261861abeebfaec31989492f7f02d1b062169d3bee9aa399d3dfa9f98d4829e98fe767236f5dd98109439d31999c03519ea38de25b3fe38b420fbe4552e9adedb307fdffc98ea4586d60ee313328c5b6c3ff504ebed28f56698016dd796b9b9e850d7918d8b8", 0x1000}], 0x1}, &(0x7f0000001600), 0x9) ioctl$DIOCXROLLBACK(0xffffffffffffffff, 0xc0104453, &(0x7f0000001640)="6c811ba52c139b40dc5680cb0275fdd440468e4dae07c745ba758cb266742f468fc42da0669f6061cb2c9f921e953451b3135e0174fe8eb1aebb2c3eb8a7fb3fc8dea18e652d01e7184ca65dce04f4679afed2766b067349de7a5ef60b586992919a20382c0a1f20af0c9c7fac61cf18383e36fe56502f5f26b8") freebsd10_pipe(&(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_sctp_SCTP_BINDX_REM_ADDR(r2, 0x84, 0x8002, &(0x7f0000001700)=@in={0x10, 0x2, 0x3, @rand_addr=0x7}, &(0x7f0000001740)=0x10) getsockopt$inet6_sctp_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x20, &(0x7f0000001780), &(0x7f00000017c0)=0x4) getsockopt$inet6_sctp_SCTP_HMAC_IDENT(r1, 0x84, 0x14, &(0x7f0000001800)={0x8, [0x1000, 0x0, 0x8000, 0x200, 0x4000, 0x0, 0x1, 0x0]}, &(0x7f0000001840)=0x14) syz_emit_ethernet(0x93, &(0x7f0000000000)={@random="c90c8a7c337f", @local, [{}], {@ipv4={0x800, {{0x1c, 0x4, 0x0, 0x0, 0x81, 0x65, 0x5, 0x1, 0x46, 0x0, @broadcast, @remote={0xac, 0x14, 0x0}, {[@end, @timestamp={0x44, 0xc, 0x5, 0x0, 0x3, [{[], 0x9}, {[], 0x4}]}, @lsrr={0x83, 0xb, 0x6, [@multicast1, @broadcast]}, @generic={0x0, 0x4, "a4d4"}, @ssrr={0x89, 0x13, 0x4, [@remote={0xac, 0x14, 0x0}, @broadcast, @remote={0xac, 0x14, 0x0}, @empty]}, @ra={0x94, 0x6, 0x9}, @ra={0x94, 0x6, 0x80000001}, @noop, @lsrr={0x83, 0x1f, 0x2, [@multicast2, @multicast1, @loopback, @empty, @loopback, @loopback, @multicast1]}]}}, @generic="8d862d099b6bb2ba6aeaa6abd3e9d582c9"}}}}) syz_execute_func(&(0x7f00000000c0)="c4e1f5f37b05c4c2f547525a808f4e00000000660f381dbc6007000000c4e2ad9174ae7e81fe000000008fe9a099d8e4ffc4c1935c17c4c3e141ae2f109dc2d8") syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x7ff) csource_test.go:124: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static void sandbox_common() { if (setsid() == -1) exit(1); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 128 << 20; setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int wait_for_loop(int pid) { if (pid < 0) exit(1); int status = 0; while (waitpid(-1, &status, WUNTRACED) != pid) { } return WEXITSTATUS(status); } static int do_sandbox_setuid(void) { int pid = fork(); if (pid != 0) return wait_for_loop(pid); sandbox_common(); char pwbuf[1024]; struct passwd *pw, pwres; if (getpwnam_r("nobody", &pwres, pwbuf, sizeof(pwbuf), &pw) != 0 || !pw) exit(1); if (setgroups(0, NULL)) exit(1); if (setgid(pw->pw_gid)) exit(1); if (setuid(pw->pw_uid)) exit(1); loop(); exit(1); } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 13; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 45); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5 * 1000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: memcpy((void*)0x10000000, "\xec\x04\xa9\x04\xb9\xd2\xea\x02\xfa\xb2\xdf\x1d\x9d\xe3\x9f\x3f\x5a\xa2\x34\x43\x97\xe1\x86\x20\x4d\x39\xd7\x4d\xa1\x56\xe7\xc6\xcd\x98\x19\x5b\x7b\x83\xc6\x52\xb0\x6b\x62\x22\xbd\xef\x33\x63\x96\x1b\xf4\x7e\x9b\x53\x0f\xbf\x65\xba\xe3\x60\x7b\x60\x94\x1e\x27\x15\xbd\x67\x8f\xce\xbc\x55\x24\xbc\xef\xd3\x18\x4d", 78); syscall(SYS_setsockopt, 0xffffff9c, 0, 0, 0x10000000, 0x4e); break; case 1: *(uint8_t*)0x10000180 = 0x10; *(uint32_t*)0x10000184 = 0x10000080; memcpy((void*)0x10000080, "\xde\x11\xc2\xa7\x74\x19\x1d\x70\xf5\x1e\x7c\x3e\x37\x5c\x28\x14\xac\x72\xc2\xd5\xd0\x40\x4a\x2e\x3d\x5b\xaf\x92\x16\x1f\x3b\x45\x1e\xfe\x9c\x4c\x79\xd7\x66\x06\x68\xf6\x07\x3e\x2f\x76\xc5\xf2\x14\x51\x95\xe8\xc1\xa4\xec\x34\xb6\xf6\x9c\x1b\x58\x27\x68\x20\x7b\x28\xa9\x79\xf0\x5a\xdc\x14\xa3\x35\x7f\xe7\xc4\x93\xfc\x81\xa9\x17\x75\x24\x63\x1b\xb2\x09\xbe\x63\x7f\x86\x95\x74\x7f\xa7\xcf\x1c\x68\xac\x69\x1f\x16\x9c\x1b\x8f\xb6\x7d\x7a\x37\x76\xdd\xfc\x62\x0f\xfb\xe6\x83\x1f\x74\xd2\xf2\xd0\x89\xa4\xff\xec\xf5\x10\xa9\x97\x02\x25\x8c\x58\xea\x9e\x87\x1d\x4f\x4a\xb9\xa3\x47\xaa\xbd\xbb\x03\x58\x5b\x37\xb5\xc7\x94\x36\xc0\xc1\x16\x0a\x58\x76\xb6\x1b\xbf\x0c\x81\x4b\xb4\x9a\x27\xa3\x60\x82\xdf\x13\xcb\x2f\x9d\xe2\xf9\x42\xb6\xac\x7e\x15\x88\x80\xcf\xc0\x3c\xfd\xcc\xca\x9f\xc0\xf2\x34\x7e\xb5\x43\xa3\x43\xb4\xc9\x27\x07\xfe\x73\x6a\x86\xa3\x5d\x58\xe2\x6f\x6f\xd2\xe9\xec\x8f\x82", 221); *(uint32_t*)0x10000188 = 7; *(uint32_t*)0x1000018c = 0x5a764000; *(uint32_t*)0x10000190 = 6; syscall(SYS_ioctl, -1, 0xc0284459, 0x10000180); break; case 2: *(uint8_t*)0x10000200 = 0x1c; *(uint8_t*)0x10000201 = 0x1c; *(uint16_t*)0x10000202 = htobe16(0x4e23); *(uint32_t*)0x10000204 = 6; *(uint64_t*)0x10000208 = htobe64(0); *(uint64_t*)0x10000210 = htobe64(1); *(uint32_t*)0x10000218 = 0x2d99; syscall(SYS_recvfrom, 0xffffff9c, 0x100001c0, 0x17, 2, 0x10000200, 0x1c); break; case 3: memcpy((void*)0x10000240, "./file0\000", 8); memcpy((void*)0x10000280, "\000", 1); res = syscall(SYS_shm_open2, 0x10000240, 0x800, 0, 7, 0x10000280); if (res != -1) r[0] = res; break; case 4: *(uint32_t*)0x100015c0 = 0x10000540; *(uint32_t*)0x10000540 = 0x100002c0; memcpy((void*)0x100002c0, "\xef\xac\xad\xe5\x8a\xb0\x19\x23\x51\xa1\x02\xad\xa3\x2a\xd1\xf4\x1e\x42\x9e\xdf\x6c\x4a\x51\x3a\xc6\xd6\x69\xca\xdb\x22\x2e\xb6\x82\x97\xab\x8f\x9f\x7b\x32\x34\xd0\xc6\xcf\xa2\x80\xad\x14\xdc\x1c\x4c\x34\x17\x51\x19\x44\x6d\x79\xa0\x30\xd4\x8b\x57\x30\x4e\xb9\x0b\x42\x8c\x20\x23\x82\xd8\x6c\xd7\x1e\x9c\x1e\xcc\x8d\x3e\x2d\x76\x4a\xae\x37\x14\xcb\x59\x1e\xb0\x27\xe4\x69\x43\xe2\x3e\xb7\x65\x68\x75\x86\x7e\x60\x3c\xf1\x38\x92\xa7\x4c\x42\xbb\x18\x44\xc2\x7f\x7f\x45\x4f\x96\x61\xf1\xdb\xb3\x50\x04\xad\xa4\xd6\xd7\x5b\x1d\xf3\x42\xe9\x67\x49\x3d\x20\x7d\x6b\x8b\x4e\xdc\xbf\x9d\x1e\x37\x84\x45\x57\x36\x84\xed\x13\x9b\x67\x1a\xbf\x65\x76\xed\xf8\xd7\x34\x2c\xd8\x64\x9d\x37\x69\x70\xac\xbd\xe2\x24\xa7\xb0\xb6\xa9\x75\xa8\xba\x0a\x76\x8e\xd6\xab\xe1\x6c\x1b\x69\x4f\x65\xdd\x42\x31\xf4\x8c\x28\x84", 200); *(uint32_t*)0x10000544 = 0xc8; *(uint32_t*)0x10000548 = 0x100003c0; memcpy((void*)0x100003c0, "\xa6\xe4\xfe\x18\x6c\x76\x0a\xc2\xeb\xbc\xf9\xef\xda\x5e\x22\xe2\xdf\x6f\x15\x3f\xcc\xda\x1c\x16\x97\x60\x37\xd0\x3e\xe0\x04\xc3\xfb\xba\x5d\x35\xb6\xc0\x83\x13\x0f\xc7\x05\xf9\x58\x89\xba\x6a\xdb\xe5\xe3\xa7\xa5\xe7\x01\x36\xa0\xca\x08\x5b\x7e\x50\x4d\x0d\xf5\x5f\xe1\x84\xa9\xbd\x7a\x82", 72); *(uint32_t*)0x1000054c = 0x48; *(uint32_t*)0x10000550 = 0x10000440; memcpy((void*)0x10000440, "\xc7\xe0\x00\x30\xb3\xc4\x54\x17\x43\xee\x65\x13", 12); *(uint32_t*)0x10000554 = 0xc; *(uint32_t*)0x10000558 = 0x10000480; memcpy((void*)0x10000480, "\xa4\xa6\x7a\x4e\x72\x49\x2b\x9f\xab\x63\x79\xe4\xc0\xf3\x5b\x22\xb6\x9b\x6e\x7a\xef\xc5\x6b\xee\xfa\x85\x7a\xe2\x85\x43", 30); *(uint32_t*)0x1000055c = 0x1e; *(uint32_t*)0x10000560 = 0x100004c0; memcpy((void*)0x100004c0, "\x8f\x09\x5f\x8d\xf1\xc6\xbc\x4d\xfc\x1d\x82\x6f\x02\xdf\xa7\x79\x4b\xeb\xf9\xe7\xff\xc7\x16\x0f\x27\x6a\x53\xd1\xab\xc9\x96\xfc\xa8\xc8\xdb\xc7\xc7\x9c\x09\xcd\x5f\x95\x47\x75\xc9\xe8\xfc\x1c\xf2\xe0\xe3\xc0\x54\xfb\x54\xb6\x62\xd1\xb4\x5f\x52\x35\xfd\xbf\x86\x0c\x3f\xed\x3d\xc3\x4c\xeb\x30\xc4\x4b\xaa\x4d\xed\x7d\xe7\xe9\x53\x3f\x4d\xca\x14\x6d\xb0\xdb\x35\xa9\x3b\xa6\x54\xd4\x90\x11\xd9\xcb\x98\xd1\x57\x6b\x73\x1b\x9c\x2b\xb5\x8c\x0d\xf4\xed\xee\x6e\xf5\xae\x1f\x8b\x6b\xc9\x64\x6f\x5b\x4a\xde\x4d\xd5\x2a", 128); *(uint32_t*)0x10000564 = 0x80; *(uint32_t*)0x100015c4 = 5; *(uint32_t*)0x100015c8 = 0x10001580; *(uint32_t*)0x10001580 = 0x10000580; memcpy((void*)0x10000580, "\x8e\xda\xaf\xd2\x15\xce\x7b\x65\xc3\x01\xb4\xc9\x26\x51\x64\x8d\x08\x98\x18\x7c\xcd\xb0\x1a\x4d\x76\xb5\xe3\x01\xed\x4d\xc9\xa8\x86\x3d\xc7\xf7\xae\x3b\xad\x05\x02\x27\xe3\x74\xa1\x68\x98\xe6\x00\x4c\x84\x14\x84\x7a\xd7\x49\x72\xed\xac\x24\xdc\x8a\xf7\x3e\xfd\xef\x3c\xfa\x98\xe4\x6f\xf1\x09\xf6\x63\x9f\x4f\x14\x17\x14\x6e\x2a\x2c\x18\x34\xc9\x74\xf3\xe4\x64\xef\x4b\x9c\x88\x08\x52\x27\xad\x38\x2c\x92\x6d\xe3\x19\x1e\x68\x96\x32\xfa\xd2\xe8\x0b\xe9\x71\x23\x08\x4f\x70\xff\x09\x5d\x02\x6a\x80\xf0\x1d\x73\x75\x2d\xb2\x00\xc3\x60\x9b\xc6\xe8\xbb\xc9\x18\x7c\xb8\x5a\x65\x19\xba\xfc\x4f\x15\xec\xca\x30\x55\x8d\x8f\xc1\x9c\x9c\x8c\xfb\x94\xa2\xf1\xe7\x03\x45\xad\xf2\xb0\x18\x14\xe7\x37\x6e\x9f\x44\x92\xa3\xbf\x38\x83\xe2\x2d\xf3\x05\x68\x63\x2f\x51\xc3\xa6\xb3\x63\xd5\xa9\x68\x93\x7e\x1e\xe9\x77\xa3\x4f\x41\x2d\x00\xad\x70\xc1\xc9\x1a\x7c\x39\xea\xd0\x8d\x36\x6e\x10\xff\xc0\x55\x2b\x5d\xea\xe8\xe1\xfb\xee\x08\xab\xf3\xea\xde\x68\xa0\xea\x2f\x89\xf2\x7c\x3b\x9a\x4e\xb1\xd2\x02\x93\x2a\x12\x8b\x55\x2a\xdf\xa6\x88\x55\x6c\xce\x27\xe1\xa8\x31\xda\xca\x24\x9c\x6c\x8c\x8a\xf9\xf5\x0e\x79\x3b\x7f\x86\xa9\x71\xeb\x6e\xa8\xac\x68\xfe\x06\x46\xce\xd0\x18\x57\x75\xd7\x1a\xec\xe7\x9e\x93\xcd\xeb\x67\xee\x01\xe9\x31\xc3\x45\xa2\x3e\xe4\xa6\x12\xe1\x31\xda\x8b\x80\xac\x0a\xd8\x45\xa4\xe2\x71\x2c\xc4\x3b\x24\x4d\xf2\x2d\xf8\x22\xb2\xb3\x36\xd8\xab\x18\x58\x8b\x60\x75\x26\xa1\xe5\x95\x1f\xe7\x39\x3d\x5c\xbe\xf8\x6c\x42\x98\x8f\x3e\x8b\x5f\xb0\xde\x54\xc9\xaa\xbe\x6a\xe7\xc1\x3c\xec\x05\x06\xae\x83\x7b\x79\x55\x39\xd4\x12\xfe\x96\xe4\xc5\x46\xa7\xd9\xc9\xd2\x83\x0e\xd1\x63\xfb\xc2\x0a\xab\x88\x4f\x5b\x11\x59\xa6\xab\x62\xd2\x66\xb2\xc3\x25\x97\xcc\x06\x68\x5b\x78\x9b\x80\xf8\xd2\x66\x4c\x87\xf0\x99\x56\xa2\x9d\xcd\x3f\xc0\xe9\xba\x35\xd6\x68\x59\x0e\x0d\xcf\xbc\xbb\x61\x85\xe1\xe8\x70\x32\x4f\x22\xb1\x67\xa2\x20\x4e\x27\x1e\xff\x9d\xcb\xb3\x6c\x1f\x52\xcf\x2f\xe3\x76\x04\x61\x26\xcd\x24\xde\x4b\x8d\x8e\x9e\x36\x7e\x17\x17\x9a\xbb\x59\xd2\x6c\xde\xe7\x5c\xea\xb9\x3d\x2b\x24\x00\xf7\x08\x65\x42\xd9\x57\xbc\x80\xda\x10\x69\xc5\xf7\x51\x8e\x86\x08\xfa\xe3\xf9\x48\xcb\x7c\x27\x2f\x7e\x36\x0d\xa0\xfb\x84\xaa\x23\x30\xf9\x96\x08\x83\x10\xc7\xe4\x23\x79\xcc\x78\x37\xb8\x5a\x64\x6c\x44\xd1\x53\xbe\xd8\xeb\x8f\x95\xbc\x3d\x54\x11\xe3\x3e\xc8\x32\xab\x81\x56\x92\x3c\x73\x24\xdf\xc4\x33\x86\xd3\x41\x9d\x36\x60\x3f\x69\x9a\x32\x1f\xd6\x1f\xc9\xf9\x76\x5a\x2a\x64\xb1\x6d\x47\xe0\x87\x0e\x19\x71\x23\x1d\xc6\x16\x64\x70\x28\xc4\xb3\x5b\xea\x6e\x59\xdb\xdb\xe9\xa2\x9a\x5f\x46\x38\x9e\xcb\x65\x57\x11\xe9\x0f\x49\xa9\x8c\x02\x14\x93\xdf\x41\x17\x74\x66\xf0\x25\x89\x33\x9a\x40\xb3\xb4\x86\xa2\x5c\xca\xda\x3c\xaa\xe4\x96\x31\x4a\x5a\x2b\x54\xa1\x1c\xf6\xfb\x7e\x87\xd8\x4d\x01\xea\x85\x3e\x97\x0c\xf1\x8a\x1b\x53\xdb\x5d\x15\x63\x75\xab\xe4\x1a\xd6\x86\xa4\xb4\xb4\xc2\x47\x5a\x31\xec\xdf\xe5\xf2\x2b\xa5\x1f\x66\x6d\x22\xe6\xc7\x43\x4c\x72\x2c\x75\x65\xee\xb5\x34\x6e\xec\xd1\xe2\x55\x57\x72\x21\x66\xac\x7e\x50\x92\x9f\xef\xbb\x3f\x29\x99\xd1\x52\x93\x8f\x7f\x3c\xec\x1d\xef\xe5\xa0\x97\xa5\xf3\xa7\x59\x32\xce\x2c\x03\x64\xec\xaf\x5f\xfb\xa0\x84\xf9\x76\xb5\xd1\xce\x16\xe8\xfb\x4d\x12\x34\x8a\x6f\xd1\x67\x11\x7f\x08\x0a\x89\xf5\x4e\xbe\x8b\xdc\x10\xed\x4d\x34\xdf\x56\x80\x42\xdd\xc1\x03\xd0\x2d\x13\xb6\xaf\x17\x80\x7f\x27\x60\x09\x11\x23\x26\x3c\x3a\x00\xd2\xd6\x9e\x57\x14\x5f\x8a\x2d\xe9\xeb\x50\xeb\xe8\x9a\x3e\xfa\xc5\x3a\xb7\x3a\x57\x74\x40\x70\xa5\x14\x0e\x0e\x4e\x25\x03\x0e\xdb\xeb\xe8\x33\x41\xfd\xc5\x45\xab\x2b\x4a\xa8\xa0\xfe\xb0\x96\x32\xd8\x4e\xf0\x11\x62\xd9\x3d\x0d\x8f\xa9\x51\x0f\x59\x7e\xa2\x00\x32\xe1\x94\xdf\x44\x4a\x83\x96\x0b\x99\x65\x8d\x07\x6f\xe3\xbc\xcd\xe9\x03\xfb\x30\x47\x1f\xd0\x00\xfb\xcd\x42\x01\xa6\x29\x36\xc7\xc7\x18\x40\x53\x94\xe6\x61\x2d\xdd\x77\xe4\x15\xef\x88\x79\xa2\x76\x1f\x66\x78\xee\x0e\x23\xf4\xa1\x39\x8c\x83\xda\x95\x9e\x97\x23\x6c\x67\xb0\xbc\x39\x71\x7d\xfd\x9c\xb3\x08\xa2\x13\x43\xc8\x3d\x43\xf2\x4e\xa7\x0a\x10\x40\xa9\x8f\xb1\x95\x8d\xe1\xa3\x5a\x27\xed\x76\xc7\xc7\xec\x82\xae\x3a\x01\xb3\xca\x53\xb1\x18\x89\x2f\x20\x45\xa5\x74\x7d\xe1\x4c\x54\xa9\x9b\x43\x8e\x85\xab\x2a\xf9\x3e\xf1\x51\xa3\x9e\xe0\x15\x7c\x6c\x9d\x0e\x4e\x1f\xf5\xb3\xc6\xff\x6a\xb0\x73\x9f\xf9\x52\x42\x21\xc6\xb6\x75\xbb\x88\x4b\xbe\x64\xa6\x21\x41\x59\x2c\x8c\xc9\x97\x60\xf1\x7a\xbc\x44\x70\x6f\xf3\x7e\x31\x3c\x75\x53\xdf\xf3\x4c\xf6\x49\xe0\x56\xa0\x5c\xf6\x2c\xb3\x79\xa6\x4c\x4b\x3e\x54\x9e\xb1\xc5\x72\xb9\x17\xea\x71\x5a\xb1\xe7\xcc\x69\x15\x45\xd5\x09\x28\x13\xbf\x3e\xf2\xcd\x9f\xf9\x14\xaf\x31\xc1\x4b\xb5\x7d\xd4\x06\xa0\xb4\x89\x16\xd5\xce\xe2\x7b\x0d\x79\xec\x74\x29\x62\x57\x48\x9c\x83\x5b\xba\x62\xd2\xe4\xf8\x95\x73\xa1\x21\x30\x08\x76\xca\x46\x11\xd8\x06\x6d\x76\xb3\xe7\x9e\x1d\x36\x13\x2c\xc8\xd6\xb9\x9e\xeb\xae\xac\xef\x78\x6a\x59\x8d\x6d\xbb\x43\xaf\xc4\x2e\x54\x15\x42\x43\x60\x97\x07\x31\xb2\x73\x73\x6b\x06\x2a\x27\x53\xd1\x0f\x7a\xa0\xf6\xc0\x82\xfe\x2d\x80\xea\x11\x2b\xea\x0a\x05\xa9\xb5\x48\x8e\xf1\x89\x05\x7c\x48\x42\x9a\x5e\xd4\xd0\xc3\x36\x3b\x7e\x6d\xfa\x25\x2c\xd8\x86\xec\x7f\x51\xbc\x9e\xef\x81\xc1\x03\x17\x86\xb2\x6b\xd6\xf4\x68\xa0\x2b\x4d\x6a\x49\x4d\x88\x76\xab\x98\x60\x84\xfc\x73\xb5\x84\xc1\x61\x9b\x70\xfc\x68\x25\xa2\xab\x85\xc9\xcd\x1d\xb8\x1c\x83\x5a\x45\x2c\x01\xb4\x43\x8a\x28\x51\xb8\xe4\xd5\xc4\xa9\x67\x89\x46\xc4\xe2\x5f\x7f\xdf\x45\x6d\xc7\xe6\x1d\xe3\xdd\x6f\x13\x02\xb0\x19\x4d\xb7\xbe\x1b\x41\xfd\x06\x4c\xc3\x5d\x11\x9c\xe2\x91\x59\x2a\xaf\x8d\x07\xf2\xce\xae\x8b\x20\xe3\xb1\xa9\x33\xec\x75\x69\x9f\x96\x96\x32\xec\xd6\xfa\x91\x59\x1e\xa5\x87\x44\xed\xd5\x46\x60\x46\xc8\x09\x99\x3f\x4c\xbf\xfa\xe1\xd5\x27\xed\x1b\xb2\x2d\x9e\x1e\x02\x29\x5d\x35\x86\xde\x90\x95\x02\x47\xa1\xb1\xdf\xcf\xc9\x41\x59\x42\xf4\x6c\x3f\x19\x4c\x6c\xb0\x6e\x70\x11\xe9\x64\x78\xbc\xd3\xaa\x33\x54\x2e\xb2\x04\x47\xe4\xaf\xa5\xc4\x8b\x13\x72\xcb\x07\x21\x63\x18\xb0\x71\xf8\x98\xb0\xe8\x63\x2a\xd0\xdf\x9a\xfe\x12\xcf\x52\xbe\x13\x54\x57\x24\x1e\x2e\x49\xca\x49\x2f\x77\xb8\x1e\x96\x50\xd2\xc8\x52\x82\xa6\xac\x78\x44\xb1\x94\x60\x07\xbe\xf7\xa0\xd5\x3b\x1a\x5e\x28\x57\x49\xc0\xd2\x1d\xe5\xc1\x92\xc6\x31\x69\x6d\x36\x50\x3d\xaa\x61\x2a\xc7\x0e\x30\xd3\xb7\x34\x9e\x21\xbc\x99\xbd\xc4\xc3\xa9\x41\xbd\x7a\x33\xef\x35\xbb\x35\x12\xae\x98\x26\xc4\x6d\x8c\x9a\x21\xda\x27\x73\x92\x1b\xfd\xaf\x6f\xbf\x64\x9d\xa2\xb2\x25\x86\x1b\x67\x64\x40\x25\x83\x34\x16\x7f\x9d\x7e\xb1\xe0\x3d\x30\xf3\xcc\x27\x9d\x01\xec\x5a\xd7\xee\xcf\xf2\x9f\x29\x6e\xf6\x03\x55\xc8\xc1\x3e\x04\x5c\x8a\xc9\x78\x05\xd0\x66\xf8\x1c\xf4\xc8\x59\xfe\xdb\xe7\x41\xbc\x27\x37\xce\xa8\x91\xd9\x5c\x9c\x69\xf2\x1a\xa5\x8e\xdc\xa2\x72\xde\xc6\x0c\x3e\x77\xab\xaf\x59\x73\x08\xe0\x79\x13\x58\x4e\x43\x57\x86\xb9\xff\x40\x1a\x4c\xbb\x05\x03\x35\xb5\x6a\x20\xe6\x52\xc1\xd3\x6f\xf7\x4b\x8e\xf2\xf5\x95\x78\x59\x4c\xd9\x73\xb7\x94\x30\x11\x0b\x3e\x94\x38\x35\x40\x62\x88\xf9\xa2\x0d\x0d\x64\x9d\xc5\x63\x0b\xc5\x07\x11\xfe\xd1\x06\xf3\x25\xbe\x5f\xce\x20\xff\x76\x72\xdf\xdb\xe1\x4d\xf6\x6d\x40\xc4\x30\x37\x8b\x7d\x88\x5c\x3e\x7f\x11\x5b\x49\xc8\x4d\x26\xc4\xb3\x09\xe1\x3a\xf4\xfd\x2b\x45\x56\xa9\x64\x2c\x48\xf8\xa8\x1b\x64\xd5\xdd\x60\x0f\x4b\x29\xaa\x2a\xd3\xa8\xdf\x28\xa8\x4b\x05\x60\x70\x00\x5e\xb7\x37\x86\x05\x83\xdf\xc8\xda\x5e\x31\x44\xf0\xef\x29\x58\x0d\x19\x40\x79\x8a\x61\x24\xef\xe2\xd1\x80\xc8\x11\xda\x06\xed\xa2\x54\x81\x65\xa2\xa8\x2e\xa0\x18\xd8\xc0\x7a\x96\x7c\x06\x3b\x17\x9b\xa9\x71\xc0\x9c\xe7\xc1\x9b\xa9\x6e\xa3\x4c\x67\x6e\x14\x0c\xf0\x6a\xbd\x6d\xc6\xce\x75\x54\x6e\x42\xe7\x1b\xbb\x9e\xee\xf1\x54\x75\x88\xd9\xd9\x28\xaa\x6e\xe2\x21\xeb\x72\x0d\x8a\x07\x33\x98\x32\x6c\xfc\xb6\x16\xe3\x4e\x1d\xee\x6f\xc8\x8c\x29\xdd\xfb\x4e\x9c\xc5\x7e\x89\xd3\x3f\xa4\xf9\xff\xfe\x48\xef\xbb\xe7\xc2\x47\xf8\x25\xcc\x24\xf3\x0d\xf2\xba\x35\xd7\xaa\x2c\xed\xb5\x3d\xbd\xc0\xd8\x8a\x1c\x68\x19\x7f\x1f\x5f\xba\x83\xec\x21\x18\x92\xd9\x34\xe8\x03\xdb\x21\x26\xb6\x67\xd0\xf0\xfb\xe2\x3b\xb6\x5e\x76\x55\x49\xee\x5b\xc1\x98\x45\x87\x07\xe4\xcc\x82\x6c\xaa\x4c\x40\xf9\xda\x06\x64\xf9\xa1\xf7\xf4\xe7\xf8\x63\x60\x12\xca\x46\xa3\xbb\xf5\x45\xd6\xb8\xa7\xe5\x7b\x8c\x43\x2c\x3a\xa5\x06\x5e\x78\x98\x3a\x8a\xdd\x9e\x14\x85\xa6\xfd\xd4\x05\x54\x49\x0c\x29\xdc\xa6\xdd\xfa\x0f\x98\x03\xa6\x21\xb4\x38\xc1\x68\xd1\x86\x4b\xd0\x21\x34\x8e\x22\xe6\xa6\x52\x13\x7d\xd7\xfd\x0a\xa8\x54\xb0\x03\x7c\xc2\x99\x77\x4f\xe6\xea\x3e\x76\xe2\xb5\xe8\x88\xd9\x40\x71\x44\x11\x59\x25\x60\x37\xbf\x35\x8f\x94\x1d\x69\xfe\x24\x1b\xeb\x1e\xca\x95\x1a\x60\x4d\x37\x68\xab\x88\xcc\x18\x23\xb3\xb4\x5b\x4c\x3e\xd1\xc7\x5a\xde\x61\x70\xe5\x88\x02\x74\xbe\xb7\xd5\xdf\x0d\x4f\x7f\xff\x8c\x00\xdf\xc2\xa4\x93\x25\xc6\x1d\xc8\xb5\x00\x84\x49\x40\x0d\x78\x4a\x66\x08\x9f\xe5\xae\x1c\x4f\x47\x82\x67\x87\x68\x28\x32\xc8\xc5\x7b\x74\xe1\x5c\xfc\x63\xad\x03\x05\x6e\xe0\xb8\xc2\x2e\xf8\x92\xa3\x42\x9b\xb1\x24\xcf\x0a\x22\x4c\x03\x6c\x7c\x59\xe3\xa3\x90\x8c\xa4\x9b\x72\x08\x9e\xf8\x15\x53\x3f\xaa\x1a\xaf\x78\xec\x5a\xb8\xa9\x8e\x56\xbd\xd8\xb4\xe2\x57\x97\x35\xbe\xb2\x7b\xe0\xf1\x8c\xae\x83\xc4\xb8\x54\xe1\x17\x9d\x9f\x32\x7d\x81\xbd\x03\x52\x72\xa1\x24\x71\xd6\xe7\x28\xfb\x87\xee\xb2\xd8\xa1\x12\xa2\x70\x4c\xa6\x4d\x5b\x00\x44\xd9\x26\x22\x94\xe6\x13\x7b\xff\xd6\xf9\xc2\x31\x37\x92\x46\x61\xef\x10\x27\x44\xcb\x5a\x0e\xf9\xd5\xea\xa3\x78\x9c\x93\x4c\x5e\xa1\x23\x7f\xe0\x71\xd6\xee\x06\x4d\x2c\x3c\xdc\x62\x17\xc1\xba\x0b\xde\x93\xb0\x6e\xe6\x98\x99\xe7\xee\xb8\x50\xe5\x83\xcb\x23\xc9\x07\x22\xd0\x02\xf2\x34\x79\x53\x31\x34\xe1\xab\xb6\xa6\xe6\x20\x13\x57\xc8\xce\x82\x90\x6b\x81\xa9\xff\x0d\x5b\x54\x47\x26\x4a\x39\x18\x18\x16\x64\x21\x3e\x7e\x8d\x95\x30\x11\xc6\xed\xa2\xf6\x83\xc2\xff\x85\xf6\x68\xa5\x6f\x3a\x07\x0a\xbc\xea\xe9\x72\x74\x1c\x6e\x0c\x65\x13\xd3\x5e\xc8\x66\x5e\x11\x06\x94\x83\x4e\x1e\x2b\xe2\xf6\x79\x0f\xab\x65\xfd\x5b\x1b\xe7\xd0\xb1\xc0\xb4\x0a\xf1\x9c\x03\xcc\x29\x10\x56\xd3\xe0\x9d\x3b\xee\x77\xd9\x02\x9e\xc4\x9e\xae\xdf\xa0\x54\xa9\xef\x94\x3c\x12\xe5\xe8\x19\x92\xe4\x16\x12\xb6\xc1\xd9\x42\x28\x58\xf7\xff\xcf\x8b\xb7\x2e\xa6\x8c\xe9\x69\xc8\xc8\x83\xf4\xd8\x22\x5a\x3c\xda\x94\x01\x63\x48\xdf\xe7\x7a\x8a\x03\x32\x74\xc9\x5f\x2e\x0e\x7b\x1e\x4c\x51\xe1\x32\xdc\x65\x39\x64\xb1\x06\x54\xfc\xa8\x4b\x72\x9f\x6c\x60\x91\xce\xeb\x42\x7f\x14\x7f\xfc\x94\x20\x94\x2b\x82\x7e\xf7\x87\xee\xf9\x17\xe3\xe3\x6c\x70\x2f\xe4\x19\x56\x19\x22\xeb\xba\x7e\x68\x7a\x81\xe9\x5b\x2d\xce\x35\x2f\x20\x8b\x51\x73\x68\x97\x75\x88\x14\xff\x99\xd5\x2a\x60\x31\xaf\x9f\x92\xb3\x44\xc0\x2e\x9a\x2d\x65\x57\x1f\x8d\x8a\x74\x4b\x91\x3a\xdf\xe2\xa0\x49\x48\xe3\xde\xed\x0f\xaa\xde\xc6\x48\xc8\xed\x21\x38\xac\xc0\x24\xd8\xf1\x4c\xec\x7e\x8c\xf0\x03\x58\x5f\x2f\x7f\x06\x50\xfd\xe1\x60\xa8\x91\x33\x73\x15\xbe\xf6\x11\x74\xb9\x42\x24\xae\x49\x68\xd2\x2f\xbf\x28\x42\x54\xe4\x34\x13\x19\x4f\x4b\xc1\x4d\x84\xe2\xba\xf5\x91\xc6\x24\x20\xeb\xce\xff\x8a\x22\x45\xb2\xa4\xd5\xf3\xbc\x7d\x0b\x28\x5f\x9c\x26\x07\xd3\x34\x0b\x9c\xbc\x90\xab\x7b\xee\x1b\xbe\xd9\x25\xdc\xbb\xce\x61\x44\x70\xa3\x0a\x49\x48\xc4\xbb\x90\xfc\xb6\x52\x20\xeb\xed\xb1\x68\xaf\x88\x51\x04\x21\x9b\xe8\x5c\xd7\x4a\xb9\xf5\x20\x06\x40\xd9\xce\x29\x37\xb9\xa3\x62\xb1\x7d\x4b\x6f\x41\xea\xee\x12\x08\x90\x6c\x23\x88\x62\xdc\xbf\x42\x1e\xb3\x90\x62\x4f\x01\xf2\x2b\x65\x3d\x8e\xda\xa3\xf0\xd8\x1a\xaf\xff\xe5\x37\x4a\x46\xf2\x27\xdf\xff\xe7\xa0\xea\xe7\x23\xc3\x3b\x6a\xb4\x1b\xef\xae\xfb\x6d\x62\x9f\x25\xad\x38\xc6\xf4\x87\x95\x80\x03\x4c\x57\x8d\xfd\x1c\xe9\x1b\x3f\xd2\xff\xa8\x78\xa9\x92\x32\x4a\xd1\x18\x1f\x1a\xe0\x4a\x16\x20\xad\x3a\xd5\x38\x21\xec\x57\x9f\xb2\x9e\xcc\x53\xab\x1d\x35\x01\x11\x33\xd7\xb5\x97\x15\xc2\x28\xec\x45\xd1\x66\x2c\x87\xed\x02\x87\x86\x2f\xfb\x49\x8c\xbd\x04\x10\xa3\x91\xf1\x42\x48\x9f\xe6\xe3\x69\xe3\x52\x6b\x39\xe0\x5c\x13\xc3\x57\x4b\x11\x52\x34\x1a\x23\x7e\xed\x90\x2e\xbf\x49\xb4\xb2\x54\x87\x95\xe4\x18\xc1\xe5\x7e\x01\x10\x61\x29\x8d\x3a\x9d\xbc\xf2\xc2\xca\xcc\xad\x01\x3d\x03\x12\x32\x08\xad\xdd\xbe\x99\xe9\xf5\x23\xdd\x03\x79\xdd\x53\x7a\x93\x50\x8b\x9a\xa2\x9d\x1e\x7f\x28\x6a\xa9\x98\x3e\xb5\xb5\x9c\xca\xec\xff\xc3\x14\x66\xf7\xf1\x3e\xf3\x20\xef\xa0\xc2\xfe\x39\x3b\x5a\x0f\xb2\x5e\x86\x7f\x79\x51\xa6\xe2\x56\x56\xd7\xe9\x90\x5b\xc0\x0c\x85\x5a\xd0\xf4\xb9\xc5\x5b\x33\xd9\x9f\xa1\x35\x88\x48\xc0\x37\xe6\xff\x9c\x76\x52\x37\x64\xfe\xbd\x6d\x8e\xc8\x3f\x70\x33\x8e\x7f\xf7\x28\xa5\x2c\x66\x1b\x2b\x02\x82\x38\x1d\x2c\x16\x92\x67\xb1\x1d\x4d\xc3\x83\xe6\x2a\xe6\x46\xd1\xcf\x93\x23\xb2\xd0\xcf\x3c\x56\x1f\x81\xc7\xd2\xb0\x87\x3d\x96\xba\x97\x24\x7c\xc4\x7e\x22\x2e\x22\x6a\x6d\x15\x1f\x11\xf2\xf5\x0b\x76\x7b\xac\x93\xa9\xdc\xf1\x71\x1a\xc4\x5b\x1c\x52\x8f\xa9\xa9\x44\x2f\x29\x58\x21\x8a\x02\x1f\x33\x05\xec\x03\x7d\x59\x00\x19\xdd\x4d\x83\xd3\x44\x16\x28\xe4\xad\x6a\x6c\x59\x50\x62\xc0\xa7\x82\x2d\x09\x05\x27\x83\x37\x86\xd5\xe8\xf3\x10\x02\x21\x26\x61\xf5\x00\x06\x54\x9d\xd1\xd3\xb4\x62\x45\x6e\xf1\x26\x81\x40\x73\xc0\x6b\x96\xe7\x84\x06\xb6\xd4\x49\x4d\x88\x7f\xe7\xc7\x94\xb7\x53\x99\xc2\xc1\x3f\xfb\x56\xf2\x91\xbd\x4a\x7d\x36\x15\x5d\xe7\xe0\x1f\xa3\x5b\x7b\xec\x8b\xca\xcd\x43\xc8\xbb\x6c\xa6\xf0\x9a\x15\x00\x3b\xb8\x28\x7c\xe6\x8e\x1c\xab\x70\x2c\xc3\x09\xc7\xbe\xbb\x06\x99\xab\x4d\xa8\x54\x48\xda\x0d\xb0\x34\x05\x94\xa8\xe2\xe7\xac\x83\xa3\x2d\x3e\x71\x87\xc8\xd4\x5d\x85\xb9\xfb\xa5\xa2\x99\x37\x14\x3d\x7b\x01\x17\x21\xf5\x15\xa4\x94\x5b\xbe\xfb\xe5\x54\xda\x5d\x3c\x7c\xb5\xf1\x27\xfc\x13\x79\x3f\x37\x32\xc9\x0a\x4a\x58\xea\xec\x22\xa9\x3e\xd0\x4e\x82\xe8\x34\x7c\x70\x73\x26\x43\x67\x75\xda\x4d\xf8\xad\xd3\x9f\xe4\x6f\xd4\xdc\x4f\xf6\x59\x20\x98\x45\x4e\xb8\x2b\x14\xa0\xd9\x77\xe7\xd8\xf0\x61\x0c\xc0\xf2\x51\xc7\xdf\x75\xfb\x6e\x9e\x64\x54\x5b\x28\x28\xa1\x5e\x18\x94\xd9\x58\x6c\xd6\xc8\x8f\x82\xd4\x69\xc6\x4d\x48\xb8\xcc\x38\x83\xe8\x1f\x01\x72\xd0\x89\xe8\x57\x7e\x4b\xde\x2b\x5d\x59\xe7\xb9\xc8\x35\xa7\x97\x80\x81\xdc\x00\x9c\x18\x67\xc7\xb2\x02\xe5\x54\xbb\xf4\xfe\x8c\xbc\x03\x3b\xd3\x2c\x75\xf1\x2d\xeb\x3d\x65\x33\xf4\xa8\x7e\xfd\x2f\x03\x1e\x86\x7b\x65\x89\xd1\x70\x97\x61\x20\xfa\x40\xcf\x08\x71\x5d\x56\x86\xe7\x19\xdb\x2b\x04\xfc\x95\xc8\x87\x71\x78\x58\x54\xbe\x7f\xdf\xd7\x8e\xb1\xa9\xbe\x03\x5f\x6f\x67\x4f\x9f\xa5\x08\xaa\x90\xda\x71\xd5\xba\xfd\xb4\x45\xd7\x7e\x7f\xe3\x8d\x24\x62\x5d\x42\xa2\xe0\x03\xbb\x3d\x15\x3e\xe1\xe1\x3a\xf3\x2a\xda\x0c\xf2\x08\xfa\x2f\x94\x45\x19\x1d\x55\x8e\x61\xe8\xbd\xe4\xcd\xbb\x79\x0f\x43\xbb\x96\x28\x51\x66\xfd\xe2\xa5\xac\x6a\x1d\xeb\x58\xc0\xb0\x0b\xea\x38\x81\x98\xd4\x9c\x4f\x5f\xe8\x2a\xe9\xd6\x1f\x52\x10\xa7\x25\x7d\x22\xd7\x76\xe7\x7f\xa6\x15\x45\xea\xaf\x37\x0f\x36\xc2\x8c\x75\x08\x24\x1d\x32\x71\x5f\x7e\xc2\x84\x8c\xac\x7f\x2d\x4d\xf1\x8a\x51\x2a\x32\x26\xdf\xe9\x7c\x59\x51\xd3\x13\xfc\x09\x59\x9f\xd2\x1b\xb2\x90\x02\x41\x48\x3a\x12\xff\xc5\x75\x98\xe4\xf0\x9c\xb8\x5a\xe6\x96\x2f\x27\x57\x05\x0d\xe6\xec\xce\xf0\x34\xaf\x3a\x84\xf2\x50\xcb\xf0\xea\x64\x9a\x7a\x87\xb2\x90\x1d\x4c\x6b\x3e\xa9\x32\x25\xfc\x2c\xec\x0b\x6c\x98\x04\xe4\xed\xa0\x02\xa3\xd2\x4d\xa0\xa5\x5e\x6d\x9a\x0a\xd1\x80\x72\x21\xba\xde\x6d\xa8\xe8\x4c\x86\xe3\x22\xf7\xb3\xe1\xe0\x87\x51\x5a\xef\xa1\x1d\xe3\xe1\x98\xb8\x18\x7b\x1a\xdb\x90\x4a\x53\x61\x59\x0b\x90\x91\x5b\x73\xeb\x96\x34\x2b\x1e\xd9\xe3\x4c\x5b\xb6\x8f\x81\x39\x6b\xe9\x4b\x31\xdf\x13\x6a\x65\x86\x8d\x79\x6c\x76\x22\xdd\x8e\x7f\x78\xce\x81\xd7\xdb\x24\x16\x3a\xd7\x84\xd4\x81\x5f\xf8\x17\xbf\x88\x11\xd1\x29\x3c\x7e\x88\xfe\x4d\x78\x21\x78\x31\x91\xe0\x3b\x56\x82\xae\x7c\x0d\xad\xd4\xa9\x27\x24\xaa\xfc\xe0\x24\xae\x0a\xcc\x8e\x39\xcd\x3e\xaf\x4e\xde\x02\x49\x07\xe5\x09\x77\x22\x8d\xf4\xd3\xa6\xa4\x28\x88\x6f\xb2\x4f\x9a\xa1\x53\x66\xbc\xae\x6e\xbb\x17\x51\x40\x2b\x9f\x34\xa3\x85\x40\xc0\x92\x93\x04\x7f\xe9\x43\x73\xc1\x7a\x9c\xcc\xff\x1a\x1d\xe3\x22\xef\xc3\xfe\x33\x48\x01\xaa\x76\x44\x4d\xd0\xd4\xc0\x17\xfe\xb9\xd4\x53\xeb\x35\xf2\x1e\xfe\x33\x2e\xd9\xae\x75\x57\x1c\xa5\x77\x8e\xb4\xb6\x9d\x94\xf7\x69\xdb\xf0\x8c\xaf\xa0\x7a\x7f\x42\xf1\x2f\x8f\x2a\x9e\x3e\xb6\x97\x6e\x01\x62\xc3\xf2\x34\x51\xd9\x74\xc8\x7f\x60\x63\xbd\x31\xdb\x13\x85\x81\x1b\x55\x4c\x85\x50\xba\x51\x30\xf8\x8d\x79\x7a\x8b\xab\x3e\x01\xb2\x1e\x5f\xeb\xd2\xb0\xf6\x6e\x8f\x58\x42\xc1\x04\x10\x74\x28\x42\x3a\x8c\x8d\x39\x4c\x5e\x19\xea\x71\x75\x87\xa9\x2f\xe0\x70\xe5\xb4\x9e\xc4\xaf\x4b\xc6\x32\xe2\xf3\xe8\x0f\xa6\x51\x16\xf3\x8e\x12\xd8\xa2\x18\xf4\xf2\x36\x10\x5e\x39\x08\x02\xb3\xf9\x92\x16\x50\xba\x41\x81\x77\xf8\x33\x26\x18\x61\xab\xee\xbf\xae\xc3\x19\x89\x49\x2f\x7f\x02\xd1\xb0\x62\x16\x9d\x3b\xee\x9a\xa3\x99\xd3\xdf\xa9\xf9\x8d\x48\x29\xe9\x8f\xe7\x67\x23\x6f\x5d\xd9\x81\x09\x43\x9d\x31\x99\x9c\x03\x51\x9e\xa3\x8d\xe2\x5b\x3f\xe3\x8b\x42\x0f\xbe\x45\x52\xe9\xad\xed\xb3\x07\xfd\xff\xc9\x8e\xa4\x58\x6d\x60\xee\x31\x33\x28\xc5\xb6\xc3\xff\x50\x4e\xbe\xd2\x8f\x56\x69\x80\x16\xdd\x79\x6b\x9b\x9e\x85\x0d\x79\x18\xd8\xb8", 4096); *(uint32_t*)0x10001584 = 0x1000; *(uint32_t*)0x100015cc = 1; syscall(SYS_sendfile, (intptr_t)r[0], 0xffffff9c, 8, 0x800ull, 0x100015c0, 0x10001600, 9); break; case 5: memcpy((void*)0x10001640, "\x6c\x81\x1b\xa5\x2c\x13\x9b\x40\xdc\x56\x80\xcb\x02\x75\xfd\xd4\x40\x46\x8e\x4d\xae\x07\xc7\x45\xba\x75\x8c\xb2\x66\x74\x2f\x46\x8f\xc4\x2d\xa0\x66\x9f\x60\x61\xcb\x2c\x9f\x92\x1e\x95\x34\x51\xb3\x13\x5e\x01\x74\xfe\x8e\xb1\xae\xbb\x2c\x3e\xb8\xa7\xfb\x3f\xc8\xde\xa1\x8e\x65\x2d\x01\xe7\x18\x4c\xa6\x5d\xce\x04\xf4\x67\x9a\xfe\xd2\x76\x6b\x06\x73\x49\xde\x7a\x5e\xf6\x0b\x58\x69\x92\x91\x9a\x20\x38\x2c\x0a\x1f\x20\xaf\x0c\x9c\x7f\xac\x61\xcf\x18\x38\x3e\x36\xfe\x56\x50\x2f\x5f\x26\xb8", 122); syscall(SYS_ioctl, -1, 0xc0104453, 0x10001640); break; case 6: res = syscall(SYS_freebsd10_pipe, 0x100016c0); if (res != -1) { r[1] = *(uint32_t*)0x100016c0; r[2] = *(uint32_t*)0x100016c4; } break; case 7: *(uint8_t*)0x10001700 = 0x10; *(uint8_t*)0x10001701 = 2; *(uint16_t*)0x10001702 = htobe16(0x4e23); *(uint32_t*)0x10001704 = htobe32(7); *(uint8_t*)0x10001708 = 0; *(uint8_t*)0x10001709 = 0; *(uint8_t*)0x1000170a = 0; *(uint8_t*)0x1000170b = 0; *(uint8_t*)0x1000170c = 0; *(uint8_t*)0x1000170d = 0; *(uint8_t*)0x1000170e = 0; *(uint8_t*)0x1000170f = 0; *(uint32_t*)0x10001740 = 0x10; syscall(SYS_setsockopt, (intptr_t)r[2], 0x84, 0x8002, 0x10001700, 0x10001740); break; case 8: *(uint32_t*)0x100017c0 = 4; syscall(SYS_getsockopt, -1, 0x84, 0x20, 0x10001780, 0x100017c0); break; case 9: *(uint32_t*)0x10001800 = 8; *(uint16_t*)0x10001804 = 0x1000; *(uint16_t*)0x10001806 = 0; *(uint16_t*)0x10001808 = 0x8000; *(uint16_t*)0x1000180a = 0x200; *(uint16_t*)0x1000180c = 0x4000; *(uint16_t*)0x1000180e = 0; *(uint16_t*)0x10001810 = 1; *(uint16_t*)0x10001812 = 0; *(uint32_t*)0x10001840 = 0x14; syscall(SYS_getsockopt, (intptr_t)r[1], 0x84, 0x14, 0x10001800, 0x10001840); break; case 10: memcpy((void*)0x10000000, "\xc9\x0c\x8a\x7c\x33\x7f", 6); *(uint8_t*)0x10000006 = 0xaa; *(uint8_t*)0x10000007 = 0xaa; *(uint8_t*)0x10000008 = 0xaa; *(uint8_t*)0x10000009 = 0xaa; *(uint8_t*)0x1000000a = 0xaa; *(uint8_t*)0x1000000b = 0xaa; *(uint16_t*)0x1000000c = htobe16(0x8100); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 0, 3); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 3, 1); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 4, 12); *(uint16_t*)0x10000010 = htobe16(0x800); STORE_BY_BITMASK(uint8_t, , 0x10000012, 0x1c, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x10000012, 4, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x10000013, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x10000013, 0, 2, 6); *(uint16_t*)0x10000014 = htobe16(0x81); *(uint16_t*)0x10000016 = htobe16(0x65); *(uint16_t*)0x10000018 = htobe16(5); *(uint8_t*)0x1000001a = 1; *(uint8_t*)0x1000001b = 0x46; *(uint16_t*)0x1000001c = htobe16(0); *(uint32_t*)0x1000001e = htobe32(-1); *(uint8_t*)0x10000022 = 0xac; *(uint8_t*)0x10000023 = 0x14; *(uint8_t*)0x10000024 = 0; *(uint8_t*)0x10000025 = 0xbb; *(uint8_t*)0x10000026 = 0; *(uint8_t*)0x10000027 = 0x44; *(uint8_t*)0x10000028 = 0xc; *(uint8_t*)0x10000029 = 5; STORE_BY_BITMASK(uint8_t, , 0x1000002a, 0, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x1000002a, 3, 4, 4); *(uint32_t*)0x1000002b = htobe32(9); *(uint32_t*)0x1000002f = htobe32(4); *(uint8_t*)0x10000033 = 0x83; *(uint8_t*)0x10000034 = 0xb; *(uint8_t*)0x10000035 = 6; *(uint32_t*)0x10000036 = htobe32(0xe0000001); *(uint32_t*)0x1000003a = htobe32(-1); *(uint8_t*)0x1000003e = 0; *(uint8_t*)0x1000003f = 4; memcpy((void*)0x10000040, "\xa4\xd4", 2); *(uint8_t*)0x10000042 = 0x89; *(uint8_t*)0x10000043 = 0x13; *(uint8_t*)0x10000044 = 4; *(uint8_t*)0x10000045 = 0xac; *(uint8_t*)0x10000046 = 0x14; *(uint8_t*)0x10000047 = 0; *(uint8_t*)0x10000048 = 0xbb; *(uint32_t*)0x10000049 = htobe32(-1); *(uint8_t*)0x1000004d = 0xac; *(uint8_t*)0x1000004e = 0x14; *(uint8_t*)0x1000004f = 0; *(uint8_t*)0x10000050 = 0xbb; *(uint32_t*)0x10000051 = htobe32(0); *(uint8_t*)0x10000055 = 0x94; *(uint8_t*)0x10000056 = 6; *(uint32_t*)0x10000057 = htobe32(9); *(uint8_t*)0x1000005b = 0x94; *(uint8_t*)0x1000005c = 6; *(uint32_t*)0x1000005d = htobe32(0x80000001); *(uint8_t*)0x10000061 = 1; *(uint8_t*)0x10000062 = 0x83; *(uint8_t*)0x10000063 = 0x1f; *(uint8_t*)0x10000064 = 2; *(uint32_t*)0x10000065 = htobe32(0xe0000002); *(uint32_t*)0x10000069 = htobe32(0xe0000001); *(uint32_t*)0x1000006d = htobe32(0x7f000001); *(uint32_t*)0x10000071 = htobe32(0); *(uint32_t*)0x10000075 = htobe32(0x7f000001); *(uint32_t*)0x10000079 = htobe32(0x7f000001); *(uint32_t*)0x1000007d = htobe32(0xe0000001); memcpy((void*)0x10000082, "\x8d\x86\x2d\x09\x9b\x6b\xb2\xba\x6a\xea\xa6\xab\xd3\xe9\xd5\x82\xc9", 17); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x10000012, 112); *(uint16_t*)0x1000001c = csum_inet_digest(&csum_1); break; case 11: memcpy((void*)0x100000c0, "\xc4\xe1\xf5\xf3\x7b\x05\xc4\xc2\xf5\x47\x52\x5a\x80\x8f\x4e\x00\x00\x00\x00\x66\x0f\x38\x1d\xbc\x60\x07\x00\x00\x00\xc4\xe2\xad\x91\x74\xae\x7e\x81\xfe\x00\x00\x00\x00\x8f\xe9\xa0\x99\xd8\xe4\xff\xc4\xc1\x93\x5c\x17\xc4\xc3\xe1\x41\xae\x2f\x10\x9d\xc2\xd8", 64); syz_execute_func(0x100000c0); break; case 12: break; } } int main(void) { syscall(SYS_mmap, 0x10000000, 0x1000000, 7, 0x1012, -1, 0); use_temporary_dir(); do_sandbox_setuid(); return 0; } :383:17: error: use of undeclared identifier 'SYS_shm_open2' res = syscall(SYS_shm_open2, 0x10000240, 0x800, 0, 7, 0x10000280); ^ 1 error generated. compiler invocation: clang [-o /tmp/syz-executor691535594 -DGOOS_freebsd=1 -DGOARCH_386=1 -DHOSTGOOS_freebsd=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static -lc++ -Wno-overflow] --- FAIL: TestGenerate/freebsd/386/9 (1.72s) csource_test.go:123: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: setsockopt$inet_opts(0xffffffffffffff9c, 0x0, 0x0, &(0x7f0000000000)="ec04a904b9d2ea02fab2df1d9de39f3f5aa2344397e186204d39d74da156e7c6cd98195b7b83c652b06b6222bdef3363961bf47e9b530fbf65bae3607b60941e2715bd678fcebc5524bcefd3184d", 0x4e) ioctl$DIOCSETIFFLAG(0xffffffffffffffff, 0xc0284459, &(0x7f0000000180)={0x10, &(0x7f0000000080)="de11c2a774191d70f51e7c3e375c2814ac72c2d5d0404a2e3d5baf92161f3b451efe9c4c79d7660668f6073e2f76c5f2145195e8c1a4ec34b6f69c1b582768207b28a979f05adc14a3357fe7c493fc81a9177524631bb209be637f8695747fa7cf1c68ac691f169c1b8fb67d7a3776ddfc620ffbe6831f74d2f2d089a4ffecf510a99702258c58ea9e871d4f4ab9a347aabdbb03585b37b5c79436c0c1160a5876b61bbf0c814bb49a27a36082df13cb2f9de2f942b6ac7e158880cfc03cfdccca9fc0f2347eb543a343b4c92707fe736a86a35d58e26f6fd2e9ec8f82", 0x7, 0x5a764000, 0x6}) recvfrom$inet6(0xffffffffffffff9c, &(0x7f00000001c0)=""/23, 0x17, 0x2, &(0x7f0000000200)={0x1c, 0x1c, 0x3, 0x6, @loopback, 0x2d99}, 0x1c) r0 = shm_open2(&(0x7f0000000240)='./file0\x00', 0x800, 0x0, 0x7, &(0x7f0000000280)='\x00') sendfile(r0, 0xffffffffffffff9c, 0x8, 0x800, &(0x7f00000015c0)={&(0x7f0000000540)=[{&(0x7f00000002c0)="efacade58ab0192351a102ada32ad1f41e429edf6c4a513ac6d669cadb222eb68297ab8f9f7b3234d0c6cfa280ad14dc1c4c34175119446d79a030d48b57304eb90b428c202382d86cd71e9c1ecc8d3e2d764aae3714cb591eb027e46943e23eb7656875867e603cf13892a74c42bb1844c27f7f454f9661f1dbb35004ada4d6d75b1df342e967493d207d6b8b4edcbf9d1e378445573684ed139b671abf6576edf8d7342cd8649d376970acbde224a7b0b6a975a8ba0a768ed6abe16c1b694f65dd4231f48c2884", 0xc8}, {&(0x7f00000003c0)="a6e4fe186c760ac2ebbcf9efda5e22e2df6f153fccda1c16976037d03ee004c3fbba5d35b6c083130fc705f95889ba6adbe5e3a7a5e70136a0ca085b7e504d0df55fe184a9bd7a82", 0x48}, {&(0x7f0000000440)="c7e00030b3c4541743ee6513", 0xc}, {&(0x7f0000000480)="a4a67a4e72492b9fab6379e4c0f35b22b69b6e7aefc56beefa857ae28543", 0x1e}, {&(0x7f00000004c0)="8f095f8df1c6bc4dfc1d826f02dfa7794bebf9e7ffc7160f276a53d1abc996fca8c8dbc7c79c09cd5f954775c9e8fc1cf2e0e3c054fb54b662d1b45f5235fdbf860c3fed3dc34ceb30c44baa4ded7de7e9533f4dca146db0db35a93ba654d49011d9cb98d1576b731b9c2bb58c0df4edee6ef5ae1f8b6bc9646f5b4ade4dd52a", 0x80}], 0x5, &(0x7f0000001580)=[{&(0x7f0000000580)="8edaafd215ce7b65c301b4c92651648d0898187ccdb01a4d76b5e301ed4dc9a8863dc7f7ae3bad050227e374a16898e6004c8414847ad74972edac24dc8af73efdef3cfa98e46ff109f6639f4f1417146e2a2c1834c974f3e464ef4b9c88085227ad382c926de3191e689632fad2e80be97123084f70ff095d026a80f01d73752db200c3609bc6e8bbc9187cb85a6519bafc4f15ecca30558d8fc19c9c8cfb94a2f1e70345adf2b01814e7376e9f4492a3bf3883e22df30568632f51c3a6b363d5a968937e1ee977a34f412d00ad70c1c91a7c39ead08d366e10ffc0552b5deae8e1fbee08abf3eade68a0ea2f89f27c3b9a4eb1d202932a128b552adfa688556cce27e1a831daca249c6c8c8af9f50e793b7f86a971eb6ea8ac68fe0646ced0185775d71aece79e93cdeb67ee01e931c345a23ee4a612e131da8b80ac0ad845a4e2712cc43b244df22df822b2b336d8ab18588b607526a1e5951fe7393d5cbef86c42988f3e8b5fb0de54c9aabe6ae7c13cec0506ae837b795539d412fe96e4c546a7d9c9d2830ed163fbc20aab884f5b1159a6ab62d266b2c32597cc06685b789b80f8d2664c87f09956a29dcd3fc0e9ba35d668590e0dcfbcbb6185e1e870324f22b167a2204e271eff9dcbb36c1f52cf2fe376046126cd24de4b8d8e9e367e17179abb59d26cdee75ceab93d2b2400f7086542d957bc80da1069c5f7518e8608fae3f948cb7c272f7e360da0fb84aa2330f996088310c7e42379cc7837b85a646c44d153bed8eb8f95bc3d5411e33ec832ab8156923c7324dfc43386d3419d36603f699a321fd61fc9f9765a2a64b16d47e0870e1971231dc616647028c4b35bea6e59dbdbe9a29a5f46389ecb655711e90f49a98c021493df41177466f02589339a40b3b486a25ccada3caae496314a5a2b54a11cf6fb7e87d84d01ea853e970cf18a1b53db5d156375abe41ad686a4b4b4c2475a31ecdfe5f22ba51f666d22e6c7434c722c7565eeb5346eecd1e25557722166ac7e50929fefbb3f2999d152938f7f3cec1defe5a097a5f3a75932ce2c0364ecaf5ffba084f976b5d1ce16e8fb4d12348a6fd167117f080a89f54ebe8bdc10ed4d34df568042ddc103d02d13b6af17807f2760091123263c3a00d2d69e57145f8a2de9eb50ebe89a3efac53ab73a57744070a5140e0e4e25030edbebe83341fdc545ab2b4aa8a0feb09632d84ef01162d93d0d8fa9510f597ea20032e194df444a83960b99658d076fe3bccde903fb30471fd000fbcd4201a62936c7c718405394e6612ddd77e415ef8879a2761f6678ee0e23f4a1398c83da959e97236c67b0bc39717dfd9cb308a21343c83d43f24ea70a1040a98fb1958de1a35a27ed76c7c7ec82ae3a01b3ca53b118892f2045a5747de14c54a99b438e85ab2af93ef151a39ee0157c6c9d0e4e1ff5b3c6ff6ab0739ff9524221c6b675bb884bbe64a62141592c8cc99760f17abc44706ff37e313c7553dff34cf649e056a05cf62cb379a64c4b3e549eb1c572b917ea715ab1e7cc691545d5092813bf3ef2cd9ff914af31c14bb57dd406a0b48916d5cee27b0d79ec74296257489c835bba62d2e4f89573a121300876ca4611d8066d76b3e79e1d36132cc8d6b99eebaeacef786a598d6dbb43afc42e5415424360970731b273736b062a2753d10f7aa0f6c082fe2d80ea112bea0a05a9b5488ef189057c48429a5ed4d0c3363b7e6dfa252cd886ec7f51bc9eef81c1031786b26bd6f468a02b4d6a494d8876ab986084fc73b584c1619b70fc6825a2ab85c9cd1db81c835a452c01b4438a2851b8e4d5c4a9678946c4e25f7fdf456dc7e61de3dd6f1302b0194db7be1b41fd064cc35d119ce291592aaf8d07f2ceae8b20e3b1a933ec75699f969632ecd6fa91591ea58744edd5466046c809993f4cbffae1d527ed1bb22d9e1e02295d3586de90950247a1b1dfcfc9415942f46c3f194c6cb06e7011e96478bcd3aa33542eb20447e4afa5c48b1372cb07216318b071f898b0e8632ad0df9afe12cf52be135457241e2e49ca492f77b81e9650d2c85282a6ac7844b1946007bef7a0d53b1a5e285749c0d21de5c192c631696d36503daa612ac70e30d3b7349e21bc99bdc4c3a941bd7a33ef35bb3512ae9826c46d8c9a21da2773921bfdaf6fbf649da2b225861b676440258334167f9d7eb1e03d30f3cc279d01ec5ad7eecff29f296ef60355c8c13e045c8ac97805d066f81cf4c859fedbe741bc2737cea891d95c9c69f21aa58edca272dec60c3e77abaf597308e07913584e435786b9ff401a4cbb050335b56a20e652c1d36ff74b8ef2f59578594cd973b79430110b3e943835406288f9a20d0d649dc5630bc50711fed106f325be5fce20ff7672dfdbe14df66d40c430378b7d885c3e7f115b49c84d26c4b309e13af4fd2b4556a9642c48f8a81b64d5dd600f4b29aa2ad3a8df28a84b056070005eb737860583dfc8da5e3144f0ef29580d1940798a6124efe2d180c811da06eda2548165a2a82ea018d8c07a967c063b179ba971c09ce7c19ba96ea34c676e140cf06abd6dc6ce75546e42e71bbb9eeef1547588d9d928aa6ee221eb720d8a073398326cfcb616e34e1dee6fc88c29ddfb4e9cc57e89d33fa4f9fffe48efbbe7c247f825cc24f30df2ba35d7aa2cedb53dbdc0d88a1c68197f1f5fba83ec211892d934e803db2126b667d0f0fbe23bb65e765549ee5bc198458707e4cc826caa4c40f9da0664f9a1f7f4e7f8636012ca46a3bbf545d6b8a7e57b8c432c3aa5065e78983a8add9e1485a6fdd40554490c29dca6ddfa0f9803a621b438c168d1864bd021348e22e6a652137dd7fd0aa854b0037cc299774fe6ea3e76e2b5e888d94071441159256037bf358f941d69fe241beb1eca951a604d3768ab88cc1823b3b45b4c3ed1c75ade6170e5880274beb7d5df0d4f7fff8c00dfc2a49325c61dc8b5008449400d784a66089fe5ae1c4f47826787682832c8c57b74e15cfc63ad03056ee0b8c22ef892a3429bb124cf0a224c036c7c59e3a3908ca49b72089ef815533faa1aaf78ec5ab8a98e56bdd8b4e2579735beb27be0f18cae83c4b854e1179d9f327d81bd035272a12471d6e728fb87eeb2d8a112a2704ca64d5b0044d9262294e6137bffd6f9c23137924661ef102744cb5a0ef9d5eaa3789c934c5ea1237fe071d6ee064d2c3cdc6217c1ba0bde93b06ee69899e7eeb850e583cb23c90722d002f23479533134e1abb6a6e6201357c8ce82906b81a9ff0d5b5447264a3918181664213e7e8d953011c6eda2f683c2ff85f668a56f3a070abceae972741c6e0c6513d35ec8665e110694834e1e2be2f6790fab65fd5b1be7d0b1c0b40af19c03cc291056d3e09d3bee77d9029ec49eaedfa054a9ef943c12e5e81992e41612b6c1d9422858f7ffcf8bb72ea68ce969c8c883f4d8225a3cda94016348dfe77a8a033274c95f2e0e7b1e4c51e132dc653964b10654fca84b729f6c6091ceeb427f147ffc9420942b827ef787eef917e3e36c702fe419561922ebba7e687a81e95b2dce352f208b51736897758814ff99d52a6031af9f92b344c02e9a2d65571f8d8a744b913adfe2a04948e3deed0faadec648c8ed2138acc024d8f14cec7e8cf003585f2f7f0650fde160a891337315bef61174b94224ae4968d22fbf284254e43413194f4bc14d84e2baf591c62420ebceff8a2245b2a4d5f3bc7d0b285f9c2607d3340b9cbc90ab7bee1bbed925dcbbce614470a30a4948c4bb90fcb65220ebedb168af885104219be85cd74ab9f5200640d9ce2937b9a362b17d4b6f41eaee1208906c238862dcbf421eb390624f01f22b653d8edaa3f0d81aafffe5374a46f227dfffe7a0eae723c33b6ab41befaefb6d629f25ad38c6f4879580034c578dfd1ce91b3fd2ffa878a992324ad1181f1ae04a1620ad3ad53821ec579fb29ecc53ab1d35011133d7b59715c228ec45d1662c87ed0287862ffb498cbd0410a391f142489fe6e369e3526b39e05c13c3574b1152341a237eed902ebf49b4b2548795e418c1e57e011061298d3a9dbcf2c2caccad013d03123208adddbe99e9f523dd0379dd537a93508b9aa29d1e7f286aa9983eb5b59ccaecffc31466f7f13ef320efa0c2fe393b5a0fb25e867f7951a6e25656d7e9905bc00c855ad0f4b9c55b33d99fa1358848c037e6ff9c76523764febd6d8ec83f70338e7ff728a52c661b2b0282381d2c169267b11d4dc383e62ae646d1cf9323b2d0cf3c561f81c7d2b0873d96ba97247cc47e222e226a6d151f11f2f50b767bac93a9dcf1711ac45b1c528fa9a9442f2958218a021f3305ec037d590019dd4d83d3441628e4ad6a6c595062c0a7822d090527833786d5e8f31002212661f50006549dd1d3b462456ef126814073c06b96e78406b6d4494d887fe7c794b75399c2c13ffb56f291bd4a7d36155de7e01fa35b7bec8bcacd43c8bb6ca6f09a15003bb8287ce68e1cab702cc309c7bebb0699ab4da85448da0db0340594a8e2e7ac83a32d3e7187c8d45d85b9fba5a29937143d7b011721f515a4945bbefbe554da5d3c7cb5f127fc13793f3732c90a4a58eaec22a93ed04e82e8347c707326436775da4df8add39fe46fd4dc4ff6592098454eb82b14a0d977e7d8f0610cc0f251c7df75fb6e9e64545b2828a15e1894d9586cd6c88f82d469c64d48b8cc3883e81f0172d089e8577e4bde2b5d59e7b9c835a7978081dc009c1867c7b202e554bbf4fe8cbc033bd32c75f12deb3d6533f4a87efd2f031e867b6589d170976120fa40cf08715d5686e719db2b04fc95c88771785854be7fdfd78eb1a9be035f6f674f9fa508aa90da71d5bafdb445d77e7fe38d24625d42a2e003bb3d153ee1e13af32ada0cf208fa2f9445191d558e61e8bde4cdbb790f43bb96285166fde2a5ac6a1deb58c0b00bea388198d49c4f5fe82ae9d61f5210a7257d22d776e77fa61545eaaf370f36c28c7508241d32715f7ec2848cac7f2d4df18a512a3226dfe97c5951d313fc09599fd21bb2900241483a12ffc57598e4f09cb85ae6962f2757050de6eccef034af3a84f250cbf0ea649a7a87b2901d4c6b3ea93225fc2cec0b6c9804e4eda002a3d24da0a55e6d9a0ad1807221bade6da8e84c86e322f7b3e1e087515aefa11de3e198b8187b1adb904a5361590b90915b73eb96342b1ed9e34c5bb68f81396be94b31df136a65868d796c7622dd8e7f78ce81d7db24163ad784d4815ff817bf8811d1293c7e88fe4d7821783191e03b5682ae7c0dadd4a92724aafce024ae0acc8e39cd3eaf4ede024907e50977228df4d3a6a428886fb24f9aa15366bcae6ebb1751402b9f34a38540c09293047fe94373c17a9cccff1a1de322efc3fe334801aa76444dd0d4c017feb9d453eb35f21efe332ed9ae75571ca5778eb4b69d94f769dbf08cafa07a7f42f12f8f2a9e3eb6976e0162c3f23451d974c87f6063bd31db1385811b554c8550ba5130f88d797a8bab3e01b21e5febd2b0f66e8f5842c104107428423a8c8d394c5e19ea717587a92fe070e5b49ec4af4bc632e2f3e80fa65116f38e12d8a218f4f236105e390802b3f9921650ba418177f833261861abeebfaec31989492f7f02d1b062169d3bee9aa399d3dfa9f98d4829e98fe767236f5dd98109439d31999c03519ea38de25b3fe38b420fbe4552e9adedb307fdffc98ea4586d60ee313328c5b6c3ff504ebed28f56698016dd796b9b9e850d7918d8b8", 0x1000}], 0x1}, &(0x7f0000001600), 0x9) ioctl$DIOCXROLLBACK(0xffffffffffffffff, 0xc0104453, &(0x7f0000001640)="6c811ba52c139b40dc5680cb0275fdd440468e4dae07c745ba758cb266742f468fc42da0669f6061cb2c9f921e953451b3135e0174fe8eb1aebb2c3eb8a7fb3fc8dea18e652d01e7184ca65dce04f4679afed2766b067349de7a5ef60b586992919a20382c0a1f20af0c9c7fac61cf18383e36fe56502f5f26b8") freebsd10_pipe(&(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_sctp_SCTP_BINDX_REM_ADDR(r2, 0x84, 0x8002, &(0x7f0000001700)=@in={0x10, 0x2, 0x3, @rand_addr=0x7}, &(0x7f0000001740)=0x10) getsockopt$inet6_sctp_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x20, &(0x7f0000001780), &(0x7f00000017c0)=0x4) getsockopt$inet6_sctp_SCTP_HMAC_IDENT(r1, 0x84, 0x14, &(0x7f0000001800)={0x8, [0x1000, 0x0, 0x8000, 0x200, 0x4000, 0x0, 0x1, 0x0]}, &(0x7f0000001840)=0x14) syz_emit_ethernet(0x93, &(0x7f0000000000)={@random="c90c8a7c337f", @local, [{}], {@ipv4={0x800, {{0x1c, 0x4, 0x0, 0x0, 0x81, 0x65, 0x5, 0x1, 0x46, 0x0, @broadcast, @remote={0xac, 0x14, 0x0}, {[@end, @timestamp={0x44, 0xc, 0x5, 0x0, 0x3, [{[], 0x9}, {[], 0x4}]}, @lsrr={0x83, 0xb, 0x6, [@multicast1, @broadcast]}, @generic={0x0, 0x4, "a4d4"}, @ssrr={0x89, 0x13, 0x4, [@remote={0xac, 0x14, 0x0}, @broadcast, @remote={0xac, 0x14, 0x0}, @empty]}, @ra={0x94, 0x6, 0x9}, @ra={0x94, 0x6, 0x80000001}, @noop, @lsrr={0x83, 0x1f, 0x2, [@multicast2, @multicast1, @loopback, @empty, @loopback, @loopback, @multicast1]}]}}, @generic="8d862d099b6bb2ba6aeaa6abd3e9d582c9"}}}}) syz_execute_func(&(0x7f00000000c0)="c4e1f5f37b05c4c2f547525a808f4e00000000660f381dbc6007000000c4e2ad9174ae7e81fe000000008fe9a099d8e4ffc4c1935c17c4c3e141ae2f109dc2d8") syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x7ff) csource_test.go:124: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static int tunfd = -1; #define MAX_TUN 4 #define TUN_IFACE "tap%d" #define TUN_DEVICE "/dev/tap%d" #define LOCAL_MAC "aa:aa:aa:aa:aa:aa" #define REMOTE_MAC "aa:aa:aa:aa:aa:bb" #define LOCAL_IPV4 "172.20.%d.170" #define REMOTE_IPV4 "172.20.%d.187" #define LOCAL_IPV6 "fe80::%02hxaa" #define REMOTE_IPV6 "fe80::%02hxbb" static void vsnprintf_check(char* str, size_t size, const char* format, va_list args) { int rv = vsnprintf(str, size, format, args); if (rv < 0) exit(1); if ((size_t)rv >= size) exit(1); } static void snprintf_check(char* str, size_t size, const char* format, ...) { va_list args; va_start(args, format); vsnprintf_check(str, size, format, args); va_end(args); } #define COMMAND_MAX_LEN 128 #define PATH_PREFIX "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin " #define PATH_PREFIX_LEN (sizeof(PATH_PREFIX) - 1) static void execute_command(bool panic, const char* format, ...) { va_list args; va_start(args, format); char command[PATH_PREFIX_LEN + COMMAND_MAX_LEN]; memcpy(command, PATH_PREFIX, PATH_PREFIX_LEN); vsnprintf_check(command + PATH_PREFIX_LEN, COMMAND_MAX_LEN, format, args); va_end(args); int rv = system(command); if (rv) { if (panic) exit(1); } } static void initialize_tun(int tun_id) { if (tun_id < 0 || tun_id >= MAX_TUN) { exit(1); } char tun_device[sizeof(TUN_DEVICE)]; snprintf_check(tun_device, sizeof(tun_device), TUN_DEVICE, tun_id); char tun_iface[sizeof(TUN_IFACE)]; snprintf_check(tun_iface, sizeof(tun_iface), TUN_IFACE, tun_id); execute_command(0, "ifconfig %s destroy", tun_device); tunfd = open(tun_device, O_RDWR | O_NONBLOCK); if ((tunfd < 0) && (errno == ENOENT)) { execute_command(0, "kldload -q if_tap"); tunfd = open(tun_device, O_RDWR | O_NONBLOCK); } if (tunfd == -1) { printf("tun: can't open %s: errno=%d\n", tun_device, errno); return; } const int kTunFd = 240; if (dup2(tunfd, kTunFd) < 0) exit(1); close(tunfd); tunfd = kTunFd; char local_mac[sizeof(LOCAL_MAC)]; snprintf_check(local_mac, sizeof(local_mac), LOCAL_MAC); execute_command(1, "ifconfig %s ether %s", tun_iface, local_mac); char local_ipv4[sizeof(LOCAL_IPV4)]; snprintf_check(local_ipv4, sizeof(local_ipv4), LOCAL_IPV4, tun_id); execute_command(1, "ifconfig %s inet %s netmask 255.255.255.0", tun_iface, local_ipv4); char remote_mac[sizeof(REMOTE_MAC)]; char remote_ipv4[sizeof(REMOTE_IPV4)]; snprintf_check(remote_mac, sizeof(remote_mac), REMOTE_MAC); snprintf_check(remote_ipv4, sizeof(remote_ipv4), REMOTE_IPV4, tun_id); execute_command(0, "arp -s %s %s", remote_ipv4, remote_mac); char local_ipv6[sizeof(LOCAL_IPV6)]; snprintf_check(local_ipv6, sizeof(local_ipv6), LOCAL_IPV6, tun_id); execute_command(1, "ifconfig %s inet6 %s", tun_iface, local_ipv6); char remote_ipv6[sizeof(REMOTE_IPV6)]; snprintf_check(remote_ipv6, sizeof(remote_ipv6), REMOTE_IPV6, tun_id); execute_command(0, "ndp -s %s%%%s %s", remote_ipv6, tun_iface, remote_mac); } static long syz_emit_ethernet(volatile long a0, volatile long a1) { if (tunfd < 0) return (uintptr_t)-1; size_t length = a0; const char* data = (char*)a1; return write(tunfd, data, length); } static int read_tun(char* data, int size) { if (tunfd < 0) return -1; int rv = read(tunfd, data, size); if (rv < 0) { if (errno == EAGAIN) return -1; exit(1); } return rv; } struct tcp_resources { uint32_t seq; uint32_t ack; }; static long syz_extract_tcp_res(volatile long a0, volatile long a1, volatile long a2) { if (tunfd < 0) return (uintptr_t)-1; char data[1000]; int rv = read_tun(&data[0], sizeof(data)); if (rv == -1) return (uintptr_t)-1; size_t length = rv; if (length < sizeof(struct ether_header)) return (uintptr_t)-1; struct ether_header* ethhdr = (struct ether_header*)&data[0]; struct tcphdr* tcphdr = 0; if (ethhdr->ether_type == htons(ETHERTYPE_IP)) { if (length < sizeof(struct ether_header) + sizeof(struct ip)) return (uintptr_t)-1; struct ip* iphdr = (struct ip*)&data[sizeof(struct ether_header)]; if (iphdr->ip_p != IPPROTO_TCP) return (uintptr_t)-1; if (length < sizeof(struct ether_header) + iphdr->ip_hl * 4 + sizeof(struct tcphdr)) return (uintptr_t)-1; tcphdr = (struct tcphdr*)&data[sizeof(struct ether_header) + iphdr->ip_hl * 4]; } else { if (length < sizeof(struct ether_header) + sizeof(struct ip6_hdr)) return (uintptr_t)-1; struct ip6_hdr* ipv6hdr = (struct ip6_hdr*)&data[sizeof(struct ether_header)]; if (ipv6hdr->ip6_nxt != IPPROTO_TCP) return (uintptr_t)-1; if (length < sizeof(struct ether_header) + sizeof(struct ip6_hdr) + sizeof(struct tcphdr)) return (uintptr_t)-1; tcphdr = (struct tcphdr*)&data[sizeof(struct ether_header) + sizeof(struct ip6_hdr)]; } struct tcp_resources* res = (struct tcp_resources*)a0; res->seq = htonl(ntohl(tcphdr->th_seq) + (uint32_t)a1); res->ack = htonl(ntohl(tcphdr->th_ack) + (uint32_t)a2); return 0; } static void sandbox_common() { if (setsid() == -1) exit(1); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 128 << 20; setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); initialize_tun(procid); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 13; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 45); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5 * 1000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: memcpy((void*)0x10000000, "\xec\x04\xa9\x04\xb9\xd2\xea\x02\xfa\xb2\xdf\x1d\x9d\xe3\x9f\x3f\x5a\xa2\x34\x43\x97\xe1\x86\x20\x4d\x39\xd7\x4d\xa1\x56\xe7\xc6\xcd\x98\x19\x5b\x7b\x83\xc6\x52\xb0\x6b\x62\x22\xbd\xef\x33\x63\x96\x1b\xf4\x7e\x9b\x53\x0f\xbf\x65\xba\xe3\x60\x7b\x60\x94\x1e\x27\x15\xbd\x67\x8f\xce\xbc\x55\x24\xbc\xef\xd3\x18\x4d", 78); syscall(SYS_setsockopt, 0xffffff9c, 0, 0, 0x10000000, 0x4e); break; case 1: *(uint8_t*)0x10000180 = 0x10; *(uint32_t*)0x10000184 = 0x10000080; memcpy((void*)0x10000080, "\xde\x11\xc2\xa7\x74\x19\x1d\x70\xf5\x1e\x7c\x3e\x37\x5c\x28\x14\xac\x72\xc2\xd5\xd0\x40\x4a\x2e\x3d\x5b\xaf\x92\x16\x1f\x3b\x45\x1e\xfe\x9c\x4c\x79\xd7\x66\x06\x68\xf6\x07\x3e\x2f\x76\xc5\xf2\x14\x51\x95\xe8\xc1\xa4\xec\x34\xb6\xf6\x9c\x1b\x58\x27\x68\x20\x7b\x28\xa9\x79\xf0\x5a\xdc\x14\xa3\x35\x7f\xe7\xc4\x93\xfc\x81\xa9\x17\x75\x24\x63\x1b\xb2\x09\xbe\x63\x7f\x86\x95\x74\x7f\xa7\xcf\x1c\x68\xac\x69\x1f\x16\x9c\x1b\x8f\xb6\x7d\x7a\x37\x76\xdd\xfc\x62\x0f\xfb\xe6\x83\x1f\x74\xd2\xf2\xd0\x89\xa4\xff\xec\xf5\x10\xa9\x97\x02\x25\x8c\x58\xea\x9e\x87\x1d\x4f\x4a\xb9\xa3\x47\xaa\xbd\xbb\x03\x58\x5b\x37\xb5\xc7\x94\x36\xc0\xc1\x16\x0a\x58\x76\xb6\x1b\xbf\x0c\x81\x4b\xb4\x9a\x27\xa3\x60\x82\xdf\x13\xcb\x2f\x9d\xe2\xf9\x42\xb6\xac\x7e\x15\x88\x80\xcf\xc0\x3c\xfd\xcc\xca\x9f\xc0\xf2\x34\x7e\xb5\x43\xa3\x43\xb4\xc9\x27\x07\xfe\x73\x6a\x86\xa3\x5d\x58\xe2\x6f\x6f\xd2\xe9\xec\x8f\x82", 221); *(uint32_t*)0x10000188 = 7; *(uint32_t*)0x1000018c = 0x5a764000; *(uint32_t*)0x10000190 = 6; syscall(SYS_ioctl, -1, 0xc0284459, 0x10000180); break; case 2: *(uint8_t*)0x10000200 = 0x1c; *(uint8_t*)0x10000201 = 0x1c; *(uint16_t*)0x10000202 = htobe16(0x4e23); *(uint32_t*)0x10000204 = 6; *(uint64_t*)0x10000208 = htobe64(0); *(uint64_t*)0x10000210 = htobe64(1); *(uint32_t*)0x10000218 = 0x2d99; syscall(SYS_recvfrom, 0xffffff9c, 0x100001c0, 0x17, 2, 0x10000200, 0x1c); break; case 3: memcpy((void*)0x10000240, "./file0\000", 8); memcpy((void*)0x10000280, "\000", 1); res = syscall(SYS_shm_open2, 0x10000240, 0x800, 0, 7, 0x10000280); if (res != -1) r[0] = res; break; case 4: *(uint32_t*)0x100015c0 = 0x10000540; *(uint32_t*)0x10000540 = 0x100002c0; memcpy((void*)0x100002c0, "\xef\xac\xad\xe5\x8a\xb0\x19\x23\x51\xa1\x02\xad\xa3\x2a\xd1\xf4\x1e\x42\x9e\xdf\x6c\x4a\x51\x3a\xc6\xd6\x69\xca\xdb\x22\x2e\xb6\x82\x97\xab\x8f\x9f\x7b\x32\x34\xd0\xc6\xcf\xa2\x80\xad\x14\xdc\x1c\x4c\x34\x17\x51\x19\x44\x6d\x79\xa0\x30\xd4\x8b\x57\x30\x4e\xb9\x0b\x42\x8c\x20\x23\x82\xd8\x6c\xd7\x1e\x9c\x1e\xcc\x8d\x3e\x2d\x76\x4a\xae\x37\x14\xcb\x59\x1e\xb0\x27\xe4\x69\x43\xe2\x3e\xb7\x65\x68\x75\x86\x7e\x60\x3c\xf1\x38\x92\xa7\x4c\x42\xbb\x18\x44\xc2\x7f\x7f\x45\x4f\x96\x61\xf1\xdb\xb3\x50\x04\xad\xa4\xd6\xd7\x5b\x1d\xf3\x42\xe9\x67\x49\x3d\x20\x7d\x6b\x8b\x4e\xdc\xbf\x9d\x1e\x37\x84\x45\x57\x36\x84\xed\x13\x9b\x67\x1a\xbf\x65\x76\xed\xf8\xd7\x34\x2c\xd8\x64\x9d\x37\x69\x70\xac\xbd\xe2\x24\xa7\xb0\xb6\xa9\x75\xa8\xba\x0a\x76\x8e\xd6\xab\xe1\x6c\x1b\x69\x4f\x65\xdd\x42\x31\xf4\x8c\x28\x84", 200); *(uint32_t*)0x10000544 = 0xc8; *(uint32_t*)0x10000548 = 0x100003c0; memcpy((void*)0x100003c0, "\xa6\xe4\xfe\x18\x6c\x76\x0a\xc2\xeb\xbc\xf9\xef\xda\x5e\x22\xe2\xdf\x6f\x15\x3f\xcc\xda\x1c\x16\x97\x60\x37\xd0\x3e\xe0\x04\xc3\xfb\xba\x5d\x35\xb6\xc0\x83\x13\x0f\xc7\x05\xf9\x58\x89\xba\x6a\xdb\xe5\xe3\xa7\xa5\xe7\x01\x36\xa0\xca\x08\x5b\x7e\x50\x4d\x0d\xf5\x5f\xe1\x84\xa9\xbd\x7a\x82", 72); *(uint32_t*)0x1000054c = 0x48; *(uint32_t*)0x10000550 = 0x10000440; memcpy((void*)0x10000440, "\xc7\xe0\x00\x30\xb3\xc4\x54\x17\x43\xee\x65\x13", 12); *(uint32_t*)0x10000554 = 0xc; *(uint32_t*)0x10000558 = 0x10000480; memcpy((void*)0x10000480, "\xa4\xa6\x7a\x4e\x72\x49\x2b\x9f\xab\x63\x79\xe4\xc0\xf3\x5b\x22\xb6\x9b\x6e\x7a\xef\xc5\x6b\xee\xfa\x85\x7a\xe2\x85\x43", 30); *(uint32_t*)0x1000055c = 0x1e; *(uint32_t*)0x10000560 = 0x100004c0; memcpy((void*)0x100004c0, "\x8f\x09\x5f\x8d\xf1\xc6\xbc\x4d\xfc\x1d\x82\x6f\x02\xdf\xa7\x79\x4b\xeb\xf9\xe7\xff\xc7\x16\x0f\x27\x6a\x53\xd1\xab\xc9\x96\xfc\xa8\xc8\xdb\xc7\xc7\x9c\x09\xcd\x5f\x95\x47\x75\xc9\xe8\xfc\x1c\xf2\xe0\xe3\xc0\x54\xfb\x54\xb6\x62\xd1\xb4\x5f\x52\x35\xfd\xbf\x86\x0c\x3f\xed\x3d\xc3\x4c\xeb\x30\xc4\x4b\xaa\x4d\xed\x7d\xe7\xe9\x53\x3f\x4d\xca\x14\x6d\xb0\xdb\x35\xa9\x3b\xa6\x54\xd4\x90\x11\xd9\xcb\x98\xd1\x57\x6b\x73\x1b\x9c\x2b\xb5\x8c\x0d\xf4\xed\xee\x6e\xf5\xae\x1f\x8b\x6b\xc9\x64\x6f\x5b\x4a\xde\x4d\xd5\x2a", 128); *(uint32_t*)0x10000564 = 0x80; *(uint32_t*)0x100015c4 = 5; *(uint32_t*)0x100015c8 = 0x10001580; *(uint32_t*)0x10001580 = 0x10000580; memcpy((void*)0x10000580, "\x8e\xda\xaf\xd2\x15\xce\x7b\x65\xc3\x01\xb4\xc9\x26\x51\x64\x8d\x08\x98\x18\x7c\xcd\xb0\x1a\x4d\x76\xb5\xe3\x01\xed\x4d\xc9\xa8\x86\x3d\xc7\xf7\xae\x3b\xad\x05\x02\x27\xe3\x74\xa1\x68\x98\xe6\x00\x4c\x84\x14\x84\x7a\xd7\x49\x72\xed\xac\x24\xdc\x8a\xf7\x3e\xfd\xef\x3c\xfa\x98\xe4\x6f\xf1\x09\xf6\x63\x9f\x4f\x14\x17\x14\x6e\x2a\x2c\x18\x34\xc9\x74\xf3\xe4\x64\xef\x4b\x9c\x88\x08\x52\x27\xad\x38\x2c\x92\x6d\xe3\x19\x1e\x68\x96\x32\xfa\xd2\xe8\x0b\xe9\x71\x23\x08\x4f\x70\xff\x09\x5d\x02\x6a\x80\xf0\x1d\x73\x75\x2d\xb2\x00\xc3\x60\x9b\xc6\xe8\xbb\xc9\x18\x7c\xb8\x5a\x65\x19\xba\xfc\x4f\x15\xec\xca\x30\x55\x8d\x8f\xc1\x9c\x9c\x8c\xfb\x94\xa2\xf1\xe7\x03\x45\xad\xf2\xb0\x18\x14\xe7\x37\x6e\x9f\x44\x92\xa3\xbf\x38\x83\xe2\x2d\xf3\x05\x68\x63\x2f\x51\xc3\xa6\xb3\x63\xd5\xa9\x68\x93\x7e\x1e\xe9\x77\xa3\x4f\x41\x2d\x00\xad\x70\xc1\xc9\x1a\x7c\x39\xea\xd0\x8d\x36\x6e\x10\xff\xc0\x55\x2b\x5d\xea\xe8\xe1\xfb\xee\x08\xab\xf3\xea\xde\x68\xa0\xea\x2f\x89\xf2\x7c\x3b\x9a\x4e\xb1\xd2\x02\x93\x2a\x12\x8b\x55\x2a\xdf\xa6\x88\x55\x6c\xce\x27\xe1\xa8\x31\xda\xca\x24\x9c\x6c\x8c\x8a\xf9\xf5\x0e\x79\x3b\x7f\x86\xa9\x71\xeb\x6e\xa8\xac\x68\xfe\x06\x46\xce\xd0\x18\x57\x75\xd7\x1a\xec\xe7\x9e\x93\xcd\xeb\x67\xee\x01\xe9\x31\xc3\x45\xa2\x3e\xe4\xa6\x12\xe1\x31\xda\x8b\x80\xac\x0a\xd8\x45\xa4\xe2\x71\x2c\xc4\x3b\x24\x4d\xf2\x2d\xf8\x22\xb2\xb3\x36\xd8\xab\x18\x58\x8b\x60\x75\x26\xa1\xe5\x95\x1f\xe7\x39\x3d\x5c\xbe\xf8\x6c\x42\x98\x8f\x3e\x8b\x5f\xb0\xde\x54\xc9\xaa\xbe\x6a\xe7\xc1\x3c\xec\x05\x06\xae\x83\x7b\x79\x55\x39\xd4\x12\xfe\x96\xe4\xc5\x46\xa7\xd9\xc9\xd2\x83\x0e\xd1\x63\xfb\xc2\x0a\xab\x88\x4f\x5b\x11\x59\xa6\xab\x62\xd2\x66\xb2\xc3\x25\x97\xcc\x06\x68\x5b\x78\x9b\x80\xf8\xd2\x66\x4c\x87\xf0\x99\x56\xa2\x9d\xcd\x3f\xc0\xe9\xba\x35\xd6\x68\x59\x0e\x0d\xcf\xbc\xbb\x61\x85\xe1\xe8\x70\x32\x4f\x22\xb1\x67\xa2\x20\x4e\x27\x1e\xff\x9d\xcb\xb3\x6c\x1f\x52\xcf\x2f\xe3\x76\x04\x61\x26\xcd\x24\xde\x4b\x8d\x8e\x9e\x36\x7e\x17\x17\x9a\xbb\x59\xd2\x6c\xde\xe7\x5c\xea\xb9\x3d\x2b\x24\x00\xf7\x08\x65\x42\xd9\x57\xbc\x80\xda\x10\x69\xc5\xf7\x51\x8e\x86\x08\xfa\xe3\xf9\x48\xcb\x7c\x27\x2f\x7e\x36\x0d\xa0\xfb\x84\xaa\x23\x30\xf9\x96\x08\x83\x10\xc7\xe4\x23\x79\xcc\x78\x37\xb8\x5a\x64\x6c\x44\xd1\x53\xbe\xd8\xeb\x8f\x95\xbc\x3d\x54\x11\xe3\x3e\xc8\x32\xab\x81\x56\x92\x3c\x73\x24\xdf\xc4\x33\x86\xd3\x41\x9d\x36\x60\x3f\x69\x9a\x32\x1f\xd6\x1f\xc9\xf9\x76\x5a\x2a\x64\xb1\x6d\x47\xe0\x87\x0e\x19\x71\x23\x1d\xc6\x16\x64\x70\x28\xc4\xb3\x5b\xea\x6e\x59\xdb\xdb\xe9\xa2\x9a\x5f\x46\x38\x9e\xcb\x65\x57\x11\xe9\x0f\x49\xa9\x8c\x02\x14\x93\xdf\x41\x17\x74\x66\xf0\x25\x89\x33\x9a\x40\xb3\xb4\x86\xa2\x5c\xca\xda\x3c\xaa\xe4\x96\x31\x4a\x5a\x2b\x54\xa1\x1c\xf6\xfb\x7e\x87\xd8\x4d\x01\xea\x85\x3e\x97\x0c\xf1\x8a\x1b\x53\xdb\x5d\x15\x63\x75\xab\xe4\x1a\xd6\x86\xa4\xb4\xb4\xc2\x47\x5a\x31\xec\xdf\xe5\xf2\x2b\xa5\x1f\x66\x6d\x22\xe6\xc7\x43\x4c\x72\x2c\x75\x65\xee\xb5\x34\x6e\xec\xd1\xe2\x55\x57\x72\x21\x66\xac\x7e\x50\x92\x9f\xef\xbb\x3f\x29\x99\xd1\x52\x93\x8f\x7f\x3c\xec\x1d\xef\xe5\xa0\x97\xa5\xf3\xa7\x59\x32\xce\x2c\x03\x64\xec\xaf\x5f\xfb\xa0\x84\xf9\x76\xb5\xd1\xce\x16\xe8\xfb\x4d\x12\x34\x8a\x6f\xd1\x67\x11\x7f\x08\x0a\x89\xf5\x4e\xbe\x8b\xdc\x10\xed\x4d\x34\xdf\x56\x80\x42\xdd\xc1\x03\xd0\x2d\x13\xb6\xaf\x17\x80\x7f\x27\x60\x09\x11\x23\x26\x3c\x3a\x00\xd2\xd6\x9e\x57\x14\x5f\x8a\x2d\xe9\xeb\x50\xeb\xe8\x9a\x3e\xfa\xc5\x3a\xb7\x3a\x57\x74\x40\x70\xa5\x14\x0e\x0e\x4e\x25\x03\x0e\xdb\xeb\xe8\x33\x41\xfd\xc5\x45\xab\x2b\x4a\xa8\xa0\xfe\xb0\x96\x32\xd8\x4e\xf0\x11\x62\xd9\x3d\x0d\x8f\xa9\x51\x0f\x59\x7e\xa2\x00\x32\xe1\x94\xdf\x44\x4a\x83\x96\x0b\x99\x65\x8d\x07\x6f\xe3\xbc\xcd\xe9\x03\xfb\x30\x47\x1f\xd0\x00\xfb\xcd\x42\x01\xa6\x29\x36\xc7\xc7\x18\x40\x53\x94\xe6\x61\x2d\xdd\x77\xe4\x15\xef\x88\x79\xa2\x76\x1f\x66\x78\xee\x0e\x23\xf4\xa1\x39\x8c\x83\xda\x95\x9e\x97\x23\x6c\x67\xb0\xbc\x39\x71\x7d\xfd\x9c\xb3\x08\xa2\x13\x43\xc8\x3d\x43\xf2\x4e\xa7\x0a\x10\x40\xa9\x8f\xb1\x95\x8d\xe1\xa3\x5a\x27\xed\x76\xc7\xc7\xec\x82\xae\x3a\x01\xb3\xca\x53\xb1\x18\x89\x2f\x20\x45\xa5\x74\x7d\xe1\x4c\x54\xa9\x9b\x43\x8e\x85\xab\x2a\xf9\x3e\xf1\x51\xa3\x9e\xe0\x15\x7c\x6c\x9d\x0e\x4e\x1f\xf5\xb3\xc6\xff\x6a\xb0\x73\x9f\xf9\x52\x42\x21\xc6\xb6\x75\xbb\x88\x4b\xbe\x64\xa6\x21\x41\x59\x2c\x8c\xc9\x97\x60\xf1\x7a\xbc\x44\x70\x6f\xf3\x7e\x31\x3c\x75\x53\xdf\xf3\x4c\xf6\x49\xe0\x56\xa0\x5c\xf6\x2c\xb3\x79\xa6\x4c\x4b\x3e\x54\x9e\xb1\xc5\x72\xb9\x17\xea\x71\x5a\xb1\xe7\xcc\x69\x15\x45\xd5\x09\x28\x13\xbf\x3e\xf2\xcd\x9f\xf9\x14\xaf\x31\xc1\x4b\xb5\x7d\xd4\x06\xa0\xb4\x89\x16\xd5\xce\xe2\x7b\x0d\x79\xec\x74\x29\x62\x57\x48\x9c\x83\x5b\xba\x62\xd2\xe4\xf8\x95\x73\xa1\x21\x30\x08\x76\xca\x46\x11\xd8\x06\x6d\x76\xb3\xe7\x9e\x1d\x36\x13\x2c\xc8\xd6\xb9\x9e\xeb\xae\xac\xef\x78\x6a\x59\x8d\x6d\xbb\x43\xaf\xc4\x2e\x54\x15\x42\x43\x60\x97\x07\x31\xb2\x73\x73\x6b\x06\x2a\x27\x53\xd1\x0f\x7a\xa0\xf6\xc0\x82\xfe\x2d\x80\xea\x11\x2b\xea\x0a\x05\xa9\xb5\x48\x8e\xf1\x89\x05\x7c\x48\x42\x9a\x5e\xd4\xd0\xc3\x36\x3b\x7e\x6d\xfa\x25\x2c\xd8\x86\xec\x7f\x51\xbc\x9e\xef\x81\xc1\x03\x17\x86\xb2\x6b\xd6\xf4\x68\xa0\x2b\x4d\x6a\x49\x4d\x88\x76\xab\x98\x60\x84\xfc\x73\xb5\x84\xc1\x61\x9b\x70\xfc\x68\x25\xa2\xab\x85\xc9\xcd\x1d\xb8\x1c\x83\x5a\x45\x2c\x01\xb4\x43\x8a\x28\x51\xb8\xe4\xd5\xc4\xa9\x67\x89\x46\xc4\xe2\x5f\x7f\xdf\x45\x6d\xc7\xe6\x1d\xe3\xdd\x6f\x13\x02\xb0\x19\x4d\xb7\xbe\x1b\x41\xfd\x06\x4c\xc3\x5d\x11\x9c\xe2\x91\x59\x2a\xaf\x8d\x07\xf2\xce\xae\x8b\x20\xe3\xb1\xa9\x33\xec\x75\x69\x9f\x96\x96\x32\xec\xd6\xfa\x91\x59\x1e\xa5\x87\x44\xed\xd5\x46\x60\x46\xc8\x09\x99\x3f\x4c\xbf\xfa\xe1\xd5\x27\xed\x1b\xb2\x2d\x9e\x1e\x02\x29\x5d\x35\x86\xde\x90\x95\x02\x47\xa1\xb1\xdf\xcf\xc9\x41\x59\x42\xf4\x6c\x3f\x19\x4c\x6c\xb0\x6e\x70\x11\xe9\x64\x78\xbc\xd3\xaa\x33\x54\x2e\xb2\x04\x47\xe4\xaf\xa5\xc4\x8b\x13\x72\xcb\x07\x21\x63\x18\xb0\x71\xf8\x98\xb0\xe8\x63\x2a\xd0\xdf\x9a\xfe\x12\xcf\x52\xbe\x13\x54\x57\x24\x1e\x2e\x49\xca\x49\x2f\x77\xb8\x1e\x96\x50\xd2\xc8\x52\x82\xa6\xac\x78\x44\xb1\x94\x60\x07\xbe\xf7\xa0\xd5\x3b\x1a\x5e\x28\x57\x49\xc0\xd2\x1d\xe5\xc1\x92\xc6\x31\x69\x6d\x36\x50\x3d\xaa\x61\x2a\xc7\x0e\x30\xd3\xb7\x34\x9e\x21\xbc\x99\xbd\xc4\xc3\xa9\x41\xbd\x7a\x33\xef\x35\xbb\x35\x12\xae\x98\x26\xc4\x6d\x8c\x9a\x21\xda\x27\x73\x92\x1b\xfd\xaf\x6f\xbf\x64\x9d\xa2\xb2\x25\x86\x1b\x67\x64\x40\x25\x83\x34\x16\x7f\x9d\x7e\xb1\xe0\x3d\x30\xf3\xcc\x27\x9d\x01\xec\x5a\xd7\xee\xcf\xf2\x9f\x29\x6e\xf6\x03\x55\xc8\xc1\x3e\x04\x5c\x8a\xc9\x78\x05\xd0\x66\xf8\x1c\xf4\xc8\x59\xfe\xdb\xe7\x41\xbc\x27\x37\xce\xa8\x91\xd9\x5c\x9c\x69\xf2\x1a\xa5\x8e\xdc\xa2\x72\xde\xc6\x0c\x3e\x77\xab\xaf\x59\x73\x08\xe0\x79\x13\x58\x4e\x43\x57\x86\xb9\xff\x40\x1a\x4c\xbb\x05\x03\x35\xb5\x6a\x20\xe6\x52\xc1\xd3\x6f\xf7\x4b\x8e\xf2\xf5\x95\x78\x59\x4c\xd9\x73\xb7\x94\x30\x11\x0b\x3e\x94\x38\x35\x40\x62\x88\xf9\xa2\x0d\x0d\x64\x9d\xc5\x63\x0b\xc5\x07\x11\xfe\xd1\x06\xf3\x25\xbe\x5f\xce\x20\xff\x76\x72\xdf\xdb\xe1\x4d\xf6\x6d\x40\xc4\x30\x37\x8b\x7d\x88\x5c\x3e\x7f\x11\x5b\x49\xc8\x4d\x26\xc4\xb3\x09\xe1\x3a\xf4\xfd\x2b\x45\x56\xa9\x64\x2c\x48\xf8\xa8\x1b\x64\xd5\xdd\x60\x0f\x4b\x29\xaa\x2a\xd3\xa8\xdf\x28\xa8\x4b\x05\x60\x70\x00\x5e\xb7\x37\x86\x05\x83\xdf\xc8\xda\x5e\x31\x44\xf0\xef\x29\x58\x0d\x19\x40\x79\x8a\x61\x24\xef\xe2\xd1\x80\xc8\x11\xda\x06\xed\xa2\x54\x81\x65\xa2\xa8\x2e\xa0\x18\xd8\xc0\x7a\x96\x7c\x06\x3b\x17\x9b\xa9\x71\xc0\x9c\xe7\xc1\x9b\xa9\x6e\xa3\x4c\x67\x6e\x14\x0c\xf0\x6a\xbd\x6d\xc6\xce\x75\x54\x6e\x42\xe7\x1b\xbb\x9e\xee\xf1\x54\x75\x88\xd9\xd9\x28\xaa\x6e\xe2\x21\xeb\x72\x0d\x8a\x07\x33\x98\x32\x6c\xfc\xb6\x16\xe3\x4e\x1d\xee\x6f\xc8\x8c\x29\xdd\xfb\x4e\x9c\xc5\x7e\x89\xd3\x3f\xa4\xf9\xff\xfe\x48\xef\xbb\xe7\xc2\x47\xf8\x25\xcc\x24\xf3\x0d\xf2\xba\x35\xd7\xaa\x2c\xed\xb5\x3d\xbd\xc0\xd8\x8a\x1c\x68\x19\x7f\x1f\x5f\xba\x83\xec\x21\x18\x92\xd9\x34\xe8\x03\xdb\x21\x26\xb6\x67\xd0\xf0\xfb\xe2\x3b\xb6\x5e\x76\x55\x49\xee\x5b\xc1\x98\x45\x87\x07\xe4\xcc\x82\x6c\xaa\x4c\x40\xf9\xda\x06\x64\xf9\xa1\xf7\xf4\xe7\xf8\x63\x60\x12\xca\x46\xa3\xbb\xf5\x45\xd6\xb8\xa7\xe5\x7b\x8c\x43\x2c\x3a\xa5\x06\x5e\x78\x98\x3a\x8a\xdd\x9e\x14\x85\xa6\xfd\xd4\x05\x54\x49\x0c\x29\xdc\xa6\xdd\xfa\x0f\x98\x03\xa6\x21\xb4\x38\xc1\x68\xd1\x86\x4b\xd0\x21\x34\x8e\x22\xe6\xa6\x52\x13\x7d\xd7\xfd\x0a\xa8\x54\xb0\x03\x7c\xc2\x99\x77\x4f\xe6\xea\x3e\x76\xe2\xb5\xe8\x88\xd9\x40\x71\x44\x11\x59\x25\x60\x37\xbf\x35\x8f\x94\x1d\x69\xfe\x24\x1b\xeb\x1e\xca\x95\x1a\x60\x4d\x37\x68\xab\x88\xcc\x18\x23\xb3\xb4\x5b\x4c\x3e\xd1\xc7\x5a\xde\x61\x70\xe5\x88\x02\x74\xbe\xb7\xd5\xdf\x0d\x4f\x7f\xff\x8c\x00\xdf\xc2\xa4\x93\x25\xc6\x1d\xc8\xb5\x00\x84\x49\x40\x0d\x78\x4a\x66\x08\x9f\xe5\xae\x1c\x4f\x47\x82\x67\x87\x68\x28\x32\xc8\xc5\x7b\x74\xe1\x5c\xfc\x63\xad\x03\x05\x6e\xe0\xb8\xc2\x2e\xf8\x92\xa3\x42\x9b\xb1\x24\xcf\x0a\x22\x4c\x03\x6c\x7c\x59\xe3\xa3\x90\x8c\xa4\x9b\x72\x08\x9e\xf8\x15\x53\x3f\xaa\x1a\xaf\x78\xec\x5a\xb8\xa9\x8e\x56\xbd\xd8\xb4\xe2\x57\x97\x35\xbe\xb2\x7b\xe0\xf1\x8c\xae\x83\xc4\xb8\x54\xe1\x17\x9d\x9f\x32\x7d\x81\xbd\x03\x52\x72\xa1\x24\x71\xd6\xe7\x28\xfb\x87\xee\xb2\xd8\xa1\x12\xa2\x70\x4c\xa6\x4d\x5b\x00\x44\xd9\x26\x22\x94\xe6\x13\x7b\xff\xd6\xf9\xc2\x31\x37\x92\x46\x61\xef\x10\x27\x44\xcb\x5a\x0e\xf9\xd5\xea\xa3\x78\x9c\x93\x4c\x5e\xa1\x23\x7f\xe0\x71\xd6\xee\x06\x4d\x2c\x3c\xdc\x62\x17\xc1\xba\x0b\xde\x93\xb0\x6e\xe6\x98\x99\xe7\xee\xb8\x50\xe5\x83\xcb\x23\xc9\x07\x22\xd0\x02\xf2\x34\x79\x53\x31\x34\xe1\xab\xb6\xa6\xe6\x20\x13\x57\xc8\xce\x82\x90\x6b\x81\xa9\xff\x0d\x5b\x54\x47\x26\x4a\x39\x18\x18\x16\x64\x21\x3e\x7e\x8d\x95\x30\x11\xc6\xed\xa2\xf6\x83\xc2\xff\x85\xf6\x68\xa5\x6f\x3a\x07\x0a\xbc\xea\xe9\x72\x74\x1c\x6e\x0c\x65\x13\xd3\x5e\xc8\x66\x5e\x11\x06\x94\x83\x4e\x1e\x2b\xe2\xf6\x79\x0f\xab\x65\xfd\x5b\x1b\xe7\xd0\xb1\xc0\xb4\x0a\xf1\x9c\x03\xcc\x29\x10\x56\xd3\xe0\x9d\x3b\xee\x77\xd9\x02\x9e\xc4\x9e\xae\xdf\xa0\x54\xa9\xef\x94\x3c\x12\xe5\xe8\x19\x92\xe4\x16\x12\xb6\xc1\xd9\x42\x28\x58\xf7\xff\xcf\x8b\xb7\x2e\xa6\x8c\xe9\x69\xc8\xc8\x83\xf4\xd8\x22\x5a\x3c\xda\x94\x01\x63\x48\xdf\xe7\x7a\x8a\x03\x32\x74\xc9\x5f\x2e\x0e\x7b\x1e\x4c\x51\xe1\x32\xdc\x65\x39\x64\xb1\x06\x54\xfc\xa8\x4b\x72\x9f\x6c\x60\x91\xce\xeb\x42\x7f\x14\x7f\xfc\x94\x20\x94\x2b\x82\x7e\xf7\x87\xee\xf9\x17\xe3\xe3\x6c\x70\x2f\xe4\x19\x56\x19\x22\xeb\xba\x7e\x68\x7a\x81\xe9\x5b\x2d\xce\x35\x2f\x20\x8b\x51\x73\x68\x97\x75\x88\x14\xff\x99\xd5\x2a\x60\x31\xaf\x9f\x92\xb3\x44\xc0\x2e\x9a\x2d\x65\x57\x1f\x8d\x8a\x74\x4b\x91\x3a\xdf\xe2\xa0\x49\x48\xe3\xde\xed\x0f\xaa\xde\xc6\x48\xc8\xed\x21\x38\xac\xc0\x24\xd8\xf1\x4c\xec\x7e\x8c\xf0\x03\x58\x5f\x2f\x7f\x06\x50\xfd\xe1\x60\xa8\x91\x33\x73\x15\xbe\xf6\x11\x74\xb9\x42\x24\xae\x49\x68\xd2\x2f\xbf\x28\x42\x54\xe4\x34\x13\x19\x4f\x4b\xc1\x4d\x84\xe2\xba\xf5\x91\xc6\x24\x20\xeb\xce\xff\x8a\x22\x45\xb2\xa4\xd5\xf3\xbc\x7d\x0b\x28\x5f\x9c\x26\x07\xd3\x34\x0b\x9c\xbc\x90\xab\x7b\xee\x1b\xbe\xd9\x25\xdc\xbb\xce\x61\x44\x70\xa3\x0a\x49\x48\xc4\xbb\x90\xfc\xb6\x52\x20\xeb\xed\xb1\x68\xaf\x88\x51\x04\x21\x9b\xe8\x5c\xd7\x4a\xb9\xf5\x20\x06\x40\xd9\xce\x29\x37\xb9\xa3\x62\xb1\x7d\x4b\x6f\x41\xea\xee\x12\x08\x90\x6c\x23\x88\x62\xdc\xbf\x42\x1e\xb3\x90\x62\x4f\x01\xf2\x2b\x65\x3d\x8e\xda\xa3\xf0\xd8\x1a\xaf\xff\xe5\x37\x4a\x46\xf2\x27\xdf\xff\xe7\xa0\xea\xe7\x23\xc3\x3b\x6a\xb4\x1b\xef\xae\xfb\x6d\x62\x9f\x25\xad\x38\xc6\xf4\x87\x95\x80\x03\x4c\x57\x8d\xfd\x1c\xe9\x1b\x3f\xd2\xff\xa8\x78\xa9\x92\x32\x4a\xd1\x18\x1f\x1a\xe0\x4a\x16\x20\xad\x3a\xd5\x38\x21\xec\x57\x9f\xb2\x9e\xcc\x53\xab\x1d\x35\x01\x11\x33\xd7\xb5\x97\x15\xc2\x28\xec\x45\xd1\x66\x2c\x87\xed\x02\x87\x86\x2f\xfb\x49\x8c\xbd\x04\x10\xa3\x91\xf1\x42\x48\x9f\xe6\xe3\x69\xe3\x52\x6b\x39\xe0\x5c\x13\xc3\x57\x4b\x11\x52\x34\x1a\x23\x7e\xed\x90\x2e\xbf\x49\xb4\xb2\x54\x87\x95\xe4\x18\xc1\xe5\x7e\x01\x10\x61\x29\x8d\x3a\x9d\xbc\xf2\xc2\xca\xcc\xad\x01\x3d\x03\x12\x32\x08\xad\xdd\xbe\x99\xe9\xf5\x23\xdd\x03\x79\xdd\x53\x7a\x93\x50\x8b\x9a\xa2\x9d\x1e\x7f\x28\x6a\xa9\x98\x3e\xb5\xb5\x9c\xca\xec\xff\xc3\x14\x66\xf7\xf1\x3e\xf3\x20\xef\xa0\xc2\xfe\x39\x3b\x5a\x0f\xb2\x5e\x86\x7f\x79\x51\xa6\xe2\x56\x56\xd7\xe9\x90\x5b\xc0\x0c\x85\x5a\xd0\xf4\xb9\xc5\x5b\x33\xd9\x9f\xa1\x35\x88\x48\xc0\x37\xe6\xff\x9c\x76\x52\x37\x64\xfe\xbd\x6d\x8e\xc8\x3f\x70\x33\x8e\x7f\xf7\x28\xa5\x2c\x66\x1b\x2b\x02\x82\x38\x1d\x2c\x16\x92\x67\xb1\x1d\x4d\xc3\x83\xe6\x2a\xe6\x46\xd1\xcf\x93\x23\xb2\xd0\xcf\x3c\x56\x1f\x81\xc7\xd2\xb0\x87\x3d\x96\xba\x97\x24\x7c\xc4\x7e\x22\x2e\x22\x6a\x6d\x15\x1f\x11\xf2\xf5\x0b\x76\x7b\xac\x93\xa9\xdc\xf1\x71\x1a\xc4\x5b\x1c\x52\x8f\xa9\xa9\x44\x2f\x29\x58\x21\x8a\x02\x1f\x33\x05\xec\x03\x7d\x59\x00\x19\xdd\x4d\x83\xd3\x44\x16\x28\xe4\xad\x6a\x6c\x59\x50\x62\xc0\xa7\x82\x2d\x09\x05\x27\x83\x37\x86\xd5\xe8\xf3\x10\x02\x21\x26\x61\xf5\x00\x06\x54\x9d\xd1\xd3\xb4\x62\x45\x6e\xf1\x26\x81\x40\x73\xc0\x6b\x96\xe7\x84\x06\xb6\xd4\x49\x4d\x88\x7f\xe7\xc7\x94\xb7\x53\x99\xc2\xc1\x3f\xfb\x56\xf2\x91\xbd\x4a\x7d\x36\x15\x5d\xe7\xe0\x1f\xa3\x5b\x7b\xec\x8b\xca\xcd\x43\xc8\xbb\x6c\xa6\xf0\x9a\x15\x00\x3b\xb8\x28\x7c\xe6\x8e\x1c\xab\x70\x2c\xc3\x09\xc7\xbe\xbb\x06\x99\xab\x4d\xa8\x54\x48\xda\x0d\xb0\x34\x05\x94\xa8\xe2\xe7\xac\x83\xa3\x2d\x3e\x71\x87\xc8\xd4\x5d\x85\xb9\xfb\xa5\xa2\x99\x37\x14\x3d\x7b\x01\x17\x21\xf5\x15\xa4\x94\x5b\xbe\xfb\xe5\x54\xda\x5d\x3c\x7c\xb5\xf1\x27\xfc\x13\x79\x3f\x37\x32\xc9\x0a\x4a\x58\xea\xec\x22\xa9\x3e\xd0\x4e\x82\xe8\x34\x7c\x70\x73\x26\x43\x67\x75\xda\x4d\xf8\xad\xd3\x9f\xe4\x6f\xd4\xdc\x4f\xf6\x59\x20\x98\x45\x4e\xb8\x2b\x14\xa0\xd9\x77\xe7\xd8\xf0\x61\x0c\xc0\xf2\x51\xc7\xdf\x75\xfb\x6e\x9e\x64\x54\x5b\x28\x28\xa1\x5e\x18\x94\xd9\x58\x6c\xd6\xc8\x8f\x82\xd4\x69\xc6\x4d\x48\xb8\xcc\x38\x83\xe8\x1f\x01\x72\xd0\x89\xe8\x57\x7e\x4b\xde\x2b\x5d\x59\xe7\xb9\xc8\x35\xa7\x97\x80\x81\xdc\x00\x9c\x18\x67\xc7\xb2\x02\xe5\x54\xbb\xf4\xfe\x8c\xbc\x03\x3b\xd3\x2c\x75\xf1\x2d\xeb\x3d\x65\x33\xf4\xa8\x7e\xfd\x2f\x03\x1e\x86\x7b\x65\x89\xd1\x70\x97\x61\x20\xfa\x40\xcf\x08\x71\x5d\x56\x86\xe7\x19\xdb\x2b\x04\xfc\x95\xc8\x87\x71\x78\x58\x54\xbe\x7f\xdf\xd7\x8e\xb1\xa9\xbe\x03\x5f\x6f\x67\x4f\x9f\xa5\x08\xaa\x90\xda\x71\xd5\xba\xfd\xb4\x45\xd7\x7e\x7f\xe3\x8d\x24\x62\x5d\x42\xa2\xe0\x03\xbb\x3d\x15\x3e\xe1\xe1\x3a\xf3\x2a\xda\x0c\xf2\x08\xfa\x2f\x94\x45\x19\x1d\x55\x8e\x61\xe8\xbd\xe4\xcd\xbb\x79\x0f\x43\xbb\x96\x28\x51\x66\xfd\xe2\xa5\xac\x6a\x1d\xeb\x58\xc0\xb0\x0b\xea\x38\x81\x98\xd4\x9c\x4f\x5f\xe8\x2a\xe9\xd6\x1f\x52\x10\xa7\x25\x7d\x22\xd7\x76\xe7\x7f\xa6\x15\x45\xea\xaf\x37\x0f\x36\xc2\x8c\x75\x08\x24\x1d\x32\x71\x5f\x7e\xc2\x84\x8c\xac\x7f\x2d\x4d\xf1\x8a\x51\x2a\x32\x26\xdf\xe9\x7c\x59\x51\xd3\x13\xfc\x09\x59\x9f\xd2\x1b\xb2\x90\x02\x41\x48\x3a\x12\xff\xc5\x75\x98\xe4\xf0\x9c\xb8\x5a\xe6\x96\x2f\x27\x57\x05\x0d\xe6\xec\xce\xf0\x34\xaf\x3a\x84\xf2\x50\xcb\xf0\xea\x64\x9a\x7a\x87\xb2\x90\x1d\x4c\x6b\x3e\xa9\x32\x25\xfc\x2c\xec\x0b\x6c\x98\x04\xe4\xed\xa0\x02\xa3\xd2\x4d\xa0\xa5\x5e\x6d\x9a\x0a\xd1\x80\x72\x21\xba\xde\x6d\xa8\xe8\x4c\x86\xe3\x22\xf7\xb3\xe1\xe0\x87\x51\x5a\xef\xa1\x1d\xe3\xe1\x98\xb8\x18\x7b\x1a\xdb\x90\x4a\x53\x61\x59\x0b\x90\x91\x5b\x73\xeb\x96\x34\x2b\x1e\xd9\xe3\x4c\x5b\xb6\x8f\x81\x39\x6b\xe9\x4b\x31\xdf\x13\x6a\x65\x86\x8d\x79\x6c\x76\x22\xdd\x8e\x7f\x78\xce\x81\xd7\xdb\x24\x16\x3a\xd7\x84\xd4\x81\x5f\xf8\x17\xbf\x88\x11\xd1\x29\x3c\x7e\x88\xfe\x4d\x78\x21\x78\x31\x91\xe0\x3b\x56\x82\xae\x7c\x0d\xad\xd4\xa9\x27\x24\xaa\xfc\xe0\x24\xae\x0a\xcc\x8e\x39\xcd\x3e\xaf\x4e\xde\x02\x49\x07\xe5\x09\x77\x22\x8d\xf4\xd3\xa6\xa4\x28\x88\x6f\xb2\x4f\x9a\xa1\x53\x66\xbc\xae\x6e\xbb\x17\x51\x40\x2b\x9f\x34\xa3\x85\x40\xc0\x92\x93\x04\x7f\xe9\x43\x73\xc1\x7a\x9c\xcc\xff\x1a\x1d\xe3\x22\xef\xc3\xfe\x33\x48\x01\xaa\x76\x44\x4d\xd0\xd4\xc0\x17\xfe\xb9\xd4\x53\xeb\x35\xf2\x1e\xfe\x33\x2e\xd9\xae\x75\x57\x1c\xa5\x77\x8e\xb4\xb6\x9d\x94\xf7\x69\xdb\xf0\x8c\xaf\xa0\x7a\x7f\x42\xf1\x2f\x8f\x2a\x9e\x3e\xb6\x97\x6e\x01\x62\xc3\xf2\x34\x51\xd9\x74\xc8\x7f\x60\x63\xbd\x31\xdb\x13\x85\x81\x1b\x55\x4c\x85\x50\xba\x51\x30\xf8\x8d\x79\x7a\x8b\xab\x3e\x01\xb2\x1e\x5f\xeb\xd2\xb0\xf6\x6e\x8f\x58\x42\xc1\x04\x10\x74\x28\x42\x3a\x8c\x8d\x39\x4c\x5e\x19\xea\x71\x75\x87\xa9\x2f\xe0\x70\xe5\xb4\x9e\xc4\xaf\x4b\xc6\x32\xe2\xf3\xe8\x0f\xa6\x51\x16\xf3\x8e\x12\xd8\xa2\x18\xf4\xf2\x36\x10\x5e\x39\x08\x02\xb3\xf9\x92\x16\x50\xba\x41\x81\x77\xf8\x33\x26\x18\x61\xab\xee\xbf\xae\xc3\x19\x89\x49\x2f\x7f\x02\xd1\xb0\x62\x16\x9d\x3b\xee\x9a\xa3\x99\xd3\xdf\xa9\xf9\x8d\x48\x29\xe9\x8f\xe7\x67\x23\x6f\x5d\xd9\x81\x09\x43\x9d\x31\x99\x9c\x03\x51\x9e\xa3\x8d\xe2\x5b\x3f\xe3\x8b\x42\x0f\xbe\x45\x52\xe9\xad\xed\xb3\x07\xfd\xff\xc9\x8e\xa4\x58\x6d\x60\xee\x31\x33\x28\xc5\xb6\xc3\xff\x50\x4e\xbe\xd2\x8f\x56\x69\x80\x16\xdd\x79\x6b\x9b\x9e\x85\x0d\x79\x18\xd8\xb8", 4096); *(uint32_t*)0x10001584 = 0x1000; *(uint32_t*)0x100015cc = 1; syscall(SYS_sendfile, (intptr_t)r[0], 0xffffff9c, 8, 0x800ull, 0x100015c0, 0x10001600, 9); break; case 5: memcpy((void*)0x10001640, "\x6c\x81\x1b\xa5\x2c\x13\x9b\x40\xdc\x56\x80\xcb\x02\x75\xfd\xd4\x40\x46\x8e\x4d\xae\x07\xc7\x45\xba\x75\x8c\xb2\x66\x74\x2f\x46\x8f\xc4\x2d\xa0\x66\x9f\x60\x61\xcb\x2c\x9f\x92\x1e\x95\x34\x51\xb3\x13\x5e\x01\x74\xfe\x8e\xb1\xae\xbb\x2c\x3e\xb8\xa7\xfb\x3f\xc8\xde\xa1\x8e\x65\x2d\x01\xe7\x18\x4c\xa6\x5d\xce\x04\xf4\x67\x9a\xfe\xd2\x76\x6b\x06\x73\x49\xde\x7a\x5e\xf6\x0b\x58\x69\x92\x91\x9a\x20\x38\x2c\x0a\x1f\x20\xaf\x0c\x9c\x7f\xac\x61\xcf\x18\x38\x3e\x36\xfe\x56\x50\x2f\x5f\x26\xb8", 122); syscall(SYS_ioctl, -1, 0xc0104453, 0x10001640); break; case 6: res = syscall(SYS_freebsd10_pipe, 0x100016c0); if (res != -1) { r[1] = *(uint32_t*)0x100016c0; r[2] = *(uint32_t*)0x100016c4; } break; case 7: *(uint8_t*)0x10001700 = 0x10; *(uint8_t*)0x10001701 = 2; *(uint16_t*)0x10001702 = htobe16(0x4e23); *(uint32_t*)0x10001704 = htobe32(7); *(uint8_t*)0x10001708 = 0; *(uint8_t*)0x10001709 = 0; *(uint8_t*)0x1000170a = 0; *(uint8_t*)0x1000170b = 0; *(uint8_t*)0x1000170c = 0; *(uint8_t*)0x1000170d = 0; *(uint8_t*)0x1000170e = 0; *(uint8_t*)0x1000170f = 0; *(uint32_t*)0x10001740 = 0x10; syscall(SYS_setsockopt, (intptr_t)r[2], 0x84, 0x8002, 0x10001700, 0x10001740); break; case 8: *(uint32_t*)0x100017c0 = 4; syscall(SYS_getsockopt, -1, 0x84, 0x20, 0x10001780, 0x100017c0); break; case 9: *(uint32_t*)0x10001800 = 8; *(uint16_t*)0x10001804 = 0x1000; *(uint16_t*)0x10001806 = 0; *(uint16_t*)0x10001808 = 0x8000; *(uint16_t*)0x1000180a = 0x200; *(uint16_t*)0x1000180c = 0x4000; *(uint16_t*)0x1000180e = 0; *(uint16_t*)0x10001810 = 1; *(uint16_t*)0x10001812 = 0; *(uint32_t*)0x10001840 = 0x14; syscall(SYS_getsockopt, (intptr_t)r[1], 0x84, 0x14, 0x10001800, 0x10001840); break; case 10: memcpy((void*)0x10000000, "\xc9\x0c\x8a\x7c\x33\x7f", 6); *(uint8_t*)0x10000006 = 0xaa; *(uint8_t*)0x10000007 = 0xaa; *(uint8_t*)0x10000008 = 0xaa; *(uint8_t*)0x10000009 = 0xaa; *(uint8_t*)0x1000000a = 0xaa; *(uint8_t*)0x1000000b = 0xaa; *(uint16_t*)0x1000000c = htobe16(0x8100); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 0, 3); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 3, 1); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 4, 12); *(uint16_t*)0x10000010 = htobe16(0x800); STORE_BY_BITMASK(uint8_t, , 0x10000012, 0x1c, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x10000012, 4, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x10000013, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x10000013, 0, 2, 6); *(uint16_t*)0x10000014 = htobe16(0x81); *(uint16_t*)0x10000016 = htobe16(0x65); *(uint16_t*)0x10000018 = htobe16(5); *(uint8_t*)0x1000001a = 1; *(uint8_t*)0x1000001b = 0x46; *(uint16_t*)0x1000001c = htobe16(0); *(uint32_t*)0x1000001e = htobe32(-1); *(uint8_t*)0x10000022 = 0xac; *(uint8_t*)0x10000023 = 0x14; *(uint8_t*)0x10000024 = 0; *(uint8_t*)0x10000025 = 0xbb; *(uint8_t*)0x10000026 = 0; *(uint8_t*)0x10000027 = 0x44; *(uint8_t*)0x10000028 = 0xc; *(uint8_t*)0x10000029 = 5; STORE_BY_BITMASK(uint8_t, , 0x1000002a, 0, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x1000002a, 3, 4, 4); *(uint32_t*)0x1000002b = htobe32(9); *(uint32_t*)0x1000002f = htobe32(4); *(uint8_t*)0x10000033 = 0x83; *(uint8_t*)0x10000034 = 0xb; *(uint8_t*)0x10000035 = 6; *(uint32_t*)0x10000036 = htobe32(0xe0000001); *(uint32_t*)0x1000003a = htobe32(-1); *(uint8_t*)0x1000003e = 0; *(uint8_t*)0x1000003f = 4; memcpy((void*)0x10000040, "\xa4\xd4", 2); *(uint8_t*)0x10000042 = 0x89; *(uint8_t*)0x10000043 = 0x13; *(uint8_t*)0x10000044 = 4; *(uint8_t*)0x10000045 = 0xac; *(uint8_t*)0x10000046 = 0x14; *(uint8_t*)0x10000047 = 0; *(uint8_t*)0x10000048 = 0xbb; *(uint32_t*)0x10000049 = htobe32(-1); *(uint8_t*)0x1000004d = 0xac; *(uint8_t*)0x1000004e = 0x14; *(uint8_t*)0x1000004f = 0; *(uint8_t*)0x10000050 = 0xbb; *(uint32_t*)0x10000051 = htobe32(0); *(uint8_t*)0x10000055 = 0x94; *(uint8_t*)0x10000056 = 6; *(uint32_t*)0x10000057 = htobe32(9); *(uint8_t*)0x1000005b = 0x94; *(uint8_t*)0x1000005c = 6; *(uint32_t*)0x1000005d = htobe32(0x80000001); *(uint8_t*)0x10000061 = 1; *(uint8_t*)0x10000062 = 0x83; *(uint8_t*)0x10000063 = 0x1f; *(uint8_t*)0x10000064 = 2; *(uint32_t*)0x10000065 = htobe32(0xe0000002); *(uint32_t*)0x10000069 = htobe32(0xe0000001); *(uint32_t*)0x1000006d = htobe32(0x7f000001); *(uint32_t*)0x10000071 = htobe32(0); *(uint32_t*)0x10000075 = htobe32(0x7f000001); *(uint32_t*)0x10000079 = htobe32(0x7f000001); *(uint32_t*)0x1000007d = htobe32(0xe0000001); memcpy((void*)0x10000082, "\x8d\x86\x2d\x09\x9b\x6b\xb2\xba\x6a\xea\xa6\xab\xd3\xe9\xd5\x82\xc9", 17); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x10000012, 112); *(uint16_t*)0x1000001c = csum_inet_digest(&csum_1); syz_emit_ethernet(0x93, 0x10000000); break; case 11: memcpy((void*)0x100000c0, "\xc4\xe1\xf5\xf3\x7b\x05\xc4\xc2\xf5\x47\x52\x5a\x80\x8f\x4e\x00\x00\x00\x00\x66\x0f\x38\x1d\xbc\x60\x07\x00\x00\x00\xc4\xe2\xad\x91\x74\xae\x7e\x81\xfe\x00\x00\x00\x00\x8f\xe9\xa0\x99\xd8\xe4\xff\xc4\xc1\x93\x5c\x17\xc4\xc3\xe1\x41\xae\x2f\x10\x9d\xc2\xd8", 64); syz_execute_func(0x100000c0); break; case 12: syz_extract_tcp_res(0x10000100, 5, 0x7ff); break; } } int main(void) { syscall(SYS_mmap, 0x10000000, 0x1000000, 7, 0x1012, -1, 0); use_temporary_dir(); do_sandbox_none(); return 0; } :532:17: error: use of undeclared identifier 'SYS_shm_open2' res = syscall(SYS_shm_open2, 0x10000240, 0x800, 0, 7, 0x10000280); ^ 1 error generated. compiler invocation: clang [-o /tmp/syz-executor251487735 -DGOOS_freebsd=1 -DGOARCH_386=1 -DHOSTGOOS_freebsd=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static -lc++ -Wno-overflow] --- FAIL: TestGenerate/freebsd/386/7 (1.79s) csource_test.go:123: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Sandbox: Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: setsockopt$inet_opts(0xffffffffffffff9c, 0x0, 0x0, &(0x7f0000000000)="ec04a904b9d2ea02fab2df1d9de39f3f5aa2344397e186204d39d74da156e7c6cd98195b7b83c652b06b6222bdef3363961bf47e9b530fbf65bae3607b60941e2715bd678fcebc5524bcefd3184d", 0x4e) ioctl$DIOCSETIFFLAG(0xffffffffffffffff, 0xc0284459, &(0x7f0000000180)={0x10, &(0x7f0000000080)="de11c2a774191d70f51e7c3e375c2814ac72c2d5d0404a2e3d5baf92161f3b451efe9c4c79d7660668f6073e2f76c5f2145195e8c1a4ec34b6f69c1b582768207b28a979f05adc14a3357fe7c493fc81a9177524631bb209be637f8695747fa7cf1c68ac691f169c1b8fb67d7a3776ddfc620ffbe6831f74d2f2d089a4ffecf510a99702258c58ea9e871d4f4ab9a347aabdbb03585b37b5c79436c0c1160a5876b61bbf0c814bb49a27a36082df13cb2f9de2f942b6ac7e158880cfc03cfdccca9fc0f2347eb543a343b4c92707fe736a86a35d58e26f6fd2e9ec8f82", 0x7, 0x5a764000, 0x6}) recvfrom$inet6(0xffffffffffffff9c, &(0x7f00000001c0)=""/23, 0x17, 0x2, &(0x7f0000000200)={0x1c, 0x1c, 0x3, 0x6, @loopback, 0x2d99}, 0x1c) r0 = shm_open2(&(0x7f0000000240)='./file0\x00', 0x800, 0x0, 0x7, &(0x7f0000000280)='\x00') sendfile(r0, 0xffffffffffffff9c, 0x8, 0x800, &(0x7f00000015c0)={&(0x7f0000000540)=[{&(0x7f00000002c0)="efacade58ab0192351a102ada32ad1f41e429edf6c4a513ac6d669cadb222eb68297ab8f9f7b3234d0c6cfa280ad14dc1c4c34175119446d79a030d48b57304eb90b428c202382d86cd71e9c1ecc8d3e2d764aae3714cb591eb027e46943e23eb7656875867e603cf13892a74c42bb1844c27f7f454f9661f1dbb35004ada4d6d75b1df342e967493d207d6b8b4edcbf9d1e378445573684ed139b671abf6576edf8d7342cd8649d376970acbde224a7b0b6a975a8ba0a768ed6abe16c1b694f65dd4231f48c2884", 0xc8}, {&(0x7f00000003c0)="a6e4fe186c760ac2ebbcf9efda5e22e2df6f153fccda1c16976037d03ee004c3fbba5d35b6c083130fc705f95889ba6adbe5e3a7a5e70136a0ca085b7e504d0df55fe184a9bd7a82", 0x48}, {&(0x7f0000000440)="c7e00030b3c4541743ee6513", 0xc}, {&(0x7f0000000480)="a4a67a4e72492b9fab6379e4c0f35b22b69b6e7aefc56beefa857ae28543", 0x1e}, {&(0x7f00000004c0)="8f095f8df1c6bc4dfc1d826f02dfa7794bebf9e7ffc7160f276a53d1abc996fca8c8dbc7c79c09cd5f954775c9e8fc1cf2e0e3c054fb54b662d1b45f5235fdbf860c3fed3dc34ceb30c44baa4ded7de7e9533f4dca146db0db35a93ba654d49011d9cb98d1576b731b9c2bb58c0df4edee6ef5ae1f8b6bc9646f5b4ade4dd52a", 0x80}], 0x5, &(0x7f0000001580)=[{&(0x7f0000000580)="8edaafd215ce7b65c301b4c92651648d0898187ccdb01a4d76b5e301ed4dc9a8863dc7f7ae3bad050227e374a16898e6004c8414847ad74972edac24dc8af73efdef3cfa98e46ff109f6639f4f1417146e2a2c1834c974f3e464ef4b9c88085227ad382c926de3191e689632fad2e80be97123084f70ff095d026a80f01d73752db200c3609bc6e8bbc9187cb85a6519bafc4f15ecca30558d8fc19c9c8cfb94a2f1e70345adf2b01814e7376e9f4492a3bf3883e22df30568632f51c3a6b363d5a968937e1ee977a34f412d00ad70c1c91a7c39ead08d366e10ffc0552b5deae8e1fbee08abf3eade68a0ea2f89f27c3b9a4eb1d202932a128b552adfa688556cce27e1a831daca249c6c8c8af9f50e793b7f86a971eb6ea8ac68fe0646ced0185775d71aece79e93cdeb67ee01e931c345a23ee4a612e131da8b80ac0ad845a4e2712cc43b244df22df822b2b336d8ab18588b607526a1e5951fe7393d5cbef86c42988f3e8b5fb0de54c9aabe6ae7c13cec0506ae837b795539d412fe96e4c546a7d9c9d2830ed163fbc20aab884f5b1159a6ab62d266b2c32597cc06685b789b80f8d2664c87f09956a29dcd3fc0e9ba35d668590e0dcfbcbb6185e1e870324f22b167a2204e271eff9dcbb36c1f52cf2fe376046126cd24de4b8d8e9e367e17179abb59d26cdee75ceab93d2b2400f7086542d957bc80da1069c5f7518e8608fae3f948cb7c272f7e360da0fb84aa2330f996088310c7e42379cc7837b85a646c44d153bed8eb8f95bc3d5411e33ec832ab8156923c7324dfc43386d3419d36603f699a321fd61fc9f9765a2a64b16d47e0870e1971231dc616647028c4b35bea6e59dbdbe9a29a5f46389ecb655711e90f49a98c021493df41177466f02589339a40b3b486a25ccada3caae496314a5a2b54a11cf6fb7e87d84d01ea853e970cf18a1b53db5d156375abe41ad686a4b4b4c2475a31ecdfe5f22ba51f666d22e6c7434c722c7565eeb5346eecd1e25557722166ac7e50929fefbb3f2999d152938f7f3cec1defe5a097a5f3a75932ce2c0364ecaf5ffba084f976b5d1ce16e8fb4d12348a6fd167117f080a89f54ebe8bdc10ed4d34df568042ddc103d02d13b6af17807f2760091123263c3a00d2d69e57145f8a2de9eb50ebe89a3efac53ab73a57744070a5140e0e4e25030edbebe83341fdc545ab2b4aa8a0feb09632d84ef01162d93d0d8fa9510f597ea20032e194df444a83960b99658d076fe3bccde903fb30471fd000fbcd4201a62936c7c718405394e6612ddd77e415ef8879a2761f6678ee0e23f4a1398c83da959e97236c67b0bc39717dfd9cb308a21343c83d43f24ea70a1040a98fb1958de1a35a27ed76c7c7ec82ae3a01b3ca53b118892f2045a5747de14c54a99b438e85ab2af93ef151a39ee0157c6c9d0e4e1ff5b3c6ff6ab0739ff9524221c6b675bb884bbe64a62141592c8cc99760f17abc44706ff37e313c7553dff34cf649e056a05cf62cb379a64c4b3e549eb1c572b917ea715ab1e7cc691545d5092813bf3ef2cd9ff914af31c14bb57dd406a0b48916d5cee27b0d79ec74296257489c835bba62d2e4f89573a121300876ca4611d8066d76b3e79e1d36132cc8d6b99eebaeacef786a598d6dbb43afc42e5415424360970731b273736b062a2753d10f7aa0f6c082fe2d80ea112bea0a05a9b5488ef189057c48429a5ed4d0c3363b7e6dfa252cd886ec7f51bc9eef81c1031786b26bd6f468a02b4d6a494d8876ab986084fc73b584c1619b70fc6825a2ab85c9cd1db81c835a452c01b4438a2851b8e4d5c4a9678946c4e25f7fdf456dc7e61de3dd6f1302b0194db7be1b41fd064cc35d119ce291592aaf8d07f2ceae8b20e3b1a933ec75699f969632ecd6fa91591ea58744edd5466046c809993f4cbffae1d527ed1bb22d9e1e02295d3586de90950247a1b1dfcfc9415942f46c3f194c6cb06e7011e96478bcd3aa33542eb20447e4afa5c48b1372cb07216318b071f898b0e8632ad0df9afe12cf52be135457241e2e49ca492f77b81e9650d2c85282a6ac7844b1946007bef7a0d53b1a5e285749c0d21de5c192c631696d36503daa612ac70e30d3b7349e21bc99bdc4c3a941bd7a33ef35bb3512ae9826c46d8c9a21da2773921bfdaf6fbf649da2b225861b676440258334167f9d7eb1e03d30f3cc279d01ec5ad7eecff29f296ef60355c8c13e045c8ac97805d066f81cf4c859fedbe741bc2737cea891d95c9c69f21aa58edca272dec60c3e77abaf597308e07913584e435786b9ff401a4cbb050335b56a20e652c1d36ff74b8ef2f59578594cd973b79430110b3e943835406288f9a20d0d649dc5630bc50711fed106f325be5fce20ff7672dfdbe14df66d40c430378b7d885c3e7f115b49c84d26c4b309e13af4fd2b4556a9642c48f8a81b64d5dd600f4b29aa2ad3a8df28a84b056070005eb737860583dfc8da5e3144f0ef29580d1940798a6124efe2d180c811da06eda2548165a2a82ea018d8c07a967c063b179ba971c09ce7c19ba96ea34c676e140cf06abd6dc6ce75546e42e71bbb9eeef1547588d9d928aa6ee221eb720d8a073398326cfcb616e34e1dee6fc88c29ddfb4e9cc57e89d33fa4f9fffe48efbbe7c247f825cc24f30df2ba35d7aa2cedb53dbdc0d88a1c68197f1f5fba83ec211892d934e803db2126b667d0f0fbe23bb65e765549ee5bc198458707e4cc826caa4c40f9da0664f9a1f7f4e7f8636012ca46a3bbf545d6b8a7e57b8c432c3aa5065e78983a8add9e1485a6fdd40554490c29dca6ddfa0f9803a621b438c168d1864bd021348e22e6a652137dd7fd0aa854b0037cc299774fe6ea3e76e2b5e888d94071441159256037bf358f941d69fe241beb1eca951a604d3768ab88cc1823b3b45b4c3ed1c75ade6170e5880274beb7d5df0d4f7fff8c00dfc2a49325c61dc8b5008449400d784a66089fe5ae1c4f47826787682832c8c57b74e15cfc63ad03056ee0b8c22ef892a3429bb124cf0a224c036c7c59e3a3908ca49b72089ef815533faa1aaf78ec5ab8a98e56bdd8b4e2579735beb27be0f18cae83c4b854e1179d9f327d81bd035272a12471d6e728fb87eeb2d8a112a2704ca64d5b0044d9262294e6137bffd6f9c23137924661ef102744cb5a0ef9d5eaa3789c934c5ea1237fe071d6ee064d2c3cdc6217c1ba0bde93b06ee69899e7eeb850e583cb23c90722d002f23479533134e1abb6a6e6201357c8ce82906b81a9ff0d5b5447264a3918181664213e7e8d953011c6eda2f683c2ff85f668a56f3a070abceae972741c6e0c6513d35ec8665e110694834e1e2be2f6790fab65fd5b1be7d0b1c0b40af19c03cc291056d3e09d3bee77d9029ec49eaedfa054a9ef943c12e5e81992e41612b6c1d9422858f7ffcf8bb72ea68ce969c8c883f4d8225a3cda94016348dfe77a8a033274c95f2e0e7b1e4c51e132dc653964b10654fca84b729f6c6091ceeb427f147ffc9420942b827ef787eef917e3e36c702fe419561922ebba7e687a81e95b2dce352f208b51736897758814ff99d52a6031af9f92b344c02e9a2d65571f8d8a744b913adfe2a04948e3deed0faadec648c8ed2138acc024d8f14cec7e8cf003585f2f7f0650fde160a891337315bef61174b94224ae4968d22fbf284254e43413194f4bc14d84e2baf591c62420ebceff8a2245b2a4d5f3bc7d0b285f9c2607d3340b9cbc90ab7bee1bbed925dcbbce614470a30a4948c4bb90fcb65220ebedb168af885104219be85cd74ab9f5200640d9ce2937b9a362b17d4b6f41eaee1208906c238862dcbf421eb390624f01f22b653d8edaa3f0d81aafffe5374a46f227dfffe7a0eae723c33b6ab41befaefb6d629f25ad38c6f4879580034c578dfd1ce91b3fd2ffa878a992324ad1181f1ae04a1620ad3ad53821ec579fb29ecc53ab1d35011133d7b59715c228ec45d1662c87ed0287862ffb498cbd0410a391f142489fe6e369e3526b39e05c13c3574b1152341a237eed902ebf49b4b2548795e418c1e57e011061298d3a9dbcf2c2caccad013d03123208adddbe99e9f523dd0379dd537a93508b9aa29d1e7f286aa9983eb5b59ccaecffc31466f7f13ef320efa0c2fe393b5a0fb25e867f7951a6e25656d7e9905bc00c855ad0f4b9c55b33d99fa1358848c037e6ff9c76523764febd6d8ec83f70338e7ff728a52c661b2b0282381d2c169267b11d4dc383e62ae646d1cf9323b2d0cf3c561f81c7d2b0873d96ba97247cc47e222e226a6d151f11f2f50b767bac93a9dcf1711ac45b1c528fa9a9442f2958218a021f3305ec037d590019dd4d83d3441628e4ad6a6c595062c0a7822d090527833786d5e8f31002212661f50006549dd1d3b462456ef126814073c06b96e78406b6d4494d887fe7c794b75399c2c13ffb56f291bd4a7d36155de7e01fa35b7bec8bcacd43c8bb6ca6f09a15003bb8287ce68e1cab702cc309c7bebb0699ab4da85448da0db0340594a8e2e7ac83a32d3e7187c8d45d85b9fba5a29937143d7b011721f515a4945bbefbe554da5d3c7cb5f127fc13793f3732c90a4a58eaec22a93ed04e82e8347c707326436775da4df8add39fe46fd4dc4ff6592098454eb82b14a0d977e7d8f0610cc0f251c7df75fb6e9e64545b2828a15e1894d9586cd6c88f82d469c64d48b8cc3883e81f0172d089e8577e4bde2b5d59e7b9c835a7978081dc009c1867c7b202e554bbf4fe8cbc033bd32c75f12deb3d6533f4a87efd2f031e867b6589d170976120fa40cf08715d5686e719db2b04fc95c88771785854be7fdfd78eb1a9be035f6f674f9fa508aa90da71d5bafdb445d77e7fe38d24625d42a2e003bb3d153ee1e13af32ada0cf208fa2f9445191d558e61e8bde4cdbb790f43bb96285166fde2a5ac6a1deb58c0b00bea388198d49c4f5fe82ae9d61f5210a7257d22d776e77fa61545eaaf370f36c28c7508241d32715f7ec2848cac7f2d4df18a512a3226dfe97c5951d313fc09599fd21bb2900241483a12ffc57598e4f09cb85ae6962f2757050de6eccef034af3a84f250cbf0ea649a7a87b2901d4c6b3ea93225fc2cec0b6c9804e4eda002a3d24da0a55e6d9a0ad1807221bade6da8e84c86e322f7b3e1e087515aefa11de3e198b8187b1adb904a5361590b90915b73eb96342b1ed9e34c5bb68f81396be94b31df136a65868d796c7622dd8e7f78ce81d7db24163ad784d4815ff817bf8811d1293c7e88fe4d7821783191e03b5682ae7c0dadd4a92724aafce024ae0acc8e39cd3eaf4ede024907e50977228df4d3a6a428886fb24f9aa15366bcae6ebb1751402b9f34a38540c09293047fe94373c17a9cccff1a1de322efc3fe334801aa76444dd0d4c017feb9d453eb35f21efe332ed9ae75571ca5778eb4b69d94f769dbf08cafa07a7f42f12f8f2a9e3eb6976e0162c3f23451d974c87f6063bd31db1385811b554c8550ba5130f88d797a8bab3e01b21e5febd2b0f66e8f5842c104107428423a8c8d394c5e19ea717587a92fe070e5b49ec4af4bc632e2f3e80fa65116f38e12d8a218f4f236105e390802b3f9921650ba418177f833261861abeebfaec31989492f7f02d1b062169d3bee9aa399d3dfa9f98d4829e98fe767236f5dd98109439d31999c03519ea38de25b3fe38b420fbe4552e9adedb307fdffc98ea4586d60ee313328c5b6c3ff504ebed28f56698016dd796b9b9e850d7918d8b8", 0x1000}], 0x1}, &(0x7f0000001600), 0x9) ioctl$DIOCXROLLBACK(0xffffffffffffffff, 0xc0104453, &(0x7f0000001640)="6c811ba52c139b40dc5680cb0275fdd440468e4dae07c745ba758cb266742f468fc42da0669f6061cb2c9f921e953451b3135e0174fe8eb1aebb2c3eb8a7fb3fc8dea18e652d01e7184ca65dce04f4679afed2766b067349de7a5ef60b586992919a20382c0a1f20af0c9c7fac61cf18383e36fe56502f5f26b8") freebsd10_pipe(&(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_sctp_SCTP_BINDX_REM_ADDR(r2, 0x84, 0x8002, &(0x7f0000001700)=@in={0x10, 0x2, 0x3, @rand_addr=0x7}, &(0x7f0000001740)=0x10) getsockopt$inet6_sctp_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x20, &(0x7f0000001780), &(0x7f00000017c0)=0x4) getsockopt$inet6_sctp_SCTP_HMAC_IDENT(r1, 0x84, 0x14, &(0x7f0000001800)={0x8, [0x1000, 0x0, 0x8000, 0x200, 0x4000, 0x0, 0x1, 0x0]}, &(0x7f0000001840)=0x14) syz_emit_ethernet(0x93, &(0x7f0000000000)={@random="c90c8a7c337f", @local, [{}], {@ipv4={0x800, {{0x1c, 0x4, 0x0, 0x0, 0x81, 0x65, 0x5, 0x1, 0x46, 0x0, @broadcast, @remote={0xac, 0x14, 0x0}, {[@end, @timestamp={0x44, 0xc, 0x5, 0x0, 0x3, [{[], 0x9}, {[], 0x4}]}, @lsrr={0x83, 0xb, 0x6, [@multicast1, @broadcast]}, @generic={0x0, 0x4, "a4d4"}, @ssrr={0x89, 0x13, 0x4, [@remote={0xac, 0x14, 0x0}, @broadcast, @remote={0xac, 0x14, 0x0}, @empty]}, @ra={0x94, 0x6, 0x9}, @ra={0x94, 0x6, 0x80000001}, @noop, @lsrr={0x83, 0x1f, 0x2, [@multicast2, @multicast1, @loopback, @empty, @loopback, @loopback, @multicast1]}]}}, @generic="8d862d099b6bb2ba6aeaa6abd3e9d582c9"}}}}) syz_execute_func(&(0x7f00000000c0)="c4e1f5f37b05c4c2f547525a808f4e00000000660f381dbc6007000000c4e2ad9174ae7e81fe000000008fe9a099d8e4ffc4c1935c17c4c3e141ae2f109dc2d8") syz_extract_tcp_res(&(0x7f0000000100), 0x5, 0x7ff) csource_test.go:124: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 13; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 45); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5 * 1000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: memcpy((void*)0x10000000, "\xec\x04\xa9\x04\xb9\xd2\xea\x02\xfa\xb2\xdf\x1d\x9d\xe3\x9f\x3f\x5a\xa2\x34\x43\x97\xe1\x86\x20\x4d\x39\xd7\x4d\xa1\x56\xe7\xc6\xcd\x98\x19\x5b\x7b\x83\xc6\x52\xb0\x6b\x62\x22\xbd\xef\x33\x63\x96\x1b\xf4\x7e\x9b\x53\x0f\xbf\x65\xba\xe3\x60\x7b\x60\x94\x1e\x27\x15\xbd\x67\x8f\xce\xbc\x55\x24\xbc\xef\xd3\x18\x4d", 78); syscall(SYS_setsockopt, 0xffffff9c, 0, 0, 0x10000000, 0x4e); break; case 1: *(uint8_t*)0x10000180 = 0x10; *(uint32_t*)0x10000184 = 0x10000080; memcpy((void*)0x10000080, "\xde\x11\xc2\xa7\x74\x19\x1d\x70\xf5\x1e\x7c\x3e\x37\x5c\x28\x14\xac\x72\xc2\xd5\xd0\x40\x4a\x2e\x3d\x5b\xaf\x92\x16\x1f\x3b\x45\x1e\xfe\x9c\x4c\x79\xd7\x66\x06\x68\xf6\x07\x3e\x2f\x76\xc5\xf2\x14\x51\x95\xe8\xc1\xa4\xec\x34\xb6\xf6\x9c\x1b\x58\x27\x68\x20\x7b\x28\xa9\x79\xf0\x5a\xdc\x14\xa3\x35\x7f\xe7\xc4\x93\xfc\x81\xa9\x17\x75\x24\x63\x1b\xb2\x09\xbe\x63\x7f\x86\x95\x74\x7f\xa7\xcf\x1c\x68\xac\x69\x1f\x16\x9c\x1b\x8f\xb6\x7d\x7a\x37\x76\xdd\xfc\x62\x0f\xfb\xe6\x83\x1f\x74\xd2\xf2\xd0\x89\xa4\xff\xec\xf5\x10\xa9\x97\x02\x25\x8c\x58\xea\x9e\x87\x1d\x4f\x4a\xb9\xa3\x47\xaa\xbd\xbb\x03\x58\x5b\x37\xb5\xc7\x94\x36\xc0\xc1\x16\x0a\x58\x76\xb6\x1b\xbf\x0c\x81\x4b\xb4\x9a\x27\xa3\x60\x82\xdf\x13\xcb\x2f\x9d\xe2\xf9\x42\xb6\xac\x7e\x15\x88\x80\xcf\xc0\x3c\xfd\xcc\xca\x9f\xc0\xf2\x34\x7e\xb5\x43\xa3\x43\xb4\xc9\x27\x07\xfe\x73\x6a\x86\xa3\x5d\x58\xe2\x6f\x6f\xd2\xe9\xec\x8f\x82", 221); *(uint32_t*)0x10000188 = 7; *(uint32_t*)0x1000018c = 0x5a764000; *(uint32_t*)0x10000190 = 6; syscall(SYS_ioctl, -1, 0xc0284459, 0x10000180); break; case 2: *(uint8_t*)0x10000200 = 0x1c; *(uint8_t*)0x10000201 = 0x1c; *(uint16_t*)0x10000202 = htobe16(0x4e23); *(uint32_t*)0x10000204 = 6; *(uint64_t*)0x10000208 = htobe64(0); *(uint64_t*)0x10000210 = htobe64(1); *(uint32_t*)0x10000218 = 0x2d99; syscall(SYS_recvfrom, 0xffffff9c, 0x100001c0, 0x17, 2, 0x10000200, 0x1c); break; case 3: memcpy((void*)0x10000240, "./file0\000", 8); memcpy((void*)0x10000280, "\000", 1); res = syscall(SYS_shm_open2, 0x10000240, 0x800, 0, 7, 0x10000280); if (res != -1) r[0] = res; break; case 4: *(uint32_t*)0x100015c0 = 0x10000540; *(uint32_t*)0x10000540 = 0x100002c0; memcpy((void*)0x100002c0, "\xef\xac\xad\xe5\x8a\xb0\x19\x23\x51\xa1\x02\xad\xa3\x2a\xd1\xf4\x1e\x42\x9e\xdf\x6c\x4a\x51\x3a\xc6\xd6\x69\xca\xdb\x22\x2e\xb6\x82\x97\xab\x8f\x9f\x7b\x32\x34\xd0\xc6\xcf\xa2\x80\xad\x14\xdc\x1c\x4c\x34\x17\x51\x19\x44\x6d\x79\xa0\x30\xd4\x8b\x57\x30\x4e\xb9\x0b\x42\x8c\x20\x23\x82\xd8\x6c\xd7\x1e\x9c\x1e\xcc\x8d\x3e\x2d\x76\x4a\xae\x37\x14\xcb\x59\x1e\xb0\x27\xe4\x69\x43\xe2\x3e\xb7\x65\x68\x75\x86\x7e\x60\x3c\xf1\x38\x92\xa7\x4c\x42\xbb\x18\x44\xc2\x7f\x7f\x45\x4f\x96\x61\xf1\xdb\xb3\x50\x04\xad\xa4\xd6\xd7\x5b\x1d\xf3\x42\xe9\x67\x49\x3d\x20\x7d\x6b\x8b\x4e\xdc\xbf\x9d\x1e\x37\x84\x45\x57\x36\x84\xed\x13\x9b\x67\x1a\xbf\x65\x76\xed\xf8\xd7\x34\x2c\xd8\x64\x9d\x37\x69\x70\xac\xbd\xe2\x24\xa7\xb0\xb6\xa9\x75\xa8\xba\x0a\x76\x8e\xd6\xab\xe1\x6c\x1b\x69\x4f\x65\xdd\x42\x31\xf4\x8c\x28\x84", 200); *(uint32_t*)0x10000544 = 0xc8; *(uint32_t*)0x10000548 = 0x100003c0; memcpy((void*)0x100003c0, "\xa6\xe4\xfe\x18\x6c\x76\x0a\xc2\xeb\xbc\xf9\xef\xda\x5e\x22\xe2\xdf\x6f\x15\x3f\xcc\xda\x1c\x16\x97\x60\x37\xd0\x3e\xe0\x04\xc3\xfb\xba\x5d\x35\xb6\xc0\x83\x13\x0f\xc7\x05\xf9\x58\x89\xba\x6a\xdb\xe5\xe3\xa7\xa5\xe7\x01\x36\xa0\xca\x08\x5b\x7e\x50\x4d\x0d\xf5\x5f\xe1\x84\xa9\xbd\x7a\x82", 72); *(uint32_t*)0x1000054c = 0x48; *(uint32_t*)0x10000550 = 0x10000440; memcpy((void*)0x10000440, "\xc7\xe0\x00\x30\xb3\xc4\x54\x17\x43\xee\x65\x13", 12); *(uint32_t*)0x10000554 = 0xc; *(uint32_t*)0x10000558 = 0x10000480; memcpy((void*)0x10000480, "\xa4\xa6\x7a\x4e\x72\x49\x2b\x9f\xab\x63\x79\xe4\xc0\xf3\x5b\x22\xb6\x9b\x6e\x7a\xef\xc5\x6b\xee\xfa\x85\x7a\xe2\x85\x43", 30); *(uint32_t*)0x1000055c = 0x1e; *(uint32_t*)0x10000560 = 0x100004c0; memcpy((void*)0x100004c0, "\x8f\x09\x5f\x8d\xf1\xc6\xbc\x4d\xfc\x1d\x82\x6f\x02\xdf\xa7\x79\x4b\xeb\xf9\xe7\xff\xc7\x16\x0f\x27\x6a\x53\xd1\xab\xc9\x96\xfc\xa8\xc8\xdb\xc7\xc7\x9c\x09\xcd\x5f\x95\x47\x75\xc9\xe8\xfc\x1c\xf2\xe0\xe3\xc0\x54\xfb\x54\xb6\x62\xd1\xb4\x5f\x52\x35\xfd\xbf\x86\x0c\x3f\xed\x3d\xc3\x4c\xeb\x30\xc4\x4b\xaa\x4d\xed\x7d\xe7\xe9\x53\x3f\x4d\xca\x14\x6d\xb0\xdb\x35\xa9\x3b\xa6\x54\xd4\x90\x11\xd9\xcb\x98\xd1\x57\x6b\x73\x1b\x9c\x2b\xb5\x8c\x0d\xf4\xed\xee\x6e\xf5\xae\x1f\x8b\x6b\xc9\x64\x6f\x5b\x4a\xde\x4d\xd5\x2a", 128); *(uint32_t*)0x10000564 = 0x80; *(uint32_t*)0x100015c4 = 5; *(uint32_t*)0x100015c8 = 0x10001580; *(uint32_t*)0x10001580 = 0x10000580; memcpy((void*)0x10000580, "\x8e\xda\xaf\xd2\x15\xce\x7b\x65\xc3\x01\xb4\xc9\x26\x51\x64\x8d\x08\x98\x18\x7c\xcd\xb0\x1a\x4d\x76\xb5\xe3\x01\xed\x4d\xc9\xa8\x86\x3d\xc7\xf7\xae\x3b\xad\x05\x02\x27\xe3\x74\xa1\x68\x98\xe6\x00\x4c\x84\x14\x84\x7a\xd7\x49\x72\xed\xac\x24\xdc\x8a\xf7\x3e\xfd\xef\x3c\xfa\x98\xe4\x6f\xf1\x09\xf6\x63\x9f\x4f\x14\x17\x14\x6e\x2a\x2c\x18\x34\xc9\x74\xf3\xe4\x64\xef\x4b\x9c\x88\x08\x52\x27\xad\x38\x2c\x92\x6d\xe3\x19\x1e\x68\x96\x32\xfa\xd2\xe8\x0b\xe9\x71\x23\x08\x4f\x70\xff\x09\x5d\x02\x6a\x80\xf0\x1d\x73\x75\x2d\xb2\x00\xc3\x60\x9b\xc6\xe8\xbb\xc9\x18\x7c\xb8\x5a\x65\x19\xba\xfc\x4f\x15\xec\xca\x30\x55\x8d\x8f\xc1\x9c\x9c\x8c\xfb\x94\xa2\xf1\xe7\x03\x45\xad\xf2\xb0\x18\x14\xe7\x37\x6e\x9f\x44\x92\xa3\xbf\x38\x83\xe2\x2d\xf3\x05\x68\x63\x2f\x51\xc3\xa6\xb3\x63\xd5\xa9\x68\x93\x7e\x1e\xe9\x77\xa3\x4f\x41\x2d\x00\xad\x70\xc1\xc9\x1a\x7c\x39\xea\xd0\x8d\x36\x6e\x10\xff\xc0\x55\x2b\x5d\xea\xe8\xe1\xfb\xee\x08\xab\xf3\xea\xde\x68\xa0\xea\x2f\x89\xf2\x7c\x3b\x9a\x4e\xb1\xd2\x02\x93\x2a\x12\x8b\x55\x2a\xdf\xa6\x88\x55\x6c\xce\x27\xe1\xa8\x31\xda\xca\x24\x9c\x6c\x8c\x8a\xf9\xf5\x0e\x79\x3b\x7f\x86\xa9\x71\xeb\x6e\xa8\xac\x68\xfe\x06\x46\xce\xd0\x18\x57\x75\xd7\x1a\xec\xe7\x9e\x93\xcd\xeb\x67\xee\x01\xe9\x31\xc3\x45\xa2\x3e\xe4\xa6\x12\xe1\x31\xda\x8b\x80\xac\x0a\xd8\x45\xa4\xe2\x71\x2c\xc4\x3b\x24\x4d\xf2\x2d\xf8\x22\xb2\xb3\x36\xd8\xab\x18\x58\x8b\x60\x75\x26\xa1\xe5\x95\x1f\xe7\x39\x3d\x5c\xbe\xf8\x6c\x42\x98\x8f\x3e\x8b\x5f\xb0\xde\x54\xc9\xaa\xbe\x6a\xe7\xc1\x3c\xec\x05\x06\xae\x83\x7b\x79\x55\x39\xd4\x12\xfe\x96\xe4\xc5\x46\xa7\xd9\xc9\xd2\x83\x0e\xd1\x63\xfb\xc2\x0a\xab\x88\x4f\x5b\x11\x59\xa6\xab\x62\xd2\x66\xb2\xc3\x25\x97\xcc\x06\x68\x5b\x78\x9b\x80\xf8\xd2\x66\x4c\x87\xf0\x99\x56\xa2\x9d\xcd\x3f\xc0\xe9\xba\x35\xd6\x68\x59\x0e\x0d\xcf\xbc\xbb\x61\x85\xe1\xe8\x70\x32\x4f\x22\xb1\x67\xa2\x20\x4e\x27\x1e\xff\x9d\xcb\xb3\x6c\x1f\x52\xcf\x2f\xe3\x76\x04\x61\x26\xcd\x24\xde\x4b\x8d\x8e\x9e\x36\x7e\x17\x17\x9a\xbb\x59\xd2\x6c\xde\xe7\x5c\xea\xb9\x3d\x2b\x24\x00\xf7\x08\x65\x42\xd9\x57\xbc\x80\xda\x10\x69\xc5\xf7\x51\x8e\x86\x08\xfa\xe3\xf9\x48\xcb\x7c\x27\x2f\x7e\x36\x0d\xa0\xfb\x84\xaa\x23\x30\xf9\x96\x08\x83\x10\xc7\xe4\x23\x79\xcc\x78\x37\xb8\x5a\x64\x6c\x44\xd1\x53\xbe\xd8\xeb\x8f\x95\xbc\x3d\x54\x11\xe3\x3e\xc8\x32\xab\x81\x56\x92\x3c\x73\x24\xdf\xc4\x33\x86\xd3\x41\x9d\x36\x60\x3f\x69\x9a\x32\x1f\xd6\x1f\xc9\xf9\x76\x5a\x2a\x64\xb1\x6d\x47\xe0\x87\x0e\x19\x71\x23\x1d\xc6\x16\x64\x70\x28\xc4\xb3\x5b\xea\x6e\x59\xdb\xdb\xe9\xa2\x9a\x5f\x46\x38\x9e\xcb\x65\x57\x11\xe9\x0f\x49\xa9\x8c\x02\x14\x93\xdf\x41\x17\x74\x66\xf0\x25\x89\x33\x9a\x40\xb3\xb4\x86\xa2\x5c\xca\xda\x3c\xaa\xe4\x96\x31\x4a\x5a\x2b\x54\xa1\x1c\xf6\xfb\x7e\x87\xd8\x4d\x01\xea\x85\x3e\x97\x0c\xf1\x8a\x1b\x53\xdb\x5d\x15\x63\x75\xab\xe4\x1a\xd6\x86\xa4\xb4\xb4\xc2\x47\x5a\x31\xec\xdf\xe5\xf2\x2b\xa5\x1f\x66\x6d\x22\xe6\xc7\x43\x4c\x72\x2c\x75\x65\xee\xb5\x34\x6e\xec\xd1\xe2\x55\x57\x72\x21\x66\xac\x7e\x50\x92\x9f\xef\xbb\x3f\x29\x99\xd1\x52\x93\x8f\x7f\x3c\xec\x1d\xef\xe5\xa0\x97\xa5\xf3\xa7\x59\x32\xce\x2c\x03\x64\xec\xaf\x5f\xfb\xa0\x84\xf9\x76\xb5\xd1\xce\x16\xe8\xfb\x4d\x12\x34\x8a\x6f\xd1\x67\x11\x7f\x08\x0a\x89\xf5\x4e\xbe\x8b\xdc\x10\xed\x4d\x34\xdf\x56\x80\x42\xdd\xc1\x03\xd0\x2d\x13\xb6\xaf\x17\x80\x7f\x27\x60\x09\x11\x23\x26\x3c\x3a\x00\xd2\xd6\x9e\x57\x14\x5f\x8a\x2d\xe9\xeb\x50\xeb\xe8\x9a\x3e\xfa\xc5\x3a\xb7\x3a\x57\x74\x40\x70\xa5\x14\x0e\x0e\x4e\x25\x03\x0e\xdb\xeb\xe8\x33\x41\xfd\xc5\x45\xab\x2b\x4a\xa8\xa0\xfe\xb0\x96\x32\xd8\x4e\xf0\x11\x62\xd9\x3d\x0d\x8f\xa9\x51\x0f\x59\x7e\xa2\x00\x32\xe1\x94\xdf\x44\x4a\x83\x96\x0b\x99\x65\x8d\x07\x6f\xe3\xbc\xcd\xe9\x03\xfb\x30\x47\x1f\xd0\x00\xfb\xcd\x42\x01\xa6\x29\x36\xc7\xc7\x18\x40\x53\x94\xe6\x61\x2d\xdd\x77\xe4\x15\xef\x88\x79\xa2\x76\x1f\x66\x78\xee\x0e\x23\xf4\xa1\x39\x8c\x83\xda\x95\x9e\x97\x23\x6c\x67\xb0\xbc\x39\x71\x7d\xfd\x9c\xb3\x08\xa2\x13\x43\xc8\x3d\x43\xf2\x4e\xa7\x0a\x10\x40\xa9\x8f\xb1\x95\x8d\xe1\xa3\x5a\x27\xed\x76\xc7\xc7\xec\x82\xae\x3a\x01\xb3\xca\x53\xb1\x18\x89\x2f\x20\x45\xa5\x74\x7d\xe1\x4c\x54\xa9\x9b\x43\x8e\x85\xab\x2a\xf9\x3e\xf1\x51\xa3\x9e\xe0\x15\x7c\x6c\x9d\x0e\x4e\x1f\xf5\xb3\xc6\xff\x6a\xb0\x73\x9f\xf9\x52\x42\x21\xc6\xb6\x75\xbb\x88\x4b\xbe\x64\xa6\x21\x41\x59\x2c\x8c\xc9\x97\x60\xf1\x7a\xbc\x44\x70\x6f\xf3\x7e\x31\x3c\x75\x53\xdf\xf3\x4c\xf6\x49\xe0\x56\xa0\x5c\xf6\x2c\xb3\x79\xa6\x4c\x4b\x3e\x54\x9e\xb1\xc5\x72\xb9\x17\xea\x71\x5a\xb1\xe7\xcc\x69\x15\x45\xd5\x09\x28\x13\xbf\x3e\xf2\xcd\x9f\xf9\x14\xaf\x31\xc1\x4b\xb5\x7d\xd4\x06\xa0\xb4\x89\x16\xd5\xce\xe2\x7b\x0d\x79\xec\x74\x29\x62\x57\x48\x9c\x83\x5b\xba\x62\xd2\xe4\xf8\x95\x73\xa1\x21\x30\x08\x76\xca\x46\x11\xd8\x06\x6d\x76\xb3\xe7\x9e\x1d\x36\x13\x2c\xc8\xd6\xb9\x9e\xeb\xae\xac\xef\x78\x6a\x59\x8d\x6d\xbb\x43\xaf\xc4\x2e\x54\x15\x42\x43\x60\x97\x07\x31\xb2\x73\x73\x6b\x06\x2a\x27\x53\xd1\x0f\x7a\xa0\xf6\xc0\x82\xfe\x2d\x80\xea\x11\x2b\xea\x0a\x05\xa9\xb5\x48\x8e\xf1\x89\x05\x7c\x48\x42\x9a\x5e\xd4\xd0\xc3\x36\x3b\x7e\x6d\xfa\x25\x2c\xd8\x86\xec\x7f\x51\xbc\x9e\xef\x81\xc1\x03\x17\x86\xb2\x6b\xd6\xf4\x68\xa0\x2b\x4d\x6a\x49\x4d\x88\x76\xab\x98\x60\x84\xfc\x73\xb5\x84\xc1\x61\x9b\x70\xfc\x68\x25\xa2\xab\x85\xc9\xcd\x1d\xb8\x1c\x83\x5a\x45\x2c\x01\xb4\x43\x8a\x28\x51\xb8\xe4\xd5\xc4\xa9\x67\x89\x46\xc4\xe2\x5f\x7f\xdf\x45\x6d\xc7\xe6\x1d\xe3\xdd\x6f\x13\x02\xb0\x19\x4d\xb7\xbe\x1b\x41\xfd\x06\x4c\xc3\x5d\x11\x9c\xe2\x91\x59\x2a\xaf\x8d\x07\xf2\xce\xae\x8b\x20\xe3\xb1\xa9\x33\xec\x75\x69\x9f\x96\x96\x32\xec\xd6\xfa\x91\x59\x1e\xa5\x87\x44\xed\xd5\x46\x60\x46\xc8\x09\x99\x3f\x4c\xbf\xfa\xe1\xd5\x27\xed\x1b\xb2\x2d\x9e\x1e\x02\x29\x5d\x35\x86\xde\x90\x95\x02\x47\xa1\xb1\xdf\xcf\xc9\x41\x59\x42\xf4\x6c\x3f\x19\x4c\x6c\xb0\x6e\x70\x11\xe9\x64\x78\xbc\xd3\xaa\x33\x54\x2e\xb2\x04\x47\xe4\xaf\xa5\xc4\x8b\x13\x72\xcb\x07\x21\x63\x18\xb0\x71\xf8\x98\xb0\xe8\x63\x2a\xd0\xdf\x9a\xfe\x12\xcf\x52\xbe\x13\x54\x57\x24\x1e\x2e\x49\xca\x49\x2f\x77\xb8\x1e\x96\x50\xd2\xc8\x52\x82\xa6\xac\x78\x44\xb1\x94\x60\x07\xbe\xf7\xa0\xd5\x3b\x1a\x5e\x28\x57\x49\xc0\xd2\x1d\xe5\xc1\x92\xc6\x31\x69\x6d\x36\x50\x3d\xaa\x61\x2a\xc7\x0e\x30\xd3\xb7\x34\x9e\x21\xbc\x99\xbd\xc4\xc3\xa9\x41\xbd\x7a\x33\xef\x35\xbb\x35\x12\xae\x98\x26\xc4\x6d\x8c\x9a\x21\xda\x27\x73\x92\x1b\xfd\xaf\x6f\xbf\x64\x9d\xa2\xb2\x25\x86\x1b\x67\x64\x40\x25\x83\x34\x16\x7f\x9d\x7e\xb1\xe0\x3d\x30\xf3\xcc\x27\x9d\x01\xec\x5a\xd7\xee\xcf\xf2\x9f\x29\x6e\xf6\x03\x55\xc8\xc1\x3e\x04\x5c\x8a\xc9\x78\x05\xd0\x66\xf8\x1c\xf4\xc8\x59\xfe\xdb\xe7\x41\xbc\x27\x37\xce\xa8\x91\xd9\x5c\x9c\x69\xf2\x1a\xa5\x8e\xdc\xa2\x72\xde\xc6\x0c\x3e\x77\xab\xaf\x59\x73\x08\xe0\x79\x13\x58\x4e\x43\x57\x86\xb9\xff\x40\x1a\x4c\xbb\x05\x03\x35\xb5\x6a\x20\xe6\x52\xc1\xd3\x6f\xf7\x4b\x8e\xf2\xf5\x95\x78\x59\x4c\xd9\x73\xb7\x94\x30\x11\x0b\x3e\x94\x38\x35\x40\x62\x88\xf9\xa2\x0d\x0d\x64\x9d\xc5\x63\x0b\xc5\x07\x11\xfe\xd1\x06\xf3\x25\xbe\x5f\xce\x20\xff\x76\x72\xdf\xdb\xe1\x4d\xf6\x6d\x40\xc4\x30\x37\x8b\x7d\x88\x5c\x3e\x7f\x11\x5b\x49\xc8\x4d\x26\xc4\xb3\x09\xe1\x3a\xf4\xfd\x2b\x45\x56\xa9\x64\x2c\x48\xf8\xa8\x1b\x64\xd5\xdd\x60\x0f\x4b\x29\xaa\x2a\xd3\xa8\xdf\x28\xa8\x4b\x05\x60\x70\x00\x5e\xb7\x37\x86\x05\x83\xdf\xc8\xda\x5e\x31\x44\xf0\xef\x29\x58\x0d\x19\x40\x79\x8a\x61\x24\xef\xe2\xd1\x80\xc8\x11\xda\x06\xed\xa2\x54\x81\x65\xa2\xa8\x2e\xa0\x18\xd8\xc0\x7a\x96\x7c\x06\x3b\x17\x9b\xa9\x71\xc0\x9c\xe7\xc1\x9b\xa9\x6e\xa3\x4c\x67\x6e\x14\x0c\xf0\x6a\xbd\x6d\xc6\xce\x75\x54\x6e\x42\xe7\x1b\xbb\x9e\xee\xf1\x54\x75\x88\xd9\xd9\x28\xaa\x6e\xe2\x21\xeb\x72\x0d\x8a\x07\x33\x98\x32\x6c\xfc\xb6\x16\xe3\x4e\x1d\xee\x6f\xc8\x8c\x29\xdd\xfb\x4e\x9c\xc5\x7e\x89\xd3\x3f\xa4\xf9\xff\xfe\x48\xef\xbb\xe7\xc2\x47\xf8\x25\xcc\x24\xf3\x0d\xf2\xba\x35\xd7\xaa\x2c\xed\xb5\x3d\xbd\xc0\xd8\x8a\x1c\x68\x19\x7f\x1f\x5f\xba\x83\xec\x21\x18\x92\xd9\x34\xe8\x03\xdb\x21\x26\xb6\x67\xd0\xf0\xfb\xe2\x3b\xb6\x5e\x76\x55\x49\xee\x5b\xc1\x98\x45\x87\x07\xe4\xcc\x82\x6c\xaa\x4c\x40\xf9\xda\x06\x64\xf9\xa1\xf7\xf4\xe7\xf8\x63\x60\x12\xca\x46\xa3\xbb\xf5\x45\xd6\xb8\xa7\xe5\x7b\x8c\x43\x2c\x3a\xa5\x06\x5e\x78\x98\x3a\x8a\xdd\x9e\x14\x85\xa6\xfd\xd4\x05\x54\x49\x0c\x29\xdc\xa6\xdd\xfa\x0f\x98\x03\xa6\x21\xb4\x38\xc1\x68\xd1\x86\x4b\xd0\x21\x34\x8e\x22\xe6\xa6\x52\x13\x7d\xd7\xfd\x0a\xa8\x54\xb0\x03\x7c\xc2\x99\x77\x4f\xe6\xea\x3e\x76\xe2\xb5\xe8\x88\xd9\x40\x71\x44\x11\x59\x25\x60\x37\xbf\x35\x8f\x94\x1d\x69\xfe\x24\x1b\xeb\x1e\xca\x95\x1a\x60\x4d\x37\x68\xab\x88\xcc\x18\x23\xb3\xb4\x5b\x4c\x3e\xd1\xc7\x5a\xde\x61\x70\xe5\x88\x02\x74\xbe\xb7\xd5\xdf\x0d\x4f\x7f\xff\x8c\x00\xdf\xc2\xa4\x93\x25\xc6\x1d\xc8\xb5\x00\x84\x49\x40\x0d\x78\x4a\x66\x08\x9f\xe5\xae\x1c\x4f\x47\x82\x67\x87\x68\x28\x32\xc8\xc5\x7b\x74\xe1\x5c\xfc\x63\xad\x03\x05\x6e\xe0\xb8\xc2\x2e\xf8\x92\xa3\x42\x9b\xb1\x24\xcf\x0a\x22\x4c\x03\x6c\x7c\x59\xe3\xa3\x90\x8c\xa4\x9b\x72\x08\x9e\xf8\x15\x53\x3f\xaa\x1a\xaf\x78\xec\x5a\xb8\xa9\x8e\x56\xbd\xd8\xb4\xe2\x57\x97\x35\xbe\xb2\x7b\xe0\xf1\x8c\xae\x83\xc4\xb8\x54\xe1\x17\x9d\x9f\x32\x7d\x81\xbd\x03\x52\x72\xa1\x24\x71\xd6\xe7\x28\xfb\x87\xee\xb2\xd8\xa1\x12\xa2\x70\x4c\xa6\x4d\x5b\x00\x44\xd9\x26\x22\x94\xe6\x13\x7b\xff\xd6\xf9\xc2\x31\x37\x92\x46\x61\xef\x10\x27\x44\xcb\x5a\x0e\xf9\xd5\xea\xa3\x78\x9c\x93\x4c\x5e\xa1\x23\x7f\xe0\x71\xd6\xee\x06\x4d\x2c\x3c\xdc\x62\x17\xc1\xba\x0b\xde\x93\xb0\x6e\xe6\x98\x99\xe7\xee\xb8\x50\xe5\x83\xcb\x23\xc9\x07\x22\xd0\x02\xf2\x34\x79\x53\x31\x34\xe1\xab\xb6\xa6\xe6\x20\x13\x57\xc8\xce\x82\x90\x6b\x81\xa9\xff\x0d\x5b\x54\x47\x26\x4a\x39\x18\x18\x16\x64\x21\x3e\x7e\x8d\x95\x30\x11\xc6\xed\xa2\xf6\x83\xc2\xff\x85\xf6\x68\xa5\x6f\x3a\x07\x0a\xbc\xea\xe9\x72\x74\x1c\x6e\x0c\x65\x13\xd3\x5e\xc8\x66\x5e\x11\x06\x94\x83\x4e\x1e\x2b\xe2\xf6\x79\x0f\xab\x65\xfd\x5b\x1b\xe7\xd0\xb1\xc0\xb4\x0a\xf1\x9c\x03\xcc\x29\x10\x56\xd3\xe0\x9d\x3b\xee\x77\xd9\x02\x9e\xc4\x9e\xae\xdf\xa0\x54\xa9\xef\x94\x3c\x12\xe5\xe8\x19\x92\xe4\x16\x12\xb6\xc1\xd9\x42\x28\x58\xf7\xff\xcf\x8b\xb7\x2e\xa6\x8c\xe9\x69\xc8\xc8\x83\xf4\xd8\x22\x5a\x3c\xda\x94\x01\x63\x48\xdf\xe7\x7a\x8a\x03\x32\x74\xc9\x5f\x2e\x0e\x7b\x1e\x4c\x51\xe1\x32\xdc\x65\x39\x64\xb1\x06\x54\xfc\xa8\x4b\x72\x9f\x6c\x60\x91\xce\xeb\x42\x7f\x14\x7f\xfc\x94\x20\x94\x2b\x82\x7e\xf7\x87\xee\xf9\x17\xe3\xe3\x6c\x70\x2f\xe4\x19\x56\x19\x22\xeb\xba\x7e\x68\x7a\x81\xe9\x5b\x2d\xce\x35\x2f\x20\x8b\x51\x73\x68\x97\x75\x88\x14\xff\x99\xd5\x2a\x60\x31\xaf\x9f\x92\xb3\x44\xc0\x2e\x9a\x2d\x65\x57\x1f\x8d\x8a\x74\x4b\x91\x3a\xdf\xe2\xa0\x49\x48\xe3\xde\xed\x0f\xaa\xde\xc6\x48\xc8\xed\x21\x38\xac\xc0\x24\xd8\xf1\x4c\xec\x7e\x8c\xf0\x03\x58\x5f\x2f\x7f\x06\x50\xfd\xe1\x60\xa8\x91\x33\x73\x15\xbe\xf6\x11\x74\xb9\x42\x24\xae\x49\x68\xd2\x2f\xbf\x28\x42\x54\xe4\x34\x13\x19\x4f\x4b\xc1\x4d\x84\xe2\xba\xf5\x91\xc6\x24\x20\xeb\xce\xff\x8a\x22\x45\xb2\xa4\xd5\xf3\xbc\x7d\x0b\x28\x5f\x9c\x26\x07\xd3\x34\x0b\x9c\xbc\x90\xab\x7b\xee\x1b\xbe\xd9\x25\xdc\xbb\xce\x61\x44\x70\xa3\x0a\x49\x48\xc4\xbb\x90\xfc\xb6\x52\x20\xeb\xed\xb1\x68\xaf\x88\x51\x04\x21\x9b\xe8\x5c\xd7\x4a\xb9\xf5\x20\x06\x40\xd9\xce\x29\x37\xb9\xa3\x62\xb1\x7d\x4b\x6f\x41\xea\xee\x12\x08\x90\x6c\x23\x88\x62\xdc\xbf\x42\x1e\xb3\x90\x62\x4f\x01\xf2\x2b\x65\x3d\x8e\xda\xa3\xf0\xd8\x1a\xaf\xff\xe5\x37\x4a\x46\xf2\x27\xdf\xff\xe7\xa0\xea\xe7\x23\xc3\x3b\x6a\xb4\x1b\xef\xae\xfb\x6d\x62\x9f\x25\xad\x38\xc6\xf4\x87\x95\x80\x03\x4c\x57\x8d\xfd\x1c\xe9\x1b\x3f\xd2\xff\xa8\x78\xa9\x92\x32\x4a\xd1\x18\x1f\x1a\xe0\x4a\x16\x20\xad\x3a\xd5\x38\x21\xec\x57\x9f\xb2\x9e\xcc\x53\xab\x1d\x35\x01\x11\x33\xd7\xb5\x97\x15\xc2\x28\xec\x45\xd1\x66\x2c\x87\xed\x02\x87\x86\x2f\xfb\x49\x8c\xbd\x04\x10\xa3\x91\xf1\x42\x48\x9f\xe6\xe3\x69\xe3\x52\x6b\x39\xe0\x5c\x13\xc3\x57\x4b\x11\x52\x34\x1a\x23\x7e\xed\x90\x2e\xbf\x49\xb4\xb2\x54\x87\x95\xe4\x18\xc1\xe5\x7e\x01\x10\x61\x29\x8d\x3a\x9d\xbc\xf2\xc2\xca\xcc\xad\x01\x3d\x03\x12\x32\x08\xad\xdd\xbe\x99\xe9\xf5\x23\xdd\x03\x79\xdd\x53\x7a\x93\x50\x8b\x9a\xa2\x9d\x1e\x7f\x28\x6a\xa9\x98\x3e\xb5\xb5\x9c\xca\xec\xff\xc3\x14\x66\xf7\xf1\x3e\xf3\x20\xef\xa0\xc2\xfe\x39\x3b\x5a\x0f\xb2\x5e\x86\x7f\x79\x51\xa6\xe2\x56\x56\xd7\xe9\x90\x5b\xc0\x0c\x85\x5a\xd0\xf4\xb9\xc5\x5b\x33\xd9\x9f\xa1\x35\x88\x48\xc0\x37\xe6\xff\x9c\x76\x52\x37\x64\xfe\xbd\x6d\x8e\xc8\x3f\x70\x33\x8e\x7f\xf7\x28\xa5\x2c\x66\x1b\x2b\x02\x82\x38\x1d\x2c\x16\x92\x67\xb1\x1d\x4d\xc3\x83\xe6\x2a\xe6\x46\xd1\xcf\x93\x23\xb2\xd0\xcf\x3c\x56\x1f\x81\xc7\xd2\xb0\x87\x3d\x96\xba\x97\x24\x7c\xc4\x7e\x22\x2e\x22\x6a\x6d\x15\x1f\x11\xf2\xf5\x0b\x76\x7b\xac\x93\xa9\xdc\xf1\x71\x1a\xc4\x5b\x1c\x52\x8f\xa9\xa9\x44\x2f\x29\x58\x21\x8a\x02\x1f\x33\x05\xec\x03\x7d\x59\x00\x19\xdd\x4d\x83\xd3\x44\x16\x28\xe4\xad\x6a\x6c\x59\x50\x62\xc0\xa7\x82\x2d\x09\x05\x27\x83\x37\x86\xd5\xe8\xf3\x10\x02\x21\x26\x61\xf5\x00\x06\x54\x9d\xd1\xd3\xb4\x62\x45\x6e\xf1\x26\x81\x40\x73\xc0\x6b\x96\xe7\x84\x06\xb6\xd4\x49\x4d\x88\x7f\xe7\xc7\x94\xb7\x53\x99\xc2\xc1\x3f\xfb\x56\xf2\x91\xbd\x4a\x7d\x36\x15\x5d\xe7\xe0\x1f\xa3\x5b\x7b\xec\x8b\xca\xcd\x43\xc8\xbb\x6c\xa6\xf0\x9a\x15\x00\x3b\xb8\x28\x7c\xe6\x8e\x1c\xab\x70\x2c\xc3\x09\xc7\xbe\xbb\x06\x99\xab\x4d\xa8\x54\x48\xda\x0d\xb0\x34\x05\x94\xa8\xe2\xe7\xac\x83\xa3\x2d\x3e\x71\x87\xc8\xd4\x5d\x85\xb9\xfb\xa5\xa2\x99\x37\x14\x3d\x7b\x01\x17\x21\xf5\x15\xa4\x94\x5b\xbe\xfb\xe5\x54\xda\x5d\x3c\x7c\xb5\xf1\x27\xfc\x13\x79\x3f\x37\x32\xc9\x0a\x4a\x58\xea\xec\x22\xa9\x3e\xd0\x4e\x82\xe8\x34\x7c\x70\x73\x26\x43\x67\x75\xda\x4d\xf8\xad\xd3\x9f\xe4\x6f\xd4\xdc\x4f\xf6\x59\x20\x98\x45\x4e\xb8\x2b\x14\xa0\xd9\x77\xe7\xd8\xf0\x61\x0c\xc0\xf2\x51\xc7\xdf\x75\xfb\x6e\x9e\x64\x54\x5b\x28\x28\xa1\x5e\x18\x94\xd9\x58\x6c\xd6\xc8\x8f\x82\xd4\x69\xc6\x4d\x48\xb8\xcc\x38\x83\xe8\x1f\x01\x72\xd0\x89\xe8\x57\x7e\x4b\xde\x2b\x5d\x59\xe7\xb9\xc8\x35\xa7\x97\x80\x81\xdc\x00\x9c\x18\x67\xc7\xb2\x02\xe5\x54\xbb\xf4\xfe\x8c\xbc\x03\x3b\xd3\x2c\x75\xf1\x2d\xeb\x3d\x65\x33\xf4\xa8\x7e\xfd\x2f\x03\x1e\x86\x7b\x65\x89\xd1\x70\x97\x61\x20\xfa\x40\xcf\x08\x71\x5d\x56\x86\xe7\x19\xdb\x2b\x04\xfc\x95\xc8\x87\x71\x78\x58\x54\xbe\x7f\xdf\xd7\x8e\xb1\xa9\xbe\x03\x5f\x6f\x67\x4f\x9f\xa5\x08\xaa\x90\xda\x71\xd5\xba\xfd\xb4\x45\xd7\x7e\x7f\xe3\x8d\x24\x62\x5d\x42\xa2\xe0\x03\xbb\x3d\x15\x3e\xe1\xe1\x3a\xf3\x2a\xda\x0c\xf2\x08\xfa\x2f\x94\x45\x19\x1d\x55\x8e\x61\xe8\xbd\xe4\xcd\xbb\x79\x0f\x43\xbb\x96\x28\x51\x66\xfd\xe2\xa5\xac\x6a\x1d\xeb\x58\xc0\xb0\x0b\xea\x38\x81\x98\xd4\x9c\x4f\x5f\xe8\x2a\xe9\xd6\x1f\x52\x10\xa7\x25\x7d\x22\xd7\x76\xe7\x7f\xa6\x15\x45\xea\xaf\x37\x0f\x36\xc2\x8c\x75\x08\x24\x1d\x32\x71\x5f\x7e\xc2\x84\x8c\xac\x7f\x2d\x4d\xf1\x8a\x51\x2a\x32\x26\xdf\xe9\x7c\x59\x51\xd3\x13\xfc\x09\x59\x9f\xd2\x1b\xb2\x90\x02\x41\x48\x3a\x12\xff\xc5\x75\x98\xe4\xf0\x9c\xb8\x5a\xe6\x96\x2f\x27\x57\x05\x0d\xe6\xec\xce\xf0\x34\xaf\x3a\x84\xf2\x50\xcb\xf0\xea\x64\x9a\x7a\x87\xb2\x90\x1d\x4c\x6b\x3e\xa9\x32\x25\xfc\x2c\xec\x0b\x6c\x98\x04\xe4\xed\xa0\x02\xa3\xd2\x4d\xa0\xa5\x5e\x6d\x9a\x0a\xd1\x80\x72\x21\xba\xde\x6d\xa8\xe8\x4c\x86\xe3\x22\xf7\xb3\xe1\xe0\x87\x51\x5a\xef\xa1\x1d\xe3\xe1\x98\xb8\x18\x7b\x1a\xdb\x90\x4a\x53\x61\x59\x0b\x90\x91\x5b\x73\xeb\x96\x34\x2b\x1e\xd9\xe3\x4c\x5b\xb6\x8f\x81\x39\x6b\xe9\x4b\x31\xdf\x13\x6a\x65\x86\x8d\x79\x6c\x76\x22\xdd\x8e\x7f\x78\xce\x81\xd7\xdb\x24\x16\x3a\xd7\x84\xd4\x81\x5f\xf8\x17\xbf\x88\x11\xd1\x29\x3c\x7e\x88\xfe\x4d\x78\x21\x78\x31\x91\xe0\x3b\x56\x82\xae\x7c\x0d\xad\xd4\xa9\x27\x24\xaa\xfc\xe0\x24\xae\x0a\xcc\x8e\x39\xcd\x3e\xaf\x4e\xde\x02\x49\x07\xe5\x09\x77\x22\x8d\xf4\xd3\xa6\xa4\x28\x88\x6f\xb2\x4f\x9a\xa1\x53\x66\xbc\xae\x6e\xbb\x17\x51\x40\x2b\x9f\x34\xa3\x85\x40\xc0\x92\x93\x04\x7f\xe9\x43\x73\xc1\x7a\x9c\xcc\xff\x1a\x1d\xe3\x22\xef\xc3\xfe\x33\x48\x01\xaa\x76\x44\x4d\xd0\xd4\xc0\x17\xfe\xb9\xd4\x53\xeb\x35\xf2\x1e\xfe\x33\x2e\xd9\xae\x75\x57\x1c\xa5\x77\x8e\xb4\xb6\x9d\x94\xf7\x69\xdb\xf0\x8c\xaf\xa0\x7a\x7f\x42\xf1\x2f\x8f\x2a\x9e\x3e\xb6\x97\x6e\x01\x62\xc3\xf2\x34\x51\xd9\x74\xc8\x7f\x60\x63\xbd\x31\xdb\x13\x85\x81\x1b\x55\x4c\x85\x50\xba\x51\x30\xf8\x8d\x79\x7a\x8b\xab\x3e\x01\xb2\x1e\x5f\xeb\xd2\xb0\xf6\x6e\x8f\x58\x42\xc1\x04\x10\x74\x28\x42\x3a\x8c\x8d\x39\x4c\x5e\x19\xea\x71\x75\x87\xa9\x2f\xe0\x70\xe5\xb4\x9e\xc4\xaf\x4b\xc6\x32\xe2\xf3\xe8\x0f\xa6\x51\x16\xf3\x8e\x12\xd8\xa2\x18\xf4\xf2\x36\x10\x5e\x39\x08\x02\xb3\xf9\x92\x16\x50\xba\x41\x81\x77\xf8\x33\x26\x18\x61\xab\xee\xbf\xae\xc3\x19\x89\x49\x2f\x7f\x02\xd1\xb0\x62\x16\x9d\x3b\xee\x9a\xa3\x99\xd3\xdf\xa9\xf9\x8d\x48\x29\xe9\x8f\xe7\x67\x23\x6f\x5d\xd9\x81\x09\x43\x9d\x31\x99\x9c\x03\x51\x9e\xa3\x8d\xe2\x5b\x3f\xe3\x8b\x42\x0f\xbe\x45\x52\xe9\xad\xed\xb3\x07\xfd\xff\xc9\x8e\xa4\x58\x6d\x60\xee\x31\x33\x28\xc5\xb6\xc3\xff\x50\x4e\xbe\xd2\x8f\x56\x69\x80\x16\xdd\x79\x6b\x9b\x9e\x85\x0d\x79\x18\xd8\xb8", 4096); *(uint32_t*)0x10001584 = 0x1000; *(uint32_t*)0x100015cc = 1; syscall(SYS_sendfile, (intptr_t)r[0], 0xffffff9c, 8, 0x800ull, 0x100015c0, 0x10001600, 9); break; case 5: memcpy((void*)0x10001640, "\x6c\x81\x1b\xa5\x2c\x13\x9b\x40\xdc\x56\x80\xcb\x02\x75\xfd\xd4\x40\x46\x8e\x4d\xae\x07\xc7\x45\xba\x75\x8c\xb2\x66\x74\x2f\x46\x8f\xc4\x2d\xa0\x66\x9f\x60\x61\xcb\x2c\x9f\x92\x1e\x95\x34\x51\xb3\x13\x5e\x01\x74\xfe\x8e\xb1\xae\xbb\x2c\x3e\xb8\xa7\xfb\x3f\xc8\xde\xa1\x8e\x65\x2d\x01\xe7\x18\x4c\xa6\x5d\xce\x04\xf4\x67\x9a\xfe\xd2\x76\x6b\x06\x73\x49\xde\x7a\x5e\xf6\x0b\x58\x69\x92\x91\x9a\x20\x38\x2c\x0a\x1f\x20\xaf\x0c\x9c\x7f\xac\x61\xcf\x18\x38\x3e\x36\xfe\x56\x50\x2f\x5f\x26\xb8", 122); syscall(SYS_ioctl, -1, 0xc0104453, 0x10001640); break; case 6: res = syscall(SYS_freebsd10_pipe, 0x100016c0); if (res != -1) { r[1] = *(uint32_t*)0x100016c0; r[2] = *(uint32_t*)0x100016c4; } break; case 7: *(uint8_t*)0x10001700 = 0x10; *(uint8_t*)0x10001701 = 2; *(uint16_t*)0x10001702 = htobe16(0x4e23); *(uint32_t*)0x10001704 = htobe32(7); *(uint8_t*)0x10001708 = 0; *(uint8_t*)0x10001709 = 0; *(uint8_t*)0x1000170a = 0; *(uint8_t*)0x1000170b = 0; *(uint8_t*)0x1000170c = 0; *(uint8_t*)0x1000170d = 0; *(uint8_t*)0x1000170e = 0; *(uint8_t*)0x1000170f = 0; *(uint32_t*)0x10001740 = 0x10; syscall(SYS_setsockopt, (intptr_t)r[2], 0x84, 0x8002, 0x10001700, 0x10001740); break; case 8: *(uint32_t*)0x100017c0 = 4; syscall(SYS_getsockopt, -1, 0x84, 0x20, 0x10001780, 0x100017c0); break; case 9: *(uint32_t*)0x10001800 = 8; *(uint16_t*)0x10001804 = 0x1000; *(uint16_t*)0x10001806 = 0; *(uint16_t*)0x10001808 = 0x8000; *(uint16_t*)0x1000180a = 0x200; *(uint16_t*)0x1000180c = 0x4000; *(uint16_t*)0x1000180e = 0; *(uint16_t*)0x10001810 = 1; *(uint16_t*)0x10001812 = 0; *(uint32_t*)0x10001840 = 0x14; syscall(SYS_getsockopt, (intptr_t)r[1], 0x84, 0x14, 0x10001800, 0x10001840); break; case 10: memcpy((void*)0x10000000, "\xc9\x0c\x8a\x7c\x33\x7f", 6); *(uint8_t*)0x10000006 = 0xaa; *(uint8_t*)0x10000007 = 0xaa; *(uint8_t*)0x10000008 = 0xaa; *(uint8_t*)0x10000009 = 0xaa; *(uint8_t*)0x1000000a = 0xaa; *(uint8_t*)0x1000000b = 0xaa; *(uint16_t*)0x1000000c = htobe16(0x8100); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 0, 3); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 3, 1); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 4, 12); *(uint16_t*)0x10000010 = htobe16(0x800); STORE_BY_BITMASK(uint8_t, , 0x10000012, 0x1c, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x10000012, 4, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x10000013, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x10000013, 0, 2, 6); *(uint16_t*)0x10000014 = htobe16(0x81); *(uint16_t*)0x10000016 = htobe16(0x65); *(uint16_t*)0x10000018 = htobe16(5); *(uint8_t*)0x1000001a = 1; *(uint8_t*)0x1000001b = 0x46; *(uint16_t*)0x1000001c = htobe16(0); *(uint32_t*)0x1000001e = htobe32(-1); *(uint8_t*)0x10000022 = 0xac; *(uint8_t*)0x10000023 = 0x14; *(uint8_t*)0x10000024 = 0; *(uint8_t*)0x10000025 = 0xbb; *(uint8_t*)0x10000026 = 0; *(uint8_t*)0x10000027 = 0x44; *(uint8_t*)0x10000028 = 0xc; *(uint8_t*)0x10000029 = 5; STORE_BY_BITMASK(uint8_t, , 0x1000002a, 0, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x1000002a, 3, 4, 4); *(uint32_t*)0x1000002b = htobe32(9); *(uint32_t*)0x1000002f = htobe32(4); *(uint8_t*)0x10000033 = 0x83; *(uint8_t*)0x10000034 = 0xb; *(uint8_t*)0x10000035 = 6; *(uint32_t*)0x10000036 = htobe32(0xe0000001); *(uint32_t*)0x1000003a = htobe32(-1); *(uint8_t*)0x1000003e = 0; *(uint8_t*)0x1000003f = 4; memcpy((void*)0x10000040, "\xa4\xd4", 2); *(uint8_t*)0x10000042 = 0x89; *(uint8_t*)0x10000043 = 0x13; *(uint8_t*)0x10000044 = 4; *(uint8_t*)0x10000045 = 0xac; *(uint8_t*)0x10000046 = 0x14; *(uint8_t*)0x10000047 = 0; *(uint8_t*)0x10000048 = 0xbb; *(uint32_t*)0x10000049 = htobe32(-1); *(uint8_t*)0x1000004d = 0xac; *(uint8_t*)0x1000004e = 0x14; *(uint8_t*)0x1000004f = 0; *(uint8_t*)0x10000050 = 0xbb; *(uint32_t*)0x10000051 = htobe32(0); *(uint8_t*)0x10000055 = 0x94; *(uint8_t*)0x10000056 = 6; *(uint32_t*)0x10000057 = htobe32(9); *(uint8_t*)0x1000005b = 0x94; *(uint8_t*)0x1000005c = 6; *(uint32_t*)0x1000005d = htobe32(0x80000001); *(uint8_t*)0x10000061 = 1; *(uint8_t*)0x10000062 = 0x83; *(uint8_t*)0x10000063 = 0x1f; *(uint8_t*)0x10000064 = 2; *(uint32_t*)0x10000065 = htobe32(0xe0000002); *(uint32_t*)0x10000069 = htobe32(0xe0000001); *(uint32_t*)0x1000006d = htobe32(0x7f000001); *(uint32_t*)0x10000071 = htobe32(0); *(uint32_t*)0x10000075 = htobe32(0x7f000001); *(uint32_t*)0x10000079 = htobe32(0x7f000001); *(uint32_t*)0x1000007d = htobe32(0xe0000001); memcpy((void*)0x10000082, "\x8d\x86\x2d\x09\x9b\x6b\xb2\xba\x6a\xea\xa6\xab\xd3\xe9\xd5\x82\xc9", 17); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x10000012, 112); *(uint16_t*)0x1000001c = csum_inet_digest(&csum_1); break; case 11: memcpy((void*)0x100000c0, "\xc4\xe1\xf5\xf3\x7b\x05\xc4\xc2\xf5\x47\x52\x5a\x80\x8f\x4e\x00\x00\x00\x00\x66\x0f\x38\x1d\xbc\x60\x07\x00\x00\x00\xc4\xe2\xad\x91\x74\xae\x7e\x81\xfe\x00\x00\x00\x00\x8f\xe9\xa0\x99\xd8\xe4\xff\xc4\xc1\x93\x5c\x17\xc4\xc3\xe1\x41\xae\x2f\x10\x9d\xc2\xd8", 64); syz_execute_func(0x100000c0); break; case 12: break; } } int main(void) { syscall(SYS_mmap, 0x10000000, 0x1000000, 7, 0x1012, -1, 0); use_temporary_dir(); loop(); return 0; } :331:17: error: use of undeclared identifier 'SYS_shm_open2' res = syscall(SYS_shm_open2, 0x10000240, 0x800, 0, 7, 0x10000280); ^ 1 error generated. compiler invocation: clang [-o /tmp/syz-executor667409217 -DGOOS_freebsd=1 -DGOARCH_386=1 -DHOSTGOOS_freebsd=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static -lc++ -Wno-overflow] --- FAIL: TestGenerate/freebsd/386/6 (1.58s) csource_test.go:121: --- FAIL: TestGenerate/freebsd/386/3 (1.29s) csource_test.go:121: --- FAIL: TestGenerate/freebsd/386/2 (1.35s) csource_test.go:121: --- FAIL: TestGenerate/freebsd/386/1 (1.31s) csource_test.go:121: --- FAIL: TestGenerate/freebsd/386/5 (1.55s) csource_test.go:121: FAIL FAIL github.com/google/syzkaller/pkg/csource 16.615s ok github.com/google/syzkaller/pkg/db (cached) ok github.com/google/syzkaller/pkg/email (cached) ? github.com/google/syzkaller/pkg/gce [no test files] ? github.com/google/syzkaller/pkg/gcs [no test files] ? github.com/google/syzkaller/pkg/hash [no test files] ok github.com/google/syzkaller/pkg/host 2.593s ? github.com/google/syzkaller/pkg/html [no test files] ok github.com/google/syzkaller/pkg/ifuzz (cached) ? github.com/google/syzkaller/pkg/ifuzz/iset [no test files] ? github.com/google/syzkaller/pkg/ifuzz/powerpc [no test files] ? github.com/google/syzkaller/pkg/ifuzz/powerpc/generated [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86 [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86/gen [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86/generated [no test files] ok github.com/google/syzkaller/pkg/instance 3.406s ok github.com/google/syzkaller/pkg/ipc 7.873s ? github.com/google/syzkaller/pkg/ipc/ipcconfig [no test files] ? github.com/google/syzkaller/pkg/kcidb [no test files] ok github.com/google/syzkaller/pkg/kconfig (cached) ok github.com/google/syzkaller/pkg/kd (cached) ok github.com/google/syzkaller/pkg/log (cached) ok github.com/google/syzkaller/pkg/mgrconfig 1.889s ok github.com/google/syzkaller/pkg/osutil (cached) ok github.com/google/syzkaller/pkg/report 5.645s ok github.com/google/syzkaller/pkg/repro 1.800s ? github.com/google/syzkaller/pkg/rpctype [no test files] ok github.com/google/syzkaller/pkg/runtest 63.117s ok github.com/google/syzkaller/pkg/serializer (cached) ? github.com/google/syzkaller/pkg/signal [no test files] ok github.com/google/syzkaller/pkg/symbolizer 0.530s ok github.com/google/syzkaller/pkg/vcs 9.576s ok github.com/google/syzkaller/prog 11.492s ok github.com/google/syzkaller/prog/test (cached) ? github.com/google/syzkaller/sys [no test files] ? github.com/google/syzkaller/sys/akaros [no test files] ? github.com/google/syzkaller/sys/akaros/gen [no test files] ? github.com/google/syzkaller/sys/freebsd [no test files] ? github.com/google/syzkaller/sys/freebsd/gen [no test files] ? github.com/google/syzkaller/sys/fuchsia [no test files] ? github.com/google/syzkaller/sys/fuchsia/fidlgen [no test files] ? github.com/google/syzkaller/sys/fuchsia/gen [no test files] ? github.com/google/syzkaller/sys/fuchsia/layout [no test files] ok github.com/google/syzkaller/sys/linux (cached) ? github.com/google/syzkaller/sys/linux/gen [no test files] ? github.com/google/syzkaller/sys/netbsd [no test files] ? github.com/google/syzkaller/sys/netbsd/gen [no test files] ok github.com/google/syzkaller/sys/openbsd (cached) ? github.com/google/syzkaller/sys/openbsd/gen [no test files] ? github.com/google/syzkaller/sys/syz-extract [no test files] ? github.com/google/syzkaller/sys/syz-sysgen [no test files] ? github.com/google/syzkaller/sys/targets [no test files] ? github.com/google/syzkaller/sys/test [no test files] ? github.com/google/syzkaller/sys/test/gen [no test files] ? github.com/google/syzkaller/sys/trusty [no test files] ? github.com/google/syzkaller/sys/trusty/gen [no test files] ? github.com/google/syzkaller/sys/windows [no test files] ? github.com/google/syzkaller/sys/windows/gen [no test files] ok github.com/google/syzkaller/syz-ci 1.861s ok github.com/google/syzkaller/syz-fuzzer 0.918s ok github.com/google/syzkaller/syz-hub 0.094s ok github.com/google/syzkaller/syz-hub/state (cached) ? github.com/google/syzkaller/syz-manager [no test files] ? github.com/google/syzkaller/tools/syz-benchcmp [no test files] ? github.com/google/syzkaller/tools/syz-bisect [no test files] ? github.com/google/syzkaller/tools/syz-check [no test files] ? github.com/google/syzkaller/tools/syz-cover [no test files] ? github.com/google/syzkaller/tools/syz-crush [no test files] ? github.com/google/syzkaller/tools/syz-db [no test files] ? github.com/google/syzkaller/tools/syz-execprog [no test files] ? github.com/google/syzkaller/tools/syz-expand [no test files] ? github.com/google/syzkaller/tools/syz-fmt [no test files] ? github.com/google/syzkaller/tools/syz-hubtool [no test files] ? github.com/google/syzkaller/tools/syz-kcidb [no test files] ? github.com/google/syzkaller/tools/syz-kconf [no test files] ok github.com/google/syzkaller/tools/syz-linter 2.366s ? github.com/google/syzkaller/tools/syz-make [no test files] ? github.com/google/syzkaller/tools/syz-minconfig [no test files] ? github.com/google/syzkaller/tools/syz-mutate [no test files] ? github.com/google/syzkaller/tools/syz-prog2c [no test files] ? github.com/google/syzkaller/tools/syz-reporter [no test files] ? github.com/google/syzkaller/tools/syz-repro [no test files] ? github.com/google/syzkaller/tools/syz-reprolist [no test files] ? github.com/google/syzkaller/tools/syz-runtest [no test files] ? github.com/google/syzkaller/tools/syz-showprio [no test files] ? github.com/google/syzkaller/tools/syz-stress [no test files] ? github.com/google/syzkaller/tools/syz-symbolize [no test files] ? github.com/google/syzkaller/tools/syz-testbuild [no test files] ? github.com/google/syzkaller/tools/syz-trace2syz [no test files] ok github.com/google/syzkaller/tools/syz-trace2syz/parser 0.107s ok github.com/google/syzkaller/tools/syz-trace2syz/proggen 0.579s ? github.com/google/syzkaller/tools/syz-tty [no test files] ? github.com/google/syzkaller/tools/syz-upgrade [no test files] ? github.com/google/syzkaller/tools/syz-usbgen [no test files] ok github.com/google/syzkaller/vm 13.657s ? github.com/google/syzkaller/vm/adb [no test files] ? github.com/google/syzkaller/vm/bhyve [no test files] ? github.com/google/syzkaller/vm/gce [no test files] ? github.com/google/syzkaller/vm/gvisor [no test files] ok github.com/google/syzkaller/vm/isolated 1.994s ? github.com/google/syzkaller/vm/kvm [no test files] ? github.com/google/syzkaller/vm/odroid [no test files] ? github.com/google/syzkaller/vm/qemu [no test files] ok github.com/google/syzkaller/vm/vmimpl 2.109s ? github.com/google/syzkaller/vm/vmm [no test files] ? github.com/google/syzkaller/vm/vmware [no test files] FAIL