? github.com/google/syzkaller/dashboard/dashapi [no test files] ok github.com/google/syzkaller/dashboard/app (cached) ? github.com/google/syzkaller/pkg/debugtracer [no test files] ? github.com/google/syzkaller/pkg/gcs [no test files] ? github.com/google/syzkaller/pkg/hash [no test files] ? github.com/google/syzkaller/pkg/html/pages [no test files] ? github.com/google/syzkaller/pkg/ifuzz/powerpc/generated [no test files] ? github.com/google/syzkaller/pkg/ifuzz/iset [no test files] ? github.com/google/syzkaller/pkg/ifuzz/powerpc [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86 [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86/generated [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86/gen [no test files] ? github.com/google/syzkaller/pkg/ipc/ipcconfig [no test files] ? github.com/google/syzkaller/pkg/kcidb [no test files] ? github.com/google/syzkaller/pkg/report/crash [no test files] ? github.com/google/syzkaller/pkg/rpctype [no test files] ? github.com/google/syzkaller/pkg/stats/syzbotstats [no test files] ? github.com/google/syzkaller/pkg/testutil [no test files] ? github.com/google/syzkaller/pkg/tools [no test files] ? github.com/google/syzkaller/sys [no test files] ? github.com/google/syzkaller/sys/akaros [no test files] ? github.com/google/syzkaller/sys/akaros/gen [no test files] ? github.com/google/syzkaller/sys/darwin/gen [no test files] ? github.com/google/syzkaller/sys/darwin [no test files] ? github.com/google/syzkaller/sys/fuchsia [no test files] ? github.com/google/syzkaller/sys/freebsd/gen [no test files] ? github.com/google/syzkaller/sys/freebsd [no test files] ? github.com/google/syzkaller/sys/fuchsia/fidlgen [no test files] ? github.com/google/syzkaller/sys/fuchsia/gen [no test files] ? github.com/google/syzkaller/sys/fuchsia/layout [no test files] ? github.com/google/syzkaller/sys/linux/gen [no test files] ? github.com/google/syzkaller/sys/netbsd/gen [no test files] ? github.com/google/syzkaller/sys/openbsd/gen [no test files] ? github.com/google/syzkaller/sys/syz-extract [no test files] ? github.com/google/syzkaller/sys/syz-sysgen [no test files] ? github.com/google/syzkaller/sys/targets [no test files] ? github.com/google/syzkaller/sys/test [no test files] ? github.com/google/syzkaller/sys/test/gen [no test files] ? github.com/google/syzkaller/sys/trusty [no test files] ? github.com/google/syzkaller/sys/trusty/gen [no test files] ? github.com/google/syzkaller/sys/windows/gen [no test files] ? github.com/google/syzkaller/sys/windows [no test files] ? github.com/google/syzkaller/syz-runner [no test files] ? github.com/google/syzkaller/tools/syz-benchcmp [no test files] ? github.com/google/syzkaller/tools/syz-bisect [no test files] ? github.com/google/syzkaller/tools/syz-build [no test files] ? github.com/google/syzkaller/tools/syz-check [no test files] ? github.com/google/syzkaller/tools/syz-cover [no test files] ? github.com/google/syzkaller/tools/syz-crush [no test files] ? github.com/google/syzkaller/tools/syz-execprog [no test files] ? github.com/google/syzkaller/tools/syz-db [no test files] ? github.com/google/syzkaller/tools/syz-expand [no test files] ? github.com/google/syzkaller/tools/syz-fillreports [no test files] ? github.com/google/syzkaller/tools/syz-fmt [no test files] ? github.com/google/syzkaller/tools/syz-hubtool [no test files] ? github.com/google/syzkaller/tools/syz-kcidb [no test files] ? github.com/google/syzkaller/tools/syz-lore [no test files] ? github.com/google/syzkaller/tools/syz-make [no test files] ? github.com/google/syzkaller/tools/syz-minconfig [no test files] ? github.com/google/syzkaller/tools/syz-mutate [no test files] ? github.com/google/syzkaller/tools/syz-prog2c [no test files] ? github.com/google/syzkaller/tools/syz-query-subsystems [no test files] ? github.com/google/syzkaller/tools/syz-reporter [no test files] ? github.com/google/syzkaller/tools/syz-repro [no test files] ? github.com/google/syzkaller/tools/syz-reprolist [no test files] ? github.com/google/syzkaller/tools/syz-runtest [no test files] ? github.com/google/syzkaller/tools/syz-showprio [no test files] ? github.com/google/syzkaller/tools/syz-stress [no test files] ? github.com/google/syzkaller/tools/syz-symbolize [no test files] ? github.com/google/syzkaller/tools/syz-testbuild [no test files] ? github.com/google/syzkaller/tools/syz-trace2syz [no test files] ? github.com/google/syzkaller/tools/syz-tty [no test files] ? github.com/google/syzkaller/tools/syz-upgrade [no test files] ? github.com/google/syzkaller/tools/syz-usbgen [no test files] ? github.com/google/syzkaller/vm/adb [no test files] ? github.com/google/syzkaller/vm/cuttlefish [no test files] ? github.com/google/syzkaller/vm/gce [no test files] ? github.com/google/syzkaller/vm/bhyve [no test files] ? github.com/google/syzkaller/vm/gvisor [no test files] ? github.com/google/syzkaller/vm/kvm [no test files] ? github.com/google/syzkaller/vm/odroid [no test files] ? github.com/google/syzkaller/vm/proxyapp/mocks [no test files] ? github.com/google/syzkaller/vm/proxyapp/proxyrpc [no test files] ? github.com/google/syzkaller/vm/qemu [no test files] ? github.com/google/syzkaller/vm/starnix [no test files] ? github.com/google/syzkaller/vm/vmm [no test files] ? github.com/google/syzkaller/vm/vmware [no test files] ok github.com/google/syzkaller/executor 13.913s ok github.com/google/syzkaller/pkg/asset (cached) ok github.com/google/syzkaller/pkg/ast 1.320s ok github.com/google/syzkaller/pkg/auth (cached) ok github.com/google/syzkaller/pkg/bisect (cached) ok github.com/google/syzkaller/pkg/bisect/minimize (cached) ok github.com/google/syzkaller/pkg/build (cached) ok github.com/google/syzkaller/pkg/compiler 13.199s ok github.com/google/syzkaller/pkg/config (cached) ok github.com/google/syzkaller/pkg/corpus (cached) ok github.com/google/syzkaller/pkg/cover (cached) ok github.com/google/syzkaller/pkg/cover/backend (cached) --- FAIL: TestGenerate (13.26s) --- FAIL: TestGenerate/test/64 (0.00s) testutil.go:33: seed=1712132788195536984 testutil.go:33: seed=1712132788198854377 --- FAIL: TestGenerate/test/64/0 (0.92s) csource_test.go:150: opts: {Threaded:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: test$length28(&(0x7f0000000000)=@f1=0x2, 0x2a) (fail_nth: 1) test$r102_consumer_recur(&(0x7f0000000080)={&(0x7f0000000040)}) (async) test$output_res(&(0x7f00000000c0)) (rerun: 4) syz_compare(&(0x7f0000000100)='\xe2.+##\x00', 0x6, &(0x7f0000000140)=@bf8={0x7, {0x55, 0x5, 0x6}}, 0x8) r0 = mutate5(&(0x7f0000000180)='./file0\x00', 0xcdcdcdcd) mutate6(r0, &(0x7f00000001c0)="f6bd0e7f514ee57f35cc826099ddd7104ee9e1b2a58e9d4ea62c580c616ce50b9f54c84fa45c5f6c319dc42e82257ee64714e1b48656e7dc8e6ae9d8e2ec412a9e7bc176366251361d1f94f2fd07d1ed7e47f515bd8eae23f0daf969365bcc9c3a59ee99e8d766525ed676b39597a47e83c69c50f56dab45ab282b5bc202819b341fd68dfcf5936597bf2a902a3d4e4d0bfae375d0a668771eac256e1a689809c4de2088029d7130f4e5484b6f3b9b352fc98ce0fd9823daf74e12070f8bab901fb3122d1270993d9162668072867889c92228aa50ee00bdfa1a0ea01500d0a915ced48862a6b8f2855be4165ac9ee685471da4832c4d19ae29f8b4c38ecec4a232901885685de65846ed03358db05317ae3757bb4da46085d8773d0deb444a1566bcbe52654e0df704c9ce6a2783df78c3f6b16fc51cf3f94894c099d8b0575b3879d83911472beab1d2f6ccfc0640419bf2223dfc31fb1fa13571c60c5ab4189e0dcca05e5ee29faab57f5dd3d91a26e5f5f4f41cb89568f8a593d3e343c7f571a2fc2e3705902159c40655fb8479a88064740f22688fc5ff81e6276c4b7967baf9c50b1e049a10f37bc4226f670bbbe6d5f4533f0610c130243c6159deab6fd37364ab5dc135988eb3e604049674feca94a5e766179d1aba0de25d64ebf8263b7f8e3eb971b13d2561391777862cde0a879911b57eef2db92d7e44c3ac045c4b02d40f117f51132772d87c930122e30be249e84d14cb125c536678484be1dc8c984595ee2d79035e2a34769b70c8c1036fdc17f53e018c560aae68495cff2a47d066a850fac3590c04925ef084c152751f22abe115f19a00807bf8362425ac1273f7371c542557d7d73f1fa38d6f92b6a938258a234955552b7b962c24830f737af04aca037bbf353b9db62bc1a849339ceb619cb4de76cff742352a1e3e5154a7c7ea3435ca61bf4ea1c6a48b235dd70c459de5f033a7c09a0f29ef392ab14ac06471c9943c0e38ab5d85eb91b6d7c99882cb76021bf81b3460063c1e49c6ec237465409c71090d5300862249cca7c472dc98a530f3abff8c42dfa0f8227ac01317b2e8d88e3d823dd4620e76ff00e51912ad914f2ec60447e3c1275c132e142ec370f1e0fde138c46a9eefc0d8840f073d4485e9fd1aa4383b9473a60215be4be5f6737466573aa7705af72fe23637fc5382f57a98fd51b0d8112dc536f3e28da49b09d77e387713b5f9a8994bc3d36a2f44db8cd9fdcf04e51a53fd92c64f650b9d63981a5e1f2395a319fbad46f634dac567be0cc44405d57676832ce0b31bc60ca8b8af9049b6c44e4b6a5fca4376d5b42c3f457b973114be216893b16b93bca3fcd88fde5d4ff7e302f96010a74fc4813a6efd24b3cc7f30d9b387388ac5c6c9d1163365cc219a6b9aa5c6da2b603296cdc052608af38a6cd19ba177a1898dea9d4f51f717c3aeb236acb40940b47646c90999be61beaf2e30a9e6c28459b4606ed6d7ad89ea5bf867ac4addb2ba1629989efba7ef1b11cf8ae7f703f38d45e6c63717228bdd4fa31aa0841cad476d9b7562a21f74a8fc33f70b7c3d490bfb74f2469db0702a3d7b2240a832e63c75f1afd4e9ca9bed8c0e359a65c85c19000d6254803828038b809b2cce96262b7cf0db65147068cd8bdef00925f5275cdd3bb03b1718c8e664c5fb47d591ffe5b7a712aa52b010c5befa726106724e4abdf21841972d42c640b83b80fb4a5a93c946c7363de509d8d6241785f8d38b979a8e94a62e32604182ab0281fccac56627538eaf8cf36d0e56b479c8f72b71e35a76cc982201bf3cba3ee7f4f98883f72763dac0e7228126fd8deb615dfed9a5363feaf517d259bf449acff771b06b07253a628acee2e1e9f08806a1632701372f56c61997f90aefa14419478fcb86c015fb27b9e316aedebce0ab4d1b442fb50a4673f3a0245d491afabae61c61465ba98cb4211c920863fb64c7356ecc51b9bd67d29db6229f068c7bcf1e2e74df896d85f75f7f346053980f269d427ce21c21f07531bc5f17d918830ee23f5de18aefd2a6493868d9a0f7828b224bb82f9470c18e80e2c9c3d6bf6783ce24d9dc6d8f997ef23f663227e0a4b5de474aaf66212cdee1944d089f8be01fb4dcff08665cf24c916a724835b7f92e2f62bfe68b72d01c2e3fd6ba215c921ed9934aa247a776a61203b942c3eaeb978ba6552c409b144c6aaf44628909f0874b71f54e9e2660aee829cb9ed8f01e4e57200c7621c0f64095f08b147c458b2ddd8b9e9733cdfd27187a22fc955c72efcacf314504baa33a89a0fada5d80f39d5f466c08a60bd3501db201d30c775b9491b890bafabc18539bce967c645c63110213217677d345f6ce45954db0c60763b61211f2257023cd1e820b11a006b2afbaa9efb44fa7975317513108041d0f8e7b1f7869ecffe2193409a893071c19c3335531e4a5962096685b7eb75fd4f501f98680f2ec7ae1ee0f2a6769cdb87bc174747d662c670c81f351fd0a847e7bf935aa045be5920d2d53ba3358ad0ba340f3c152959e32857a6eee509c691bdf03254bd1855039bfb83d4f568f838c266c82d600e8e587525a7a5fb92d48ad1176702f0d9cd92ccb16cd1a9a0d1173f2904b11e572ad855f95cd995d997b20cf5424f8fd71e1aa9a85492a396fb6c43467d94353287c68957411bc3211c7db7c64eb5e20014ed5e6d867e01bc127973743165213a7e0252e93227ea0707cec631484391458a5cea95f9ec75084eef4df5ef371a8e21810a7dda02530d9de90b1ffcb0ed9a4ce962b9b033bbe8a130ec7f5aaec55d41369b40335c6121c9e7be35f31ffb6eb920d68be4c9afa7533dba403206e661a507272416d338acb01ccdf1903f16689981cdc3e4e4279d623077d6e28939b9f3bc8485655bc83e4402f96d58cabe0f7166fb1165d38a2275bd0af9d280f284f14f9b8a1f7a3818e70383204b3dd85771a026643eec76848a938ccd6537f3773f9db696c813f52dfb51a922202faf870e57d918dd594437ef61d4fa8e76f9b35196850bc89026cfd5a925bc01e3e6f93b380b50023661ebb2bb852c7d6e0acce37af84cef2238ee4b135e58e6312c84568d675c493ad932cc6081a309012d0582692e5b1d9c1b3e5d151d4aa2e24c6adaccb4b318eab0f8e6ac23e114627077fb091f6394d051ebaf16e9369be3b9750802bcd4fc1cc427678f18cf56253762ecee8042703e1d8ab4b4b3f6a2542508b9a744f80c368552ac1c47c99b2f3b5b6312f7fe39f8f4a7de33295f87da0fd789f2de17c600e4f9af069f2da2abe90968d36f62971dbeff1fc50d29923b8f204c9f6e7b7cc5f0d4f36fbf9b6792143a1de26945995ebc1ecc71522027057cb1d160708cd16c4880fdb685b95e3659096b37ae7f06c2630bc9ac51064e4c8f4eb7ec9109e0bef91f07970feee962f27551b15eb2f5fdc8367683d3ed2e6e48d75eaf2c641e98c30a068b3d620a0588565cac86c335de1470e5d955c3f298d84b202b1183edc03216aaa15c9bded714d4316323f6cedb0ccc769e727296f76285655976a6e2968c6365238a1b9bbd1d37785aeceefce724cbf52dc06113e76ac1bfd6847a2ee5466b7a02aaa22ebce2468ac3251ffb6044223cb83b437989ca8744c5cba732f4e095d7cab2840d4d37510e243211742721aee06e3b924c9e1aa3293f5f532b46c5123cda053f2f789c352873c4844fb472a1f0c16050da7dfbadbbeaa64e2ac1fc1f4f434835a961be706d55e5d5e799aa8d83f723de841d45ca6f6649145390e4d8c8d3a6248641d0809e5376b18318d6e0228bb75a2bc1b9631678159c9f6b8252c90250382521e588751545f47714c6bf5cb0ad5d92ba8d97ae35c4641d7a1503d1b9d3e43aeb4c2ae1a537da14149007bfd05d5e7fc5d04f0c3cb3262c30c7be88fbcaf0e1a0c346005da665c81a85d877c47c714dc84174c5dfb73529d519f12b77d0c96240eced2aee31a2174923a380984c4c847b27bd133f773d09ab582acf5f9950a5ea01c5906429607883e090acc1014e67c7c24054caf92f2e384e883df93d91b883000691aa81cf9149d179c6f0d0a893558155dd6c6bd1bad5071fbd388afc8015d85fc0b2e9df461e68da5279a2cf0fb93847624b6dacd6cc9259932224c6896d26ae9ddfc9e0311290049dd5fc385f15621d200ccff37774ecca50e2261fed40fbd6467fbdaffb5c8a4ec41b22783da2d3b6e8e5a11760c094c476e16a0c93ecc3f8ce5db5ca268085dfb022bf2230c93a041773af17980d33989fcebe46c0713a22006aefa923f4663d415be9f85f297822f62cc2c4fe8c258b63b5278677d61f9e204ca3ec143e45ffca813ac3623b8b0c193c711f634a60ce44dd342a24984f5820363545191578cec942d23047086f661e060a0bf705e746b437dd9c0b85fe3a9b40b9f517530444b6fd5a50792345c0dc1625b0b5d8b44b7b7192fe65769c0b19028b6731fff744d7f97b04864a9d1d258c5a1cd426b440a505fdaf1c470b466c955de1d3f87a73c8cfb57164a41150eefc32f527f624cddea3142cb0fc4b8a90e4911fa7e915dd8bb033019ce8edb7c1eccde770f77bda910c50ccd9fc12410bcebb89b00b4d18bb99bfee2ad9b6335f1771085b0b594eb256464663014ad8588e25322f6fee56235729ea077ad5519a15078e15a647303f92930f1944b1ee383c213ad9c54b813c1112b940046dcdd4e4b0c1662a4116b89e6575afae666db250168533f3511f9ea23bb3f0f4e85c95d45d6275e0d300ca9333b3d10a4f6fc4c56cd3267cdd5e0b30a92b654df9c41a5276e3cb314430bb87c7bd90651070ae0eb83cfad87b35e4c7bd16798c33af4a904095128929c7a4704920ee870f2d814eecd29fb5b76102a6536576df885f1165c48b1a2280b86d05606df565aaa3fb70ccc43ef96febbdaf4ba882315228f6fcb54cf4af08d31516adb3177547ad6aabcb1406d8d1cd5334dc60861244758c797a91564364e13be060495c5088541228f8a21aeb0ff723af8ea65cc61e6ae527819da71c393e394a77162a03501bd058c403ea9ff40b4b620ad1b1ecfb9ad3da5382fa6e89c163a61da6a504fc3c2a89afd742ec09f23978c0963fe9b37de16167ae93678bf1ee5ce8fc242b17e9c7857d8057dc1d155bb48b92dd492d469c868a6b5f4b08411332b6200184eb1a10bd3e8b2110300fb1f64a29f81c7229ac202e1c865ba7c01218f2e2afc9e554e680d659aa8a58f20976a190295eee2e348c5ae3d886fc6b98e0435fea751a239fcb5bdcde1f6637b5c756da903a2587b92120819cf345eb5c50adb01e1e3c6b2b8263e64becf3e0cc911a33feb4936d39c4c7a03bba1977d251e3f8a89158b10aea5a4e89d1b62db0f151c4ed6da17650451d1f983fb8ee9a38db3ea2a750af4e76472986bcfac4ef6d4c14ff17ba12079e3f35fb657a86179c2fe4cec32d07688e63048d4886445b229447805c385b539b920ae29b3abb487fbe249889c20b0b0694971d81beaf491746f076fa7cb1ffce1393269e0c5da8efc3a5d68f376582bdc16330abcd445226ecf7246f52c0ffc17ea5b56327e8ad176bf9d85f8a2479c3a5610fd87a45634ecbe2d698257a2843e24b397e8b22863c29729b78ceb3f3a15f8060b5e5079b410ba8ade439347516ae260d234f22be7d85e63fa0aad396725d1b5a182829b21a66273d52ce87fc6b17767075b3975115b209ba0ee215bb26976656f21b1c1d25b65ad830f1", 0x1000) mutate_flags(&(0x7f00000011c0)='./file0\x00', 0x8001, 0x0, 0x10) mutate9(&(0x7f0000001200)='.\x00') test$length28(&(0x7f0000001240)=@f1=0x9, 0x2a) mutate6(0xffffffffffffffff, &(0x7f0000001280)="47c524bdd3b2460dcd33cebaf3fcb6f61239ba80e320ba47f229c225bb6cf19809b04a844b3eadf6f2925e6ad6261aeab7f4a7338ca33bb457c0f8f9c02e71f3c7154d09c4d2fe331ba958c0b3c17491d1290b3fd63fbbd1b96d30ea70cc92fb21ab7c49ae98c192bf5561606eadaae38bdc6b86e17239c99bca69a24c4af00eee81ecffa6c4392857", 0x89) syz_compare(&(0x7f0000000000)='{^--\x00', 0x5, &(0x7f0000000040)=@fmt1=0x1f, 0x14) syz_compare_int$2(0x2, 0x4, 0x729) syz_errno(0x5) syz_execute_func(&(0x7f0000000080)="ca57f3c48fe47601d93b41a5fc16f022a6b407d2c5c201c868bd0ef2a6db68a93c16a1160a6fed525eb4fc6185a1cff25390") syz_exit(0x2) syz_mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000) syz_sleep_ms(0x4) syz_test_fuzzer1(0x7, 0x5, 0x4) csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #ifndef SYS_mutate5 #define SYS_mutate5 0 #endif #ifndef SYS_mutate6 #define SYS_mutate6 0 #endif #ifndef SYS_mutate9 #define SYS_mutate9 0 #endif #ifndef SYS_mutate_flags #define SYS_mutate_flags 0 #endif #ifndef SYS_test #define SYS_test 0 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static void fake_crash(const char* name) { exit(1); exit(1); } static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) { if (a == 1 && b == 1 && c == 1) fake_crash("first bug"); if (a == 1 && b == 2 && c == 3) fake_crash("second bug"); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[1] = {0xffffffffffffffff}; void execute_one(void) { intptr_t res = 0; *(uint8_t*)0x20000000 = 2; inject_fault(1); syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x2a, 0, 0, 0, 0); *(uint64_t*)0x20000080 = 0x20000040; *(uint32_t*)0x20000040 = 0; syscall(SYS_test, /*a=*/0x20000080ul, 0, 0, 0, 0, 0); syscall(SYS_test, /*arg=*/0x200000c0ul, 0, 0, 0, 0, 0); { int i; for(i = 0; i < 4; i++) { syscall(SYS_test, /*arg=*/0x200000c0ul, 0, 0, 0, 0, 0); } } memcpy((void*)0x20000100, "\342.+##\000", 6); *(uint8_t*)0x20000140 = 7; *(uint8_t*)0x20000144 = 0x55; STORE_BY_BITMASK(uint32_t, , 0x20000144, 5, 8, 4); STORE_BY_BITMASK(uint16_t, , 0x20000144, 6, 12, 4); syz_compare(/*want=*/0x20000100, /*want_len=*/6, /*got=*/0x20000140, /*got_len=*/8); memcpy((void*)0x20000180, "./file0\000", 8); res = syscall(SYS_mutate5, /*filename=*/0x20000180ul, /*flags=*/0xcdcdcdcdul); if (res != -1) r[0] = res; memcpy((void*)0x200001c0, "\xf6\xbd\x0e\x7f\x51\x4e\xe5\x7f\x35\xcc\x82\x60\x99\xdd\xd7\x10\x4e\xe9\xe1\xb2\xa5\x8e\x9d\x4e\xa6\x2c\x58\x0c\x61\x6c\xe5\x0b\x9f\x54\xc8\x4f\xa4\x5c\x5f\x6c\x31\x9d\xc4\x2e\x82\x25\x7e\xe6\x47\x14\xe1\xb4\x86\x56\xe7\xdc\x8e\x6a\xe9\xd8\xe2\xec\x41\x2a\x9e\x7b\xc1\x76\x36\x62\x51\x36\x1d\x1f\x94\xf2\xfd\x07\xd1\xed\x7e\x47\xf5\x15\xbd\x8e\xae\x23\xf0\xda\xf9\x69\x36\x5b\xcc\x9c\x3a\x59\xee\x99\xe8\xd7\x66\x52\x5e\xd6\x76\xb3\x95\x97\xa4\x7e\x83\xc6\x9c\x50\xf5\x6d\xab\x45\xab\x28\x2b\x5b\xc2\x02\x81\x9b\x34\x1f\xd6\x8d\xfc\xf5\x93\x65\x97\xbf\x2a\x90\x2a\x3d\x4e\x4d\x0b\xfa\xe3\x75\xd0\xa6\x68\x77\x1e\xac\x25\x6e\x1a\x68\x98\x09\xc4\xde\x20\x88\x02\x9d\x71\x30\xf4\xe5\x48\x4b\x6f\x3b\x9b\x35\x2f\xc9\x8c\xe0\xfd\x98\x23\xda\xf7\x4e\x12\x07\x0f\x8b\xab\x90\x1f\xb3\x12\x2d\x12\x70\x99\x3d\x91\x62\x66\x80\x72\x86\x78\x89\xc9\x22\x28\xaa\x50\xee\x00\xbd\xfa\x1a\x0e\xa0\x15\x00\xd0\xa9\x15\xce\xd4\x88\x62\xa6\xb8\xf2\x85\x5b\xe4\x16\x5a\xc9\xee\x68\x54\x71\xda\x48\x32\xc4\xd1\x9a\xe2\x9f\x8b\x4c\x38\xec\xec\x4a\x23\x29\x01\x88\x56\x85\xde\x65\x84\x6e\xd0\x33\x58\xdb\x05\x31\x7a\xe3\x75\x7b\xb4\xda\x46\x08\x5d\x87\x73\xd0\xde\xb4\x44\xa1\x56\x6b\xcb\xe5\x26\x54\xe0\xdf\x70\x4c\x9c\xe6\xa2\x78\x3d\xf7\x8c\x3f\x6b\x16\xfc\x51\xcf\x3f\x94\x89\x4c\x09\x9d\x8b\x05\x75\xb3\x87\x9d\x83\x91\x14\x72\xbe\xab\x1d\x2f\x6c\xcf\xc0\x64\x04\x19\xbf\x22\x23\xdf\xc3\x1f\xb1\xfa\x13\x57\x1c\x60\xc5\xab\x41\x89\xe0\xdc\xca\x05\xe5\xee\x29\xfa\xab\x57\xf5\xdd\x3d\x91\xa2\x6e\x5f\x5f\x4f\x41\xcb\x89\x56\x8f\x8a\x59\x3d\x3e\x34\x3c\x7f\x57\x1a\x2f\xc2\xe3\x70\x59\x02\x15\x9c\x40\x65\x5f\xb8\x47\x9a\x88\x06\x47\x40\xf2\x26\x88\xfc\x5f\xf8\x1e\x62\x76\xc4\xb7\x96\x7b\xaf\x9c\x50\xb1\xe0\x49\xa1\x0f\x37\xbc\x42\x26\xf6\x70\xbb\xbe\x6d\x5f\x45\x33\xf0\x61\x0c\x13\x02\x43\xc6\x15\x9d\xea\xb6\xfd\x37\x36\x4a\xb5\xdc\x13\x59\x88\xeb\x3e\x60\x40\x49\x67\x4f\xec\xa9\x4a\x5e\x76\x61\x79\xd1\xab\xa0\xde\x25\xd6\x4e\xbf\x82\x63\xb7\xf8\xe3\xeb\x97\x1b\x13\xd2\x56\x13\x91\x77\x78\x62\xcd\xe0\xa8\x79\x91\x1b\x57\xee\xf2\xdb\x92\xd7\xe4\x4c\x3a\xc0\x45\xc4\xb0\x2d\x40\xf1\x17\xf5\x11\x32\x77\x2d\x87\xc9\x30\x12\x2e\x30\xbe\x24\x9e\x84\xd1\x4c\xb1\x25\xc5\x36\x67\x84\x84\xbe\x1d\xc8\xc9\x84\x59\x5e\xe2\xd7\x90\x35\xe2\xa3\x47\x69\xb7\x0c\x8c\x10\x36\xfd\xc1\x7f\x53\xe0\x18\xc5\x60\xaa\xe6\x84\x95\xcf\xf2\xa4\x7d\x06\x6a\x85\x0f\xac\x35\x90\xc0\x49\x25\xef\x08\x4c\x15\x27\x51\xf2\x2a\xbe\x11\x5f\x19\xa0\x08\x07\xbf\x83\x62\x42\x5a\xc1\x27\x3f\x73\x71\xc5\x42\x55\x7d\x7d\x73\xf1\xfa\x38\xd6\xf9\x2b\x6a\x93\x82\x58\xa2\x34\x95\x55\x52\xb7\xb9\x62\xc2\x48\x30\xf7\x37\xaf\x04\xac\xa0\x37\xbb\xf3\x53\xb9\xdb\x62\xbc\x1a\x84\x93\x39\xce\xb6\x19\xcb\x4d\xe7\x6c\xff\x74\x23\x52\xa1\xe3\xe5\x15\x4a\x7c\x7e\xa3\x43\x5c\xa6\x1b\xf4\xea\x1c\x6a\x48\xb2\x35\xdd\x70\xc4\x59\xde\x5f\x03\x3a\x7c\x09\xa0\xf2\x9e\xf3\x92\xab\x14\xac\x06\x47\x1c\x99\x43\xc0\xe3\x8a\xb5\xd8\x5e\xb9\x1b\x6d\x7c\x99\x88\x2c\xb7\x60\x21\xbf\x81\xb3\x46\x00\x63\xc1\xe4\x9c\x6e\xc2\x37\x46\x54\x09\xc7\x10\x90\xd5\x30\x08\x62\x24\x9c\xca\x7c\x47\x2d\xc9\x8a\x53\x0f\x3a\xbf\xf8\xc4\x2d\xfa\x0f\x82\x27\xac\x01\x31\x7b\x2e\x8d\x88\xe3\xd8\x23\xdd\x46\x20\xe7\x6f\xf0\x0e\x51\x91\x2a\xd9\x14\xf2\xec\x60\x44\x7e\x3c\x12\x75\xc1\x32\xe1\x42\xec\x37\x0f\x1e\x0f\xde\x13\x8c\x46\xa9\xee\xfc\x0d\x88\x40\xf0\x73\xd4\x48\x5e\x9f\xd1\xaa\x43\x83\xb9\x47\x3a\x60\x21\x5b\xe4\xbe\x5f\x67\x37\x46\x65\x73\xaa\x77\x05\xaf\x72\xfe\x23\x63\x7f\xc5\x38\x2f\x57\xa9\x8f\xd5\x1b\x0d\x81\x12\xdc\x53\x6f\x3e\x28\xda\x49\xb0\x9d\x77\xe3\x87\x71\x3b\x5f\x9a\x89\x94\xbc\x3d\x36\xa2\xf4\x4d\xb8\xcd\x9f\xdc\xf0\x4e\x51\xa5\x3f\xd9\x2c\x64\xf6\x50\xb9\xd6\x39\x81\xa5\xe1\xf2\x39\x5a\x31\x9f\xba\xd4\x6f\x63\x4d\xac\x56\x7b\xe0\xcc\x44\x40\x5d\x57\x67\x68\x32\xce\x0b\x31\xbc\x60\xca\x8b\x8a\xf9\x04\x9b\x6c\x44\xe4\xb6\xa5\xfc\xa4\x37\x6d\x5b\x42\xc3\xf4\x57\xb9\x73\x11\x4b\xe2\x16\x89\x3b\x16\xb9\x3b\xca\x3f\xcd\x88\xfd\xe5\xd4\xff\x7e\x30\x2f\x96\x01\x0a\x74\xfc\x48\x13\xa6\xef\xd2\x4b\x3c\xc7\xf3\x0d\x9b\x38\x73\x88\xac\x5c\x6c\x9d\x11\x63\x36\x5c\xc2\x19\xa6\xb9\xaa\x5c\x6d\xa2\xb6\x03\x29\x6c\xdc\x05\x26\x08\xaf\x38\xa6\xcd\x19\xba\x17\x7a\x18\x98\xde\xa9\xd4\xf5\x1f\x71\x7c\x3a\xeb\x23\x6a\xcb\x40\x94\x0b\x47\x64\x6c\x90\x99\x9b\xe6\x1b\xea\xf2\xe3\x0a\x9e\x6c\x28\x45\x9b\x46\x06\xed\x6d\x7a\xd8\x9e\xa5\xbf\x86\x7a\xc4\xad\xdb\x2b\xa1\x62\x99\x89\xef\xba\x7e\xf1\xb1\x1c\xf8\xae\x7f\x70\x3f\x38\xd4\x5e\x6c\x63\x71\x72\x28\xbd\xd4\xfa\x31\xaa\x08\x41\xca\xd4\x76\xd9\xb7\x56\x2a\x21\xf7\x4a\x8f\xc3\x3f\x70\xb7\xc3\xd4\x90\xbf\xb7\x4f\x24\x69\xdb\x07\x02\xa3\xd7\xb2\x24\x0a\x83\x2e\x63\xc7\x5f\x1a\xfd\x4e\x9c\xa9\xbe\xd8\xc0\xe3\x59\xa6\x5c\x85\xc1\x90\x00\xd6\x25\x48\x03\x82\x80\x38\xb8\x09\xb2\xcc\xe9\x62\x62\xb7\xcf\x0d\xb6\x51\x47\x06\x8c\xd8\xbd\xef\x00\x92\x5f\x52\x75\xcd\xd3\xbb\x03\xb1\x71\x8c\x8e\x66\x4c\x5f\xb4\x7d\x59\x1f\xfe\x5b\x7a\x71\x2a\xa5\x2b\x01\x0c\x5b\xef\xa7\x26\x10\x67\x24\xe4\xab\xdf\x21\x84\x19\x72\xd4\x2c\x64\x0b\x83\xb8\x0f\xb4\xa5\xa9\x3c\x94\x6c\x73\x63\xde\x50\x9d\x8d\x62\x41\x78\x5f\x8d\x38\xb9\x79\xa8\xe9\x4a\x62\xe3\x26\x04\x18\x2a\xb0\x28\x1f\xcc\xac\x56\x62\x75\x38\xea\xf8\xcf\x36\xd0\xe5\x6b\x47\x9c\x8f\x72\xb7\x1e\x35\xa7\x6c\xc9\x82\x20\x1b\xf3\xcb\xa3\xee\x7f\x4f\x98\x88\x3f\x72\x76\x3d\xac\x0e\x72\x28\x12\x6f\xd8\xde\xb6\x15\xdf\xed\x9a\x53\x63\xfe\xaf\x51\x7d\x25\x9b\xf4\x49\xac\xff\x77\x1b\x06\xb0\x72\x53\xa6\x28\xac\xee\x2e\x1e\x9f\x08\x80\x6a\x16\x32\x70\x13\x72\xf5\x6c\x61\x99\x7f\x90\xae\xfa\x14\x41\x94\x78\xfc\xb8\x6c\x01\x5f\xb2\x7b\x9e\x31\x6a\xed\xeb\xce\x0a\xb4\xd1\xb4\x42\xfb\x50\xa4\x67\x3f\x3a\x02\x45\xd4\x91\xaf\xab\xae\x61\xc6\x14\x65\xba\x98\xcb\x42\x11\xc9\x20\x86\x3f\xb6\x4c\x73\x56\xec\xc5\x1b\x9b\xd6\x7d\x29\xdb\x62\x29\xf0\x68\xc7\xbc\xf1\xe2\xe7\x4d\xf8\x96\xd8\x5f\x75\xf7\xf3\x46\x05\x39\x80\xf2\x69\xd4\x27\xce\x21\xc2\x1f\x07\x53\x1b\xc5\xf1\x7d\x91\x88\x30\xee\x23\xf5\xde\x18\xae\xfd\x2a\x64\x93\x86\x8d\x9a\x0f\x78\x28\xb2\x24\xbb\x82\xf9\x47\x0c\x18\xe8\x0e\x2c\x9c\x3d\x6b\xf6\x78\x3c\xe2\x4d\x9d\xc6\xd8\xf9\x97\xef\x23\xf6\x63\x22\x7e\x0a\x4b\x5d\xe4\x74\xaa\xf6\x62\x12\xcd\xee\x19\x44\xd0\x89\xf8\xbe\x01\xfb\x4d\xcf\xf0\x86\x65\xcf\x24\xc9\x16\xa7\x24\x83\x5b\x7f\x92\xe2\xf6\x2b\xfe\x68\xb7\x2d\x01\xc2\xe3\xfd\x6b\xa2\x15\xc9\x21\xed\x99\x34\xaa\x24\x7a\x77\x6a\x61\x20\x3b\x94\x2c\x3e\xae\xb9\x78\xba\x65\x52\xc4\x09\xb1\x44\xc6\xaa\xf4\x46\x28\x90\x9f\x08\x74\xb7\x1f\x54\xe9\xe2\x66\x0a\xee\x82\x9c\xb9\xed\x8f\x01\xe4\xe5\x72\x00\xc7\x62\x1c\x0f\x64\x09\x5f\x08\xb1\x47\xc4\x58\xb2\xdd\xd8\xb9\xe9\x73\x3c\xdf\xd2\x71\x87\xa2\x2f\xc9\x55\xc7\x2e\xfc\xac\xf3\x14\x50\x4b\xaa\x33\xa8\x9a\x0f\xad\xa5\xd8\x0f\x39\xd5\xf4\x66\xc0\x8a\x60\xbd\x35\x01\xdb\x20\x1d\x30\xc7\x75\xb9\x49\x1b\x89\x0b\xaf\xab\xc1\x85\x39\xbc\xe9\x67\xc6\x45\xc6\x31\x10\x21\x32\x17\x67\x7d\x34\x5f\x6c\xe4\x59\x54\xdb\x0c\x60\x76\x3b\x61\x21\x1f\x22\x57\x02\x3c\xd1\xe8\x20\xb1\x1a\x00\x6b\x2a\xfb\xaa\x9e\xfb\x44\xfa\x79\x75\x31\x75\x13\x10\x80\x41\xd0\xf8\xe7\xb1\xf7\x86\x9e\xcf\xfe\x21\x93\x40\x9a\x89\x30\x71\xc1\x9c\x33\x35\x53\x1e\x4a\x59\x62\x09\x66\x85\xb7\xeb\x75\xfd\x4f\x50\x1f\x98\x68\x0f\x2e\xc7\xae\x1e\xe0\xf2\xa6\x76\x9c\xdb\x87\xbc\x17\x47\x47\xd6\x62\xc6\x70\xc8\x1f\x35\x1f\xd0\xa8\x47\xe7\xbf\x93\x5a\xa0\x45\xbe\x59\x20\xd2\xd5\x3b\xa3\x35\x8a\xd0\xba\x34\x0f\x3c\x15\x29\x59\xe3\x28\x57\xa6\xee\xe5\x09\xc6\x91\xbd\xf0\x32\x54\xbd\x18\x55\x03\x9b\xfb\x83\xd4\xf5\x68\xf8\x38\xc2\x66\xc8\x2d\x60\x0e\x8e\x58\x75\x25\xa7\xa5\xfb\x92\xd4\x8a\xd1\x17\x67\x02\xf0\xd9\xcd\x92\xcc\xb1\x6c\xd1\xa9\xa0\xd1\x17\x3f\x29\x04\xb1\x1e\x57\x2a\xd8\x55\xf9\x5c\xd9\x95\xd9\x97\xb2\x0c\xf5\x42\x4f\x8f\xd7\x1e\x1a\xa9\xa8\x54\x92\xa3\x96\xfb\x6c\x43\x46\x7d\x94\x35\x32\x87\xc6\x89\x57\x41\x1b\xc3\x21\x1c\x7d\xb7\xc6\x4e\xb5\xe2\x00\x14\xed\x5e\x6d\x86\x7e\x01\xbc\x12\x79\x73\x74\x31\x65\x21\x3a\x7e\x02\x52\xe9\x32\x27\xea\x07\x07\xce\xc6\x31\x48\x43\x91\x45\x8a\x5c\xea\x95\xf9\xec\x75\x08\x4e\xef\x4d\xf5\xef\x37\x1a\x8e\x21\x81\x0a\x7d\xda\x02\x53\x0d\x9d\xe9\x0b\x1f\xfc\xb0\xed\x9a\x4c\xe9\x62\xb9\xb0\x33\xbb\xe8\xa1\x30\xec\x7f\x5a\xae\xc5\x5d\x41\x36\x9b\x40\x33\x5c\x61\x21\xc9\xe7\xbe\x35\xf3\x1f\xfb\x6e\xb9\x20\xd6\x8b\xe4\xc9\xaf\xa7\x53\x3d\xba\x40\x32\x06\xe6\x61\xa5\x07\x27\x24\x16\xd3\x38\xac\xb0\x1c\xcd\xf1\x90\x3f\x16\x68\x99\x81\xcd\xc3\xe4\xe4\x27\x9d\x62\x30\x77\xd6\xe2\x89\x39\xb9\xf3\xbc\x84\x85\x65\x5b\xc8\x3e\x44\x02\xf9\x6d\x58\xca\xbe\x0f\x71\x66\xfb\x11\x65\xd3\x8a\x22\x75\xbd\x0a\xf9\xd2\x80\xf2\x84\xf1\x4f\x9b\x8a\x1f\x7a\x38\x18\xe7\x03\x83\x20\x4b\x3d\xd8\x57\x71\xa0\x26\x64\x3e\xec\x76\x84\x8a\x93\x8c\xcd\x65\x37\xf3\x77\x3f\x9d\xb6\x96\xc8\x13\xf5\x2d\xfb\x51\xa9\x22\x20\x2f\xaf\x87\x0e\x57\xd9\x18\xdd\x59\x44\x37\xef\x61\xd4\xfa\x8e\x76\xf9\xb3\x51\x96\x85\x0b\xc8\x90\x26\xcf\xd5\xa9\x25\xbc\x01\xe3\xe6\xf9\x3b\x38\x0b\x50\x02\x36\x61\xeb\xb2\xbb\x85\x2c\x7d\x6e\x0a\xcc\xe3\x7a\xf8\x4c\xef\x22\x38\xee\x4b\x13\x5e\x58\xe6\x31\x2c\x84\x56\x8d\x67\x5c\x49\x3a\xd9\x32\xcc\x60\x81\xa3\x09\x01\x2d\x05\x82\x69\x2e\x5b\x1d\x9c\x1b\x3e\x5d\x15\x1d\x4a\xa2\xe2\x4c\x6a\xda\xcc\xb4\xb3\x18\xea\xb0\xf8\xe6\xac\x23\xe1\x14\x62\x70\x77\xfb\x09\x1f\x63\x94\xd0\x51\xeb\xaf\x16\xe9\x36\x9b\xe3\xb9\x75\x08\x02\xbc\xd4\xfc\x1c\xc4\x27\x67\x8f\x18\xcf\x56\x25\x37\x62\xec\xee\x80\x42\x70\x3e\x1d\x8a\xb4\xb4\xb3\xf6\xa2\x54\x25\x08\xb9\xa7\x44\xf8\x0c\x36\x85\x52\xac\x1c\x47\xc9\x9b\x2f\x3b\x5b\x63\x12\xf7\xfe\x39\xf8\xf4\xa7\xde\x33\x29\x5f\x87\xda\x0f\xd7\x89\xf2\xde\x17\xc6\x00\xe4\xf9\xaf\x06\x9f\x2d\xa2\xab\xe9\x09\x68\xd3\x6f\x62\x97\x1d\xbe\xff\x1f\xc5\x0d\x29\x92\x3b\x8f\x20\x4c\x9f\x6e\x7b\x7c\xc5\xf0\xd4\xf3\x6f\xbf\x9b\x67\x92\x14\x3a\x1d\xe2\x69\x45\x99\x5e\xbc\x1e\xcc\x71\x52\x20\x27\x05\x7c\xb1\xd1\x60\x70\x8c\xd1\x6c\x48\x80\xfd\xb6\x85\xb9\x5e\x36\x59\x09\x6b\x37\xae\x7f\x06\xc2\x63\x0b\xc9\xac\x51\x06\x4e\x4c\x8f\x4e\xb7\xec\x91\x09\xe0\xbe\xf9\x1f\x07\x97\x0f\xee\xe9\x62\xf2\x75\x51\xb1\x5e\xb2\xf5\xfd\xc8\x36\x76\x83\xd3\xed\x2e\x6e\x48\xd7\x5e\xaf\x2c\x64\x1e\x98\xc3\x0a\x06\x8b\x3d\x62\x0a\x05\x88\x56\x5c\xac\x86\xc3\x35\xde\x14\x70\xe5\xd9\x55\xc3\xf2\x98\xd8\x4b\x20\x2b\x11\x83\xed\xc0\x32\x16\xaa\xa1\x5c\x9b\xde\xd7\x14\xd4\x31\x63\x23\xf6\xce\xdb\x0c\xcc\x76\x9e\x72\x72\x96\xf7\x62\x85\x65\x59\x76\xa6\xe2\x96\x8c\x63\x65\x23\x8a\x1b\x9b\xbd\x1d\x37\x78\x5a\xec\xee\xfc\xe7\x24\xcb\xf5\x2d\xc0\x61\x13\xe7\x6a\xc1\xbf\xd6\x84\x7a\x2e\xe5\x46\x6b\x7a\x02\xaa\xa2\x2e\xbc\xe2\x46\x8a\xc3\x25\x1f\xfb\x60\x44\x22\x3c\xb8\x3b\x43\x79\x89\xca\x87\x44\xc5\xcb\xa7\x32\xf4\xe0\x95\xd7\xca\xb2\x84\x0d\x4d\x37\x51\x0e\x24\x32\x11\x74\x27\x21\xae\xe0\x6e\x3b\x92\x4c\x9e\x1a\xa3\x29\x3f\x5f\x53\x2b\x46\xc5\x12\x3c\xda\x05\x3f\x2f\x78\x9c\x35\x28\x73\xc4\x84\x4f\xb4\x72\xa1\xf0\xc1\x60\x50\xda\x7d\xfb\xad\xbb\xea\xa6\x4e\x2a\xc1\xfc\x1f\x4f\x43\x48\x35\xa9\x61\xbe\x70\x6d\x55\xe5\xd5\xe7\x99\xaa\x8d\x83\xf7\x23\xde\x84\x1d\x45\xca\x6f\x66\x49\x14\x53\x90\xe4\xd8\xc8\xd3\xa6\x24\x86\x41\xd0\x80\x9e\x53\x76\xb1\x83\x18\xd6\xe0\x22\x8b\xb7\x5a\x2b\xc1\xb9\x63\x16\x78\x15\x9c\x9f\x6b\x82\x52\xc9\x02\x50\x38\x25\x21\xe5\x88\x75\x15\x45\xf4\x77\x14\xc6\xbf\x5c\xb0\xad\x5d\x92\xba\x8d\x97\xae\x35\xc4\x64\x1d\x7a\x15\x03\xd1\xb9\xd3\xe4\x3a\xeb\x4c\x2a\xe1\xa5\x37\xda\x14\x14\x90\x07\xbf\xd0\x5d\x5e\x7f\xc5\xd0\x4f\x0c\x3c\xb3\x26\x2c\x30\xc7\xbe\x88\xfb\xca\xf0\xe1\xa0\xc3\x46\x00\x5d\xa6\x65\xc8\x1a\x85\xd8\x77\xc4\x7c\x71\x4d\xc8\x41\x74\xc5\xdf\xb7\x35\x29\xd5\x19\xf1\x2b\x77\xd0\xc9\x62\x40\xec\xed\x2a\xee\x31\xa2\x17\x49\x23\xa3\x80\x98\x4c\x4c\x84\x7b\x27\xbd\x13\x3f\x77\x3d\x09\xab\x58\x2a\xcf\x5f\x99\x50\xa5\xea\x01\xc5\x90\x64\x29\x60\x78\x83\xe0\x90\xac\xc1\x01\x4e\x67\xc7\xc2\x40\x54\xca\xf9\x2f\x2e\x38\x4e\x88\x3d\xf9\x3d\x91\xb8\x83\x00\x06\x91\xaa\x81\xcf\x91\x49\xd1\x79\xc6\xf0\xd0\xa8\x93\x55\x81\x55\xdd\x6c\x6b\xd1\xba\xd5\x07\x1f\xbd\x38\x8a\xfc\x80\x15\xd8\x5f\xc0\xb2\xe9\xdf\x46\x1e\x68\xda\x52\x79\xa2\xcf\x0f\xb9\x38\x47\x62\x4b\x6d\xac\xd6\xcc\x92\x59\x93\x22\x24\xc6\x89\x6d\x26\xae\x9d\xdf\xc9\xe0\x31\x12\x90\x04\x9d\xd5\xfc\x38\x5f\x15\x62\x1d\x20\x0c\xcf\xf3\x77\x74\xec\xca\x50\xe2\x26\x1f\xed\x40\xfb\xd6\x46\x7f\xbd\xaf\xfb\x5c\x8a\x4e\xc4\x1b\x22\x78\x3d\xa2\xd3\xb6\xe8\xe5\xa1\x17\x60\xc0\x94\xc4\x76\xe1\x6a\x0c\x93\xec\xc3\xf8\xce\x5d\xb5\xca\x26\x80\x85\xdf\xb0\x22\xbf\x22\x30\xc9\x3a\x04\x17\x73\xaf\x17\x98\x0d\x33\x98\x9f\xce\xbe\x46\xc0\x71\x3a\x22\x00\x6a\xef\xa9\x23\xf4\x66\x3d\x41\x5b\xe9\xf8\x5f\x29\x78\x22\xf6\x2c\xc2\xc4\xfe\x8c\x25\x8b\x63\xb5\x27\x86\x77\xd6\x1f\x9e\x20\x4c\xa3\xec\x14\x3e\x45\xff\xca\x81\x3a\xc3\x62\x3b\x8b\x0c\x19\x3c\x71\x1f\x63\x4a\x60\xce\x44\xdd\x34\x2a\x24\x98\x4f\x58\x20\x36\x35\x45\x19\x15\x78\xce\xc9\x42\xd2\x30\x47\x08\x6f\x66\x1e\x06\x0a\x0b\xf7\x05\xe7\x46\xb4\x37\xdd\x9c\x0b\x85\xfe\x3a\x9b\x40\xb9\xf5\x17\x53\x04\x44\xb6\xfd\x5a\x50\x79\x23\x45\xc0\xdc\x16\x25\xb0\xb5\xd8\xb4\x4b\x7b\x71\x92\xfe\x65\x76\x9c\x0b\x19\x02\x8b\x67\x31\xff\xf7\x44\xd7\xf9\x7b\x04\x86\x4a\x9d\x1d\x25\x8c\x5a\x1c\xd4\x26\xb4\x40\xa5\x05\xfd\xaf\x1c\x47\x0b\x46\x6c\x95\x5d\xe1\xd3\xf8\x7a\x73\xc8\xcf\xb5\x71\x64\xa4\x11\x50\xee\xfc\x32\xf5\x27\xf6\x24\xcd\xde\xa3\x14\x2c\xb0\xfc\x4b\x8a\x90\xe4\x91\x1f\xa7\xe9\x15\xdd\x8b\xb0\x33\x01\x9c\xe8\xed\xb7\xc1\xec\xcd\xe7\x70\xf7\x7b\xda\x91\x0c\x50\xcc\xd9\xfc\x12\x41\x0b\xce\xbb\x89\xb0\x0b\x4d\x18\xbb\x99\xbf\xee\x2a\xd9\xb6\x33\x5f\x17\x71\x08\x5b\x0b\x59\x4e\xb2\x56\x46\x46\x63\x01\x4a\xd8\x58\x8e\x25\x32\x2f\x6f\xee\x56\x23\x57\x29\xea\x07\x7a\xd5\x51\x9a\x15\x07\x8e\x15\xa6\x47\x30\x3f\x92\x93\x0f\x19\x44\xb1\xee\x38\x3c\x21\x3a\xd9\xc5\x4b\x81\x3c\x11\x12\xb9\x40\x04\x6d\xcd\xd4\xe4\xb0\xc1\x66\x2a\x41\x16\xb8\x9e\x65\x75\xaf\xae\x66\x6d\xb2\x50\x16\x85\x33\xf3\x51\x1f\x9e\xa2\x3b\xb3\xf0\xf4\xe8\x5c\x95\xd4\x5d\x62\x75\xe0\xd3\x00\xca\x93\x33\xb3\xd1\x0a\x4f\x6f\xc4\xc5\x6c\xd3\x26\x7c\xdd\x5e\x0b\x30\xa9\x2b\x65\x4d\xf9\xc4\x1a\x52\x76\xe3\xcb\x31\x44\x30\xbb\x87\xc7\xbd\x90\x65\x10\x70\xae\x0e\xb8\x3c\xfa\xd8\x7b\x35\xe4\xc7\xbd\x16\x79\x8c\x33\xaf\x4a\x90\x40\x95\x12\x89\x29\xc7\xa4\x70\x49\x20\xee\x87\x0f\x2d\x81\x4e\xec\xd2\x9f\xb5\xb7\x61\x02\xa6\x53\x65\x76\xdf\x88\x5f\x11\x65\xc4\x8b\x1a\x22\x80\xb8\x6d\x05\x60\x6d\xf5\x65\xaa\xa3\xfb\x70\xcc\xc4\x3e\xf9\x6f\xeb\xbd\xaf\x4b\xa8\x82\x31\x52\x28\xf6\xfc\xb5\x4c\xf4\xaf\x08\xd3\x15\x16\xad\xb3\x17\x75\x47\xad\x6a\xab\xcb\x14\x06\xd8\xd1\xcd\x53\x34\xdc\x60\x86\x12\x44\x75\x8c\x79\x7a\x91\x56\x43\x64\xe1\x3b\xe0\x60\x49\x5c\x50\x88\x54\x12\x28\xf8\xa2\x1a\xeb\x0f\xf7\x23\xaf\x8e\xa6\x5c\xc6\x1e\x6a\xe5\x27\x81\x9d\xa7\x1c\x39\x3e\x39\x4a\x77\x16\x2a\x03\x50\x1b\xd0\x58\xc4\x03\xea\x9f\xf4\x0b\x4b\x62\x0a\xd1\xb1\xec\xfb\x9a\xd3\xda\x53\x82\xfa\x6e\x89\xc1\x63\xa6\x1d\xa6\xa5\x04\xfc\x3c\x2a\x89\xaf\xd7\x42\xec\x09\xf2\x39\x78\xc0\x96\x3f\xe9\xb3\x7d\xe1\x61\x67\xae\x93\x67\x8b\xf1\xee\x5c\xe8\xfc\x24\x2b\x17\xe9\xc7\x85\x7d\x80\x57\xdc\x1d\x15\x5b\xb4\x8b\x92\xdd\x49\x2d\x46\x9c\x86\x8a\x6b\x5f\x4b\x08\x41\x13\x32\xb6\x20\x01\x84\xeb\x1a\x10\xbd\x3e\x8b\x21\x10\x30\x0f\xb1\xf6\x4a\x29\xf8\x1c\x72\x29\xac\x20\x2e\x1c\x86\x5b\xa7\xc0\x12\x18\xf2\xe2\xaf\xc9\xe5\x54\xe6\x80\xd6\x59\xaa\x8a\x58\xf2\x09\x76\xa1\x90\x29\x5e\xee\x2e\x34\x8c\x5a\xe3\xd8\x86\xfc\x6b\x98\xe0\x43\x5f\xea\x75\x1a\x23\x9f\xcb\x5b\xdc\xde\x1f\x66\x37\xb5\xc7\x56\xda\x90\x3a\x25\x87\xb9\x21\x20\x81\x9c\xf3\x45\xeb\x5c\x50\xad\xb0\x1e\x1e\x3c\x6b\x2b\x82\x63\xe6\x4b\xec\xf3\xe0\xcc\x91\x1a\x33\xfe\xb4\x93\x6d\x39\xc4\xc7\xa0\x3b\xba\x19\x77\xd2\x51\xe3\xf8\xa8\x91\x58\xb1\x0a\xea\x5a\x4e\x89\xd1\xb6\x2d\xb0\xf1\x51\xc4\xed\x6d\xa1\x76\x50\x45\x1d\x1f\x98\x3f\xb8\xee\x9a\x38\xdb\x3e\xa2\xa7\x50\xaf\x4e\x76\x47\x29\x86\xbc\xfa\xc4\xef\x6d\x4c\x14\xff\x17\xba\x12\x07\x9e\x3f\x35\xfb\x65\x7a\x86\x17\x9c\x2f\xe4\xce\xc3\x2d\x07\x68\x8e\x63\x04\x8d\x48\x86\x44\x5b\x22\x94\x47\x80\x5c\x38\x5b\x53\x9b\x92\x0a\xe2\x9b\x3a\xbb\x48\x7f\xbe\x24\x98\x89\xc2\x0b\x0b\x06\x94\x97\x1d\x81\xbe\xaf\x49\x17\x46\xf0\x76\xfa\x7c\xb1\xff\xce\x13\x93\x26\x9e\x0c\x5d\xa8\xef\xc3\xa5\xd6\x8f\x37\x65\x82\xbd\xc1\x63\x30\xab\xcd\x44\x52\x26\xec\xf7\x24\x6f\x52\xc0\xff\xc1\x7e\xa5\xb5\x63\x27\xe8\xad\x17\x6b\xf9\xd8\x5f\x8a\x24\x79\xc3\xa5\x61\x0f\xd8\x7a\x45\x63\x4e\xcb\xe2\xd6\x98\x25\x7a\x28\x43\xe2\x4b\x39\x7e\x8b\x22\x86\x3c\x29\x72\x9b\x78\xce\xb3\xf3\xa1\x5f\x80\x60\xb5\xe5\x07\x9b\x41\x0b\xa8\xad\xe4\x39\x34\x75\x16\xae\x26\x0d\x23\x4f\x22\xbe\x7d\x85\xe6\x3f\xa0\xaa\xd3\x96\x72\x5d\x1b\x5a\x18\x28\x29\xb2\x1a\x66\x27\x3d\x52\xce\x87\xfc\x6b\x17\x76\x70\x75\xb3\x97\x51\x15\xb2\x09\xba\x0e\xe2\x15\xbb\x26\x97\x66\x56\xf2\x1b\x1c\x1d\x25\xb6\x5a\xd8\x30\xf1", 4096); syscall(SYS_mutate6, /*fd=*/r[0], /*data=*/0x200001c0ul, /*size=*/0x1000ul); memcpy((void*)0x200011c0, "./file0\000", 8); syscall(SYS_mutate_flags, /*filename=*/0x200011c0ul, /*i1=*/0x8001ul, /*b1=*/0, /*flags=*/0x10ul); memcpy((void*)0x20001200, ".\000", 2); syscall(SYS_mutate9, /*filename=*/0x20001200ul); *(uint8_t*)0x20001240 = 9; syscall(SYS_test, /*a0=*/0x20001240ul, /*a1=*/0x2a, 0, 0, 0, 0); memcpy((void*)0x20001280, "\x47\xc5\x24\xbd\xd3\xb2\x46\x0d\xcd\x33\xce\xba\xf3\xfc\xb6\xf6\x12\x39\xba\x80\xe3\x20\xba\x47\xf2\x29\xc2\x25\xbb\x6c\xf1\x98\x09\xb0\x4a\x84\x4b\x3e\xad\xf6\xf2\x92\x5e\x6a\xd6\x26\x1a\xea\xb7\xf4\xa7\x33\x8c\xa3\x3b\xb4\x57\xc0\xf8\xf9\xc0\x2e\x71\xf3\xc7\x15\x4d\x09\xc4\xd2\xfe\x33\x1b\xa9\x58\xc0\xb3\xc1\x74\x91\xd1\x29\x0b\x3f\xd6\x3f\xbb\xd1\xb9\x6d\x30\xea\x70\xcc\x92\xfb\x21\xab\x7c\x49\xae\x98\xc1\x92\xbf\x55\x61\x60\x6e\xad\xaa\xe3\x8b\xdc\x6b\x86\xe1\x72\x39\xc9\x9b\xca\x69\xa2\x4c\x4a\xf0\x0e\xee\x81\xec\xff\xa6\xc4\x39\x28\x57", 137); syscall(SYS_mutate6, /*fd=*/-1, /*data=*/0x20001280ul, /*size=*/0x89ul); memcpy((void*)0x20000000, "{^--\000", 5); sprintf((char*)0x20000040, "%020llu", (long long)0x1f); syz_compare(/*want=*/0x20000000, /*want_len=*/5, /*got=*/0x20000040, /*got_len=*/0x14); syz_compare_int(/*n=*/2, /*v0=*/4, /*v1=*/0x729, 0, 0); syz_errno(/*v=*/5); memcpy((void*)0x20000080, "\xca\x57\xf3\xc4\x8f\xe4\x76\x01\xd9\x3b\x41\xa5\xfc\x16\xf0\x22\xa6\xb4\x07\xd2\xc5\xc2\x01\xc8\x68\xbd\x0e\xf2\xa6\xdb\x68\xa9\x3c\x16\xa1\x16\x0a\x6f\xed\x52\x5e\xb4\xfc\x61\x85\xa1\xcf\xf2\x53\x90", 50); syz_execute_func(/*text=*/0x20000080); syz_exit(/*status=*/2); syz_mmap(/*addr=*/0x20ffc000, /*len=*/0x3000); syz_sleep_ms(/*ms=*/4); syz_test_fuzzer1(/*a=*/7, /*b=*/5, /*c=*/4); } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :165:2: error: call to undeclared function 'syscall'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x2a, 0, 0, 0, 0); ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor1565313474 -DGOOS_test=1 -DGOARCH_64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fno-exceptions] --- FAIL: TestGenerate/test/64/6 (1.06s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: test$length28(&(0x7f0000000000)=@f1=0x2, 0x2a) (fail_nth: 1) test$r102_consumer_recur(&(0x7f0000000080)={&(0x7f0000000040)}) (async) test$output_res(&(0x7f00000000c0)) (rerun: 4) syz_compare(&(0x7f0000000100)='\xe2.+##\x00', 0x6, &(0x7f0000000140)=@bf8={0x7, {0x55, 0x5, 0x6}}, 0x8) r0 = mutate5(&(0x7f0000000180)='./file0\x00', 0xcdcdcdcd) mutate6(r0, &(0x7f00000001c0)="f6bd0e7f514ee57f35cc826099ddd7104ee9e1b2a58e9d4ea62c580c616ce50b9f54c84fa45c5f6c319dc42e82257ee64714e1b48656e7dc8e6ae9d8e2ec412a9e7bc176366251361d1f94f2fd07d1ed7e47f515bd8eae23f0daf969365bcc9c3a59ee99e8d766525ed676b39597a47e83c69c50f56dab45ab282b5bc202819b341fd68dfcf5936597bf2a902a3d4e4d0bfae375d0a668771eac256e1a689809c4de2088029d7130f4e5484b6f3b9b352fc98ce0fd9823daf74e12070f8bab901fb3122d1270993d9162668072867889c92228aa50ee00bdfa1a0ea01500d0a915ced48862a6b8f2855be4165ac9ee685471da4832c4d19ae29f8b4c38ecec4a232901885685de65846ed03358db05317ae3757bb4da46085d8773d0deb444a1566bcbe52654e0df704c9ce6a2783df78c3f6b16fc51cf3f94894c099d8b0575b3879d83911472beab1d2f6ccfc0640419bf2223dfc31fb1fa13571c60c5ab4189e0dcca05e5ee29faab57f5dd3d91a26e5f5f4f41cb89568f8a593d3e343c7f571a2fc2e3705902159c40655fb8479a88064740f22688fc5ff81e6276c4b7967baf9c50b1e049a10f37bc4226f670bbbe6d5f4533f0610c130243c6159deab6fd37364ab5dc135988eb3e604049674feca94a5e766179d1aba0de25d64ebf8263b7f8e3eb971b13d2561391777862cde0a879911b57eef2db92d7e44c3ac045c4b02d40f117f51132772d87c930122e30be249e84d14cb125c536678484be1dc8c984595ee2d79035e2a34769b70c8c1036fdc17f53e018c560aae68495cff2a47d066a850fac3590c04925ef084c152751f22abe115f19a00807bf8362425ac1273f7371c542557d7d73f1fa38d6f92b6a938258a234955552b7b962c24830f737af04aca037bbf353b9db62bc1a849339ceb619cb4de76cff742352a1e3e5154a7c7ea3435ca61bf4ea1c6a48b235dd70c459de5f033a7c09a0f29ef392ab14ac06471c9943c0e38ab5d85eb91b6d7c99882cb76021bf81b3460063c1e49c6ec237465409c71090d5300862249cca7c472dc98a530f3abff8c42dfa0f8227ac01317b2e8d88e3d823dd4620e76ff00e51912ad914f2ec60447e3c1275c132e142ec370f1e0fde138c46a9eefc0d8840f073d4485e9fd1aa4383b9473a60215be4be5f6737466573aa7705af72fe23637fc5382f57a98fd51b0d8112dc536f3e28da49b09d77e387713b5f9a8994bc3d36a2f44db8cd9fdcf04e51a53fd92c64f650b9d63981a5e1f2395a319fbad46f634dac567be0cc44405d57676832ce0b31bc60ca8b8af9049b6c44e4b6a5fca4376d5b42c3f457b973114be216893b16b93bca3fcd88fde5d4ff7e302f96010a74fc4813a6efd24b3cc7f30d9b387388ac5c6c9d1163365cc219a6b9aa5c6da2b603296cdc052608af38a6cd19ba177a1898dea9d4f51f717c3aeb236acb40940b47646c90999be61beaf2e30a9e6c28459b4606ed6d7ad89ea5bf867ac4addb2ba1629989efba7ef1b11cf8ae7f703f38d45e6c63717228bdd4fa31aa0841cad476d9b7562a21f74a8fc33f70b7c3d490bfb74f2469db0702a3d7b2240a832e63c75f1afd4e9ca9bed8c0e359a65c85c19000d6254803828038b809b2cce96262b7cf0db65147068cd8bdef00925f5275cdd3bb03b1718c8e664c5fb47d591ffe5b7a712aa52b010c5befa726106724e4abdf21841972d42c640b83b80fb4a5a93c946c7363de509d8d6241785f8d38b979a8e94a62e32604182ab0281fccac56627538eaf8cf36d0e56b479c8f72b71e35a76cc982201bf3cba3ee7f4f98883f72763dac0e7228126fd8deb615dfed9a5363feaf517d259bf449acff771b06b07253a628acee2e1e9f08806a1632701372f56c61997f90aefa14419478fcb86c015fb27b9e316aedebce0ab4d1b442fb50a4673f3a0245d491afabae61c61465ba98cb4211c920863fb64c7356ecc51b9bd67d29db6229f068c7bcf1e2e74df896d85f75f7f346053980f269d427ce21c21f07531bc5f17d918830ee23f5de18aefd2a6493868d9a0f7828b224bb82f9470c18e80e2c9c3d6bf6783ce24d9dc6d8f997ef23f663227e0a4b5de474aaf66212cdee1944d089f8be01fb4dcff08665cf24c916a724835b7f92e2f62bfe68b72d01c2e3fd6ba215c921ed9934aa247a776a61203b942c3eaeb978ba6552c409b144c6aaf44628909f0874b71f54e9e2660aee829cb9ed8f01e4e57200c7621c0f64095f08b147c458b2ddd8b9e9733cdfd27187a22fc955c72efcacf314504baa33a89a0fada5d80f39d5f466c08a60bd3501db201d30c775b9491b890bafabc18539bce967c645c63110213217677d345f6ce45954db0c60763b61211f2257023cd1e820b11a006b2afbaa9efb44fa7975317513108041d0f8e7b1f7869ecffe2193409a893071c19c3335531e4a5962096685b7eb75fd4f501f98680f2ec7ae1ee0f2a6769cdb87bc174747d662c670c81f351fd0a847e7bf935aa045be5920d2d53ba3358ad0ba340f3c152959e32857a6eee509c691bdf03254bd1855039bfb83d4f568f838c266c82d600e8e587525a7a5fb92d48ad1176702f0d9cd92ccb16cd1a9a0d1173f2904b11e572ad855f95cd995d997b20cf5424f8fd71e1aa9a85492a396fb6c43467d94353287c68957411bc3211c7db7c64eb5e20014ed5e6d867e01bc127973743165213a7e0252e93227ea0707cec631484391458a5cea95f9ec75084eef4df5ef371a8e21810a7dda02530d9de90b1ffcb0ed9a4ce962b9b033bbe8a130ec7f5aaec55d41369b40335c6121c9e7be35f31ffb6eb920d68be4c9afa7533dba403206e661a507272416d338acb01ccdf1903f16689981cdc3e4e4279d623077d6e28939b9f3bc8485655bc83e4402f96d58cabe0f7166fb1165d38a2275bd0af9d280f284f14f9b8a1f7a3818e70383204b3dd85771a026643eec76848a938ccd6537f3773f9db696c813f52dfb51a922202faf870e57d918dd594437ef61d4fa8e76f9b35196850bc89026cfd5a925bc01e3e6f93b380b50023661ebb2bb852c7d6e0acce37af84cef2238ee4b135e58e6312c84568d675c493ad932cc6081a309012d0582692e5b1d9c1b3e5d151d4aa2e24c6adaccb4b318eab0f8e6ac23e114627077fb091f6394d051ebaf16e9369be3b9750802bcd4fc1cc427678f18cf56253762ecee8042703e1d8ab4b4b3f6a2542508b9a744f80c368552ac1c47c99b2f3b5b6312f7fe39f8f4a7de33295f87da0fd789f2de17c600e4f9af069f2da2abe90968d36f62971dbeff1fc50d29923b8f204c9f6e7b7cc5f0d4f36fbf9b6792143a1de26945995ebc1ecc71522027057cb1d160708cd16c4880fdb685b95e3659096b37ae7f06c2630bc9ac51064e4c8f4eb7ec9109e0bef91f07970feee962f27551b15eb2f5fdc8367683d3ed2e6e48d75eaf2c641e98c30a068b3d620a0588565cac86c335de1470e5d955c3f298d84b202b1183edc03216aaa15c9bded714d4316323f6cedb0ccc769e727296f76285655976a6e2968c6365238a1b9bbd1d37785aeceefce724cbf52dc06113e76ac1bfd6847a2ee5466b7a02aaa22ebce2468ac3251ffb6044223cb83b437989ca8744c5cba732f4e095d7cab2840d4d37510e243211742721aee06e3b924c9e1aa3293f5f532b46c5123cda053f2f789c352873c4844fb472a1f0c16050da7dfbadbbeaa64e2ac1fc1f4f434835a961be706d55e5d5e799aa8d83f723de841d45ca6f6649145390e4d8c8d3a6248641d0809e5376b18318d6e0228bb75a2bc1b9631678159c9f6b8252c90250382521e588751545f47714c6bf5cb0ad5d92ba8d97ae35c4641d7a1503d1b9d3e43aeb4c2ae1a537da14149007bfd05d5e7fc5d04f0c3cb3262c30c7be88fbcaf0e1a0c346005da665c81a85d877c47c714dc84174c5dfb73529d519f12b77d0c96240eced2aee31a2174923a380984c4c847b27bd133f773d09ab582acf5f9950a5ea01c5906429607883e090acc1014e67c7c24054caf92f2e384e883df93d91b883000691aa81cf9149d179c6f0d0a893558155dd6c6bd1bad5071fbd388afc8015d85fc0b2e9df461e68da5279a2cf0fb93847624b6dacd6cc9259932224c6896d26ae9ddfc9e0311290049dd5fc385f15621d200ccff37774ecca50e2261fed40fbd6467fbdaffb5c8a4ec41b22783da2d3b6e8e5a11760c094c476e16a0c93ecc3f8ce5db5ca268085dfb022bf2230c93a041773af17980d33989fcebe46c0713a22006aefa923f4663d415be9f85f297822f62cc2c4fe8c258b63b5278677d61f9e204ca3ec143e45ffca813ac3623b8b0c193c711f634a60ce44dd342a24984f5820363545191578cec942d23047086f661e060a0bf705e746b437dd9c0b85fe3a9b40b9f517530444b6fd5a50792345c0dc1625b0b5d8b44b7b7192fe65769c0b19028b6731fff744d7f97b04864a9d1d258c5a1cd426b440a505fdaf1c470b466c955de1d3f87a73c8cfb57164a41150eefc32f527f624cddea3142cb0fc4b8a90e4911fa7e915dd8bb033019ce8edb7c1eccde770f77bda910c50ccd9fc12410bcebb89b00b4d18bb99bfee2ad9b6335f1771085b0b594eb256464663014ad8588e25322f6fee56235729ea077ad5519a15078e15a647303f92930f1944b1ee383c213ad9c54b813c1112b940046dcdd4e4b0c1662a4116b89e6575afae666db250168533f3511f9ea23bb3f0f4e85c95d45d6275e0d300ca9333b3d10a4f6fc4c56cd3267cdd5e0b30a92b654df9c41a5276e3cb314430bb87c7bd90651070ae0eb83cfad87b35e4c7bd16798c33af4a904095128929c7a4704920ee870f2d814eecd29fb5b76102a6536576df885f1165c48b1a2280b86d05606df565aaa3fb70ccc43ef96febbdaf4ba882315228f6fcb54cf4af08d31516adb3177547ad6aabcb1406d8d1cd5334dc60861244758c797a91564364e13be060495c5088541228f8a21aeb0ff723af8ea65cc61e6ae527819da71c393e394a77162a03501bd058c403ea9ff40b4b620ad1b1ecfb9ad3da5382fa6e89c163a61da6a504fc3c2a89afd742ec09f23978c0963fe9b37de16167ae93678bf1ee5ce8fc242b17e9c7857d8057dc1d155bb48b92dd492d469c868a6b5f4b08411332b6200184eb1a10bd3e8b2110300fb1f64a29f81c7229ac202e1c865ba7c01218f2e2afc9e554e680d659aa8a58f20976a190295eee2e348c5ae3d886fc6b98e0435fea751a239fcb5bdcde1f6637b5c756da903a2587b92120819cf345eb5c50adb01e1e3c6b2b8263e64becf3e0cc911a33feb4936d39c4c7a03bba1977d251e3f8a89158b10aea5a4e89d1b62db0f151c4ed6da17650451d1f983fb8ee9a38db3ea2a750af4e76472986bcfac4ef6d4c14ff17ba12079e3f35fb657a86179c2fe4cec32d07688e63048d4886445b229447805c385b539b920ae29b3abb487fbe249889c20b0b0694971d81beaf491746f076fa7cb1ffce1393269e0c5da8efc3a5d68f376582bdc16330abcd445226ecf7246f52c0ffc17ea5b56327e8ad176bf9d85f8a2479c3a5610fd87a45634ecbe2d698257a2843e24b397e8b22863c29729b78ceb3f3a15f8060b5e5079b410ba8ade439347516ae260d234f22be7d85e63fa0aad396725d1b5a182829b21a66273d52ce87fc6b17767075b3975115b209ba0ee215bb26976656f21b1c1d25b65ad830f1", 0x1000) mutate_flags(&(0x7f00000011c0)='./file0\x00', 0x8001, 0x0, 0x10) mutate9(&(0x7f0000001200)='.\x00') test$length28(&(0x7f0000001240)=@f1=0x9, 0x2a) mutate6(0xffffffffffffffff, &(0x7f0000001280)="47c524bdd3b2460dcd33cebaf3fcb6f61239ba80e320ba47f229c225bb6cf19809b04a844b3eadf6f2925e6ad6261aeab7f4a7338ca33bb457c0f8f9c02e71f3c7154d09c4d2fe331ba958c0b3c17491d1290b3fd63fbbd1b96d30ea70cc92fb21ab7c49ae98c192bf5561606eadaae38bdc6b86e17239c99bca69a24c4af00eee81ecffa6c4392857", 0x89) syz_compare(&(0x7f0000000000)='{^--\x00', 0x5, &(0x7f0000000040)=@fmt1=0x1f, 0x14) syz_compare_int$2(0x2, 0x4, 0x729) syz_errno(0x5) syz_execute_func(&(0x7f0000000080)="ca57f3c48fe47601d93b41a5fc16f022a6b407d2c5c201c868bd0ef2a6db68a93c16a1160a6fed525eb4fc6185a1cff25390") syz_exit(0x2) syz_mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000) syz_sleep_ms(0x4) syz_test_fuzzer1(0x7, 0x5, 0x4) csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #ifndef SYS_mutate5 #define SYS_mutate5 0 #endif #ifndef SYS_mutate6 #define SYS_mutate6 0 #endif #ifndef SYS_mutate9 #define SYS_mutate9 0 #endif #ifndef SYS_mutate_flags #define SYS_mutate_flags 0 #endif #ifndef SYS_test #define SYS_test 0 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static void fake_crash(const char* name) { exit(1); exit(1); } static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) { if (a == 1 && b == 1 && c == 1) fake_crash("first bug"); if (a == 1 && b == 2 && c == 3) fake_crash("second bug"); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 18; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 500); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[1] = {0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint8_t*)0x20000000 = 2; inject_fault(1); syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x2a, 0, 0, 0, 0); break; case 1: *(uint64_t*)0x20000080 = 0x20000040; *(uint32_t*)0x20000040 = 0; syscall(SYS_test, /*a=*/0x20000080ul, 0, 0, 0, 0, 0); break; case 2: syscall(SYS_test, /*arg=*/0x200000c0ul, 0, 0, 0, 0, 0); { int i; for(i = 0; i < 4; i++) { syscall(SYS_test, /*arg=*/0x200000c0ul, 0, 0, 0, 0, 0); } } break; case 3: memcpy((void*)0x20000100, "\342.+##\000", 6); *(uint8_t*)0x20000140 = 7; *(uint8_t*)0x20000144 = 0x55; STORE_BY_BITMASK(uint32_t, , 0x20000144, 5, 8, 4); STORE_BY_BITMASK(uint16_t, , 0x20000144, 6, 12, 4); syz_compare(/*want=*/0x20000100, /*want_len=*/6, /*got=*/0x20000140, /*got_len=*/8); break; case 4: memcpy((void*)0x20000180, "./file0\000", 8); res = syscall(SYS_mutate5, /*filename=*/0x20000180ul, /*flags=*/0xcdcdcdcdul); if (res != -1) r[0] = res; break; case 5: memcpy((void*)0x200001c0, "\xf6\xbd\x0e\x7f\x51\x4e\xe5\x7f\x35\xcc\x82\x60\x99\xdd\xd7\x10\x4e\xe9\xe1\xb2\xa5\x8e\x9d\x4e\xa6\x2c\x58\x0c\x61\x6c\xe5\x0b\x9f\x54\xc8\x4f\xa4\x5c\x5f\x6c\x31\x9d\xc4\x2e\x82\x25\x7e\xe6\x47\x14\xe1\xb4\x86\x56\xe7\xdc\x8e\x6a\xe9\xd8\xe2\xec\x41\x2a\x9e\x7b\xc1\x76\x36\x62\x51\x36\x1d\x1f\x94\xf2\xfd\x07\xd1\xed\x7e\x47\xf5\x15\xbd\x8e\xae\x23\xf0\xda\xf9\x69\x36\x5b\xcc\x9c\x3a\x59\xee\x99\xe8\xd7\x66\x52\x5e\xd6\x76\xb3\x95\x97\xa4\x7e\x83\xc6\x9c\x50\xf5\x6d\xab\x45\xab\x28\x2b\x5b\xc2\x02\x81\x9b\x34\x1f\xd6\x8d\xfc\xf5\x93\x65\x97\xbf\x2a\x90\x2a\x3d\x4e\x4d\x0b\xfa\xe3\x75\xd0\xa6\x68\x77\x1e\xac\x25\x6e\x1a\x68\x98\x09\xc4\xde\x20\x88\x02\x9d\x71\x30\xf4\xe5\x48\x4b\x6f\x3b\x9b\x35\x2f\xc9\x8c\xe0\xfd\x98\x23\xda\xf7\x4e\x12\x07\x0f\x8b\xab\x90\x1f\xb3\x12\x2d\x12\x70\x99\x3d\x91\x62\x66\x80\x72\x86\x78\x89\xc9\x22\x28\xaa\x50\xee\x00\xbd\xfa\x1a\x0e\xa0\x15\x00\xd0\xa9\x15\xce\xd4\x88\x62\xa6\xb8\xf2\x85\x5b\xe4\x16\x5a\xc9\xee\x68\x54\x71\xda\x48\x32\xc4\xd1\x9a\xe2\x9f\x8b\x4c\x38\xec\xec\x4a\x23\x29\x01\x88\x56\x85\xde\x65\x84\x6e\xd0\x33\x58\xdb\x05\x31\x7a\xe3\x75\x7b\xb4\xda\x46\x08\x5d\x87\x73\xd0\xde\xb4\x44\xa1\x56\x6b\xcb\xe5\x26\x54\xe0\xdf\x70\x4c\x9c\xe6\xa2\x78\x3d\xf7\x8c\x3f\x6b\x16\xfc\x51\xcf\x3f\x94\x89\x4c\x09\x9d\x8b\x05\x75\xb3\x87\x9d\x83\x91\x14\x72\xbe\xab\x1d\x2f\x6c\xcf\xc0\x64\x04\x19\xbf\x22\x23\xdf\xc3\x1f\xb1\xfa\x13\x57\x1c\x60\xc5\xab\x41\x89\xe0\xdc\xca\x05\xe5\xee\x29\xfa\xab\x57\xf5\xdd\x3d\x91\xa2\x6e\x5f\x5f\x4f\x41\xcb\x89\x56\x8f\x8a\x59\x3d\x3e\x34\x3c\x7f\x57\x1a\x2f\xc2\xe3\x70\x59\x02\x15\x9c\x40\x65\x5f\xb8\x47\x9a\x88\x06\x47\x40\xf2\x26\x88\xfc\x5f\xf8\x1e\x62\x76\xc4\xb7\x96\x7b\xaf\x9c\x50\xb1\xe0\x49\xa1\x0f\x37\xbc\x42\x26\xf6\x70\xbb\xbe\x6d\x5f\x45\x33\xf0\x61\x0c\x13\x02\x43\xc6\x15\x9d\xea\xb6\xfd\x37\x36\x4a\xb5\xdc\x13\x59\x88\xeb\x3e\x60\x40\x49\x67\x4f\xec\xa9\x4a\x5e\x76\x61\x79\xd1\xab\xa0\xde\x25\xd6\x4e\xbf\x82\x63\xb7\xf8\xe3\xeb\x97\x1b\x13\xd2\x56\x13\x91\x77\x78\x62\xcd\xe0\xa8\x79\x91\x1b\x57\xee\xf2\xdb\x92\xd7\xe4\x4c\x3a\xc0\x45\xc4\xb0\x2d\x40\xf1\x17\xf5\x11\x32\x77\x2d\x87\xc9\x30\x12\x2e\x30\xbe\x24\x9e\x84\xd1\x4c\xb1\x25\xc5\x36\x67\x84\x84\xbe\x1d\xc8\xc9\x84\x59\x5e\xe2\xd7\x90\x35\xe2\xa3\x47\x69\xb7\x0c\x8c\x10\x36\xfd\xc1\x7f\x53\xe0\x18\xc5\x60\xaa\xe6\x84\x95\xcf\xf2\xa4\x7d\x06\x6a\x85\x0f\xac\x35\x90\xc0\x49\x25\xef\x08\x4c\x15\x27\x51\xf2\x2a\xbe\x11\x5f\x19\xa0\x08\x07\xbf\x83\x62\x42\x5a\xc1\x27\x3f\x73\x71\xc5\x42\x55\x7d\x7d\x73\xf1\xfa\x38\xd6\xf9\x2b\x6a\x93\x82\x58\xa2\x34\x95\x55\x52\xb7\xb9\x62\xc2\x48\x30\xf7\x37\xaf\x04\xac\xa0\x37\xbb\xf3\x53\xb9\xdb\x62\xbc\x1a\x84\x93\x39\xce\xb6\x19\xcb\x4d\xe7\x6c\xff\x74\x23\x52\xa1\xe3\xe5\x15\x4a\x7c\x7e\xa3\x43\x5c\xa6\x1b\xf4\xea\x1c\x6a\x48\xb2\x35\xdd\x70\xc4\x59\xde\x5f\x03\x3a\x7c\x09\xa0\xf2\x9e\xf3\x92\xab\x14\xac\x06\x47\x1c\x99\x43\xc0\xe3\x8a\xb5\xd8\x5e\xb9\x1b\x6d\x7c\x99\x88\x2c\xb7\x60\x21\xbf\x81\xb3\x46\x00\x63\xc1\xe4\x9c\x6e\xc2\x37\x46\x54\x09\xc7\x10\x90\xd5\x30\x08\x62\x24\x9c\xca\x7c\x47\x2d\xc9\x8a\x53\x0f\x3a\xbf\xf8\xc4\x2d\xfa\x0f\x82\x27\xac\x01\x31\x7b\x2e\x8d\x88\xe3\xd8\x23\xdd\x46\x20\xe7\x6f\xf0\x0e\x51\x91\x2a\xd9\x14\xf2\xec\x60\x44\x7e\x3c\x12\x75\xc1\x32\xe1\x42\xec\x37\x0f\x1e\x0f\xde\x13\x8c\x46\xa9\xee\xfc\x0d\x88\x40\xf0\x73\xd4\x48\x5e\x9f\xd1\xaa\x43\x83\xb9\x47\x3a\x60\x21\x5b\xe4\xbe\x5f\x67\x37\x46\x65\x73\xaa\x77\x05\xaf\x72\xfe\x23\x63\x7f\xc5\x38\x2f\x57\xa9\x8f\xd5\x1b\x0d\x81\x12\xdc\x53\x6f\x3e\x28\xda\x49\xb0\x9d\x77\xe3\x87\x71\x3b\x5f\x9a\x89\x94\xbc\x3d\x36\xa2\xf4\x4d\xb8\xcd\x9f\xdc\xf0\x4e\x51\xa5\x3f\xd9\x2c\x64\xf6\x50\xb9\xd6\x39\x81\xa5\xe1\xf2\x39\x5a\x31\x9f\xba\xd4\x6f\x63\x4d\xac\x56\x7b\xe0\xcc\x44\x40\x5d\x57\x67\x68\x32\xce\x0b\x31\xbc\x60\xca\x8b\x8a\xf9\x04\x9b\x6c\x44\xe4\xb6\xa5\xfc\xa4\x37\x6d\x5b\x42\xc3\xf4\x57\xb9\x73\x11\x4b\xe2\x16\x89\x3b\x16\xb9\x3b\xca\x3f\xcd\x88\xfd\xe5\xd4\xff\x7e\x30\x2f\x96\x01\x0a\x74\xfc\x48\x13\xa6\xef\xd2\x4b\x3c\xc7\xf3\x0d\x9b\x38\x73\x88\xac\x5c\x6c\x9d\x11\x63\x36\x5c\xc2\x19\xa6\xb9\xaa\x5c\x6d\xa2\xb6\x03\x29\x6c\xdc\x05\x26\x08\xaf\x38\xa6\xcd\x19\xba\x17\x7a\x18\x98\xde\xa9\xd4\xf5\x1f\x71\x7c\x3a\xeb\x23\x6a\xcb\x40\x94\x0b\x47\x64\x6c\x90\x99\x9b\xe6\x1b\xea\xf2\xe3\x0a\x9e\x6c\x28\x45\x9b\x46\x06\xed\x6d\x7a\xd8\x9e\xa5\xbf\x86\x7a\xc4\xad\xdb\x2b\xa1\x62\x99\x89\xef\xba\x7e\xf1\xb1\x1c\xf8\xae\x7f\x70\x3f\x38\xd4\x5e\x6c\x63\x71\x72\x28\xbd\xd4\xfa\x31\xaa\x08\x41\xca\xd4\x76\xd9\xb7\x56\x2a\x21\xf7\x4a\x8f\xc3\x3f\x70\xb7\xc3\xd4\x90\xbf\xb7\x4f\x24\x69\xdb\x07\x02\xa3\xd7\xb2\x24\x0a\x83\x2e\x63\xc7\x5f\x1a\xfd\x4e\x9c\xa9\xbe\xd8\xc0\xe3\x59\xa6\x5c\x85\xc1\x90\x00\xd6\x25\x48\x03\x82\x80\x38\xb8\x09\xb2\xcc\xe9\x62\x62\xb7\xcf\x0d\xb6\x51\x47\x06\x8c\xd8\xbd\xef\x00\x92\x5f\x52\x75\xcd\xd3\xbb\x03\xb1\x71\x8c\x8e\x66\x4c\x5f\xb4\x7d\x59\x1f\xfe\x5b\x7a\x71\x2a\xa5\x2b\x01\x0c\x5b\xef\xa7\x26\x10\x67\x24\xe4\xab\xdf\x21\x84\x19\x72\xd4\x2c\x64\x0b\x83\xb8\x0f\xb4\xa5\xa9\x3c\x94\x6c\x73\x63\xde\x50\x9d\x8d\x62\x41\x78\x5f\x8d\x38\xb9\x79\xa8\xe9\x4a\x62\xe3\x26\x04\x18\x2a\xb0\x28\x1f\xcc\xac\x56\x62\x75\x38\xea\xf8\xcf\x36\xd0\xe5\x6b\x47\x9c\x8f\x72\xb7\x1e\x35\xa7\x6c\xc9\x82\x20\x1b\xf3\xcb\xa3\xee\x7f\x4f\x98\x88\x3f\x72\x76\x3d\xac\x0e\x72\x28\x12\x6f\xd8\xde\xb6\x15\xdf\xed\x9a\x53\x63\xfe\xaf\x51\x7d\x25\x9b\xf4\x49\xac\xff\x77\x1b\x06\xb0\x72\x53\xa6\x28\xac\xee\x2e\x1e\x9f\x08\x80\x6a\x16\x32\x70\x13\x72\xf5\x6c\x61\x99\x7f\x90\xae\xfa\x14\x41\x94\x78\xfc\xb8\x6c\x01\x5f\xb2\x7b\x9e\x31\x6a\xed\xeb\xce\x0a\xb4\xd1\xb4\x42\xfb\x50\xa4\x67\x3f\x3a\x02\x45\xd4\x91\xaf\xab\xae\x61\xc6\x14\x65\xba\x98\xcb\x42\x11\xc9\x20\x86\x3f\xb6\x4c\x73\x56\xec\xc5\x1b\x9b\xd6\x7d\x29\xdb\x62\x29\xf0\x68\xc7\xbc\xf1\xe2\xe7\x4d\xf8\x96\xd8\x5f\x75\xf7\xf3\x46\x05\x39\x80\xf2\x69\xd4\x27\xce\x21\xc2\x1f\x07\x53\x1b\xc5\xf1\x7d\x91\x88\x30\xee\x23\xf5\xde\x18\xae\xfd\x2a\x64\x93\x86\x8d\x9a\x0f\x78\x28\xb2\x24\xbb\x82\xf9\x47\x0c\x18\xe8\x0e\x2c\x9c\x3d\x6b\xf6\x78\x3c\xe2\x4d\x9d\xc6\xd8\xf9\x97\xef\x23\xf6\x63\x22\x7e\x0a\x4b\x5d\xe4\x74\xaa\xf6\x62\x12\xcd\xee\x19\x44\xd0\x89\xf8\xbe\x01\xfb\x4d\xcf\xf0\x86\x65\xcf\x24\xc9\x16\xa7\x24\x83\x5b\x7f\x92\xe2\xf6\x2b\xfe\x68\xb7\x2d\x01\xc2\xe3\xfd\x6b\xa2\x15\xc9\x21\xed\x99\x34\xaa\x24\x7a\x77\x6a\x61\x20\x3b\x94\x2c\x3e\xae\xb9\x78\xba\x65\x52\xc4\x09\xb1\x44\xc6\xaa\xf4\x46\x28\x90\x9f\x08\x74\xb7\x1f\x54\xe9\xe2\x66\x0a\xee\x82\x9c\xb9\xed\x8f\x01\xe4\xe5\x72\x00\xc7\x62\x1c\x0f\x64\x09\x5f\x08\xb1\x47\xc4\x58\xb2\xdd\xd8\xb9\xe9\x73\x3c\xdf\xd2\x71\x87\xa2\x2f\xc9\x55\xc7\x2e\xfc\xac\xf3\x14\x50\x4b\xaa\x33\xa8\x9a\x0f\xad\xa5\xd8\x0f\x39\xd5\xf4\x66\xc0\x8a\x60\xbd\x35\x01\xdb\x20\x1d\x30\xc7\x75\xb9\x49\x1b\x89\x0b\xaf\xab\xc1\x85\x39\xbc\xe9\x67\xc6\x45\xc6\x31\x10\x21\x32\x17\x67\x7d\x34\x5f\x6c\xe4\x59\x54\xdb\x0c\x60\x76\x3b\x61\x21\x1f\x22\x57\x02\x3c\xd1\xe8\x20\xb1\x1a\x00\x6b\x2a\xfb\xaa\x9e\xfb\x44\xfa\x79\x75\x31\x75\x13\x10\x80\x41\xd0\xf8\xe7\xb1\xf7\x86\x9e\xcf\xfe\x21\x93\x40\x9a\x89\x30\x71\xc1\x9c\x33\x35\x53\x1e\x4a\x59\x62\x09\x66\x85\xb7\xeb\x75\xfd\x4f\x50\x1f\x98\x68\x0f\x2e\xc7\xae\x1e\xe0\xf2\xa6\x76\x9c\xdb\x87\xbc\x17\x47\x47\xd6\x62\xc6\x70\xc8\x1f\x35\x1f\xd0\xa8\x47\xe7\xbf\x93\x5a\xa0\x45\xbe\x59\x20\xd2\xd5\x3b\xa3\x35\x8a\xd0\xba\x34\x0f\x3c\x15\x29\x59\xe3\x28\x57\xa6\xee\xe5\x09\xc6\x91\xbd\xf0\x32\x54\xbd\x18\x55\x03\x9b\xfb\x83\xd4\xf5\x68\xf8\x38\xc2\x66\xc8\x2d\x60\x0e\x8e\x58\x75\x25\xa7\xa5\xfb\x92\xd4\x8a\xd1\x17\x67\x02\xf0\xd9\xcd\x92\xcc\xb1\x6c\xd1\xa9\xa0\xd1\x17\x3f\x29\x04\xb1\x1e\x57\x2a\xd8\x55\xf9\x5c\xd9\x95\xd9\x97\xb2\x0c\xf5\x42\x4f\x8f\xd7\x1e\x1a\xa9\xa8\x54\x92\xa3\x96\xfb\x6c\x43\x46\x7d\x94\x35\x32\x87\xc6\x89\x57\x41\x1b\xc3\x21\x1c\x7d\xb7\xc6\x4e\xb5\xe2\x00\x14\xed\x5e\x6d\x86\x7e\x01\xbc\x12\x79\x73\x74\x31\x65\x21\x3a\x7e\x02\x52\xe9\x32\x27\xea\x07\x07\xce\xc6\x31\x48\x43\x91\x45\x8a\x5c\xea\x95\xf9\xec\x75\x08\x4e\xef\x4d\xf5\xef\x37\x1a\x8e\x21\x81\x0a\x7d\xda\x02\x53\x0d\x9d\xe9\x0b\x1f\xfc\xb0\xed\x9a\x4c\xe9\x62\xb9\xb0\x33\xbb\xe8\xa1\x30\xec\x7f\x5a\xae\xc5\x5d\x41\x36\x9b\x40\x33\x5c\x61\x21\xc9\xe7\xbe\x35\xf3\x1f\xfb\x6e\xb9\x20\xd6\x8b\xe4\xc9\xaf\xa7\x53\x3d\xba\x40\x32\x06\xe6\x61\xa5\x07\x27\x24\x16\xd3\x38\xac\xb0\x1c\xcd\xf1\x90\x3f\x16\x68\x99\x81\xcd\xc3\xe4\xe4\x27\x9d\x62\x30\x77\xd6\xe2\x89\x39\xb9\xf3\xbc\x84\x85\x65\x5b\xc8\x3e\x44\x02\xf9\x6d\x58\xca\xbe\x0f\x71\x66\xfb\x11\x65\xd3\x8a\x22\x75\xbd\x0a\xf9\xd2\x80\xf2\x84\xf1\x4f\x9b\x8a\x1f\x7a\x38\x18\xe7\x03\x83\x20\x4b\x3d\xd8\x57\x71\xa0\x26\x64\x3e\xec\x76\x84\x8a\x93\x8c\xcd\x65\x37\xf3\x77\x3f\x9d\xb6\x96\xc8\x13\xf5\x2d\xfb\x51\xa9\x22\x20\x2f\xaf\x87\x0e\x57\xd9\x18\xdd\x59\x44\x37\xef\x61\xd4\xfa\x8e\x76\xf9\xb3\x51\x96\x85\x0b\xc8\x90\x26\xcf\xd5\xa9\x25\xbc\x01\xe3\xe6\xf9\x3b\x38\x0b\x50\x02\x36\x61\xeb\xb2\xbb\x85\x2c\x7d\x6e\x0a\xcc\xe3\x7a\xf8\x4c\xef\x22\x38\xee\x4b\x13\x5e\x58\xe6\x31\x2c\x84\x56\x8d\x67\x5c\x49\x3a\xd9\x32\xcc\x60\x81\xa3\x09\x01\x2d\x05\x82\x69\x2e\x5b\x1d\x9c\x1b\x3e\x5d\x15\x1d\x4a\xa2\xe2\x4c\x6a\xda\xcc\xb4\xb3\x18\xea\xb0\xf8\xe6\xac\x23\xe1\x14\x62\x70\x77\xfb\x09\x1f\x63\x94\xd0\x51\xeb\xaf\x16\xe9\x36\x9b\xe3\xb9\x75\x08\x02\xbc\xd4\xfc\x1c\xc4\x27\x67\x8f\x18\xcf\x56\x25\x37\x62\xec\xee\x80\x42\x70\x3e\x1d\x8a\xb4\xb4\xb3\xf6\xa2\x54\x25\x08\xb9\xa7\x44\xf8\x0c\x36\x85\x52\xac\x1c\x47\xc9\x9b\x2f\x3b\x5b\x63\x12\xf7\xfe\x39\xf8\xf4\xa7\xde\x33\x29\x5f\x87\xda\x0f\xd7\x89\xf2\xde\x17\xc6\x00\xe4\xf9\xaf\x06\x9f\x2d\xa2\xab\xe9\x09\x68\xd3\x6f\x62\x97\x1d\xbe\xff\x1f\xc5\x0d\x29\x92\x3b\x8f\x20\x4c\x9f\x6e\x7b\x7c\xc5\xf0\xd4\xf3\x6f\xbf\x9b\x67\x92\x14\x3a\x1d\xe2\x69\x45\x99\x5e\xbc\x1e\xcc\x71\x52\x20\x27\x05\x7c\xb1\xd1\x60\x70\x8c\xd1\x6c\x48\x80\xfd\xb6\x85\xb9\x5e\x36\x59\x09\x6b\x37\xae\x7f\x06\xc2\x63\x0b\xc9\xac\x51\x06\x4e\x4c\x8f\x4e\xb7\xec\x91\x09\xe0\xbe\xf9\x1f\x07\x97\x0f\xee\xe9\x62\xf2\x75\x51\xb1\x5e\xb2\xf5\xfd\xc8\x36\x76\x83\xd3\xed\x2e\x6e\x48\xd7\x5e\xaf\x2c\x64\x1e\x98\xc3\x0a\x06\x8b\x3d\x62\x0a\x05\x88\x56\x5c\xac\x86\xc3\x35\xde\x14\x70\xe5\xd9\x55\xc3\xf2\x98\xd8\x4b\x20\x2b\x11\x83\xed\xc0\x32\x16\xaa\xa1\x5c\x9b\xde\xd7\x14\xd4\x31\x63\x23\xf6\xce\xdb\x0c\xcc\x76\x9e\x72\x72\x96\xf7\x62\x85\x65\x59\x76\xa6\xe2\x96\x8c\x63\x65\x23\x8a\x1b\x9b\xbd\x1d\x37\x78\x5a\xec\xee\xfc\xe7\x24\xcb\xf5\x2d\xc0\x61\x13\xe7\x6a\xc1\xbf\xd6\x84\x7a\x2e\xe5\x46\x6b\x7a\x02\xaa\xa2\x2e\xbc\xe2\x46\x8a\xc3\x25\x1f\xfb\x60\x44\x22\x3c\xb8\x3b\x43\x79\x89\xca\x87\x44\xc5\xcb\xa7\x32\xf4\xe0\x95\xd7\xca\xb2\x84\x0d\x4d\x37\x51\x0e\x24\x32\x11\x74\x27\x21\xae\xe0\x6e\x3b\x92\x4c\x9e\x1a\xa3\x29\x3f\x5f\x53\x2b\x46\xc5\x12\x3c\xda\x05\x3f\x2f\x78\x9c\x35\x28\x73\xc4\x84\x4f\xb4\x72\xa1\xf0\xc1\x60\x50\xda\x7d\xfb\xad\xbb\xea\xa6\x4e\x2a\xc1\xfc\x1f\x4f\x43\x48\x35\xa9\x61\xbe\x70\x6d\x55\xe5\xd5\xe7\x99\xaa\x8d\x83\xf7\x23\xde\x84\x1d\x45\xca\x6f\x66\x49\x14\x53\x90\xe4\xd8\xc8\xd3\xa6\x24\x86\x41\xd0\x80\x9e\x53\x76\xb1\x83\x18\xd6\xe0\x22\x8b\xb7\x5a\x2b\xc1\xb9\x63\x16\x78\x15\x9c\x9f\x6b\x82\x52\xc9\x02\x50\x38\x25\x21\xe5\x88\x75\x15\x45\xf4\x77\x14\xc6\xbf\x5c\xb0\xad\x5d\x92\xba\x8d\x97\xae\x35\xc4\x64\x1d\x7a\x15\x03\xd1\xb9\xd3\xe4\x3a\xeb\x4c\x2a\xe1\xa5\x37\xda\x14\x14\x90\x07\xbf\xd0\x5d\x5e\x7f\xc5\xd0\x4f\x0c\x3c\xb3\x26\x2c\x30\xc7\xbe\x88\xfb\xca\xf0\xe1\xa0\xc3\x46\x00\x5d\xa6\x65\xc8\x1a\x85\xd8\x77\xc4\x7c\x71\x4d\xc8\x41\x74\xc5\xdf\xb7\x35\x29\xd5\x19\xf1\x2b\x77\xd0\xc9\x62\x40\xec\xed\x2a\xee\x31\xa2\x17\x49\x23\xa3\x80\x98\x4c\x4c\x84\x7b\x27\xbd\x13\x3f\x77\x3d\x09\xab\x58\x2a\xcf\x5f\x99\x50\xa5\xea\x01\xc5\x90\x64\x29\x60\x78\x83\xe0\x90\xac\xc1\x01\x4e\x67\xc7\xc2\x40\x54\xca\xf9\x2f\x2e\x38\x4e\x88\x3d\xf9\x3d\x91\xb8\x83\x00\x06\x91\xaa\x81\xcf\x91\x49\xd1\x79\xc6\xf0\xd0\xa8\x93\x55\x81\x55\xdd\x6c\x6b\xd1\xba\xd5\x07\x1f\xbd\x38\x8a\xfc\x80\x15\xd8\x5f\xc0\xb2\xe9\xdf\x46\x1e\x68\xda\x52\x79\xa2\xcf\x0f\xb9\x38\x47\x62\x4b\x6d\xac\xd6\xcc\x92\x59\x93\x22\x24\xc6\x89\x6d\x26\xae\x9d\xdf\xc9\xe0\x31\x12\x90\x04\x9d\xd5\xfc\x38\x5f\x15\x62\x1d\x20\x0c\xcf\xf3\x77\x74\xec\xca\x50\xe2\x26\x1f\xed\x40\xfb\xd6\x46\x7f\xbd\xaf\xfb\x5c\x8a\x4e\xc4\x1b\x22\x78\x3d\xa2\xd3\xb6\xe8\xe5\xa1\x17\x60\xc0\x94\xc4\x76\xe1\x6a\x0c\x93\xec\xc3\xf8\xce\x5d\xb5\xca\x26\x80\x85\xdf\xb0\x22\xbf\x22\x30\xc9\x3a\x04\x17\x73\xaf\x17\x98\x0d\x33\x98\x9f\xce\xbe\x46\xc0\x71\x3a\x22\x00\x6a\xef\xa9\x23\xf4\x66\x3d\x41\x5b\xe9\xf8\x5f\x29\x78\x22\xf6\x2c\xc2\xc4\xfe\x8c\x25\x8b\x63\xb5\x27\x86\x77\xd6\x1f\x9e\x20\x4c\xa3\xec\x14\x3e\x45\xff\xca\x81\x3a\xc3\x62\x3b\x8b\x0c\x19\x3c\x71\x1f\x63\x4a\x60\xce\x44\xdd\x34\x2a\x24\x98\x4f\x58\x20\x36\x35\x45\x19\x15\x78\xce\xc9\x42\xd2\x30\x47\x08\x6f\x66\x1e\x06\x0a\x0b\xf7\x05\xe7\x46\xb4\x37\xdd\x9c\x0b\x85\xfe\x3a\x9b\x40\xb9\xf5\x17\x53\x04\x44\xb6\xfd\x5a\x50\x79\x23\x45\xc0\xdc\x16\x25\xb0\xb5\xd8\xb4\x4b\x7b\x71\x92\xfe\x65\x76\x9c\x0b\x19\x02\x8b\x67\x31\xff\xf7\x44\xd7\xf9\x7b\x04\x86\x4a\x9d\x1d\x25\x8c\x5a\x1c\xd4\x26\xb4\x40\xa5\x05\xfd\xaf\x1c\x47\x0b\x46\x6c\x95\x5d\xe1\xd3\xf8\x7a\x73\xc8\xcf\xb5\x71\x64\xa4\x11\x50\xee\xfc\x32\xf5\x27\xf6\x24\xcd\xde\xa3\x14\x2c\xb0\xfc\x4b\x8a\x90\xe4\x91\x1f\xa7\xe9\x15\xdd\x8b\xb0\x33\x01\x9c\xe8\xed\xb7\xc1\xec\xcd\xe7\x70\xf7\x7b\xda\x91\x0c\x50\xcc\xd9\xfc\x12\x41\x0b\xce\xbb\x89\xb0\x0b\x4d\x18\xbb\x99\xbf\xee\x2a\xd9\xb6\x33\x5f\x17\x71\x08\x5b\x0b\x59\x4e\xb2\x56\x46\x46\x63\x01\x4a\xd8\x58\x8e\x25\x32\x2f\x6f\xee\x56\x23\x57\x29\xea\x07\x7a\xd5\x51\x9a\x15\x07\x8e\x15\xa6\x47\x30\x3f\x92\x93\x0f\x19\x44\xb1\xee\x38\x3c\x21\x3a\xd9\xc5\x4b\x81\x3c\x11\x12\xb9\x40\x04\x6d\xcd\xd4\xe4\xb0\xc1\x66\x2a\x41\x16\xb8\x9e\x65\x75\xaf\xae\x66\x6d\xb2\x50\x16\x85\x33\xf3\x51\x1f\x9e\xa2\x3b\xb3\xf0\xf4\xe8\x5c\x95\xd4\x5d\x62\x75\xe0\xd3\x00\xca\x93\x33\xb3\xd1\x0a\x4f\x6f\xc4\xc5\x6c\xd3\x26\x7c\xdd\x5e\x0b\x30\xa9\x2b\x65\x4d\xf9\xc4\x1a\x52\x76\xe3\xcb\x31\x44\x30\xbb\x87\xc7\xbd\x90\x65\x10\x70\xae\x0e\xb8\x3c\xfa\xd8\x7b\x35\xe4\xc7\xbd\x16\x79\x8c\x33\xaf\x4a\x90\x40\x95\x12\x89\x29\xc7\xa4\x70\x49\x20\xee\x87\x0f\x2d\x81\x4e\xec\xd2\x9f\xb5\xb7\x61\x02\xa6\x53\x65\x76\xdf\x88\x5f\x11\x65\xc4\x8b\x1a\x22\x80\xb8\x6d\x05\x60\x6d\xf5\x65\xaa\xa3\xfb\x70\xcc\xc4\x3e\xf9\x6f\xeb\xbd\xaf\x4b\xa8\x82\x31\x52\x28\xf6\xfc\xb5\x4c\xf4\xaf\x08\xd3\x15\x16\xad\xb3\x17\x75\x47\xad\x6a\xab\xcb\x14\x06\xd8\xd1\xcd\x53\x34\xdc\x60\x86\x12\x44\x75\x8c\x79\x7a\x91\x56\x43\x64\xe1\x3b\xe0\x60\x49\x5c\x50\x88\x54\x12\x28\xf8\xa2\x1a\xeb\x0f\xf7\x23\xaf\x8e\xa6\x5c\xc6\x1e\x6a\xe5\x27\x81\x9d\xa7\x1c\x39\x3e\x39\x4a\x77\x16\x2a\x03\x50\x1b\xd0\x58\xc4\x03\xea\x9f\xf4\x0b\x4b\x62\x0a\xd1\xb1\xec\xfb\x9a\xd3\xda\x53\x82\xfa\x6e\x89\xc1\x63\xa6\x1d\xa6\xa5\x04\xfc\x3c\x2a\x89\xaf\xd7\x42\xec\x09\xf2\x39\x78\xc0\x96\x3f\xe9\xb3\x7d\xe1\x61\x67\xae\x93\x67\x8b\xf1\xee\x5c\xe8\xfc\x24\x2b\x17\xe9\xc7\x85\x7d\x80\x57\xdc\x1d\x15\x5b\xb4\x8b\x92\xdd\x49\x2d\x46\x9c\x86\x8a\x6b\x5f\x4b\x08\x41\x13\x32\xb6\x20\x01\x84\xeb\x1a\x10\xbd\x3e\x8b\x21\x10\x30\x0f\xb1\xf6\x4a\x29\xf8\x1c\x72\x29\xac\x20\x2e\x1c\x86\x5b\xa7\xc0\x12\x18\xf2\xe2\xaf\xc9\xe5\x54\xe6\x80\xd6\x59\xaa\x8a\x58\xf2\x09\x76\xa1\x90\x29\x5e\xee\x2e\x34\x8c\x5a\xe3\xd8\x86\xfc\x6b\x98\xe0\x43\x5f\xea\x75\x1a\x23\x9f\xcb\x5b\xdc\xde\x1f\x66\x37\xb5\xc7\x56\xda\x90\x3a\x25\x87\xb9\x21\x20\x81\x9c\xf3\x45\xeb\x5c\x50\xad\xb0\x1e\x1e\x3c\x6b\x2b\x82\x63\xe6\x4b\xec\xf3\xe0\xcc\x91\x1a\x33\xfe\xb4\x93\x6d\x39\xc4\xc7\xa0\x3b\xba\x19\x77\xd2\x51\xe3\xf8\xa8\x91\x58\xb1\x0a\xea\x5a\x4e\x89\xd1\xb6\x2d\xb0\xf1\x51\xc4\xed\x6d\xa1\x76\x50\x45\x1d\x1f\x98\x3f\xb8\xee\x9a\x38\xdb\x3e\xa2\xa7\x50\xaf\x4e\x76\x47\x29\x86\xbc\xfa\xc4\xef\x6d\x4c\x14\xff\x17\xba\x12\x07\x9e\x3f\x35\xfb\x65\x7a\x86\x17\x9c\x2f\xe4\xce\xc3\x2d\x07\x68\x8e\x63\x04\x8d\x48\x86\x44\x5b\x22\x94\x47\x80\x5c\x38\x5b\x53\x9b\x92\x0a\xe2\x9b\x3a\xbb\x48\x7f\xbe\x24\x98\x89\xc2\x0b\x0b\x06\x94\x97\x1d\x81\xbe\xaf\x49\x17\x46\xf0\x76\xfa\x7c\xb1\xff\xce\x13\x93\x26\x9e\x0c\x5d\xa8\xef\xc3\xa5\xd6\x8f\x37\x65\x82\xbd\xc1\x63\x30\xab\xcd\x44\x52\x26\xec\xf7\x24\x6f\x52\xc0\xff\xc1\x7e\xa5\xb5\x63\x27\xe8\xad\x17\x6b\xf9\xd8\x5f\x8a\x24\x79\xc3\xa5\x61\x0f\xd8\x7a\x45\x63\x4e\xcb\xe2\xd6\x98\x25\x7a\x28\x43\xe2\x4b\x39\x7e\x8b\x22\x86\x3c\x29\x72\x9b\x78\xce\xb3\xf3\xa1\x5f\x80\x60\xb5\xe5\x07\x9b\x41\x0b\xa8\xad\xe4\x39\x34\x75\x16\xae\x26\x0d\x23\x4f\x22\xbe\x7d\x85\xe6\x3f\xa0\xaa\xd3\x96\x72\x5d\x1b\x5a\x18\x28\x29\xb2\x1a\x66\x27\x3d\x52\xce\x87\xfc\x6b\x17\x76\x70\x75\xb3\x97\x51\x15\xb2\x09\xba\x0e\xe2\x15\xbb\x26\x97\x66\x56\xf2\x1b\x1c\x1d\x25\xb6\x5a\xd8\x30\xf1", 4096); syscall(SYS_mutate6, /*fd=*/r[0], /*data=*/0x200001c0ul, /*size=*/0x1000ul); break; case 6: memcpy((void*)0x200011c0, "./file0\000", 8); syscall(SYS_mutate_flags, /*filename=*/0x200011c0ul, /*i1=*/0x8001ul, /*b1=*/0, /*flags=*/0x10ul); break; case 7: memcpy((void*)0x20001200, ".\000", 2); syscall(SYS_mutate9, /*filename=*/0x20001200ul); break; case 8: *(uint8_t*)0x20001240 = 9; syscall(SYS_test, /*a0=*/0x20001240ul, /*a1=*/0x2a, 0, 0, 0, 0); break; case 9: memcpy((void*)0x20001280, "\x47\xc5\x24\xbd\xd3\xb2\x46\x0d\xcd\x33\xce\xba\xf3\xfc\xb6\xf6\x12\x39\xba\x80\xe3\x20\xba\x47\xf2\x29\xc2\x25\xbb\x6c\xf1\x98\x09\xb0\x4a\x84\x4b\x3e\xad\xf6\xf2\x92\x5e\x6a\xd6\x26\x1a\xea\xb7\xf4\xa7\x33\x8c\xa3\x3b\xb4\x57\xc0\xf8\xf9\xc0\x2e\x71\xf3\xc7\x15\x4d\x09\xc4\xd2\xfe\x33\x1b\xa9\x58\xc0\xb3\xc1\x74\x91\xd1\x29\x0b\x3f\xd6\x3f\xbb\xd1\xb9\x6d\x30\xea\x70\xcc\x92\xfb\x21\xab\x7c\x49\xae\x98\xc1\x92\xbf\x55\x61\x60\x6e\xad\xaa\xe3\x8b\xdc\x6b\x86\xe1\x72\x39\xc9\x9b\xca\x69\xa2\x4c\x4a\xf0\x0e\xee\x81\xec\xff\xa6\xc4\x39\x28\x57", 137); syscall(SYS_mutate6, /*fd=*/-1, /*data=*/0x20001280ul, /*size=*/0x89ul); break; case 10: memcpy((void*)0x20000000, "{^--\000", 5); sprintf((char*)0x20000040, "%020llu", (long long)0x1f); syz_compare(/*want=*/0x20000000, /*want_len=*/5, /*got=*/0x20000040, /*got_len=*/0x14); break; case 11: syz_compare_int(/*n=*/2, /*v0=*/4, /*v1=*/0x729, 0, 0); break; case 12: syz_errno(/*v=*/5); break; case 13: memcpy((void*)0x20000080, "\xca\x57\xf3\xc4\x8f\xe4\x76\x01\xd9\x3b\x41\xa5\xfc\x16\xf0\x22\xa6\xb4\x07\xd2\xc5\xc2\x01\xc8\x68\xbd\x0e\xf2\xa6\xdb\x68\xa9\x3c\x16\xa1\x16\x0a\x6f\xed\x52\x5e\xb4\xfc\x61\x85\xa1\xcf\xf2\x53\x90", 50); syz_execute_func(/*text=*/0x20000080); break; case 14: syz_exit(/*status=*/2); break; case 15: syz_mmap(/*addr=*/0x20ffc000, /*len=*/0x3000); break; case 16: syz_sleep_ms(/*ms=*/4); break; case 17: syz_test_fuzzer1(/*a=*/7, /*b=*/5, /*c=*/4); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :317:3: error: call to undeclared function 'syscall'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x2a, 0, 0, 0, 0); ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor2140039010 -DGOOS_test=1 -DGOARCH_64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fno-exceptions] --- FAIL: TestGenerate/test/64/10 (1.08s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: test$length28(&(0x7f0000000000)=@f1=0x2, 0x2a) (fail_nth: 1) test$r102_consumer_recur(&(0x7f0000000080)={&(0x7f0000000040)}) (async) test$output_res(&(0x7f00000000c0)) (rerun: 4) syz_compare(&(0x7f0000000100)='\xe2.+##\x00', 0x6, &(0x7f0000000140)=@bf8={0x7, {0x55, 0x5, 0x6}}, 0x8) r0 = mutate5(&(0x7f0000000180)='./file0\x00', 0xcdcdcdcd) mutate6(r0, &(0x7f00000001c0)="f6bd0e7f514ee57f35cc826099ddd7104ee9e1b2a58e9d4ea62c580c616ce50b9f54c84fa45c5f6c319dc42e82257ee64714e1b48656e7dc8e6ae9d8e2ec412a9e7bc176366251361d1f94f2fd07d1ed7e47f515bd8eae23f0daf969365bcc9c3a59ee99e8d766525ed676b39597a47e83c69c50f56dab45ab282b5bc202819b341fd68dfcf5936597bf2a902a3d4e4d0bfae375d0a668771eac256e1a689809c4de2088029d7130f4e5484b6f3b9b352fc98ce0fd9823daf74e12070f8bab901fb3122d1270993d9162668072867889c92228aa50ee00bdfa1a0ea01500d0a915ced48862a6b8f2855be4165ac9ee685471da4832c4d19ae29f8b4c38ecec4a232901885685de65846ed03358db05317ae3757bb4da46085d8773d0deb444a1566bcbe52654e0df704c9ce6a2783df78c3f6b16fc51cf3f94894c099d8b0575b3879d83911472beab1d2f6ccfc0640419bf2223dfc31fb1fa13571c60c5ab4189e0dcca05e5ee29faab57f5dd3d91a26e5f5f4f41cb89568f8a593d3e343c7f571a2fc2e3705902159c40655fb8479a88064740f22688fc5ff81e6276c4b7967baf9c50b1e049a10f37bc4226f670bbbe6d5f4533f0610c130243c6159deab6fd37364ab5dc135988eb3e604049674feca94a5e766179d1aba0de25d64ebf8263b7f8e3eb971b13d2561391777862cde0a879911b57eef2db92d7e44c3ac045c4b02d40f117f51132772d87c930122e30be249e84d14cb125c536678484be1dc8c984595ee2d79035e2a34769b70c8c1036fdc17f53e018c560aae68495cff2a47d066a850fac3590c04925ef084c152751f22abe115f19a00807bf8362425ac1273f7371c542557d7d73f1fa38d6f92b6a938258a234955552b7b962c24830f737af04aca037bbf353b9db62bc1a849339ceb619cb4de76cff742352a1e3e5154a7c7ea3435ca61bf4ea1c6a48b235dd70c459de5f033a7c09a0f29ef392ab14ac06471c9943c0e38ab5d85eb91b6d7c99882cb76021bf81b3460063c1e49c6ec237465409c71090d5300862249cca7c472dc98a530f3abff8c42dfa0f8227ac01317b2e8d88e3d823dd4620e76ff00e51912ad914f2ec60447e3c1275c132e142ec370f1e0fde138c46a9eefc0d8840f073d4485e9fd1aa4383b9473a60215be4be5f6737466573aa7705af72fe23637fc5382f57a98fd51b0d8112dc536f3e28da49b09d77e387713b5f9a8994bc3d36a2f44db8cd9fdcf04e51a53fd92c64f650b9d63981a5e1f2395a319fbad46f634dac567be0cc44405d57676832ce0b31bc60ca8b8af9049b6c44e4b6a5fca4376d5b42c3f457b973114be216893b16b93bca3fcd88fde5d4ff7e302f96010a74fc4813a6efd24b3cc7f30d9b387388ac5c6c9d1163365cc219a6b9aa5c6da2b603296cdc052608af38a6cd19ba177a1898dea9d4f51f717c3aeb236acb40940b47646c90999be61beaf2e30a9e6c28459b4606ed6d7ad89ea5bf867ac4addb2ba1629989efba7ef1b11cf8ae7f703f38d45e6c63717228bdd4fa31aa0841cad476d9b7562a21f74a8fc33f70b7c3d490bfb74f2469db0702a3d7b2240a832e63c75f1afd4e9ca9bed8c0e359a65c85c19000d6254803828038b809b2cce96262b7cf0db65147068cd8bdef00925f5275cdd3bb03b1718c8e664c5fb47d591ffe5b7a712aa52b010c5befa726106724e4abdf21841972d42c640b83b80fb4a5a93c946c7363de509d8d6241785f8d38b979a8e94a62e32604182ab0281fccac56627538eaf8cf36d0e56b479c8f72b71e35a76cc982201bf3cba3ee7f4f98883f72763dac0e7228126fd8deb615dfed9a5363feaf517d259bf449acff771b06b07253a628acee2e1e9f08806a1632701372f56c61997f90aefa14419478fcb86c015fb27b9e316aedebce0ab4d1b442fb50a4673f3a0245d491afabae61c61465ba98cb4211c920863fb64c7356ecc51b9bd67d29db6229f068c7bcf1e2e74df896d85f75f7f346053980f269d427ce21c21f07531bc5f17d918830ee23f5de18aefd2a6493868d9a0f7828b224bb82f9470c18e80e2c9c3d6bf6783ce24d9dc6d8f997ef23f663227e0a4b5de474aaf66212cdee1944d089f8be01fb4dcff08665cf24c916a724835b7f92e2f62bfe68b72d01c2e3fd6ba215c921ed9934aa247a776a61203b942c3eaeb978ba6552c409b144c6aaf44628909f0874b71f54e9e2660aee829cb9ed8f01e4e57200c7621c0f64095f08b147c458b2ddd8b9e9733cdfd27187a22fc955c72efcacf314504baa33a89a0fada5d80f39d5f466c08a60bd3501db201d30c775b9491b890bafabc18539bce967c645c63110213217677d345f6ce45954db0c60763b61211f2257023cd1e820b11a006b2afbaa9efb44fa7975317513108041d0f8e7b1f7869ecffe2193409a893071c19c3335531e4a5962096685b7eb75fd4f501f98680f2ec7ae1ee0f2a6769cdb87bc174747d662c670c81f351fd0a847e7bf935aa045be5920d2d53ba3358ad0ba340f3c152959e32857a6eee509c691bdf03254bd1855039bfb83d4f568f838c266c82d600e8e587525a7a5fb92d48ad1176702f0d9cd92ccb16cd1a9a0d1173f2904b11e572ad855f95cd995d997b20cf5424f8fd71e1aa9a85492a396fb6c43467d94353287c68957411bc3211c7db7c64eb5e20014ed5e6d867e01bc127973743165213a7e0252e93227ea0707cec631484391458a5cea95f9ec75084eef4df5ef371a8e21810a7dda02530d9de90b1ffcb0ed9a4ce962b9b033bbe8a130ec7f5aaec55d41369b40335c6121c9e7be35f31ffb6eb920d68be4c9afa7533dba403206e661a507272416d338acb01ccdf1903f16689981cdc3e4e4279d623077d6e28939b9f3bc8485655bc83e4402f96d58cabe0f7166fb1165d38a2275bd0af9d280f284f14f9b8a1f7a3818e70383204b3dd85771a026643eec76848a938ccd6537f3773f9db696c813f52dfb51a922202faf870e57d918dd594437ef61d4fa8e76f9b35196850bc89026cfd5a925bc01e3e6f93b380b50023661ebb2bb852c7d6e0acce37af84cef2238ee4b135e58e6312c84568d675c493ad932cc6081a309012d0582692e5b1d9c1b3e5d151d4aa2e24c6adaccb4b318eab0f8e6ac23e114627077fb091f6394d051ebaf16e9369be3b9750802bcd4fc1cc427678f18cf56253762ecee8042703e1d8ab4b4b3f6a2542508b9a744f80c368552ac1c47c99b2f3b5b6312f7fe39f8f4a7de33295f87da0fd789f2de17c600e4f9af069f2da2abe90968d36f62971dbeff1fc50d29923b8f204c9f6e7b7cc5f0d4f36fbf9b6792143a1de26945995ebc1ecc71522027057cb1d160708cd16c4880fdb685b95e3659096b37ae7f06c2630bc9ac51064e4c8f4eb7ec9109e0bef91f07970feee962f27551b15eb2f5fdc8367683d3ed2e6e48d75eaf2c641e98c30a068b3d620a0588565cac86c335de1470e5d955c3f298d84b202b1183edc03216aaa15c9bded714d4316323f6cedb0ccc769e727296f76285655976a6e2968c6365238a1b9bbd1d37785aeceefce724cbf52dc06113e76ac1bfd6847a2ee5466b7a02aaa22ebce2468ac3251ffb6044223cb83b437989ca8744c5cba732f4e095d7cab2840d4d37510e243211742721aee06e3b924c9e1aa3293f5f532b46c5123cda053f2f789c352873c4844fb472a1f0c16050da7dfbadbbeaa64e2ac1fc1f4f434835a961be706d55e5d5e799aa8d83f723de841d45ca6f6649145390e4d8c8d3a6248641d0809e5376b18318d6e0228bb75a2bc1b9631678159c9f6b8252c90250382521e588751545f47714c6bf5cb0ad5d92ba8d97ae35c4641d7a1503d1b9d3e43aeb4c2ae1a537da14149007bfd05d5e7fc5d04f0c3cb3262c30c7be88fbcaf0e1a0c346005da665c81a85d877c47c714dc84174c5dfb73529d519f12b77d0c96240eced2aee31a2174923a380984c4c847b27bd133f773d09ab582acf5f9950a5ea01c5906429607883e090acc1014e67c7c24054caf92f2e384e883df93d91b883000691aa81cf9149d179c6f0d0a893558155dd6c6bd1bad5071fbd388afc8015d85fc0b2e9df461e68da5279a2cf0fb93847624b6dacd6cc9259932224c6896d26ae9ddfc9e0311290049dd5fc385f15621d200ccff37774ecca50e2261fed40fbd6467fbdaffb5c8a4ec41b22783da2d3b6e8e5a11760c094c476e16a0c93ecc3f8ce5db5ca268085dfb022bf2230c93a041773af17980d33989fcebe46c0713a22006aefa923f4663d415be9f85f297822f62cc2c4fe8c258b63b5278677d61f9e204ca3ec143e45ffca813ac3623b8b0c193c711f634a60ce44dd342a24984f5820363545191578cec942d23047086f661e060a0bf705e746b437dd9c0b85fe3a9b40b9f517530444b6fd5a50792345c0dc1625b0b5d8b44b7b7192fe65769c0b19028b6731fff744d7f97b04864a9d1d258c5a1cd426b440a505fdaf1c470b466c955de1d3f87a73c8cfb57164a41150eefc32f527f624cddea3142cb0fc4b8a90e4911fa7e915dd8bb033019ce8edb7c1eccde770f77bda910c50ccd9fc12410bcebb89b00b4d18bb99bfee2ad9b6335f1771085b0b594eb256464663014ad8588e25322f6fee56235729ea077ad5519a15078e15a647303f92930f1944b1ee383c213ad9c54b813c1112b940046dcdd4e4b0c1662a4116b89e6575afae666db250168533f3511f9ea23bb3f0f4e85c95d45d6275e0d300ca9333b3d10a4f6fc4c56cd3267cdd5e0b30a92b654df9c41a5276e3cb314430bb87c7bd90651070ae0eb83cfad87b35e4c7bd16798c33af4a904095128929c7a4704920ee870f2d814eecd29fb5b76102a6536576df885f1165c48b1a2280b86d05606df565aaa3fb70ccc43ef96febbdaf4ba882315228f6fcb54cf4af08d31516adb3177547ad6aabcb1406d8d1cd5334dc60861244758c797a91564364e13be060495c5088541228f8a21aeb0ff723af8ea65cc61e6ae527819da71c393e394a77162a03501bd058c403ea9ff40b4b620ad1b1ecfb9ad3da5382fa6e89c163a61da6a504fc3c2a89afd742ec09f23978c0963fe9b37de16167ae93678bf1ee5ce8fc242b17e9c7857d8057dc1d155bb48b92dd492d469c868a6b5f4b08411332b6200184eb1a10bd3e8b2110300fb1f64a29f81c7229ac202e1c865ba7c01218f2e2afc9e554e680d659aa8a58f20976a190295eee2e348c5ae3d886fc6b98e0435fea751a239fcb5bdcde1f6637b5c756da903a2587b92120819cf345eb5c50adb01e1e3c6b2b8263e64becf3e0cc911a33feb4936d39c4c7a03bba1977d251e3f8a89158b10aea5a4e89d1b62db0f151c4ed6da17650451d1f983fb8ee9a38db3ea2a750af4e76472986bcfac4ef6d4c14ff17ba12079e3f35fb657a86179c2fe4cec32d07688e63048d4886445b229447805c385b539b920ae29b3abb487fbe249889c20b0b0694971d81beaf491746f076fa7cb1ffce1393269e0c5da8efc3a5d68f376582bdc16330abcd445226ecf7246f52c0ffc17ea5b56327e8ad176bf9d85f8a2479c3a5610fd87a45634ecbe2d698257a2843e24b397e8b22863c29729b78ceb3f3a15f8060b5e5079b410ba8ade439347516ae260d234f22be7d85e63fa0aad396725d1b5a182829b21a66273d52ce87fc6b17767075b3975115b209ba0ee215bb26976656f21b1c1d25b65ad830f1", 0x1000) mutate_flags(&(0x7f00000011c0)='./file0\x00', 0x8001, 0x0, 0x10) mutate9(&(0x7f0000001200)='.\x00') test$length28(&(0x7f0000001240)=@f1=0x9, 0x2a) mutate6(0xffffffffffffffff, &(0x7f0000001280)="47c524bdd3b2460dcd33cebaf3fcb6f61239ba80e320ba47f229c225bb6cf19809b04a844b3eadf6f2925e6ad6261aeab7f4a7338ca33bb457c0f8f9c02e71f3c7154d09c4d2fe331ba958c0b3c17491d1290b3fd63fbbd1b96d30ea70cc92fb21ab7c49ae98c192bf5561606eadaae38bdc6b86e17239c99bca69a24c4af00eee81ecffa6c4392857", 0x89) syz_compare(&(0x7f0000000000)='{^--\x00', 0x5, &(0x7f0000000040)=@fmt1=0x1f, 0x14) syz_compare_int$2(0x2, 0x4, 0x729) syz_errno(0x5) syz_execute_func(&(0x7f0000000080)="ca57f3c48fe47601d93b41a5fc16f022a6b407d2c5c201c868bd0ef2a6db68a93c16a1160a6fed525eb4fc6185a1cff25390") syz_exit(0x2) syz_mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000) syz_sleep_ms(0x4) syz_test_fuzzer1(0x7, 0x5, 0x4) csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #ifndef SYS_mutate5 #define SYS_mutate5 0 #endif #ifndef SYS_mutate6 #define SYS_mutate6 0 #endif #ifndef SYS_mutate9 #define SYS_mutate9 0 #endif #ifndef SYS_mutate_flags #define SYS_mutate_flags 0 #endif #ifndef SYS_test #define SYS_test 0 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static void fake_crash(const char* name) { exit(1); exit(1); } static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) { if (a == 1 && b == 1 && c == 1) fake_crash("first bug"); if (a == 1 && b == 2 && c == 3) fake_crash("second bug"); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 18; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[1] = {0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint8_t*)0x20000000 = 2; inject_fault(1); syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x2a, 0, 0, 0, 0); break; case 1: *(uint64_t*)0x20000080 = 0x20000040; *(uint32_t*)0x20000040 = 0; syscall(SYS_test, /*a=*/0x20000080ul, 0, 0, 0, 0, 0); break; case 2: syscall(SYS_test, /*arg=*/0x200000c0ul, 0, 0, 0, 0, 0); { int i; for(i = 0; i < 4; i++) { syscall(SYS_test, /*arg=*/0x200000c0ul, 0, 0, 0, 0, 0); } } break; case 3: memcpy((void*)0x20000100, "\342.+##\000", 6); *(uint8_t*)0x20000140 = 7; *(uint8_t*)0x20000144 = 0x55; STORE_BY_BITMASK(uint32_t, , 0x20000144, 5, 8, 4); STORE_BY_BITMASK(uint16_t, , 0x20000144, 6, 12, 4); syz_compare(/*want=*/0x20000100, /*want_len=*/6, /*got=*/0x20000140, /*got_len=*/8); break; case 4: memcpy((void*)0x20000180, "./file0\000", 8); res = syscall(SYS_mutate5, /*filename=*/0x20000180ul, /*flags=*/0xcdcdcdcdul); if (res != -1) r[0] = res; break; case 5: memcpy((void*)0x200001c0, "\xf6\xbd\x0e\x7f\x51\x4e\xe5\x7f\x35\xcc\x82\x60\x99\xdd\xd7\x10\x4e\xe9\xe1\xb2\xa5\x8e\x9d\x4e\xa6\x2c\x58\x0c\x61\x6c\xe5\x0b\x9f\x54\xc8\x4f\xa4\x5c\x5f\x6c\x31\x9d\xc4\x2e\x82\x25\x7e\xe6\x47\x14\xe1\xb4\x86\x56\xe7\xdc\x8e\x6a\xe9\xd8\xe2\xec\x41\x2a\x9e\x7b\xc1\x76\x36\x62\x51\x36\x1d\x1f\x94\xf2\xfd\x07\xd1\xed\x7e\x47\xf5\x15\xbd\x8e\xae\x23\xf0\xda\xf9\x69\x36\x5b\xcc\x9c\x3a\x59\xee\x99\xe8\xd7\x66\x52\x5e\xd6\x76\xb3\x95\x97\xa4\x7e\x83\xc6\x9c\x50\xf5\x6d\xab\x45\xab\x28\x2b\x5b\xc2\x02\x81\x9b\x34\x1f\xd6\x8d\xfc\xf5\x93\x65\x97\xbf\x2a\x90\x2a\x3d\x4e\x4d\x0b\xfa\xe3\x75\xd0\xa6\x68\x77\x1e\xac\x25\x6e\x1a\x68\x98\x09\xc4\xde\x20\x88\x02\x9d\x71\x30\xf4\xe5\x48\x4b\x6f\x3b\x9b\x35\x2f\xc9\x8c\xe0\xfd\x98\x23\xda\xf7\x4e\x12\x07\x0f\x8b\xab\x90\x1f\xb3\x12\x2d\x12\x70\x99\x3d\x91\x62\x66\x80\x72\x86\x78\x89\xc9\x22\x28\xaa\x50\xee\x00\xbd\xfa\x1a\x0e\xa0\x15\x00\xd0\xa9\x15\xce\xd4\x88\x62\xa6\xb8\xf2\x85\x5b\xe4\x16\x5a\xc9\xee\x68\x54\x71\xda\x48\x32\xc4\xd1\x9a\xe2\x9f\x8b\x4c\x38\xec\xec\x4a\x23\x29\x01\x88\x56\x85\xde\x65\x84\x6e\xd0\x33\x58\xdb\x05\x31\x7a\xe3\x75\x7b\xb4\xda\x46\x08\x5d\x87\x73\xd0\xde\xb4\x44\xa1\x56\x6b\xcb\xe5\x26\x54\xe0\xdf\x70\x4c\x9c\xe6\xa2\x78\x3d\xf7\x8c\x3f\x6b\x16\xfc\x51\xcf\x3f\x94\x89\x4c\x09\x9d\x8b\x05\x75\xb3\x87\x9d\x83\x91\x14\x72\xbe\xab\x1d\x2f\x6c\xcf\xc0\x64\x04\x19\xbf\x22\x23\xdf\xc3\x1f\xb1\xfa\x13\x57\x1c\x60\xc5\xab\x41\x89\xe0\xdc\xca\x05\xe5\xee\x29\xfa\xab\x57\xf5\xdd\x3d\x91\xa2\x6e\x5f\x5f\x4f\x41\xcb\x89\x56\x8f\x8a\x59\x3d\x3e\x34\x3c\x7f\x57\x1a\x2f\xc2\xe3\x70\x59\x02\x15\x9c\x40\x65\x5f\xb8\x47\x9a\x88\x06\x47\x40\xf2\x26\x88\xfc\x5f\xf8\x1e\x62\x76\xc4\xb7\x96\x7b\xaf\x9c\x50\xb1\xe0\x49\xa1\x0f\x37\xbc\x42\x26\xf6\x70\xbb\xbe\x6d\x5f\x45\x33\xf0\x61\x0c\x13\x02\x43\xc6\x15\x9d\xea\xb6\xfd\x37\x36\x4a\xb5\xdc\x13\x59\x88\xeb\x3e\x60\x40\x49\x67\x4f\xec\xa9\x4a\x5e\x76\x61\x79\xd1\xab\xa0\xde\x25\xd6\x4e\xbf\x82\x63\xb7\xf8\xe3\xeb\x97\x1b\x13\xd2\x56\x13\x91\x77\x78\x62\xcd\xe0\xa8\x79\x91\x1b\x57\xee\xf2\xdb\x92\xd7\xe4\x4c\x3a\xc0\x45\xc4\xb0\x2d\x40\xf1\x17\xf5\x11\x32\x77\x2d\x87\xc9\x30\x12\x2e\x30\xbe\x24\x9e\x84\xd1\x4c\xb1\x25\xc5\x36\x67\x84\x84\xbe\x1d\xc8\xc9\x84\x59\x5e\xe2\xd7\x90\x35\xe2\xa3\x47\x69\xb7\x0c\x8c\x10\x36\xfd\xc1\x7f\x53\xe0\x18\xc5\x60\xaa\xe6\x84\x95\xcf\xf2\xa4\x7d\x06\x6a\x85\x0f\xac\x35\x90\xc0\x49\x25\xef\x08\x4c\x15\x27\x51\xf2\x2a\xbe\x11\x5f\x19\xa0\x08\x07\xbf\x83\x62\x42\x5a\xc1\x27\x3f\x73\x71\xc5\x42\x55\x7d\x7d\x73\xf1\xfa\x38\xd6\xf9\x2b\x6a\x93\x82\x58\xa2\x34\x95\x55\x52\xb7\xb9\x62\xc2\x48\x30\xf7\x37\xaf\x04\xac\xa0\x37\xbb\xf3\x53\xb9\xdb\x62\xbc\x1a\x84\x93\x39\xce\xb6\x19\xcb\x4d\xe7\x6c\xff\x74\x23\x52\xa1\xe3\xe5\x15\x4a\x7c\x7e\xa3\x43\x5c\xa6\x1b\xf4\xea\x1c\x6a\x48\xb2\x35\xdd\x70\xc4\x59\xde\x5f\x03\x3a\x7c\x09\xa0\xf2\x9e\xf3\x92\xab\x14\xac\x06\x47\x1c\x99\x43\xc0\xe3\x8a\xb5\xd8\x5e\xb9\x1b\x6d\x7c\x99\x88\x2c\xb7\x60\x21\xbf\x81\xb3\x46\x00\x63\xc1\xe4\x9c\x6e\xc2\x37\x46\x54\x09\xc7\x10\x90\xd5\x30\x08\x62\x24\x9c\xca\x7c\x47\x2d\xc9\x8a\x53\x0f\x3a\xbf\xf8\xc4\x2d\xfa\x0f\x82\x27\xac\x01\x31\x7b\x2e\x8d\x88\xe3\xd8\x23\xdd\x46\x20\xe7\x6f\xf0\x0e\x51\x91\x2a\xd9\x14\xf2\xec\x60\x44\x7e\x3c\x12\x75\xc1\x32\xe1\x42\xec\x37\x0f\x1e\x0f\xde\x13\x8c\x46\xa9\xee\xfc\x0d\x88\x40\xf0\x73\xd4\x48\x5e\x9f\xd1\xaa\x43\x83\xb9\x47\x3a\x60\x21\x5b\xe4\xbe\x5f\x67\x37\x46\x65\x73\xaa\x77\x05\xaf\x72\xfe\x23\x63\x7f\xc5\x38\x2f\x57\xa9\x8f\xd5\x1b\x0d\x81\x12\xdc\x53\x6f\x3e\x28\xda\x49\xb0\x9d\x77\xe3\x87\x71\x3b\x5f\x9a\x89\x94\xbc\x3d\x36\xa2\xf4\x4d\xb8\xcd\x9f\xdc\xf0\x4e\x51\xa5\x3f\xd9\x2c\x64\xf6\x50\xb9\xd6\x39\x81\xa5\xe1\xf2\x39\x5a\x31\x9f\xba\xd4\x6f\x63\x4d\xac\x56\x7b\xe0\xcc\x44\x40\x5d\x57\x67\x68\x32\xce\x0b\x31\xbc\x60\xca\x8b\x8a\xf9\x04\x9b\x6c\x44\xe4\xb6\xa5\xfc\xa4\x37\x6d\x5b\x42\xc3\xf4\x57\xb9\x73\x11\x4b\xe2\x16\x89\x3b\x16\xb9\x3b\xca\x3f\xcd\x88\xfd\xe5\xd4\xff\x7e\x30\x2f\x96\x01\x0a\x74\xfc\x48\x13\xa6\xef\xd2\x4b\x3c\xc7\xf3\x0d\x9b\x38\x73\x88\xac\x5c\x6c\x9d\x11\x63\x36\x5c\xc2\x19\xa6\xb9\xaa\x5c\x6d\xa2\xb6\x03\x29\x6c\xdc\x05\x26\x08\xaf\x38\xa6\xcd\x19\xba\x17\x7a\x18\x98\xde\xa9\xd4\xf5\x1f\x71\x7c\x3a\xeb\x23\x6a\xcb\x40\x94\x0b\x47\x64\x6c\x90\x99\x9b\xe6\x1b\xea\xf2\xe3\x0a\x9e\x6c\x28\x45\x9b\x46\x06\xed\x6d\x7a\xd8\x9e\xa5\xbf\x86\x7a\xc4\xad\xdb\x2b\xa1\x62\x99\x89\xef\xba\x7e\xf1\xb1\x1c\xf8\xae\x7f\x70\x3f\x38\xd4\x5e\x6c\x63\x71\x72\x28\xbd\xd4\xfa\x31\xaa\x08\x41\xca\xd4\x76\xd9\xb7\x56\x2a\x21\xf7\x4a\x8f\xc3\x3f\x70\xb7\xc3\xd4\x90\xbf\xb7\x4f\x24\x69\xdb\x07\x02\xa3\xd7\xb2\x24\x0a\x83\x2e\x63\xc7\x5f\x1a\xfd\x4e\x9c\xa9\xbe\xd8\xc0\xe3\x59\xa6\x5c\x85\xc1\x90\x00\xd6\x25\x48\x03\x82\x80\x38\xb8\x09\xb2\xcc\xe9\x62\x62\xb7\xcf\x0d\xb6\x51\x47\x06\x8c\xd8\xbd\xef\x00\x92\x5f\x52\x75\xcd\xd3\xbb\x03\xb1\x71\x8c\x8e\x66\x4c\x5f\xb4\x7d\x59\x1f\xfe\x5b\x7a\x71\x2a\xa5\x2b\x01\x0c\x5b\xef\xa7\x26\x10\x67\x24\xe4\xab\xdf\x21\x84\x19\x72\xd4\x2c\x64\x0b\x83\xb8\x0f\xb4\xa5\xa9\x3c\x94\x6c\x73\x63\xde\x50\x9d\x8d\x62\x41\x78\x5f\x8d\x38\xb9\x79\xa8\xe9\x4a\x62\xe3\x26\x04\x18\x2a\xb0\x28\x1f\xcc\xac\x56\x62\x75\x38\xea\xf8\xcf\x36\xd0\xe5\x6b\x47\x9c\x8f\x72\xb7\x1e\x35\xa7\x6c\xc9\x82\x20\x1b\xf3\xcb\xa3\xee\x7f\x4f\x98\x88\x3f\x72\x76\x3d\xac\x0e\x72\x28\x12\x6f\xd8\xde\xb6\x15\xdf\xed\x9a\x53\x63\xfe\xaf\x51\x7d\x25\x9b\xf4\x49\xac\xff\x77\x1b\x06\xb0\x72\x53\xa6\x28\xac\xee\x2e\x1e\x9f\x08\x80\x6a\x16\x32\x70\x13\x72\xf5\x6c\x61\x99\x7f\x90\xae\xfa\x14\x41\x94\x78\xfc\xb8\x6c\x01\x5f\xb2\x7b\x9e\x31\x6a\xed\xeb\xce\x0a\xb4\xd1\xb4\x42\xfb\x50\xa4\x67\x3f\x3a\x02\x45\xd4\x91\xaf\xab\xae\x61\xc6\x14\x65\xba\x98\xcb\x42\x11\xc9\x20\x86\x3f\xb6\x4c\x73\x56\xec\xc5\x1b\x9b\xd6\x7d\x29\xdb\x62\x29\xf0\x68\xc7\xbc\xf1\xe2\xe7\x4d\xf8\x96\xd8\x5f\x75\xf7\xf3\x46\x05\x39\x80\xf2\x69\xd4\x27\xce\x21\xc2\x1f\x07\x53\x1b\xc5\xf1\x7d\x91\x88\x30\xee\x23\xf5\xde\x18\xae\xfd\x2a\x64\x93\x86\x8d\x9a\x0f\x78\x28\xb2\x24\xbb\x82\xf9\x47\x0c\x18\xe8\x0e\x2c\x9c\x3d\x6b\xf6\x78\x3c\xe2\x4d\x9d\xc6\xd8\xf9\x97\xef\x23\xf6\x63\x22\x7e\x0a\x4b\x5d\xe4\x74\xaa\xf6\x62\x12\xcd\xee\x19\x44\xd0\x89\xf8\xbe\x01\xfb\x4d\xcf\xf0\x86\x65\xcf\x24\xc9\x16\xa7\x24\x83\x5b\x7f\x92\xe2\xf6\x2b\xfe\x68\xb7\x2d\x01\xc2\xe3\xfd\x6b\xa2\x15\xc9\x21\xed\x99\x34\xaa\x24\x7a\x77\x6a\x61\x20\x3b\x94\x2c\x3e\xae\xb9\x78\xba\x65\x52\xc4\x09\xb1\x44\xc6\xaa\xf4\x46\x28\x90\x9f\x08\x74\xb7\x1f\x54\xe9\xe2\x66\x0a\xee\x82\x9c\xb9\xed\x8f\x01\xe4\xe5\x72\x00\xc7\x62\x1c\x0f\x64\x09\x5f\x08\xb1\x47\xc4\x58\xb2\xdd\xd8\xb9\xe9\x73\x3c\xdf\xd2\x71\x87\xa2\x2f\xc9\x55\xc7\x2e\xfc\xac\xf3\x14\x50\x4b\xaa\x33\xa8\x9a\x0f\xad\xa5\xd8\x0f\x39\xd5\xf4\x66\xc0\x8a\x60\xbd\x35\x01\xdb\x20\x1d\x30\xc7\x75\xb9\x49\x1b\x89\x0b\xaf\xab\xc1\x85\x39\xbc\xe9\x67\xc6\x45\xc6\x31\x10\x21\x32\x17\x67\x7d\x34\x5f\x6c\xe4\x59\x54\xdb\x0c\x60\x76\x3b\x61\x21\x1f\x22\x57\x02\x3c\xd1\xe8\x20\xb1\x1a\x00\x6b\x2a\xfb\xaa\x9e\xfb\x44\xfa\x79\x75\x31\x75\x13\x10\x80\x41\xd0\xf8\xe7\xb1\xf7\x86\x9e\xcf\xfe\x21\x93\x40\x9a\x89\x30\x71\xc1\x9c\x33\x35\x53\x1e\x4a\x59\x62\x09\x66\x85\xb7\xeb\x75\xfd\x4f\x50\x1f\x98\x68\x0f\x2e\xc7\xae\x1e\xe0\xf2\xa6\x76\x9c\xdb\x87\xbc\x17\x47\x47\xd6\x62\xc6\x70\xc8\x1f\x35\x1f\xd0\xa8\x47\xe7\xbf\x93\x5a\xa0\x45\xbe\x59\x20\xd2\xd5\x3b\xa3\x35\x8a\xd0\xba\x34\x0f\x3c\x15\x29\x59\xe3\x28\x57\xa6\xee\xe5\x09\xc6\x91\xbd\xf0\x32\x54\xbd\x18\x55\x03\x9b\xfb\x83\xd4\xf5\x68\xf8\x38\xc2\x66\xc8\x2d\x60\x0e\x8e\x58\x75\x25\xa7\xa5\xfb\x92\xd4\x8a\xd1\x17\x67\x02\xf0\xd9\xcd\x92\xcc\xb1\x6c\xd1\xa9\xa0\xd1\x17\x3f\x29\x04\xb1\x1e\x57\x2a\xd8\x55\xf9\x5c\xd9\x95\xd9\x97\xb2\x0c\xf5\x42\x4f\x8f\xd7\x1e\x1a\xa9\xa8\x54\x92\xa3\x96\xfb\x6c\x43\x46\x7d\x94\x35\x32\x87\xc6\x89\x57\x41\x1b\xc3\x21\x1c\x7d\xb7\xc6\x4e\xb5\xe2\x00\x14\xed\x5e\x6d\x86\x7e\x01\xbc\x12\x79\x73\x74\x31\x65\x21\x3a\x7e\x02\x52\xe9\x32\x27\xea\x07\x07\xce\xc6\x31\x48\x43\x91\x45\x8a\x5c\xea\x95\xf9\xec\x75\x08\x4e\xef\x4d\xf5\xef\x37\x1a\x8e\x21\x81\x0a\x7d\xda\x02\x53\x0d\x9d\xe9\x0b\x1f\xfc\xb0\xed\x9a\x4c\xe9\x62\xb9\xb0\x33\xbb\xe8\xa1\x30\xec\x7f\x5a\xae\xc5\x5d\x41\x36\x9b\x40\x33\x5c\x61\x21\xc9\xe7\xbe\x35\xf3\x1f\xfb\x6e\xb9\x20\xd6\x8b\xe4\xc9\xaf\xa7\x53\x3d\xba\x40\x32\x06\xe6\x61\xa5\x07\x27\x24\x16\xd3\x38\xac\xb0\x1c\xcd\xf1\x90\x3f\x16\x68\x99\x81\xcd\xc3\xe4\xe4\x27\x9d\x62\x30\x77\xd6\xe2\x89\x39\xb9\xf3\xbc\x84\x85\x65\x5b\xc8\x3e\x44\x02\xf9\x6d\x58\xca\xbe\x0f\x71\x66\xfb\x11\x65\xd3\x8a\x22\x75\xbd\x0a\xf9\xd2\x80\xf2\x84\xf1\x4f\x9b\x8a\x1f\x7a\x38\x18\xe7\x03\x83\x20\x4b\x3d\xd8\x57\x71\xa0\x26\x64\x3e\xec\x76\x84\x8a\x93\x8c\xcd\x65\x37\xf3\x77\x3f\x9d\xb6\x96\xc8\x13\xf5\x2d\xfb\x51\xa9\x22\x20\x2f\xaf\x87\x0e\x57\xd9\x18\xdd\x59\x44\x37\xef\x61\xd4\xfa\x8e\x76\xf9\xb3\x51\x96\x85\x0b\xc8\x90\x26\xcf\xd5\xa9\x25\xbc\x01\xe3\xe6\xf9\x3b\x38\x0b\x50\x02\x36\x61\xeb\xb2\xbb\x85\x2c\x7d\x6e\x0a\xcc\xe3\x7a\xf8\x4c\xef\x22\x38\xee\x4b\x13\x5e\x58\xe6\x31\x2c\x84\x56\x8d\x67\x5c\x49\x3a\xd9\x32\xcc\x60\x81\xa3\x09\x01\x2d\x05\x82\x69\x2e\x5b\x1d\x9c\x1b\x3e\x5d\x15\x1d\x4a\xa2\xe2\x4c\x6a\xda\xcc\xb4\xb3\x18\xea\xb0\xf8\xe6\xac\x23\xe1\x14\x62\x70\x77\xfb\x09\x1f\x63\x94\xd0\x51\xeb\xaf\x16\xe9\x36\x9b\xe3\xb9\x75\x08\x02\xbc\xd4\xfc\x1c\xc4\x27\x67\x8f\x18\xcf\x56\x25\x37\x62\xec\xee\x80\x42\x70\x3e\x1d\x8a\xb4\xb4\xb3\xf6\xa2\x54\x25\x08\xb9\xa7\x44\xf8\x0c\x36\x85\x52\xac\x1c\x47\xc9\x9b\x2f\x3b\x5b\x63\x12\xf7\xfe\x39\xf8\xf4\xa7\xde\x33\x29\x5f\x87\xda\x0f\xd7\x89\xf2\xde\x17\xc6\x00\xe4\xf9\xaf\x06\x9f\x2d\xa2\xab\xe9\x09\x68\xd3\x6f\x62\x97\x1d\xbe\xff\x1f\xc5\x0d\x29\x92\x3b\x8f\x20\x4c\x9f\x6e\x7b\x7c\xc5\xf0\xd4\xf3\x6f\xbf\x9b\x67\x92\x14\x3a\x1d\xe2\x69\x45\x99\x5e\xbc\x1e\xcc\x71\x52\x20\x27\x05\x7c\xb1\xd1\x60\x70\x8c\xd1\x6c\x48\x80\xfd\xb6\x85\xb9\x5e\x36\x59\x09\x6b\x37\xae\x7f\x06\xc2\x63\x0b\xc9\xac\x51\x06\x4e\x4c\x8f\x4e\xb7\xec\x91\x09\xe0\xbe\xf9\x1f\x07\x97\x0f\xee\xe9\x62\xf2\x75\x51\xb1\x5e\xb2\xf5\xfd\xc8\x36\x76\x83\xd3\xed\x2e\x6e\x48\xd7\x5e\xaf\x2c\x64\x1e\x98\xc3\x0a\x06\x8b\x3d\x62\x0a\x05\x88\x56\x5c\xac\x86\xc3\x35\xde\x14\x70\xe5\xd9\x55\xc3\xf2\x98\xd8\x4b\x20\x2b\x11\x83\xed\xc0\x32\x16\xaa\xa1\x5c\x9b\xde\xd7\x14\xd4\x31\x63\x23\xf6\xce\xdb\x0c\xcc\x76\x9e\x72\x72\x96\xf7\x62\x85\x65\x59\x76\xa6\xe2\x96\x8c\x63\x65\x23\x8a\x1b\x9b\xbd\x1d\x37\x78\x5a\xec\xee\xfc\xe7\x24\xcb\xf5\x2d\xc0\x61\x13\xe7\x6a\xc1\xbf\xd6\x84\x7a\x2e\xe5\x46\x6b\x7a\x02\xaa\xa2\x2e\xbc\xe2\x46\x8a\xc3\x25\x1f\xfb\x60\x44\x22\x3c\xb8\x3b\x43\x79\x89\xca\x87\x44\xc5\xcb\xa7\x32\xf4\xe0\x95\xd7\xca\xb2\x84\x0d\x4d\x37\x51\x0e\x24\x32\x11\x74\x27\x21\xae\xe0\x6e\x3b\x92\x4c\x9e\x1a\xa3\x29\x3f\x5f\x53\x2b\x46\xc5\x12\x3c\xda\x05\x3f\x2f\x78\x9c\x35\x28\x73\xc4\x84\x4f\xb4\x72\xa1\xf0\xc1\x60\x50\xda\x7d\xfb\xad\xbb\xea\xa6\x4e\x2a\xc1\xfc\x1f\x4f\x43\x48\x35\xa9\x61\xbe\x70\x6d\x55\xe5\xd5\xe7\x99\xaa\x8d\x83\xf7\x23\xde\x84\x1d\x45\xca\x6f\x66\x49\x14\x53\x90\xe4\xd8\xc8\xd3\xa6\x24\x86\x41\xd0\x80\x9e\x53\x76\xb1\x83\x18\xd6\xe0\x22\x8b\xb7\x5a\x2b\xc1\xb9\x63\x16\x78\x15\x9c\x9f\x6b\x82\x52\xc9\x02\x50\x38\x25\x21\xe5\x88\x75\x15\x45\xf4\x77\x14\xc6\xbf\x5c\xb0\xad\x5d\x92\xba\x8d\x97\xae\x35\xc4\x64\x1d\x7a\x15\x03\xd1\xb9\xd3\xe4\x3a\xeb\x4c\x2a\xe1\xa5\x37\xda\x14\x14\x90\x07\xbf\xd0\x5d\x5e\x7f\xc5\xd0\x4f\x0c\x3c\xb3\x26\x2c\x30\xc7\xbe\x88\xfb\xca\xf0\xe1\xa0\xc3\x46\x00\x5d\xa6\x65\xc8\x1a\x85\xd8\x77\xc4\x7c\x71\x4d\xc8\x41\x74\xc5\xdf\xb7\x35\x29\xd5\x19\xf1\x2b\x77\xd0\xc9\x62\x40\xec\xed\x2a\xee\x31\xa2\x17\x49\x23\xa3\x80\x98\x4c\x4c\x84\x7b\x27\xbd\x13\x3f\x77\x3d\x09\xab\x58\x2a\xcf\x5f\x99\x50\xa5\xea\x01\xc5\x90\x64\x29\x60\x78\x83\xe0\x90\xac\xc1\x01\x4e\x67\xc7\xc2\x40\x54\xca\xf9\x2f\x2e\x38\x4e\x88\x3d\xf9\x3d\x91\xb8\x83\x00\x06\x91\xaa\x81\xcf\x91\x49\xd1\x79\xc6\xf0\xd0\xa8\x93\x55\x81\x55\xdd\x6c\x6b\xd1\xba\xd5\x07\x1f\xbd\x38\x8a\xfc\x80\x15\xd8\x5f\xc0\xb2\xe9\xdf\x46\x1e\x68\xda\x52\x79\xa2\xcf\x0f\xb9\x38\x47\x62\x4b\x6d\xac\xd6\xcc\x92\x59\x93\x22\x24\xc6\x89\x6d\x26\xae\x9d\xdf\xc9\xe0\x31\x12\x90\x04\x9d\xd5\xfc\x38\x5f\x15\x62\x1d\x20\x0c\xcf\xf3\x77\x74\xec\xca\x50\xe2\x26\x1f\xed\x40\xfb\xd6\x46\x7f\xbd\xaf\xfb\x5c\x8a\x4e\xc4\x1b\x22\x78\x3d\xa2\xd3\xb6\xe8\xe5\xa1\x17\x60\xc0\x94\xc4\x76\xe1\x6a\x0c\x93\xec\xc3\xf8\xce\x5d\xb5\xca\x26\x80\x85\xdf\xb0\x22\xbf\x22\x30\xc9\x3a\x04\x17\x73\xaf\x17\x98\x0d\x33\x98\x9f\xce\xbe\x46\xc0\x71\x3a\x22\x00\x6a\xef\xa9\x23\xf4\x66\x3d\x41\x5b\xe9\xf8\x5f\x29\x78\x22\xf6\x2c\xc2\xc4\xfe\x8c\x25\x8b\x63\xb5\x27\x86\x77\xd6\x1f\x9e\x20\x4c\xa3\xec\x14\x3e\x45\xff\xca\x81\x3a\xc3\x62\x3b\x8b\x0c\x19\x3c\x71\x1f\x63\x4a\x60\xce\x44\xdd\x34\x2a\x24\x98\x4f\x58\x20\x36\x35\x45\x19\x15\x78\xce\xc9\x42\xd2\x30\x47\x08\x6f\x66\x1e\x06\x0a\x0b\xf7\x05\xe7\x46\xb4\x37\xdd\x9c\x0b\x85\xfe\x3a\x9b\x40\xb9\xf5\x17\x53\x04\x44\xb6\xfd\x5a\x50\x79\x23\x45\xc0\xdc\x16\x25\xb0\xb5\xd8\xb4\x4b\x7b\x71\x92\xfe\x65\x76\x9c\x0b\x19\x02\x8b\x67\x31\xff\xf7\x44\xd7\xf9\x7b\x04\x86\x4a\x9d\x1d\x25\x8c\x5a\x1c\xd4\x26\xb4\x40\xa5\x05\xfd\xaf\x1c\x47\x0b\x46\x6c\x95\x5d\xe1\xd3\xf8\x7a\x73\xc8\xcf\xb5\x71\x64\xa4\x11\x50\xee\xfc\x32\xf5\x27\xf6\x24\xcd\xde\xa3\x14\x2c\xb0\xfc\x4b\x8a\x90\xe4\x91\x1f\xa7\xe9\x15\xdd\x8b\xb0\x33\x01\x9c\xe8\xed\xb7\xc1\xec\xcd\xe7\x70\xf7\x7b\xda\x91\x0c\x50\xcc\xd9\xfc\x12\x41\x0b\xce\xbb\x89\xb0\x0b\x4d\x18\xbb\x99\xbf\xee\x2a\xd9\xb6\x33\x5f\x17\x71\x08\x5b\x0b\x59\x4e\xb2\x56\x46\x46\x63\x01\x4a\xd8\x58\x8e\x25\x32\x2f\x6f\xee\x56\x23\x57\x29\xea\x07\x7a\xd5\x51\x9a\x15\x07\x8e\x15\xa6\x47\x30\x3f\x92\x93\x0f\x19\x44\xb1\xee\x38\x3c\x21\x3a\xd9\xc5\x4b\x81\x3c\x11\x12\xb9\x40\x04\x6d\xcd\xd4\xe4\xb0\xc1\x66\x2a\x41\x16\xb8\x9e\x65\x75\xaf\xae\x66\x6d\xb2\x50\x16\x85\x33\xf3\x51\x1f\x9e\xa2\x3b\xb3\xf0\xf4\xe8\x5c\x95\xd4\x5d\x62\x75\xe0\xd3\x00\xca\x93\x33\xb3\xd1\x0a\x4f\x6f\xc4\xc5\x6c\xd3\x26\x7c\xdd\x5e\x0b\x30\xa9\x2b\x65\x4d\xf9\xc4\x1a\x52\x76\xe3\xcb\x31\x44\x30\xbb\x87\xc7\xbd\x90\x65\x10\x70\xae\x0e\xb8\x3c\xfa\xd8\x7b\x35\xe4\xc7\xbd\x16\x79\x8c\x33\xaf\x4a\x90\x40\x95\x12\x89\x29\xc7\xa4\x70\x49\x20\xee\x87\x0f\x2d\x81\x4e\xec\xd2\x9f\xb5\xb7\x61\x02\xa6\x53\x65\x76\xdf\x88\x5f\x11\x65\xc4\x8b\x1a\x22\x80\xb8\x6d\x05\x60\x6d\xf5\x65\xaa\xa3\xfb\x70\xcc\xc4\x3e\xf9\x6f\xeb\xbd\xaf\x4b\xa8\x82\x31\x52\x28\xf6\xfc\xb5\x4c\xf4\xaf\x08\xd3\x15\x16\xad\xb3\x17\x75\x47\xad\x6a\xab\xcb\x14\x06\xd8\xd1\xcd\x53\x34\xdc\x60\x86\x12\x44\x75\x8c\x79\x7a\x91\x56\x43\x64\xe1\x3b\xe0\x60\x49\x5c\x50\x88\x54\x12\x28\xf8\xa2\x1a\xeb\x0f\xf7\x23\xaf\x8e\xa6\x5c\xc6\x1e\x6a\xe5\x27\x81\x9d\xa7\x1c\x39\x3e\x39\x4a\x77\x16\x2a\x03\x50\x1b\xd0\x58\xc4\x03\xea\x9f\xf4\x0b\x4b\x62\x0a\xd1\xb1\xec\xfb\x9a\xd3\xda\x53\x82\xfa\x6e\x89\xc1\x63\xa6\x1d\xa6\xa5\x04\xfc\x3c\x2a\x89\xaf\xd7\x42\xec\x09\xf2\x39\x78\xc0\x96\x3f\xe9\xb3\x7d\xe1\x61\x67\xae\x93\x67\x8b\xf1\xee\x5c\xe8\xfc\x24\x2b\x17\xe9\xc7\x85\x7d\x80\x57\xdc\x1d\x15\x5b\xb4\x8b\x92\xdd\x49\x2d\x46\x9c\x86\x8a\x6b\x5f\x4b\x08\x41\x13\x32\xb6\x20\x01\x84\xeb\x1a\x10\xbd\x3e\x8b\x21\x10\x30\x0f\xb1\xf6\x4a\x29\xf8\x1c\x72\x29\xac\x20\x2e\x1c\x86\x5b\xa7\xc0\x12\x18\xf2\xe2\xaf\xc9\xe5\x54\xe6\x80\xd6\x59\xaa\x8a\x58\xf2\x09\x76\xa1\x90\x29\x5e\xee\x2e\x34\x8c\x5a\xe3\xd8\x86\xfc\x6b\x98\xe0\x43\x5f\xea\x75\x1a\x23\x9f\xcb\x5b\xdc\xde\x1f\x66\x37\xb5\xc7\x56\xda\x90\x3a\x25\x87\xb9\x21\x20\x81\x9c\xf3\x45\xeb\x5c\x50\xad\xb0\x1e\x1e\x3c\x6b\x2b\x82\x63\xe6\x4b\xec\xf3\xe0\xcc\x91\x1a\x33\xfe\xb4\x93\x6d\x39\xc4\xc7\xa0\x3b\xba\x19\x77\xd2\x51\xe3\xf8\xa8\x91\x58\xb1\x0a\xea\x5a\x4e\x89\xd1\xb6\x2d\xb0\xf1\x51\xc4\xed\x6d\xa1\x76\x50\x45\x1d\x1f\x98\x3f\xb8\xee\x9a\x38\xdb\x3e\xa2\xa7\x50\xaf\x4e\x76\x47\x29\x86\xbc\xfa\xc4\xef\x6d\x4c\x14\xff\x17\xba\x12\x07\x9e\x3f\x35\xfb\x65\x7a\x86\x17\x9c\x2f\xe4\xce\xc3\x2d\x07\x68\x8e\x63\x04\x8d\x48\x86\x44\x5b\x22\x94\x47\x80\x5c\x38\x5b\x53\x9b\x92\x0a\xe2\x9b\x3a\xbb\x48\x7f\xbe\x24\x98\x89\xc2\x0b\x0b\x06\x94\x97\x1d\x81\xbe\xaf\x49\x17\x46\xf0\x76\xfa\x7c\xb1\xff\xce\x13\x93\x26\x9e\x0c\x5d\xa8\xef\xc3\xa5\xd6\x8f\x37\x65\x82\xbd\xc1\x63\x30\xab\xcd\x44\x52\x26\xec\xf7\x24\x6f\x52\xc0\xff\xc1\x7e\xa5\xb5\x63\x27\xe8\xad\x17\x6b\xf9\xd8\x5f\x8a\x24\x79\xc3\xa5\x61\x0f\xd8\x7a\x45\x63\x4e\xcb\xe2\xd6\x98\x25\x7a\x28\x43\xe2\x4b\x39\x7e\x8b\x22\x86\x3c\x29\x72\x9b\x78\xce\xb3\xf3\xa1\x5f\x80\x60\xb5\xe5\x07\x9b\x41\x0b\xa8\xad\xe4\x39\x34\x75\x16\xae\x26\x0d\x23\x4f\x22\xbe\x7d\x85\xe6\x3f\xa0\xaa\xd3\x96\x72\x5d\x1b\x5a\x18\x28\x29\xb2\x1a\x66\x27\x3d\x52\xce\x87\xfc\x6b\x17\x76\x70\x75\xb3\x97\x51\x15\xb2\x09\xba\x0e\xe2\x15\xbb\x26\x97\x66\x56\xf2\x1b\x1c\x1d\x25\xb6\x5a\xd8\x30\xf1", 4096); syscall(SYS_mutate6, /*fd=*/r[0], /*data=*/0x200001c0ul, /*size=*/0x1000ul); break; case 6: memcpy((void*)0x200011c0, "./file0\000", 8); syscall(SYS_mutate_flags, /*filename=*/0x200011c0ul, /*i1=*/0x8001ul, /*b1=*/0, /*flags=*/0x10ul); break; case 7: memcpy((void*)0x20001200, ".\000", 2); syscall(SYS_mutate9, /*filename=*/0x20001200ul); break; case 8: *(uint8_t*)0x20001240 = 9; syscall(SYS_test, /*a0=*/0x20001240ul, /*a1=*/0x2a, 0, 0, 0, 0); break; case 9: memcpy((void*)0x20001280, "\x47\xc5\x24\xbd\xd3\xb2\x46\x0d\xcd\x33\xce\xba\xf3\xfc\xb6\xf6\x12\x39\xba\x80\xe3\x20\xba\x47\xf2\x29\xc2\x25\xbb\x6c\xf1\x98\x09\xb0\x4a\x84\x4b\x3e\xad\xf6\xf2\x92\x5e\x6a\xd6\x26\x1a\xea\xb7\xf4\xa7\x33\x8c\xa3\x3b\xb4\x57\xc0\xf8\xf9\xc0\x2e\x71\xf3\xc7\x15\x4d\x09\xc4\xd2\xfe\x33\x1b\xa9\x58\xc0\xb3\xc1\x74\x91\xd1\x29\x0b\x3f\xd6\x3f\xbb\xd1\xb9\x6d\x30\xea\x70\xcc\x92\xfb\x21\xab\x7c\x49\xae\x98\xc1\x92\xbf\x55\x61\x60\x6e\xad\xaa\xe3\x8b\xdc\x6b\x86\xe1\x72\x39\xc9\x9b\xca\x69\xa2\x4c\x4a\xf0\x0e\xee\x81\xec\xff\xa6\xc4\x39\x28\x57", 137); syscall(SYS_mutate6, /*fd=*/-1, /*data=*/0x20001280ul, /*size=*/0x89ul); break; case 10: memcpy((void*)0x20000000, "{^--\000", 5); sprintf((char*)0x20000040, "%020llu", (long long)0x1f); syz_compare(/*want=*/0x20000000, /*want_len=*/5, /*got=*/0x20000040, /*got_len=*/0x14); break; case 11: syz_compare_int(/*n=*/2, /*v0=*/4, /*v1=*/0x729, 0, 0); break; case 12: syz_errno(/*v=*/5); break; case 13: memcpy((void*)0x20000080, "\xca\x57\xf3\xc4\x8f\xe4\x76\x01\xd9\x3b\x41\xa5\xfc\x16\xf0\x22\xa6\xb4\x07\xd2\xc5\xc2\x01\xc8\x68\xbd\x0e\xf2\xa6\xdb\x68\xa9\x3c\x16\xa1\x16\x0a\x6f\xed\x52\x5e\xb4\xfc\x61\x85\xa1\xcf\xf2\x53\x90", 50); syz_execute_func(/*text=*/0x20000080); break; case 14: syz_exit(/*status=*/2); break; case 15: syz_mmap(/*addr=*/0x20ffc000, /*len=*/0x3000); break; case 16: syz_sleep_ms(/*ms=*/4); break; case 17: syz_test_fuzzer1(/*a=*/7, /*b=*/5, /*c=*/4); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); do_sandbox_none(); return 0; } :304:3: error: call to undeclared function 'syscall'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x2a, 0, 0, 0, 0); ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor1879860112 -DGOOS_test=1 -DGOARCH_64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fno-exceptions] --- FAIL: TestGenerate/test/64/1 (1.11s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: test$length28(&(0x7f0000000000)=@f1=0x2, 0x2a) (fail_nth: 1) test$r102_consumer_recur(&(0x7f0000000080)={&(0x7f0000000040)}) (async) test$output_res(&(0x7f00000000c0)) (rerun: 4) syz_compare(&(0x7f0000000100)='\xe2.+##\x00', 0x6, &(0x7f0000000140)=@bf8={0x7, {0x55, 0x5, 0x6}}, 0x8) r0 = mutate5(&(0x7f0000000180)='./file0\x00', 0xcdcdcdcd) mutate6(r0, &(0x7f00000001c0)="f6bd0e7f514ee57f35cc826099ddd7104ee9e1b2a58e9d4ea62c580c616ce50b9f54c84fa45c5f6c319dc42e82257ee64714e1b48656e7dc8e6ae9d8e2ec412a9e7bc176366251361d1f94f2fd07d1ed7e47f515bd8eae23f0daf969365bcc9c3a59ee99e8d766525ed676b39597a47e83c69c50f56dab45ab282b5bc202819b341fd68dfcf5936597bf2a902a3d4e4d0bfae375d0a668771eac256e1a689809c4de2088029d7130f4e5484b6f3b9b352fc98ce0fd9823daf74e12070f8bab901fb3122d1270993d9162668072867889c92228aa50ee00bdfa1a0ea01500d0a915ced48862a6b8f2855be4165ac9ee685471da4832c4d19ae29f8b4c38ecec4a232901885685de65846ed03358db05317ae3757bb4da46085d8773d0deb444a1566bcbe52654e0df704c9ce6a2783df78c3f6b16fc51cf3f94894c099d8b0575b3879d83911472beab1d2f6ccfc0640419bf2223dfc31fb1fa13571c60c5ab4189e0dcca05e5ee29faab57f5dd3d91a26e5f5f4f41cb89568f8a593d3e343c7f571a2fc2e3705902159c40655fb8479a88064740f22688fc5ff81e6276c4b7967baf9c50b1e049a10f37bc4226f670bbbe6d5f4533f0610c130243c6159deab6fd37364ab5dc135988eb3e604049674feca94a5e766179d1aba0de25d64ebf8263b7f8e3eb971b13d2561391777862cde0a879911b57eef2db92d7e44c3ac045c4b02d40f117f51132772d87c930122e30be249e84d14cb125c536678484be1dc8c984595ee2d79035e2a34769b70c8c1036fdc17f53e018c560aae68495cff2a47d066a850fac3590c04925ef084c152751f22abe115f19a00807bf8362425ac1273f7371c542557d7d73f1fa38d6f92b6a938258a234955552b7b962c24830f737af04aca037bbf353b9db62bc1a849339ceb619cb4de76cff742352a1e3e5154a7c7ea3435ca61bf4ea1c6a48b235dd70c459de5f033a7c09a0f29ef392ab14ac06471c9943c0e38ab5d85eb91b6d7c99882cb76021bf81b3460063c1e49c6ec237465409c71090d5300862249cca7c472dc98a530f3abff8c42dfa0f8227ac01317b2e8d88e3d823dd4620e76ff00e51912ad914f2ec60447e3c1275c132e142ec370f1e0fde138c46a9eefc0d8840f073d4485e9fd1aa4383b9473a60215be4be5f6737466573aa7705af72fe23637fc5382f57a98fd51b0d8112dc536f3e28da49b09d77e387713b5f9a8994bc3d36a2f44db8cd9fdcf04e51a53fd92c64f650b9d63981a5e1f2395a319fbad46f634dac567be0cc44405d57676832ce0b31bc60ca8b8af9049b6c44e4b6a5fca4376d5b42c3f457b973114be216893b16b93bca3fcd88fde5d4ff7e302f96010a74fc4813a6efd24b3cc7f30d9b387388ac5c6c9d1163365cc219a6b9aa5c6da2b603296cdc052608af38a6cd19ba177a1898dea9d4f51f717c3aeb236acb40940b47646c90999be61beaf2e30a9e6c28459b4606ed6d7ad89ea5bf867ac4addb2ba1629989efba7ef1b11cf8ae7f703f38d45e6c63717228bdd4fa31aa0841cad476d9b7562a21f74a8fc33f70b7c3d490bfb74f2469db0702a3d7b2240a832e63c75f1afd4e9ca9bed8c0e359a65c85c19000d6254803828038b809b2cce96262b7cf0db65147068cd8bdef00925f5275cdd3bb03b1718c8e664c5fb47d591ffe5b7a712aa52b010c5befa726106724e4abdf21841972d42c640b83b80fb4a5a93c946c7363de509d8d6241785f8d38b979a8e94a62e32604182ab0281fccac56627538eaf8cf36d0e56b479c8f72b71e35a76cc982201bf3cba3ee7f4f98883f72763dac0e7228126fd8deb615dfed9a5363feaf517d259bf449acff771b06b07253a628acee2e1e9f08806a1632701372f56c61997f90aefa14419478fcb86c015fb27b9e316aedebce0ab4d1b442fb50a4673f3a0245d491afabae61c61465ba98cb4211c920863fb64c7356ecc51b9bd67d29db6229f068c7bcf1e2e74df896d85f75f7f346053980f269d427ce21c21f07531bc5f17d918830ee23f5de18aefd2a6493868d9a0f7828b224bb82f9470c18e80e2c9c3d6bf6783ce24d9dc6d8f997ef23f663227e0a4b5de474aaf66212cdee1944d089f8be01fb4dcff08665cf24c916a724835b7f92e2f62bfe68b72d01c2e3fd6ba215c921ed9934aa247a776a61203b942c3eaeb978ba6552c409b144c6aaf44628909f0874b71f54e9e2660aee829cb9ed8f01e4e57200c7621c0f64095f08b147c458b2ddd8b9e9733cdfd27187a22fc955c72efcacf314504baa33a89a0fada5d80f39d5f466c08a60bd3501db201d30c775b9491b890bafabc18539bce967c645c63110213217677d345f6ce45954db0c60763b61211f2257023cd1e820b11a006b2afbaa9efb44fa7975317513108041d0f8e7b1f7869ecffe2193409a893071c19c3335531e4a5962096685b7eb75fd4f501f98680f2ec7ae1ee0f2a6769cdb87bc174747d662c670c81f351fd0a847e7bf935aa045be5920d2d53ba3358ad0ba340f3c152959e32857a6eee509c691bdf03254bd1855039bfb83d4f568f838c266c82d600e8e587525a7a5fb92d48ad1176702f0d9cd92ccb16cd1a9a0d1173f2904b11e572ad855f95cd995d997b20cf5424f8fd71e1aa9a85492a396fb6c43467d94353287c68957411bc3211c7db7c64eb5e20014ed5e6d867e01bc127973743165213a7e0252e93227ea0707cec631484391458a5cea95f9ec75084eef4df5ef371a8e21810a7dda02530d9de90b1ffcb0ed9a4ce962b9b033bbe8a130ec7f5aaec55d41369b40335c6121c9e7be35f31ffb6eb920d68be4c9afa7533dba403206e661a507272416d338acb01ccdf1903f16689981cdc3e4e4279d623077d6e28939b9f3bc8485655bc83e4402f96d58cabe0f7166fb1165d38a2275bd0af9d280f284f14f9b8a1f7a3818e70383204b3dd85771a026643eec76848a938ccd6537f3773f9db696c813f52dfb51a922202faf870e57d918dd594437ef61d4fa8e76f9b35196850bc89026cfd5a925bc01e3e6f93b380b50023661ebb2bb852c7d6e0acce37af84cef2238ee4b135e58e6312c84568d675c493ad932cc6081a309012d0582692e5b1d9c1b3e5d151d4aa2e24c6adaccb4b318eab0f8e6ac23e114627077fb091f6394d051ebaf16e9369be3b9750802bcd4fc1cc427678f18cf56253762ecee8042703e1d8ab4b4b3f6a2542508b9a744f80c368552ac1c47c99b2f3b5b6312f7fe39f8f4a7de33295f87da0fd789f2de17c600e4f9af069f2da2abe90968d36f62971dbeff1fc50d29923b8f204c9f6e7b7cc5f0d4f36fbf9b6792143a1de26945995ebc1ecc71522027057cb1d160708cd16c4880fdb685b95e3659096b37ae7f06c2630bc9ac51064e4c8f4eb7ec9109e0bef91f07970feee962f27551b15eb2f5fdc8367683d3ed2e6e48d75eaf2c641e98c30a068b3d620a0588565cac86c335de1470e5d955c3f298d84b202b1183edc03216aaa15c9bded714d4316323f6cedb0ccc769e727296f76285655976a6e2968c6365238a1b9bbd1d37785aeceefce724cbf52dc06113e76ac1bfd6847a2ee5466b7a02aaa22ebce2468ac3251ffb6044223cb83b437989ca8744c5cba732f4e095d7cab2840d4d37510e243211742721aee06e3b924c9e1aa3293f5f532b46c5123cda053f2f789c352873c4844fb472a1f0c16050da7dfbadbbeaa64e2ac1fc1f4f434835a961be706d55e5d5e799aa8d83f723de841d45ca6f6649145390e4d8c8d3a6248641d0809e5376b18318d6e0228bb75a2bc1b9631678159c9f6b8252c90250382521e588751545f47714c6bf5cb0ad5d92ba8d97ae35c4641d7a1503d1b9d3e43aeb4c2ae1a537da14149007bfd05d5e7fc5d04f0c3cb3262c30c7be88fbcaf0e1a0c346005da665c81a85d877c47c714dc84174c5dfb73529d519f12b77d0c96240eced2aee31a2174923a380984c4c847b27bd133f773d09ab582acf5f9950a5ea01c5906429607883e090acc1014e67c7c24054caf92f2e384e883df93d91b883000691aa81cf9149d179c6f0d0a893558155dd6c6bd1bad5071fbd388afc8015d85fc0b2e9df461e68da5279a2cf0fb93847624b6dacd6cc9259932224c6896d26ae9ddfc9e0311290049dd5fc385f15621d200ccff37774ecca50e2261fed40fbd6467fbdaffb5c8a4ec41b22783da2d3b6e8e5a11760c094c476e16a0c93ecc3f8ce5db5ca268085dfb022bf2230c93a041773af17980d33989fcebe46c0713a22006aefa923f4663d415be9f85f297822f62cc2c4fe8c258b63b5278677d61f9e204ca3ec143e45ffca813ac3623b8b0c193c711f634a60ce44dd342a24984f5820363545191578cec942d23047086f661e060a0bf705e746b437dd9c0b85fe3a9b40b9f517530444b6fd5a50792345c0dc1625b0b5d8b44b7b7192fe65769c0b19028b6731fff744d7f97b04864a9d1d258c5a1cd426b440a505fdaf1c470b466c955de1d3f87a73c8cfb57164a41150eefc32f527f624cddea3142cb0fc4b8a90e4911fa7e915dd8bb033019ce8edb7c1eccde770f77bda910c50ccd9fc12410bcebb89b00b4d18bb99bfee2ad9b6335f1771085b0b594eb256464663014ad8588e25322f6fee56235729ea077ad5519a15078e15a647303f92930f1944b1ee383c213ad9c54b813c1112b940046dcdd4e4b0c1662a4116b89e6575afae666db250168533f3511f9ea23bb3f0f4e85c95d45d6275e0d300ca9333b3d10a4f6fc4c56cd3267cdd5e0b30a92b654df9c41a5276e3cb314430bb87c7bd90651070ae0eb83cfad87b35e4c7bd16798c33af4a904095128929c7a4704920ee870f2d814eecd29fb5b76102a6536576df885f1165c48b1a2280b86d05606df565aaa3fb70ccc43ef96febbdaf4ba882315228f6fcb54cf4af08d31516adb3177547ad6aabcb1406d8d1cd5334dc60861244758c797a91564364e13be060495c5088541228f8a21aeb0ff723af8ea65cc61e6ae527819da71c393e394a77162a03501bd058c403ea9ff40b4b620ad1b1ecfb9ad3da5382fa6e89c163a61da6a504fc3c2a89afd742ec09f23978c0963fe9b37de16167ae93678bf1ee5ce8fc242b17e9c7857d8057dc1d155bb48b92dd492d469c868a6b5f4b08411332b6200184eb1a10bd3e8b2110300fb1f64a29f81c7229ac202e1c865ba7c01218f2e2afc9e554e680d659aa8a58f20976a190295eee2e348c5ae3d886fc6b98e0435fea751a239fcb5bdcde1f6637b5c756da903a2587b92120819cf345eb5c50adb01e1e3c6b2b8263e64becf3e0cc911a33feb4936d39c4c7a03bba1977d251e3f8a89158b10aea5a4e89d1b62db0f151c4ed6da17650451d1f983fb8ee9a38db3ea2a750af4e76472986bcfac4ef6d4c14ff17ba12079e3f35fb657a86179c2fe4cec32d07688e63048d4886445b229447805c385b539b920ae29b3abb487fbe249889c20b0b0694971d81beaf491746f076fa7cb1ffce1393269e0c5da8efc3a5d68f376582bdc16330abcd445226ecf7246f52c0ffc17ea5b56327e8ad176bf9d85f8a2479c3a5610fd87a45634ecbe2d698257a2843e24b397e8b22863c29729b78ceb3f3a15f8060b5e5079b410ba8ade439347516ae260d234f22be7d85e63fa0aad396725d1b5a182829b21a66273d52ce87fc6b17767075b3975115b209ba0ee215bb26976656f21b1c1d25b65ad830f1", 0x1000) mutate_flags(&(0x7f00000011c0)='./file0\x00', 0x8001, 0x0, 0x10) mutate9(&(0x7f0000001200)='.\x00') test$length28(&(0x7f0000001240)=@f1=0x9, 0x2a) mutate6(0xffffffffffffffff, &(0x7f0000001280)="47c524bdd3b2460dcd33cebaf3fcb6f61239ba80e320ba47f229c225bb6cf19809b04a844b3eadf6f2925e6ad6261aeab7f4a7338ca33bb457c0f8f9c02e71f3c7154d09c4d2fe331ba958c0b3c17491d1290b3fd63fbbd1b96d30ea70cc92fb21ab7c49ae98c192bf5561606eadaae38bdc6b86e17239c99bca69a24c4af00eee81ecffa6c4392857", 0x89) syz_compare(&(0x7f0000000000)='{^--\x00', 0x5, &(0x7f0000000040)=@fmt1=0x1f, 0x14) syz_compare_int$2(0x2, 0x4, 0x729) syz_errno(0x5) syz_execute_func(&(0x7f0000000080)="ca57f3c48fe47601d93b41a5fc16f022a6b407d2c5c201c868bd0ef2a6db68a93c16a1160a6fed525eb4fc6185a1cff25390") syz_exit(0x2) syz_mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000) syz_sleep_ms(0x4) syz_test_fuzzer1(0x7, 0x5, 0x4) csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #ifndef SYS_mutate5 #define SYS_mutate5 0 #endif #ifndef SYS_mutate6 #define SYS_mutate6 0 #endif #ifndef SYS_mutate9 #define SYS_mutate9 0 #endif #ifndef SYS_mutate_flags #define SYS_mutate_flags 0 #endif #ifndef SYS_test #define SYS_test 0 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static void fake_crash(const char* name) { exit(1); exit(1); } static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) { if (a == 1 && b == 1 && c == 1) fake_crash("first bug"); if (a == 1 && b == 2 && c == 3) fake_crash("second bug"); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 18; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[1] = {0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint8_t*)0x20000000 = 2; inject_fault(1); syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x2a, 0, 0, 0, 0); break; case 1: *(uint64_t*)0x20000080 = 0x20000040; *(uint32_t*)0x20000040 = 0; syscall(SYS_test, /*a=*/0x20000080ul, 0, 0, 0, 0, 0); break; case 2: syscall(SYS_test, /*arg=*/0x200000c0ul, 0, 0, 0, 0, 0); { int i; for(i = 0; i < 4; i++) { syscall(SYS_test, /*arg=*/0x200000c0ul, 0, 0, 0, 0, 0); } } break; case 3: memcpy((void*)0x20000100, "\342.+##\000", 6); *(uint8_t*)0x20000140 = 7; *(uint8_t*)0x20000144 = 0x55; STORE_BY_BITMASK(uint32_t, , 0x20000144, 5, 8, 4); STORE_BY_BITMASK(uint16_t, , 0x20000144, 6, 12, 4); syz_compare(/*want=*/0x20000100, /*want_len=*/6, /*got=*/0x20000140, /*got_len=*/8); break; case 4: memcpy((void*)0x20000180, "./file0\000", 8); res = syscall(SYS_mutate5, /*filename=*/0x20000180ul, /*flags=*/0xcdcdcdcdul); if (res != -1) r[0] = res; break; case 5: memcpy((void*)0x200001c0, "\xf6\xbd\x0e\x7f\x51\x4e\xe5\x7f\x35\xcc\x82\x60\x99\xdd\xd7\x10\x4e\xe9\xe1\xb2\xa5\x8e\x9d\x4e\xa6\x2c\x58\x0c\x61\x6c\xe5\x0b\x9f\x54\xc8\x4f\xa4\x5c\x5f\x6c\x31\x9d\xc4\x2e\x82\x25\x7e\xe6\x47\x14\xe1\xb4\x86\x56\xe7\xdc\x8e\x6a\xe9\xd8\xe2\xec\x41\x2a\x9e\x7b\xc1\x76\x36\x62\x51\x36\x1d\x1f\x94\xf2\xfd\x07\xd1\xed\x7e\x47\xf5\x15\xbd\x8e\xae\x23\xf0\xda\xf9\x69\x36\x5b\xcc\x9c\x3a\x59\xee\x99\xe8\xd7\x66\x52\x5e\xd6\x76\xb3\x95\x97\xa4\x7e\x83\xc6\x9c\x50\xf5\x6d\xab\x45\xab\x28\x2b\x5b\xc2\x02\x81\x9b\x34\x1f\xd6\x8d\xfc\xf5\x93\x65\x97\xbf\x2a\x90\x2a\x3d\x4e\x4d\x0b\xfa\xe3\x75\xd0\xa6\x68\x77\x1e\xac\x25\x6e\x1a\x68\x98\x09\xc4\xde\x20\x88\x02\x9d\x71\x30\xf4\xe5\x48\x4b\x6f\x3b\x9b\x35\x2f\xc9\x8c\xe0\xfd\x98\x23\xda\xf7\x4e\x12\x07\x0f\x8b\xab\x90\x1f\xb3\x12\x2d\x12\x70\x99\x3d\x91\x62\x66\x80\x72\x86\x78\x89\xc9\x22\x28\xaa\x50\xee\x00\xbd\xfa\x1a\x0e\xa0\x15\x00\xd0\xa9\x15\xce\xd4\x88\x62\xa6\xb8\xf2\x85\x5b\xe4\x16\x5a\xc9\xee\x68\x54\x71\xda\x48\x32\xc4\xd1\x9a\xe2\x9f\x8b\x4c\x38\xec\xec\x4a\x23\x29\x01\x88\x56\x85\xde\x65\x84\x6e\xd0\x33\x58\xdb\x05\x31\x7a\xe3\x75\x7b\xb4\xda\x46\x08\x5d\x87\x73\xd0\xde\xb4\x44\xa1\x56\x6b\xcb\xe5\x26\x54\xe0\xdf\x70\x4c\x9c\xe6\xa2\x78\x3d\xf7\x8c\x3f\x6b\x16\xfc\x51\xcf\x3f\x94\x89\x4c\x09\x9d\x8b\x05\x75\xb3\x87\x9d\x83\x91\x14\x72\xbe\xab\x1d\x2f\x6c\xcf\xc0\x64\x04\x19\xbf\x22\x23\xdf\xc3\x1f\xb1\xfa\x13\x57\x1c\x60\xc5\xab\x41\x89\xe0\xdc\xca\x05\xe5\xee\x29\xfa\xab\x57\xf5\xdd\x3d\x91\xa2\x6e\x5f\x5f\x4f\x41\xcb\x89\x56\x8f\x8a\x59\x3d\x3e\x34\x3c\x7f\x57\x1a\x2f\xc2\xe3\x70\x59\x02\x15\x9c\x40\x65\x5f\xb8\x47\x9a\x88\x06\x47\x40\xf2\x26\x88\xfc\x5f\xf8\x1e\x62\x76\xc4\xb7\x96\x7b\xaf\x9c\x50\xb1\xe0\x49\xa1\x0f\x37\xbc\x42\x26\xf6\x70\xbb\xbe\x6d\x5f\x45\x33\xf0\x61\x0c\x13\x02\x43\xc6\x15\x9d\xea\xb6\xfd\x37\x36\x4a\xb5\xdc\x13\x59\x88\xeb\x3e\x60\x40\x49\x67\x4f\xec\xa9\x4a\x5e\x76\x61\x79\xd1\xab\xa0\xde\x25\xd6\x4e\xbf\x82\x63\xb7\xf8\xe3\xeb\x97\x1b\x13\xd2\x56\x13\x91\x77\x78\x62\xcd\xe0\xa8\x79\x91\x1b\x57\xee\xf2\xdb\x92\xd7\xe4\x4c\x3a\xc0\x45\xc4\xb0\x2d\x40\xf1\x17\xf5\x11\x32\x77\x2d\x87\xc9\x30\x12\x2e\x30\xbe\x24\x9e\x84\xd1\x4c\xb1\x25\xc5\x36\x67\x84\x84\xbe\x1d\xc8\xc9\x84\x59\x5e\xe2\xd7\x90\x35\xe2\xa3\x47\x69\xb7\x0c\x8c\x10\x36\xfd\xc1\x7f\x53\xe0\x18\xc5\x60\xaa\xe6\x84\x95\xcf\xf2\xa4\x7d\x06\x6a\x85\x0f\xac\x35\x90\xc0\x49\x25\xef\x08\x4c\x15\x27\x51\xf2\x2a\xbe\x11\x5f\x19\xa0\x08\x07\xbf\x83\x62\x42\x5a\xc1\x27\x3f\x73\x71\xc5\x42\x55\x7d\x7d\x73\xf1\xfa\x38\xd6\xf9\x2b\x6a\x93\x82\x58\xa2\x34\x95\x55\x52\xb7\xb9\x62\xc2\x48\x30\xf7\x37\xaf\x04\xac\xa0\x37\xbb\xf3\x53\xb9\xdb\x62\xbc\x1a\x84\x93\x39\xce\xb6\x19\xcb\x4d\xe7\x6c\xff\x74\x23\x52\xa1\xe3\xe5\x15\x4a\x7c\x7e\xa3\x43\x5c\xa6\x1b\xf4\xea\x1c\x6a\x48\xb2\x35\xdd\x70\xc4\x59\xde\x5f\x03\x3a\x7c\x09\xa0\xf2\x9e\xf3\x92\xab\x14\xac\x06\x47\x1c\x99\x43\xc0\xe3\x8a\xb5\xd8\x5e\xb9\x1b\x6d\x7c\x99\x88\x2c\xb7\x60\x21\xbf\x81\xb3\x46\x00\x63\xc1\xe4\x9c\x6e\xc2\x37\x46\x54\x09\xc7\x10\x90\xd5\x30\x08\x62\x24\x9c\xca\x7c\x47\x2d\xc9\x8a\x53\x0f\x3a\xbf\xf8\xc4\x2d\xfa\x0f\x82\x27\xac\x01\x31\x7b\x2e\x8d\x88\xe3\xd8\x23\xdd\x46\x20\xe7\x6f\xf0\x0e\x51\x91\x2a\xd9\x14\xf2\xec\x60\x44\x7e\x3c\x12\x75\xc1\x32\xe1\x42\xec\x37\x0f\x1e\x0f\xde\x13\x8c\x46\xa9\xee\xfc\x0d\x88\x40\xf0\x73\xd4\x48\x5e\x9f\xd1\xaa\x43\x83\xb9\x47\x3a\x60\x21\x5b\xe4\xbe\x5f\x67\x37\x46\x65\x73\xaa\x77\x05\xaf\x72\xfe\x23\x63\x7f\xc5\x38\x2f\x57\xa9\x8f\xd5\x1b\x0d\x81\x12\xdc\x53\x6f\x3e\x28\xda\x49\xb0\x9d\x77\xe3\x87\x71\x3b\x5f\x9a\x89\x94\xbc\x3d\x36\xa2\xf4\x4d\xb8\xcd\x9f\xdc\xf0\x4e\x51\xa5\x3f\xd9\x2c\x64\xf6\x50\xb9\xd6\x39\x81\xa5\xe1\xf2\x39\x5a\x31\x9f\xba\xd4\x6f\x63\x4d\xac\x56\x7b\xe0\xcc\x44\x40\x5d\x57\x67\x68\x32\xce\x0b\x31\xbc\x60\xca\x8b\x8a\xf9\x04\x9b\x6c\x44\xe4\xb6\xa5\xfc\xa4\x37\x6d\x5b\x42\xc3\xf4\x57\xb9\x73\x11\x4b\xe2\x16\x89\x3b\x16\xb9\x3b\xca\x3f\xcd\x88\xfd\xe5\xd4\xff\x7e\x30\x2f\x96\x01\x0a\x74\xfc\x48\x13\xa6\xef\xd2\x4b\x3c\xc7\xf3\x0d\x9b\x38\x73\x88\xac\x5c\x6c\x9d\x11\x63\x36\x5c\xc2\x19\xa6\xb9\xaa\x5c\x6d\xa2\xb6\x03\x29\x6c\xdc\x05\x26\x08\xaf\x38\xa6\xcd\x19\xba\x17\x7a\x18\x98\xde\xa9\xd4\xf5\x1f\x71\x7c\x3a\xeb\x23\x6a\xcb\x40\x94\x0b\x47\x64\x6c\x90\x99\x9b\xe6\x1b\xea\xf2\xe3\x0a\x9e\x6c\x28\x45\x9b\x46\x06\xed\x6d\x7a\xd8\x9e\xa5\xbf\x86\x7a\xc4\xad\xdb\x2b\xa1\x62\x99\x89\xef\xba\x7e\xf1\xb1\x1c\xf8\xae\x7f\x70\x3f\x38\xd4\x5e\x6c\x63\x71\x72\x28\xbd\xd4\xfa\x31\xaa\x08\x41\xca\xd4\x76\xd9\xb7\x56\x2a\x21\xf7\x4a\x8f\xc3\x3f\x70\xb7\xc3\xd4\x90\xbf\xb7\x4f\x24\x69\xdb\x07\x02\xa3\xd7\xb2\x24\x0a\x83\x2e\x63\xc7\x5f\x1a\xfd\x4e\x9c\xa9\xbe\xd8\xc0\xe3\x59\xa6\x5c\x85\xc1\x90\x00\xd6\x25\x48\x03\x82\x80\x38\xb8\x09\xb2\xcc\xe9\x62\x62\xb7\xcf\x0d\xb6\x51\x47\x06\x8c\xd8\xbd\xef\x00\x92\x5f\x52\x75\xcd\xd3\xbb\x03\xb1\x71\x8c\x8e\x66\x4c\x5f\xb4\x7d\x59\x1f\xfe\x5b\x7a\x71\x2a\xa5\x2b\x01\x0c\x5b\xef\xa7\x26\x10\x67\x24\xe4\xab\xdf\x21\x84\x19\x72\xd4\x2c\x64\x0b\x83\xb8\x0f\xb4\xa5\xa9\x3c\x94\x6c\x73\x63\xde\x50\x9d\x8d\x62\x41\x78\x5f\x8d\x38\xb9\x79\xa8\xe9\x4a\x62\xe3\x26\x04\x18\x2a\xb0\x28\x1f\xcc\xac\x56\x62\x75\x38\xea\xf8\xcf\x36\xd0\xe5\x6b\x47\x9c\x8f\x72\xb7\x1e\x35\xa7\x6c\xc9\x82\x20\x1b\xf3\xcb\xa3\xee\x7f\x4f\x98\x88\x3f\x72\x76\x3d\xac\x0e\x72\x28\x12\x6f\xd8\xde\xb6\x15\xdf\xed\x9a\x53\x63\xfe\xaf\x51\x7d\x25\x9b\xf4\x49\xac\xff\x77\x1b\x06\xb0\x72\x53\xa6\x28\xac\xee\x2e\x1e\x9f\x08\x80\x6a\x16\x32\x70\x13\x72\xf5\x6c\x61\x99\x7f\x90\xae\xfa\x14\x41\x94\x78\xfc\xb8\x6c\x01\x5f\xb2\x7b\x9e\x31\x6a\xed\xeb\xce\x0a\xb4\xd1\xb4\x42\xfb\x50\xa4\x67\x3f\x3a\x02\x45\xd4\x91\xaf\xab\xae\x61\xc6\x14\x65\xba\x98\xcb\x42\x11\xc9\x20\x86\x3f\xb6\x4c\x73\x56\xec\xc5\x1b\x9b\xd6\x7d\x29\xdb\x62\x29\xf0\x68\xc7\xbc\xf1\xe2\xe7\x4d\xf8\x96\xd8\x5f\x75\xf7\xf3\x46\x05\x39\x80\xf2\x69\xd4\x27\xce\x21\xc2\x1f\x07\x53\x1b\xc5\xf1\x7d\x91\x88\x30\xee\x23\xf5\xde\x18\xae\xfd\x2a\x64\x93\x86\x8d\x9a\x0f\x78\x28\xb2\x24\xbb\x82\xf9\x47\x0c\x18\xe8\x0e\x2c\x9c\x3d\x6b\xf6\x78\x3c\xe2\x4d\x9d\xc6\xd8\xf9\x97\xef\x23\xf6\x63\x22\x7e\x0a\x4b\x5d\xe4\x74\xaa\xf6\x62\x12\xcd\xee\x19\x44\xd0\x89\xf8\xbe\x01\xfb\x4d\xcf\xf0\x86\x65\xcf\x24\xc9\x16\xa7\x24\x83\x5b\x7f\x92\xe2\xf6\x2b\xfe\x68\xb7\x2d\x01\xc2\xe3\xfd\x6b\xa2\x15\xc9\x21\xed\x99\x34\xaa\x24\x7a\x77\x6a\x61\x20\x3b\x94\x2c\x3e\xae\xb9\x78\xba\x65\x52\xc4\x09\xb1\x44\xc6\xaa\xf4\x46\x28\x90\x9f\x08\x74\xb7\x1f\x54\xe9\xe2\x66\x0a\xee\x82\x9c\xb9\xed\x8f\x01\xe4\xe5\x72\x00\xc7\x62\x1c\x0f\x64\x09\x5f\x08\xb1\x47\xc4\x58\xb2\xdd\xd8\xb9\xe9\x73\x3c\xdf\xd2\x71\x87\xa2\x2f\xc9\x55\xc7\x2e\xfc\xac\xf3\x14\x50\x4b\xaa\x33\xa8\x9a\x0f\xad\xa5\xd8\x0f\x39\xd5\xf4\x66\xc0\x8a\x60\xbd\x35\x01\xdb\x20\x1d\x30\xc7\x75\xb9\x49\x1b\x89\x0b\xaf\xab\xc1\x85\x39\xbc\xe9\x67\xc6\x45\xc6\x31\x10\x21\x32\x17\x67\x7d\x34\x5f\x6c\xe4\x59\x54\xdb\x0c\x60\x76\x3b\x61\x21\x1f\x22\x57\x02\x3c\xd1\xe8\x20\xb1\x1a\x00\x6b\x2a\xfb\xaa\x9e\xfb\x44\xfa\x79\x75\x31\x75\x13\x10\x80\x41\xd0\xf8\xe7\xb1\xf7\x86\x9e\xcf\xfe\x21\x93\x40\x9a\x89\x30\x71\xc1\x9c\x33\x35\x53\x1e\x4a\x59\x62\x09\x66\x85\xb7\xeb\x75\xfd\x4f\x50\x1f\x98\x68\x0f\x2e\xc7\xae\x1e\xe0\xf2\xa6\x76\x9c\xdb\x87\xbc\x17\x47\x47\xd6\x62\xc6\x70\xc8\x1f\x35\x1f\xd0\xa8\x47\xe7\xbf\x93\x5a\xa0\x45\xbe\x59\x20\xd2\xd5\x3b\xa3\x35\x8a\xd0\xba\x34\x0f\x3c\x15\x29\x59\xe3\x28\x57\xa6\xee\xe5\x09\xc6\x91\xbd\xf0\x32\x54\xbd\x18\x55\x03\x9b\xfb\x83\xd4\xf5\x68\xf8\x38\xc2\x66\xc8\x2d\x60\x0e\x8e\x58\x75\x25\xa7\xa5\xfb\x92\xd4\x8a\xd1\x17\x67\x02\xf0\xd9\xcd\x92\xcc\xb1\x6c\xd1\xa9\xa0\xd1\x17\x3f\x29\x04\xb1\x1e\x57\x2a\xd8\x55\xf9\x5c\xd9\x95\xd9\x97\xb2\x0c\xf5\x42\x4f\x8f\xd7\x1e\x1a\xa9\xa8\x54\x92\xa3\x96\xfb\x6c\x43\x46\x7d\x94\x35\x32\x87\xc6\x89\x57\x41\x1b\xc3\x21\x1c\x7d\xb7\xc6\x4e\xb5\xe2\x00\x14\xed\x5e\x6d\x86\x7e\x01\xbc\x12\x79\x73\x74\x31\x65\x21\x3a\x7e\x02\x52\xe9\x32\x27\xea\x07\x07\xce\xc6\x31\x48\x43\x91\x45\x8a\x5c\xea\x95\xf9\xec\x75\x08\x4e\xef\x4d\xf5\xef\x37\x1a\x8e\x21\x81\x0a\x7d\xda\x02\x53\x0d\x9d\xe9\x0b\x1f\xfc\xb0\xed\x9a\x4c\xe9\x62\xb9\xb0\x33\xbb\xe8\xa1\x30\xec\x7f\x5a\xae\xc5\x5d\x41\x36\x9b\x40\x33\x5c\x61\x21\xc9\xe7\xbe\x35\xf3\x1f\xfb\x6e\xb9\x20\xd6\x8b\xe4\xc9\xaf\xa7\x53\x3d\xba\x40\x32\x06\xe6\x61\xa5\x07\x27\x24\x16\xd3\x38\xac\xb0\x1c\xcd\xf1\x90\x3f\x16\x68\x99\x81\xcd\xc3\xe4\xe4\x27\x9d\x62\x30\x77\xd6\xe2\x89\x39\xb9\xf3\xbc\x84\x85\x65\x5b\xc8\x3e\x44\x02\xf9\x6d\x58\xca\xbe\x0f\x71\x66\xfb\x11\x65\xd3\x8a\x22\x75\xbd\x0a\xf9\xd2\x80\xf2\x84\xf1\x4f\x9b\x8a\x1f\x7a\x38\x18\xe7\x03\x83\x20\x4b\x3d\xd8\x57\x71\xa0\x26\x64\x3e\xec\x76\x84\x8a\x93\x8c\xcd\x65\x37\xf3\x77\x3f\x9d\xb6\x96\xc8\x13\xf5\x2d\xfb\x51\xa9\x22\x20\x2f\xaf\x87\x0e\x57\xd9\x18\xdd\x59\x44\x37\xef\x61\xd4\xfa\x8e\x76\xf9\xb3\x51\x96\x85\x0b\xc8\x90\x26\xcf\xd5\xa9\x25\xbc\x01\xe3\xe6\xf9\x3b\x38\x0b\x50\x02\x36\x61\xeb\xb2\xbb\x85\x2c\x7d\x6e\x0a\xcc\xe3\x7a\xf8\x4c\xef\x22\x38\xee\x4b\x13\x5e\x58\xe6\x31\x2c\x84\x56\x8d\x67\x5c\x49\x3a\xd9\x32\xcc\x60\x81\xa3\x09\x01\x2d\x05\x82\x69\x2e\x5b\x1d\x9c\x1b\x3e\x5d\x15\x1d\x4a\xa2\xe2\x4c\x6a\xda\xcc\xb4\xb3\x18\xea\xb0\xf8\xe6\xac\x23\xe1\x14\x62\x70\x77\xfb\x09\x1f\x63\x94\xd0\x51\xeb\xaf\x16\xe9\x36\x9b\xe3\xb9\x75\x08\x02\xbc\xd4\xfc\x1c\xc4\x27\x67\x8f\x18\xcf\x56\x25\x37\x62\xec\xee\x80\x42\x70\x3e\x1d\x8a\xb4\xb4\xb3\xf6\xa2\x54\x25\x08\xb9\xa7\x44\xf8\x0c\x36\x85\x52\xac\x1c\x47\xc9\x9b\x2f\x3b\x5b\x63\x12\xf7\xfe\x39\xf8\xf4\xa7\xde\x33\x29\x5f\x87\xda\x0f\xd7\x89\xf2\xde\x17\xc6\x00\xe4\xf9\xaf\x06\x9f\x2d\xa2\xab\xe9\x09\x68\xd3\x6f\x62\x97\x1d\xbe\xff\x1f\xc5\x0d\x29\x92\x3b\x8f\x20\x4c\x9f\x6e\x7b\x7c\xc5\xf0\xd4\xf3\x6f\xbf\x9b\x67\x92\x14\x3a\x1d\xe2\x69\x45\x99\x5e\xbc\x1e\xcc\x71\x52\x20\x27\x05\x7c\xb1\xd1\x60\x70\x8c\xd1\x6c\x48\x80\xfd\xb6\x85\xb9\x5e\x36\x59\x09\x6b\x37\xae\x7f\x06\xc2\x63\x0b\xc9\xac\x51\x06\x4e\x4c\x8f\x4e\xb7\xec\x91\x09\xe0\xbe\xf9\x1f\x07\x97\x0f\xee\xe9\x62\xf2\x75\x51\xb1\x5e\xb2\xf5\xfd\xc8\x36\x76\x83\xd3\xed\x2e\x6e\x48\xd7\x5e\xaf\x2c\x64\x1e\x98\xc3\x0a\x06\x8b\x3d\x62\x0a\x05\x88\x56\x5c\xac\x86\xc3\x35\xde\x14\x70\xe5\xd9\x55\xc3\xf2\x98\xd8\x4b\x20\x2b\x11\x83\xed\xc0\x32\x16\xaa\xa1\x5c\x9b\xde\xd7\x14\xd4\x31\x63\x23\xf6\xce\xdb\x0c\xcc\x76\x9e\x72\x72\x96\xf7\x62\x85\x65\x59\x76\xa6\xe2\x96\x8c\x63\x65\x23\x8a\x1b\x9b\xbd\x1d\x37\x78\x5a\xec\xee\xfc\xe7\x24\xcb\xf5\x2d\xc0\x61\x13\xe7\x6a\xc1\xbf\xd6\x84\x7a\x2e\xe5\x46\x6b\x7a\x02\xaa\xa2\x2e\xbc\xe2\x46\x8a\xc3\x25\x1f\xfb\x60\x44\x22\x3c\xb8\x3b\x43\x79\x89\xca\x87\x44\xc5\xcb\xa7\x32\xf4\xe0\x95\xd7\xca\xb2\x84\x0d\x4d\x37\x51\x0e\x24\x32\x11\x74\x27\x21\xae\xe0\x6e\x3b\x92\x4c\x9e\x1a\xa3\x29\x3f\x5f\x53\x2b\x46\xc5\x12\x3c\xda\x05\x3f\x2f\x78\x9c\x35\x28\x73\xc4\x84\x4f\xb4\x72\xa1\xf0\xc1\x60\x50\xda\x7d\xfb\xad\xbb\xea\xa6\x4e\x2a\xc1\xfc\x1f\x4f\x43\x48\x35\xa9\x61\xbe\x70\x6d\x55\xe5\xd5\xe7\x99\xaa\x8d\x83\xf7\x23\xde\x84\x1d\x45\xca\x6f\x66\x49\x14\x53\x90\xe4\xd8\xc8\xd3\xa6\x24\x86\x41\xd0\x80\x9e\x53\x76\xb1\x83\x18\xd6\xe0\x22\x8b\xb7\x5a\x2b\xc1\xb9\x63\x16\x78\x15\x9c\x9f\x6b\x82\x52\xc9\x02\x50\x38\x25\x21\xe5\x88\x75\x15\x45\xf4\x77\x14\xc6\xbf\x5c\xb0\xad\x5d\x92\xba\x8d\x97\xae\x35\xc4\x64\x1d\x7a\x15\x03\xd1\xb9\xd3\xe4\x3a\xeb\x4c\x2a\xe1\xa5\x37\xda\x14\x14\x90\x07\xbf\xd0\x5d\x5e\x7f\xc5\xd0\x4f\x0c\x3c\xb3\x26\x2c\x30\xc7\xbe\x88\xfb\xca\xf0\xe1\xa0\xc3\x46\x00\x5d\xa6\x65\xc8\x1a\x85\xd8\x77\xc4\x7c\x71\x4d\xc8\x41\x74\xc5\xdf\xb7\x35\x29\xd5\x19\xf1\x2b\x77\xd0\xc9\x62\x40\xec\xed\x2a\xee\x31\xa2\x17\x49\x23\xa3\x80\x98\x4c\x4c\x84\x7b\x27\xbd\x13\x3f\x77\x3d\x09\xab\x58\x2a\xcf\x5f\x99\x50\xa5\xea\x01\xc5\x90\x64\x29\x60\x78\x83\xe0\x90\xac\xc1\x01\x4e\x67\xc7\xc2\x40\x54\xca\xf9\x2f\x2e\x38\x4e\x88\x3d\xf9\x3d\x91\xb8\x83\x00\x06\x91\xaa\x81\xcf\x91\x49\xd1\x79\xc6\xf0\xd0\xa8\x93\x55\x81\x55\xdd\x6c\x6b\xd1\xba\xd5\x07\x1f\xbd\x38\x8a\xfc\x80\x15\xd8\x5f\xc0\xb2\xe9\xdf\x46\x1e\x68\xda\x52\x79\xa2\xcf\x0f\xb9\x38\x47\x62\x4b\x6d\xac\xd6\xcc\x92\x59\x93\x22\x24\xc6\x89\x6d\x26\xae\x9d\xdf\xc9\xe0\x31\x12\x90\x04\x9d\xd5\xfc\x38\x5f\x15\x62\x1d\x20\x0c\xcf\xf3\x77\x74\xec\xca\x50\xe2\x26\x1f\xed\x40\xfb\xd6\x46\x7f\xbd\xaf\xfb\x5c\x8a\x4e\xc4\x1b\x22\x78\x3d\xa2\xd3\xb6\xe8\xe5\xa1\x17\x60\xc0\x94\xc4\x76\xe1\x6a\x0c\x93\xec\xc3\xf8\xce\x5d\xb5\xca\x26\x80\x85\xdf\xb0\x22\xbf\x22\x30\xc9\x3a\x04\x17\x73\xaf\x17\x98\x0d\x33\x98\x9f\xce\xbe\x46\xc0\x71\x3a\x22\x00\x6a\xef\xa9\x23\xf4\x66\x3d\x41\x5b\xe9\xf8\x5f\x29\x78\x22\xf6\x2c\xc2\xc4\xfe\x8c\x25\x8b\x63\xb5\x27\x86\x77\xd6\x1f\x9e\x20\x4c\xa3\xec\x14\x3e\x45\xff\xca\x81\x3a\xc3\x62\x3b\x8b\x0c\x19\x3c\x71\x1f\x63\x4a\x60\xce\x44\xdd\x34\x2a\x24\x98\x4f\x58\x20\x36\x35\x45\x19\x15\x78\xce\xc9\x42\xd2\x30\x47\x08\x6f\x66\x1e\x06\x0a\x0b\xf7\x05\xe7\x46\xb4\x37\xdd\x9c\x0b\x85\xfe\x3a\x9b\x40\xb9\xf5\x17\x53\x04\x44\xb6\xfd\x5a\x50\x79\x23\x45\xc0\xdc\x16\x25\xb0\xb5\xd8\xb4\x4b\x7b\x71\x92\xfe\x65\x76\x9c\x0b\x19\x02\x8b\x67\x31\xff\xf7\x44\xd7\xf9\x7b\x04\x86\x4a\x9d\x1d\x25\x8c\x5a\x1c\xd4\x26\xb4\x40\xa5\x05\xfd\xaf\x1c\x47\x0b\x46\x6c\x95\x5d\xe1\xd3\xf8\x7a\x73\xc8\xcf\xb5\x71\x64\xa4\x11\x50\xee\xfc\x32\xf5\x27\xf6\x24\xcd\xde\xa3\x14\x2c\xb0\xfc\x4b\x8a\x90\xe4\x91\x1f\xa7\xe9\x15\xdd\x8b\xb0\x33\x01\x9c\xe8\xed\xb7\xc1\xec\xcd\xe7\x70\xf7\x7b\xda\x91\x0c\x50\xcc\xd9\xfc\x12\x41\x0b\xce\xbb\x89\xb0\x0b\x4d\x18\xbb\x99\xbf\xee\x2a\xd9\xb6\x33\x5f\x17\x71\x08\x5b\x0b\x59\x4e\xb2\x56\x46\x46\x63\x01\x4a\xd8\x58\x8e\x25\x32\x2f\x6f\xee\x56\x23\x57\x29\xea\x07\x7a\xd5\x51\x9a\x15\x07\x8e\x15\xa6\x47\x30\x3f\x92\x93\x0f\x19\x44\xb1\xee\x38\x3c\x21\x3a\xd9\xc5\x4b\x81\x3c\x11\x12\xb9\x40\x04\x6d\xcd\xd4\xe4\xb0\xc1\x66\x2a\x41\x16\xb8\x9e\x65\x75\xaf\xae\x66\x6d\xb2\x50\x16\x85\x33\xf3\x51\x1f\x9e\xa2\x3b\xb3\xf0\xf4\xe8\x5c\x95\xd4\x5d\x62\x75\xe0\xd3\x00\xca\x93\x33\xb3\xd1\x0a\x4f\x6f\xc4\xc5\x6c\xd3\x26\x7c\xdd\x5e\x0b\x30\xa9\x2b\x65\x4d\xf9\xc4\x1a\x52\x76\xe3\xcb\x31\x44\x30\xbb\x87\xc7\xbd\x90\x65\x10\x70\xae\x0e\xb8\x3c\xfa\xd8\x7b\x35\xe4\xc7\xbd\x16\x79\x8c\x33\xaf\x4a\x90\x40\x95\x12\x89\x29\xc7\xa4\x70\x49\x20\xee\x87\x0f\x2d\x81\x4e\xec\xd2\x9f\xb5\xb7\x61\x02\xa6\x53\x65\x76\xdf\x88\x5f\x11\x65\xc4\x8b\x1a\x22\x80\xb8\x6d\x05\x60\x6d\xf5\x65\xaa\xa3\xfb\x70\xcc\xc4\x3e\xf9\x6f\xeb\xbd\xaf\x4b\xa8\x82\x31\x52\x28\xf6\xfc\xb5\x4c\xf4\xaf\x08\xd3\x15\x16\xad\xb3\x17\x75\x47\xad\x6a\xab\xcb\x14\x06\xd8\xd1\xcd\x53\x34\xdc\x60\x86\x12\x44\x75\x8c\x79\x7a\x91\x56\x43\x64\xe1\x3b\xe0\x60\x49\x5c\x50\x88\x54\x12\x28\xf8\xa2\x1a\xeb\x0f\xf7\x23\xaf\x8e\xa6\x5c\xc6\x1e\x6a\xe5\x27\x81\x9d\xa7\x1c\x39\x3e\x39\x4a\x77\x16\x2a\x03\x50\x1b\xd0\x58\xc4\x03\xea\x9f\xf4\x0b\x4b\x62\x0a\xd1\xb1\xec\xfb\x9a\xd3\xda\x53\x82\xfa\x6e\x89\xc1\x63\xa6\x1d\xa6\xa5\x04\xfc\x3c\x2a\x89\xaf\xd7\x42\xec\x09\xf2\x39\x78\xc0\x96\x3f\xe9\xb3\x7d\xe1\x61\x67\xae\x93\x67\x8b\xf1\xee\x5c\xe8\xfc\x24\x2b\x17\xe9\xc7\x85\x7d\x80\x57\xdc\x1d\x15\x5b\xb4\x8b\x92\xdd\x49\x2d\x46\x9c\x86\x8a\x6b\x5f\x4b\x08\x41\x13\x32\xb6\x20\x01\x84\xeb\x1a\x10\xbd\x3e\x8b\x21\x10\x30\x0f\xb1\xf6\x4a\x29\xf8\x1c\x72\x29\xac\x20\x2e\x1c\x86\x5b\xa7\xc0\x12\x18\xf2\xe2\xaf\xc9\xe5\x54\xe6\x80\xd6\x59\xaa\x8a\x58\xf2\x09\x76\xa1\x90\x29\x5e\xee\x2e\x34\x8c\x5a\xe3\xd8\x86\xfc\x6b\x98\xe0\x43\x5f\xea\x75\x1a\x23\x9f\xcb\x5b\xdc\xde\x1f\x66\x37\xb5\xc7\x56\xda\x90\x3a\x25\x87\xb9\x21\x20\x81\x9c\xf3\x45\xeb\x5c\x50\xad\xb0\x1e\x1e\x3c\x6b\x2b\x82\x63\xe6\x4b\xec\xf3\xe0\xcc\x91\x1a\x33\xfe\xb4\x93\x6d\x39\xc4\xc7\xa0\x3b\xba\x19\x77\xd2\x51\xe3\xf8\xa8\x91\x58\xb1\x0a\xea\x5a\x4e\x89\xd1\xb6\x2d\xb0\xf1\x51\xc4\xed\x6d\xa1\x76\x50\x45\x1d\x1f\x98\x3f\xb8\xee\x9a\x38\xdb\x3e\xa2\xa7\x50\xaf\x4e\x76\x47\x29\x86\xbc\xfa\xc4\xef\x6d\x4c\x14\xff\x17\xba\x12\x07\x9e\x3f\x35\xfb\x65\x7a\x86\x17\x9c\x2f\xe4\xce\xc3\x2d\x07\x68\x8e\x63\x04\x8d\x48\x86\x44\x5b\x22\x94\x47\x80\x5c\x38\x5b\x53\x9b\x92\x0a\xe2\x9b\x3a\xbb\x48\x7f\xbe\x24\x98\x89\xc2\x0b\x0b\x06\x94\x97\x1d\x81\xbe\xaf\x49\x17\x46\xf0\x76\xfa\x7c\xb1\xff\xce\x13\x93\x26\x9e\x0c\x5d\xa8\xef\xc3\xa5\xd6\x8f\x37\x65\x82\xbd\xc1\x63\x30\xab\xcd\x44\x52\x26\xec\xf7\x24\x6f\x52\xc0\xff\xc1\x7e\xa5\xb5\x63\x27\xe8\xad\x17\x6b\xf9\xd8\x5f\x8a\x24\x79\xc3\xa5\x61\x0f\xd8\x7a\x45\x63\x4e\xcb\xe2\xd6\x98\x25\x7a\x28\x43\xe2\x4b\x39\x7e\x8b\x22\x86\x3c\x29\x72\x9b\x78\xce\xb3\xf3\xa1\x5f\x80\x60\xb5\xe5\x07\x9b\x41\x0b\xa8\xad\xe4\x39\x34\x75\x16\xae\x26\x0d\x23\x4f\x22\xbe\x7d\x85\xe6\x3f\xa0\xaa\xd3\x96\x72\x5d\x1b\x5a\x18\x28\x29\xb2\x1a\x66\x27\x3d\x52\xce\x87\xfc\x6b\x17\x76\x70\x75\xb3\x97\x51\x15\xb2\x09\xba\x0e\xe2\x15\xbb\x26\x97\x66\x56\xf2\x1b\x1c\x1d\x25\xb6\x5a\xd8\x30\xf1", 4096); syscall(SYS_mutate6, /*fd=*/r[0], /*data=*/0x200001c0ul, /*size=*/0x1000ul); break; case 6: memcpy((void*)0x200011c0, "./file0\000", 8); syscall(SYS_mutate_flags, /*filename=*/0x200011c0ul, /*i1=*/0x8001ul, /*b1=*/0, /*flags=*/0x10ul); break; case 7: memcpy((void*)0x20001200, ".\000", 2); syscall(SYS_mutate9, /*filename=*/0x20001200ul); break; case 8: *(uint8_t*)0x20001240 = 9; syscall(SYS_test, /*a0=*/0x20001240ul, /*a1=*/0x2a, 0, 0, 0, 0); break; case 9: memcpy((void*)0x20001280, "\x47\xc5\x24\xbd\xd3\xb2\x46\x0d\xcd\x33\xce\xba\xf3\xfc\xb6\xf6\x12\x39\xba\x80\xe3\x20\xba\x47\xf2\x29\xc2\x25\xbb\x6c\xf1\x98\x09\xb0\x4a\x84\x4b\x3e\xad\xf6\xf2\x92\x5e\x6a\xd6\x26\x1a\xea\xb7\xf4\xa7\x33\x8c\xa3\x3b\xb4\x57\xc0\xf8\xf9\xc0\x2e\x71\xf3\xc7\x15\x4d\x09\xc4\xd2\xfe\x33\x1b\xa9\x58\xc0\xb3\xc1\x74\x91\xd1\x29\x0b\x3f\xd6\x3f\xbb\xd1\xb9\x6d\x30\xea\x70\xcc\x92\xfb\x21\xab\x7c\x49\xae\x98\xc1\x92\xbf\x55\x61\x60\x6e\xad\xaa\xe3\x8b\xdc\x6b\x86\xe1\x72\x39\xc9\x9b\xca\x69\xa2\x4c\x4a\xf0\x0e\xee\x81\xec\xff\xa6\xc4\x39\x28\x57", 137); syscall(SYS_mutate6, /*fd=*/-1, /*data=*/0x20001280ul, /*size=*/0x89ul); break; case 10: memcpy((void*)0x20000000, "{^--\000", 5); sprintf((char*)0x20000040, "%020llu", (long long)0x1f); syz_compare(/*want=*/0x20000000, /*want_len=*/5, /*got=*/0x20000040, /*got_len=*/0x14); break; case 11: syz_compare_int(/*n=*/2, /*v0=*/4, /*v1=*/0x729, 0, 0); break; case 12: syz_errno(/*v=*/5); break; case 13: memcpy((void*)0x20000080, "\xca\x57\xf3\xc4\x8f\xe4\x76\x01\xd9\x3b\x41\xa5\xfc\x16\xf0\x22\xa6\xb4\x07\xd2\xc5\xc2\x01\xc8\x68\xbd\x0e\xf2\xa6\xdb\x68\xa9\x3c\x16\xa1\x16\x0a\x6f\xed\x52\x5e\xb4\xfc\x61\x85\xa1\xcf\xf2\x53\x90", 50); syz_execute_func(/*text=*/0x20000080); break; case 14: syz_exit(/*status=*/2); break; case 15: syz_mmap(/*addr=*/0x20ffc000, /*len=*/0x3000); break; case 16: syz_sleep_ms(/*ms=*/4); break; case 17: syz_test_fuzzer1(/*a=*/7, /*b=*/5, /*c=*/4); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :317:3: error: call to undeclared function 'syscall'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x2a, 0, 0, 0, 0); ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor2259944901 -DGOOS_test=1 -DGOARCH_64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fno-exceptions] --- FAIL: TestGenerate/test/64/5 (1.16s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: test$length28(&(0x7f0000000000)=@f1=0x2, 0x2a) (fail_nth: 1) test$r102_consumer_recur(&(0x7f0000000080)={&(0x7f0000000040)}) (async) test$output_res(&(0x7f00000000c0)) (rerun: 4) syz_compare(&(0x7f0000000100)='\xe2.+##\x00', 0x6, &(0x7f0000000140)=@bf8={0x7, {0x55, 0x5, 0x6}}, 0x8) r0 = mutate5(&(0x7f0000000180)='./file0\x00', 0xcdcdcdcd) mutate6(r0, &(0x7f00000001c0)="f6bd0e7f514ee57f35cc826099ddd7104ee9e1b2a58e9d4ea62c580c616ce50b9f54c84fa45c5f6c319dc42e82257ee64714e1b48656e7dc8e6ae9d8e2ec412a9e7bc176366251361d1f94f2fd07d1ed7e47f515bd8eae23f0daf969365bcc9c3a59ee99e8d766525ed676b39597a47e83c69c50f56dab45ab282b5bc202819b341fd68dfcf5936597bf2a902a3d4e4d0bfae375d0a668771eac256e1a689809c4de2088029d7130f4e5484b6f3b9b352fc98ce0fd9823daf74e12070f8bab901fb3122d1270993d9162668072867889c92228aa50ee00bdfa1a0ea01500d0a915ced48862a6b8f2855be4165ac9ee685471da4832c4d19ae29f8b4c38ecec4a232901885685de65846ed03358db05317ae3757bb4da46085d8773d0deb444a1566bcbe52654e0df704c9ce6a2783df78c3f6b16fc51cf3f94894c099d8b0575b3879d83911472beab1d2f6ccfc0640419bf2223dfc31fb1fa13571c60c5ab4189e0dcca05e5ee29faab57f5dd3d91a26e5f5f4f41cb89568f8a593d3e343c7f571a2fc2e3705902159c40655fb8479a88064740f22688fc5ff81e6276c4b7967baf9c50b1e049a10f37bc4226f670bbbe6d5f4533f0610c130243c6159deab6fd37364ab5dc135988eb3e604049674feca94a5e766179d1aba0de25d64ebf8263b7f8e3eb971b13d2561391777862cde0a879911b57eef2db92d7e44c3ac045c4b02d40f117f51132772d87c930122e30be249e84d14cb125c536678484be1dc8c984595ee2d79035e2a34769b70c8c1036fdc17f53e018c560aae68495cff2a47d066a850fac3590c04925ef084c152751f22abe115f19a00807bf8362425ac1273f7371c542557d7d73f1fa38d6f92b6a938258a234955552b7b962c24830f737af04aca037bbf353b9db62bc1a849339ceb619cb4de76cff742352a1e3e5154a7c7ea3435ca61bf4ea1c6a48b235dd70c459de5f033a7c09a0f29ef392ab14ac06471c9943c0e38ab5d85eb91b6d7c99882cb76021bf81b3460063c1e49c6ec237465409c71090d5300862249cca7c472dc98a530f3abff8c42dfa0f8227ac01317b2e8d88e3d823dd4620e76ff00e51912ad914f2ec60447e3c1275c132e142ec370f1e0fde138c46a9eefc0d8840f073d4485e9fd1aa4383b9473a60215be4be5f6737466573aa7705af72fe23637fc5382f57a98fd51b0d8112dc536f3e28da49b09d77e387713b5f9a8994bc3d36a2f44db8cd9fdcf04e51a53fd92c64f650b9d63981a5e1f2395a319fbad46f634dac567be0cc44405d57676832ce0b31bc60ca8b8af9049b6c44e4b6a5fca4376d5b42c3f457b973114be216893b16b93bca3fcd88fde5d4ff7e302f96010a74fc4813a6efd24b3cc7f30d9b387388ac5c6c9d1163365cc219a6b9aa5c6da2b603296cdc052608af38a6cd19ba177a1898dea9d4f51f717c3aeb236acb40940b47646c90999be61beaf2e30a9e6c28459b4606ed6d7ad89ea5bf867ac4addb2ba1629989efba7ef1b11cf8ae7f703f38d45e6c63717228bdd4fa31aa0841cad476d9b7562a21f74a8fc33f70b7c3d490bfb74f2469db0702a3d7b2240a832e63c75f1afd4e9ca9bed8c0e359a65c85c19000d6254803828038b809b2cce96262b7cf0db65147068cd8bdef00925f5275cdd3bb03b1718c8e664c5fb47d591ffe5b7a712aa52b010c5befa726106724e4abdf21841972d42c640b83b80fb4a5a93c946c7363de509d8d6241785f8d38b979a8e94a62e32604182ab0281fccac56627538eaf8cf36d0e56b479c8f72b71e35a76cc982201bf3cba3ee7f4f98883f72763dac0e7228126fd8deb615dfed9a5363feaf517d259bf449acff771b06b07253a628acee2e1e9f08806a1632701372f56c61997f90aefa14419478fcb86c015fb27b9e316aedebce0ab4d1b442fb50a4673f3a0245d491afabae61c61465ba98cb4211c920863fb64c7356ecc51b9bd67d29db6229f068c7bcf1e2e74df896d85f75f7f346053980f269d427ce21c21f07531bc5f17d918830ee23f5de18aefd2a6493868d9a0f7828b224bb82f9470c18e80e2c9c3d6bf6783ce24d9dc6d8f997ef23f663227e0a4b5de474aaf66212cdee1944d089f8be01fb4dcff08665cf24c916a724835b7f92e2f62bfe68b72d01c2e3fd6ba215c921ed9934aa247a776a61203b942c3eaeb978ba6552c409b144c6aaf44628909f0874b71f54e9e2660aee829cb9ed8f01e4e57200c7621c0f64095f08b147c458b2ddd8b9e9733cdfd27187a22fc955c72efcacf314504baa33a89a0fada5d80f39d5f466c08a60bd3501db201d30c775b9491b890bafabc18539bce967c645c63110213217677d345f6ce45954db0c60763b61211f2257023cd1e820b11a006b2afbaa9efb44fa7975317513108041d0f8e7b1f7869ecffe2193409a893071c19c3335531e4a5962096685b7eb75fd4f501f98680f2ec7ae1ee0f2a6769cdb87bc174747d662c670c81f351fd0a847e7bf935aa045be5920d2d53ba3358ad0ba340f3c152959e32857a6eee509c691bdf03254bd1855039bfb83d4f568f838c266c82d600e8e587525a7a5fb92d48ad1176702f0d9cd92ccb16cd1a9a0d1173f2904b11e572ad855f95cd995d997b20cf5424f8fd71e1aa9a85492a396fb6c43467d94353287c68957411bc3211c7db7c64eb5e20014ed5e6d867e01bc127973743165213a7e0252e93227ea0707cec631484391458a5cea95f9ec75084eef4df5ef371a8e21810a7dda02530d9de90b1ffcb0ed9a4ce962b9b033bbe8a130ec7f5aaec55d41369b40335c6121c9e7be35f31ffb6eb920d68be4c9afa7533dba403206e661a507272416d338acb01ccdf1903f16689981cdc3e4e4279d623077d6e28939b9f3bc8485655bc83e4402f96d58cabe0f7166fb1165d38a2275bd0af9d280f284f14f9b8a1f7a3818e70383204b3dd85771a026643eec76848a938ccd6537f3773f9db696c813f52dfb51a922202faf870e57d918dd594437ef61d4fa8e76f9b35196850bc89026cfd5a925bc01e3e6f93b380b50023661ebb2bb852c7d6e0acce37af84cef2238ee4b135e58e6312c84568d675c493ad932cc6081a309012d0582692e5b1d9c1b3e5d151d4aa2e24c6adaccb4b318eab0f8e6ac23e114627077fb091f6394d051ebaf16e9369be3b9750802bcd4fc1cc427678f18cf56253762ecee8042703e1d8ab4b4b3f6a2542508b9a744f80c368552ac1c47c99b2f3b5b6312f7fe39f8f4a7de33295f87da0fd789f2de17c600e4f9af069f2da2abe90968d36f62971dbeff1fc50d29923b8f204c9f6e7b7cc5f0d4f36fbf9b6792143a1de26945995ebc1ecc71522027057cb1d160708cd16c4880fdb685b95e3659096b37ae7f06c2630bc9ac51064e4c8f4eb7ec9109e0bef91f07970feee962f27551b15eb2f5fdc8367683d3ed2e6e48d75eaf2c641e98c30a068b3d620a0588565cac86c335de1470e5d955c3f298d84b202b1183edc03216aaa15c9bded714d4316323f6cedb0ccc769e727296f76285655976a6e2968c6365238a1b9bbd1d37785aeceefce724cbf52dc06113e76ac1bfd6847a2ee5466b7a02aaa22ebce2468ac3251ffb6044223cb83b437989ca8744c5cba732f4e095d7cab2840d4d37510e243211742721aee06e3b924c9e1aa3293f5f532b46c5123cda053f2f789c352873c4844fb472a1f0c16050da7dfbadbbeaa64e2ac1fc1f4f434835a961be706d55e5d5e799aa8d83f723de841d45ca6f6649145390e4d8c8d3a6248641d0809e5376b18318d6e0228bb75a2bc1b9631678159c9f6b8252c90250382521e588751545f47714c6bf5cb0ad5d92ba8d97ae35c4641d7a1503d1b9d3e43aeb4c2ae1a537da14149007bfd05d5e7fc5d04f0c3cb3262c30c7be88fbcaf0e1a0c346005da665c81a85d877c47c714dc84174c5dfb73529d519f12b77d0c96240eced2aee31a2174923a380984c4c847b27bd133f773d09ab582acf5f9950a5ea01c5906429607883e090acc1014e67c7c24054caf92f2e384e883df93d91b883000691aa81cf9149d179c6f0d0a893558155dd6c6bd1bad5071fbd388afc8015d85fc0b2e9df461e68da5279a2cf0fb93847624b6dacd6cc9259932224c6896d26ae9ddfc9e0311290049dd5fc385f15621d200ccff37774ecca50e2261fed40fbd6467fbdaffb5c8a4ec41b22783da2d3b6e8e5a11760c094c476e16a0c93ecc3f8ce5db5ca268085dfb022bf2230c93a041773af17980d33989fcebe46c0713a22006aefa923f4663d415be9f85f297822f62cc2c4fe8c258b63b5278677d61f9e204ca3ec143e45ffca813ac3623b8b0c193c711f634a60ce44dd342a24984f5820363545191578cec942d23047086f661e060a0bf705e746b437dd9c0b85fe3a9b40b9f517530444b6fd5a50792345c0dc1625b0b5d8b44b7b7192fe65769c0b19028b6731fff744d7f97b04864a9d1d258c5a1cd426b440a505fdaf1c470b466c955de1d3f87a73c8cfb57164a41150eefc32f527f624cddea3142cb0fc4b8a90e4911fa7e915dd8bb033019ce8edb7c1eccde770f77bda910c50ccd9fc12410bcebb89b00b4d18bb99bfee2ad9b6335f1771085b0b594eb256464663014ad8588e25322f6fee56235729ea077ad5519a15078e15a647303f92930f1944b1ee383c213ad9c54b813c1112b940046dcdd4e4b0c1662a4116b89e6575afae666db250168533f3511f9ea23bb3f0f4e85c95d45d6275e0d300ca9333b3d10a4f6fc4c56cd3267cdd5e0b30a92b654df9c41a5276e3cb314430bb87c7bd90651070ae0eb83cfad87b35e4c7bd16798c33af4a904095128929c7a4704920ee870f2d814eecd29fb5b76102a6536576df885f1165c48b1a2280b86d05606df565aaa3fb70ccc43ef96febbdaf4ba882315228f6fcb54cf4af08d31516adb3177547ad6aabcb1406d8d1cd5334dc60861244758c797a91564364e13be060495c5088541228f8a21aeb0ff723af8ea65cc61e6ae527819da71c393e394a77162a03501bd058c403ea9ff40b4b620ad1b1ecfb9ad3da5382fa6e89c163a61da6a504fc3c2a89afd742ec09f23978c0963fe9b37de16167ae93678bf1ee5ce8fc242b17e9c7857d8057dc1d155bb48b92dd492d469c868a6b5f4b08411332b6200184eb1a10bd3e8b2110300fb1f64a29f81c7229ac202e1c865ba7c01218f2e2afc9e554e680d659aa8a58f20976a190295eee2e348c5ae3d886fc6b98e0435fea751a239fcb5bdcde1f6637b5c756da903a2587b92120819cf345eb5c50adb01e1e3c6b2b8263e64becf3e0cc911a33feb4936d39c4c7a03bba1977d251e3f8a89158b10aea5a4e89d1b62db0f151c4ed6da17650451d1f983fb8ee9a38db3ea2a750af4e76472986bcfac4ef6d4c14ff17ba12079e3f35fb657a86179c2fe4cec32d07688e63048d4886445b229447805c385b539b920ae29b3abb487fbe249889c20b0b0694971d81beaf491746f076fa7cb1ffce1393269e0c5da8efc3a5d68f376582bdc16330abcd445226ecf7246f52c0ffc17ea5b56327e8ad176bf9d85f8a2479c3a5610fd87a45634ecbe2d698257a2843e24b397e8b22863c29729b78ceb3f3a15f8060b5e5079b410ba8ade439347516ae260d234f22be7d85e63fa0aad396725d1b5a182829b21a66273d52ce87fc6b17767075b3975115b209ba0ee215bb26976656f21b1c1d25b65ad830f1", 0x1000) mutate_flags(&(0x7f00000011c0)='./file0\x00', 0x8001, 0x0, 0x10) mutate9(&(0x7f0000001200)='.\x00') test$length28(&(0x7f0000001240)=@f1=0x9, 0x2a) mutate6(0xffffffffffffffff, &(0x7f0000001280)="47c524bdd3b2460dcd33cebaf3fcb6f61239ba80e320ba47f229c225bb6cf19809b04a844b3eadf6f2925e6ad6261aeab7f4a7338ca33bb457c0f8f9c02e71f3c7154d09c4d2fe331ba958c0b3c17491d1290b3fd63fbbd1b96d30ea70cc92fb21ab7c49ae98c192bf5561606eadaae38bdc6b86e17239c99bca69a24c4af00eee81ecffa6c4392857", 0x89) syz_compare(&(0x7f0000000000)='{^--\x00', 0x5, &(0x7f0000000040)=@fmt1=0x1f, 0x14) syz_compare_int$2(0x2, 0x4, 0x729) syz_errno(0x5) syz_execute_func(&(0x7f0000000080)="ca57f3c48fe47601d93b41a5fc16f022a6b407d2c5c201c868bd0ef2a6db68a93c16a1160a6fed525eb4fc6185a1cff25390") syz_exit(0x2) syz_mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000) syz_sleep_ms(0x4) syz_test_fuzzer1(0x7, 0x5, 0x4) csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #ifndef SYS_mutate5 #define SYS_mutate5 0 #endif #ifndef SYS_mutate6 #define SYS_mutate6 0 #endif #ifndef SYS_mutate9 #define SYS_mutate9 0 #endif #ifndef SYS_mutate_flags #define SYS_mutate_flags 0 #endif #ifndef SYS_test #define SYS_test 0 #endif static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static void fake_crash(const char* name) { exit(1); exit(1); } static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) { if (a == 1 && b == 1 && c == 1) fake_crash("first bug"); if (a == 1 && b == 2 && c == 3) fake_crash("second bug"); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 18; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[1] = {0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint8_t*)0x20000000 = 2; inject_fault(1); syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x2a, 0, 0, 0, 0); break; case 1: *(uint64_t*)0x20000080 = 0x20000040; *(uint32_t*)0x20000040 = 0; syscall(SYS_test, /*a=*/0x20000080ul, 0, 0, 0, 0, 0); break; case 2: syscall(SYS_test, /*arg=*/0x200000c0ul, 0, 0, 0, 0, 0); { int i; for(i = 0; i < 4; i++) { syscall(SYS_test, /*arg=*/0x200000c0ul, 0, 0, 0, 0, 0); } } break; case 3: memcpy((void*)0x20000100, "\342.+##\000", 6); *(uint8_t*)0x20000140 = 7; *(uint8_t*)0x20000144 = 0x55; STORE_BY_BITMASK(uint32_t, , 0x20000144, 5, 8, 4); STORE_BY_BITMASK(uint16_t, , 0x20000144, 6, 12, 4); syz_compare(/*want=*/0x20000100, /*want_len=*/6, /*got=*/0x20000140, /*got_len=*/8); break; case 4: memcpy((void*)0x20000180, "./file0\000", 8); res = syscall(SYS_mutate5, /*filename=*/0x20000180ul, /*flags=*/0xcdcdcdcdul); if (res != -1) r[0] = res; break; case 5: memcpy((void*)0x200001c0, "\xf6\xbd\x0e\x7f\x51\x4e\xe5\x7f\x35\xcc\x82\x60\x99\xdd\xd7\x10\x4e\xe9\xe1\xb2\xa5\x8e\x9d\x4e\xa6\x2c\x58\x0c\x61\x6c\xe5\x0b\x9f\x54\xc8\x4f\xa4\x5c\x5f\x6c\x31\x9d\xc4\x2e\x82\x25\x7e\xe6\x47\x14\xe1\xb4\x86\x56\xe7\xdc\x8e\x6a\xe9\xd8\xe2\xec\x41\x2a\x9e\x7b\xc1\x76\x36\x62\x51\x36\x1d\x1f\x94\xf2\xfd\x07\xd1\xed\x7e\x47\xf5\x15\xbd\x8e\xae\x23\xf0\xda\xf9\x69\x36\x5b\xcc\x9c\x3a\x59\xee\x99\xe8\xd7\x66\x52\x5e\xd6\x76\xb3\x95\x97\xa4\x7e\x83\xc6\x9c\x50\xf5\x6d\xab\x45\xab\x28\x2b\x5b\xc2\x02\x81\x9b\x34\x1f\xd6\x8d\xfc\xf5\x93\x65\x97\xbf\x2a\x90\x2a\x3d\x4e\x4d\x0b\xfa\xe3\x75\xd0\xa6\x68\x77\x1e\xac\x25\x6e\x1a\x68\x98\x09\xc4\xde\x20\x88\x02\x9d\x71\x30\xf4\xe5\x48\x4b\x6f\x3b\x9b\x35\x2f\xc9\x8c\xe0\xfd\x98\x23\xda\xf7\x4e\x12\x07\x0f\x8b\xab\x90\x1f\xb3\x12\x2d\x12\x70\x99\x3d\x91\x62\x66\x80\x72\x86\x78\x89\xc9\x22\x28\xaa\x50\xee\x00\xbd\xfa\x1a\x0e\xa0\x15\x00\xd0\xa9\x15\xce\xd4\x88\x62\xa6\xb8\xf2\x85\x5b\xe4\x16\x5a\xc9\xee\x68\x54\x71\xda\x48\x32\xc4\xd1\x9a\xe2\x9f\x8b\x4c\x38\xec\xec\x4a\x23\x29\x01\x88\x56\x85\xde\x65\x84\x6e\xd0\x33\x58\xdb\x05\x31\x7a\xe3\x75\x7b\xb4\xda\x46\x08\x5d\x87\x73\xd0\xde\xb4\x44\xa1\x56\x6b\xcb\xe5\x26\x54\xe0\xdf\x70\x4c\x9c\xe6\xa2\x78\x3d\xf7\x8c\x3f\x6b\x16\xfc\x51\xcf\x3f\x94\x89\x4c\x09\x9d\x8b\x05\x75\xb3\x87\x9d\x83\x91\x14\x72\xbe\xab\x1d\x2f\x6c\xcf\xc0\x64\x04\x19\xbf\x22\x23\xdf\xc3\x1f\xb1\xfa\x13\x57\x1c\x60\xc5\xab\x41\x89\xe0\xdc\xca\x05\xe5\xee\x29\xfa\xab\x57\xf5\xdd\x3d\x91\xa2\x6e\x5f\x5f\x4f\x41\xcb\x89\x56\x8f\x8a\x59\x3d\x3e\x34\x3c\x7f\x57\x1a\x2f\xc2\xe3\x70\x59\x02\x15\x9c\x40\x65\x5f\xb8\x47\x9a\x88\x06\x47\x40\xf2\x26\x88\xfc\x5f\xf8\x1e\x62\x76\xc4\xb7\x96\x7b\xaf\x9c\x50\xb1\xe0\x49\xa1\x0f\x37\xbc\x42\x26\xf6\x70\xbb\xbe\x6d\x5f\x45\x33\xf0\x61\x0c\x13\x02\x43\xc6\x15\x9d\xea\xb6\xfd\x37\x36\x4a\xb5\xdc\x13\x59\x88\xeb\x3e\x60\x40\x49\x67\x4f\xec\xa9\x4a\x5e\x76\x61\x79\xd1\xab\xa0\xde\x25\xd6\x4e\xbf\x82\x63\xb7\xf8\xe3\xeb\x97\x1b\x13\xd2\x56\x13\x91\x77\x78\x62\xcd\xe0\xa8\x79\x91\x1b\x57\xee\xf2\xdb\x92\xd7\xe4\x4c\x3a\xc0\x45\xc4\xb0\x2d\x40\xf1\x17\xf5\x11\x32\x77\x2d\x87\xc9\x30\x12\x2e\x30\xbe\x24\x9e\x84\xd1\x4c\xb1\x25\xc5\x36\x67\x84\x84\xbe\x1d\xc8\xc9\x84\x59\x5e\xe2\xd7\x90\x35\xe2\xa3\x47\x69\xb7\x0c\x8c\x10\x36\xfd\xc1\x7f\x53\xe0\x18\xc5\x60\xaa\xe6\x84\x95\xcf\xf2\xa4\x7d\x06\x6a\x85\x0f\xac\x35\x90\xc0\x49\x25\xef\x08\x4c\x15\x27\x51\xf2\x2a\xbe\x11\x5f\x19\xa0\x08\x07\xbf\x83\x62\x42\x5a\xc1\x27\x3f\x73\x71\xc5\x42\x55\x7d\x7d\x73\xf1\xfa\x38\xd6\xf9\x2b\x6a\x93\x82\x58\xa2\x34\x95\x55\x52\xb7\xb9\x62\xc2\x48\x30\xf7\x37\xaf\x04\xac\xa0\x37\xbb\xf3\x53\xb9\xdb\x62\xbc\x1a\x84\x93\x39\xce\xb6\x19\xcb\x4d\xe7\x6c\xff\x74\x23\x52\xa1\xe3\xe5\x15\x4a\x7c\x7e\xa3\x43\x5c\xa6\x1b\xf4\xea\x1c\x6a\x48\xb2\x35\xdd\x70\xc4\x59\xde\x5f\x03\x3a\x7c\x09\xa0\xf2\x9e\xf3\x92\xab\x14\xac\x06\x47\x1c\x99\x43\xc0\xe3\x8a\xb5\xd8\x5e\xb9\x1b\x6d\x7c\x99\x88\x2c\xb7\x60\x21\xbf\x81\xb3\x46\x00\x63\xc1\xe4\x9c\x6e\xc2\x37\x46\x54\x09\xc7\x10\x90\xd5\x30\x08\x62\x24\x9c\xca\x7c\x47\x2d\xc9\x8a\x53\x0f\x3a\xbf\xf8\xc4\x2d\xfa\x0f\x82\x27\xac\x01\x31\x7b\x2e\x8d\x88\xe3\xd8\x23\xdd\x46\x20\xe7\x6f\xf0\x0e\x51\x91\x2a\xd9\x14\xf2\xec\x60\x44\x7e\x3c\x12\x75\xc1\x32\xe1\x42\xec\x37\x0f\x1e\x0f\xde\x13\x8c\x46\xa9\xee\xfc\x0d\x88\x40\xf0\x73\xd4\x48\x5e\x9f\xd1\xaa\x43\x83\xb9\x47\x3a\x60\x21\x5b\xe4\xbe\x5f\x67\x37\x46\x65\x73\xaa\x77\x05\xaf\x72\xfe\x23\x63\x7f\xc5\x38\x2f\x57\xa9\x8f\xd5\x1b\x0d\x81\x12\xdc\x53\x6f\x3e\x28\xda\x49\xb0\x9d\x77\xe3\x87\x71\x3b\x5f\x9a\x89\x94\xbc\x3d\x36\xa2\xf4\x4d\xb8\xcd\x9f\xdc\xf0\x4e\x51\xa5\x3f\xd9\x2c\x64\xf6\x50\xb9\xd6\x39\x81\xa5\xe1\xf2\x39\x5a\x31\x9f\xba\xd4\x6f\x63\x4d\xac\x56\x7b\xe0\xcc\x44\x40\x5d\x57\x67\x68\x32\xce\x0b\x31\xbc\x60\xca\x8b\x8a\xf9\x04\x9b\x6c\x44\xe4\xb6\xa5\xfc\xa4\x37\x6d\x5b\x42\xc3\xf4\x57\xb9\x73\x11\x4b\xe2\x16\x89\x3b\x16\xb9\x3b\xca\x3f\xcd\x88\xfd\xe5\xd4\xff\x7e\x30\x2f\x96\x01\x0a\x74\xfc\x48\x13\xa6\xef\xd2\x4b\x3c\xc7\xf3\x0d\x9b\x38\x73\x88\xac\x5c\x6c\x9d\x11\x63\x36\x5c\xc2\x19\xa6\xb9\xaa\x5c\x6d\xa2\xb6\x03\x29\x6c\xdc\x05\x26\x08\xaf\x38\xa6\xcd\x19\xba\x17\x7a\x18\x98\xde\xa9\xd4\xf5\x1f\x71\x7c\x3a\xeb\x23\x6a\xcb\x40\x94\x0b\x47\x64\x6c\x90\x99\x9b\xe6\x1b\xea\xf2\xe3\x0a\x9e\x6c\x28\x45\x9b\x46\x06\xed\x6d\x7a\xd8\x9e\xa5\xbf\x86\x7a\xc4\xad\xdb\x2b\xa1\x62\x99\x89\xef\xba\x7e\xf1\xb1\x1c\xf8\xae\x7f\x70\x3f\x38\xd4\x5e\x6c\x63\x71\x72\x28\xbd\xd4\xfa\x31\xaa\x08\x41\xca\xd4\x76\xd9\xb7\x56\x2a\x21\xf7\x4a\x8f\xc3\x3f\x70\xb7\xc3\xd4\x90\xbf\xb7\x4f\x24\x69\xdb\x07\x02\xa3\xd7\xb2\x24\x0a\x83\x2e\x63\xc7\x5f\x1a\xfd\x4e\x9c\xa9\xbe\xd8\xc0\xe3\x59\xa6\x5c\x85\xc1\x90\x00\xd6\x25\x48\x03\x82\x80\x38\xb8\x09\xb2\xcc\xe9\x62\x62\xb7\xcf\x0d\xb6\x51\x47\x06\x8c\xd8\xbd\xef\x00\x92\x5f\x52\x75\xcd\xd3\xbb\x03\xb1\x71\x8c\x8e\x66\x4c\x5f\xb4\x7d\x59\x1f\xfe\x5b\x7a\x71\x2a\xa5\x2b\x01\x0c\x5b\xef\xa7\x26\x10\x67\x24\xe4\xab\xdf\x21\x84\x19\x72\xd4\x2c\x64\x0b\x83\xb8\x0f\xb4\xa5\xa9\x3c\x94\x6c\x73\x63\xde\x50\x9d\x8d\x62\x41\x78\x5f\x8d\x38\xb9\x79\xa8\xe9\x4a\x62\xe3\x26\x04\x18\x2a\xb0\x28\x1f\xcc\xac\x56\x62\x75\x38\xea\xf8\xcf\x36\xd0\xe5\x6b\x47\x9c\x8f\x72\xb7\x1e\x35\xa7\x6c\xc9\x82\x20\x1b\xf3\xcb\xa3\xee\x7f\x4f\x98\x88\x3f\x72\x76\x3d\xac\x0e\x72\x28\x12\x6f\xd8\xde\xb6\x15\xdf\xed\x9a\x53\x63\xfe\xaf\x51\x7d\x25\x9b\xf4\x49\xac\xff\x77\x1b\x06\xb0\x72\x53\xa6\x28\xac\xee\x2e\x1e\x9f\x08\x80\x6a\x16\x32\x70\x13\x72\xf5\x6c\x61\x99\x7f\x90\xae\xfa\x14\x41\x94\x78\xfc\xb8\x6c\x01\x5f\xb2\x7b\x9e\x31\x6a\xed\xeb\xce\x0a\xb4\xd1\xb4\x42\xfb\x50\xa4\x67\x3f\x3a\x02\x45\xd4\x91\xaf\xab\xae\x61\xc6\x14\x65\xba\x98\xcb\x42\x11\xc9\x20\x86\x3f\xb6\x4c\x73\x56\xec\xc5\x1b\x9b\xd6\x7d\x29\xdb\x62\x29\xf0\x68\xc7\xbc\xf1\xe2\xe7\x4d\xf8\x96\xd8\x5f\x75\xf7\xf3\x46\x05\x39\x80\xf2\x69\xd4\x27\xce\x21\xc2\x1f\x07\x53\x1b\xc5\xf1\x7d\x91\x88\x30\xee\x23\xf5\xde\x18\xae\xfd\x2a\x64\x93\x86\x8d\x9a\x0f\x78\x28\xb2\x24\xbb\x82\xf9\x47\x0c\x18\xe8\x0e\x2c\x9c\x3d\x6b\xf6\x78\x3c\xe2\x4d\x9d\xc6\xd8\xf9\x97\xef\x23\xf6\x63\x22\x7e\x0a\x4b\x5d\xe4\x74\xaa\xf6\x62\x12\xcd\xee\x19\x44\xd0\x89\xf8\xbe\x01\xfb\x4d\xcf\xf0\x86\x65\xcf\x24\xc9\x16\xa7\x24\x83\x5b\x7f\x92\xe2\xf6\x2b\xfe\x68\xb7\x2d\x01\xc2\xe3\xfd\x6b\xa2\x15\xc9\x21\xed\x99\x34\xaa\x24\x7a\x77\x6a\x61\x20\x3b\x94\x2c\x3e\xae\xb9\x78\xba\x65\x52\xc4\x09\xb1\x44\xc6\xaa\xf4\x46\x28\x90\x9f\x08\x74\xb7\x1f\x54\xe9\xe2\x66\x0a\xee\x82\x9c\xb9\xed\x8f\x01\xe4\xe5\x72\x00\xc7\x62\x1c\x0f\x64\x09\x5f\x08\xb1\x47\xc4\x58\xb2\xdd\xd8\xb9\xe9\x73\x3c\xdf\xd2\x71\x87\xa2\x2f\xc9\x55\xc7\x2e\xfc\xac\xf3\x14\x50\x4b\xaa\x33\xa8\x9a\x0f\xad\xa5\xd8\x0f\x39\xd5\xf4\x66\xc0\x8a\x60\xbd\x35\x01\xdb\x20\x1d\x30\xc7\x75\xb9\x49\x1b\x89\x0b\xaf\xab\xc1\x85\x39\xbc\xe9\x67\xc6\x45\xc6\x31\x10\x21\x32\x17\x67\x7d\x34\x5f\x6c\xe4\x59\x54\xdb\x0c\x60\x76\x3b\x61\x21\x1f\x22\x57\x02\x3c\xd1\xe8\x20\xb1\x1a\x00\x6b\x2a\xfb\xaa\x9e\xfb\x44\xfa\x79\x75\x31\x75\x13\x10\x80\x41\xd0\xf8\xe7\xb1\xf7\x86\x9e\xcf\xfe\x21\x93\x40\x9a\x89\x30\x71\xc1\x9c\x33\x35\x53\x1e\x4a\x59\x62\x09\x66\x85\xb7\xeb\x75\xfd\x4f\x50\x1f\x98\x68\x0f\x2e\xc7\xae\x1e\xe0\xf2\xa6\x76\x9c\xdb\x87\xbc\x17\x47\x47\xd6\x62\xc6\x70\xc8\x1f\x35\x1f\xd0\xa8\x47\xe7\xbf\x93\x5a\xa0\x45\xbe\x59\x20\xd2\xd5\x3b\xa3\x35\x8a\xd0\xba\x34\x0f\x3c\x15\x29\x59\xe3\x28\x57\xa6\xee\xe5\x09\xc6\x91\xbd\xf0\x32\x54\xbd\x18\x55\x03\x9b\xfb\x83\xd4\xf5\x68\xf8\x38\xc2\x66\xc8\x2d\x60\x0e\x8e\x58\x75\x25\xa7\xa5\xfb\x92\xd4\x8a\xd1\x17\x67\x02\xf0\xd9\xcd\x92\xcc\xb1\x6c\xd1\xa9\xa0\xd1\x17\x3f\x29\x04\xb1\x1e\x57\x2a\xd8\x55\xf9\x5c\xd9\x95\xd9\x97\xb2\x0c\xf5\x42\x4f\x8f\xd7\x1e\x1a\xa9\xa8\x54\x92\xa3\x96\xfb\x6c\x43\x46\x7d\x94\x35\x32\x87\xc6\x89\x57\x41\x1b\xc3\x21\x1c\x7d\xb7\xc6\x4e\xb5\xe2\x00\x14\xed\x5e\x6d\x86\x7e\x01\xbc\x12\x79\x73\x74\x31\x65\x21\x3a\x7e\x02\x52\xe9\x32\x27\xea\x07\x07\xce\xc6\x31\x48\x43\x91\x45\x8a\x5c\xea\x95\xf9\xec\x75\x08\x4e\xef\x4d\xf5\xef\x37\x1a\x8e\x21\x81\x0a\x7d\xda\x02\x53\x0d\x9d\xe9\x0b\x1f\xfc\xb0\xed\x9a\x4c\xe9\x62\xb9\xb0\x33\xbb\xe8\xa1\x30\xec\x7f\x5a\xae\xc5\x5d\x41\x36\x9b\x40\x33\x5c\x61\x21\xc9\xe7\xbe\x35\xf3\x1f\xfb\x6e\xb9\x20\xd6\x8b\xe4\xc9\xaf\xa7\x53\x3d\xba\x40\x32\x06\xe6\x61\xa5\x07\x27\x24\x16\xd3\x38\xac\xb0\x1c\xcd\xf1\x90\x3f\x16\x68\x99\x81\xcd\xc3\xe4\xe4\x27\x9d\x62\x30\x77\xd6\xe2\x89\x39\xb9\xf3\xbc\x84\x85\x65\x5b\xc8\x3e\x44\x02\xf9\x6d\x58\xca\xbe\x0f\x71\x66\xfb\x11\x65\xd3\x8a\x22\x75\xbd\x0a\xf9\xd2\x80\xf2\x84\xf1\x4f\x9b\x8a\x1f\x7a\x38\x18\xe7\x03\x83\x20\x4b\x3d\xd8\x57\x71\xa0\x26\x64\x3e\xec\x76\x84\x8a\x93\x8c\xcd\x65\x37\xf3\x77\x3f\x9d\xb6\x96\xc8\x13\xf5\x2d\xfb\x51\xa9\x22\x20\x2f\xaf\x87\x0e\x57\xd9\x18\xdd\x59\x44\x37\xef\x61\xd4\xfa\x8e\x76\xf9\xb3\x51\x96\x85\x0b\xc8\x90\x26\xcf\xd5\xa9\x25\xbc\x01\xe3\xe6\xf9\x3b\x38\x0b\x50\x02\x36\x61\xeb\xb2\xbb\x85\x2c\x7d\x6e\x0a\xcc\xe3\x7a\xf8\x4c\xef\x22\x38\xee\x4b\x13\x5e\x58\xe6\x31\x2c\x84\x56\x8d\x67\x5c\x49\x3a\xd9\x32\xcc\x60\x81\xa3\x09\x01\x2d\x05\x82\x69\x2e\x5b\x1d\x9c\x1b\x3e\x5d\x15\x1d\x4a\xa2\xe2\x4c\x6a\xda\xcc\xb4\xb3\x18\xea\xb0\xf8\xe6\xac\x23\xe1\x14\x62\x70\x77\xfb\x09\x1f\x63\x94\xd0\x51\xeb\xaf\x16\xe9\x36\x9b\xe3\xb9\x75\x08\x02\xbc\xd4\xfc\x1c\xc4\x27\x67\x8f\x18\xcf\x56\x25\x37\x62\xec\xee\x80\x42\x70\x3e\x1d\x8a\xb4\xb4\xb3\xf6\xa2\x54\x25\x08\xb9\xa7\x44\xf8\x0c\x36\x85\x52\xac\x1c\x47\xc9\x9b\x2f\x3b\x5b\x63\x12\xf7\xfe\x39\xf8\xf4\xa7\xde\x33\x29\x5f\x87\xda\x0f\xd7\x89\xf2\xde\x17\xc6\x00\xe4\xf9\xaf\x06\x9f\x2d\xa2\xab\xe9\x09\x68\xd3\x6f\x62\x97\x1d\xbe\xff\x1f\xc5\x0d\x29\x92\x3b\x8f\x20\x4c\x9f\x6e\x7b\x7c\xc5\xf0\xd4\xf3\x6f\xbf\x9b\x67\x92\x14\x3a\x1d\xe2\x69\x45\x99\x5e\xbc\x1e\xcc\x71\x52\x20\x27\x05\x7c\xb1\xd1\x60\x70\x8c\xd1\x6c\x48\x80\xfd\xb6\x85\xb9\x5e\x36\x59\x09\x6b\x37\xae\x7f\x06\xc2\x63\x0b\xc9\xac\x51\x06\x4e\x4c\x8f\x4e\xb7\xec\x91\x09\xe0\xbe\xf9\x1f\x07\x97\x0f\xee\xe9\x62\xf2\x75\x51\xb1\x5e\xb2\xf5\xfd\xc8\x36\x76\x83\xd3\xed\x2e\x6e\x48\xd7\x5e\xaf\x2c\x64\x1e\x98\xc3\x0a\x06\x8b\x3d\x62\x0a\x05\x88\x56\x5c\xac\x86\xc3\x35\xde\x14\x70\xe5\xd9\x55\xc3\xf2\x98\xd8\x4b\x20\x2b\x11\x83\xed\xc0\x32\x16\xaa\xa1\x5c\x9b\xde\xd7\x14\xd4\x31\x63\x23\xf6\xce\xdb\x0c\xcc\x76\x9e\x72\x72\x96\xf7\x62\x85\x65\x59\x76\xa6\xe2\x96\x8c\x63\x65\x23\x8a\x1b\x9b\xbd\x1d\x37\x78\x5a\xec\xee\xfc\xe7\x24\xcb\xf5\x2d\xc0\x61\x13\xe7\x6a\xc1\xbf\xd6\x84\x7a\x2e\xe5\x46\x6b\x7a\x02\xaa\xa2\x2e\xbc\xe2\x46\x8a\xc3\x25\x1f\xfb\x60\x44\x22\x3c\xb8\x3b\x43\x79\x89\xca\x87\x44\xc5\xcb\xa7\x32\xf4\xe0\x95\xd7\xca\xb2\x84\x0d\x4d\x37\x51\x0e\x24\x32\x11\x74\x27\x21\xae\xe0\x6e\x3b\x92\x4c\x9e\x1a\xa3\x29\x3f\x5f\x53\x2b\x46\xc5\x12\x3c\xda\x05\x3f\x2f\x78\x9c\x35\x28\x73\xc4\x84\x4f\xb4\x72\xa1\xf0\xc1\x60\x50\xda\x7d\xfb\xad\xbb\xea\xa6\x4e\x2a\xc1\xfc\x1f\x4f\x43\x48\x35\xa9\x61\xbe\x70\x6d\x55\xe5\xd5\xe7\x99\xaa\x8d\x83\xf7\x23\xde\x84\x1d\x45\xca\x6f\x66\x49\x14\x53\x90\xe4\xd8\xc8\xd3\xa6\x24\x86\x41\xd0\x80\x9e\x53\x76\xb1\x83\x18\xd6\xe0\x22\x8b\xb7\x5a\x2b\xc1\xb9\x63\x16\x78\x15\x9c\x9f\x6b\x82\x52\xc9\x02\x50\x38\x25\x21\xe5\x88\x75\x15\x45\xf4\x77\x14\xc6\xbf\x5c\xb0\xad\x5d\x92\xba\x8d\x97\xae\x35\xc4\x64\x1d\x7a\x15\x03\xd1\xb9\xd3\xe4\x3a\xeb\x4c\x2a\xe1\xa5\x37\xda\x14\x14\x90\x07\xbf\xd0\x5d\x5e\x7f\xc5\xd0\x4f\x0c\x3c\xb3\x26\x2c\x30\xc7\xbe\x88\xfb\xca\xf0\xe1\xa0\xc3\x46\x00\x5d\xa6\x65\xc8\x1a\x85\xd8\x77\xc4\x7c\x71\x4d\xc8\x41\x74\xc5\xdf\xb7\x35\x29\xd5\x19\xf1\x2b\x77\xd0\xc9\x62\x40\xec\xed\x2a\xee\x31\xa2\x17\x49\x23\xa3\x80\x98\x4c\x4c\x84\x7b\x27\xbd\x13\x3f\x77\x3d\x09\xab\x58\x2a\xcf\x5f\x99\x50\xa5\xea\x01\xc5\x90\x64\x29\x60\x78\x83\xe0\x90\xac\xc1\x01\x4e\x67\xc7\xc2\x40\x54\xca\xf9\x2f\x2e\x38\x4e\x88\x3d\xf9\x3d\x91\xb8\x83\x00\x06\x91\xaa\x81\xcf\x91\x49\xd1\x79\xc6\xf0\xd0\xa8\x93\x55\x81\x55\xdd\x6c\x6b\xd1\xba\xd5\x07\x1f\xbd\x38\x8a\xfc\x80\x15\xd8\x5f\xc0\xb2\xe9\xdf\x46\x1e\x68\xda\x52\x79\xa2\xcf\x0f\xb9\x38\x47\x62\x4b\x6d\xac\xd6\xcc\x92\x59\x93\x22\x24\xc6\x89\x6d\x26\xae\x9d\xdf\xc9\xe0\x31\x12\x90\x04\x9d\xd5\xfc\x38\x5f\x15\x62\x1d\x20\x0c\xcf\xf3\x77\x74\xec\xca\x50\xe2\x26\x1f\xed\x40\xfb\xd6\x46\x7f\xbd\xaf\xfb\x5c\x8a\x4e\xc4\x1b\x22\x78\x3d\xa2\xd3\xb6\xe8\xe5\xa1\x17\x60\xc0\x94\xc4\x76\xe1\x6a\x0c\x93\xec\xc3\xf8\xce\x5d\xb5\xca\x26\x80\x85\xdf\xb0\x22\xbf\x22\x30\xc9\x3a\x04\x17\x73\xaf\x17\x98\x0d\x33\x98\x9f\xce\xbe\x46\xc0\x71\x3a\x22\x00\x6a\xef\xa9\x23\xf4\x66\x3d\x41\x5b\xe9\xf8\x5f\x29\x78\x22\xf6\x2c\xc2\xc4\xfe\x8c\x25\x8b\x63\xb5\x27\x86\x77\xd6\x1f\x9e\x20\x4c\xa3\xec\x14\x3e\x45\xff\xca\x81\x3a\xc3\x62\x3b\x8b\x0c\x19\x3c\x71\x1f\x63\x4a\x60\xce\x44\xdd\x34\x2a\x24\x98\x4f\x58\x20\x36\x35\x45\x19\x15\x78\xce\xc9\x42\xd2\x30\x47\x08\x6f\x66\x1e\x06\x0a\x0b\xf7\x05\xe7\x46\xb4\x37\xdd\x9c\x0b\x85\xfe\x3a\x9b\x40\xb9\xf5\x17\x53\x04\x44\xb6\xfd\x5a\x50\x79\x23\x45\xc0\xdc\x16\x25\xb0\xb5\xd8\xb4\x4b\x7b\x71\x92\xfe\x65\x76\x9c\x0b\x19\x02\x8b\x67\x31\xff\xf7\x44\xd7\xf9\x7b\x04\x86\x4a\x9d\x1d\x25\x8c\x5a\x1c\xd4\x26\xb4\x40\xa5\x05\xfd\xaf\x1c\x47\x0b\x46\x6c\x95\x5d\xe1\xd3\xf8\x7a\x73\xc8\xcf\xb5\x71\x64\xa4\x11\x50\xee\xfc\x32\xf5\x27\xf6\x24\xcd\xde\xa3\x14\x2c\xb0\xfc\x4b\x8a\x90\xe4\x91\x1f\xa7\xe9\x15\xdd\x8b\xb0\x33\x01\x9c\xe8\xed\xb7\xc1\xec\xcd\xe7\x70\xf7\x7b\xda\x91\x0c\x50\xcc\xd9\xfc\x12\x41\x0b\xce\xbb\x89\xb0\x0b\x4d\x18\xbb\x99\xbf\xee\x2a\xd9\xb6\x33\x5f\x17\x71\x08\x5b\x0b\x59\x4e\xb2\x56\x46\x46\x63\x01\x4a\xd8\x58\x8e\x25\x32\x2f\x6f\xee\x56\x23\x57\x29\xea\x07\x7a\xd5\x51\x9a\x15\x07\x8e\x15\xa6\x47\x30\x3f\x92\x93\x0f\x19\x44\xb1\xee\x38\x3c\x21\x3a\xd9\xc5\x4b\x81\x3c\x11\x12\xb9\x40\x04\x6d\xcd\xd4\xe4\xb0\xc1\x66\x2a\x41\x16\xb8\x9e\x65\x75\xaf\xae\x66\x6d\xb2\x50\x16\x85\x33\xf3\x51\x1f\x9e\xa2\x3b\xb3\xf0\xf4\xe8\x5c\x95\xd4\x5d\x62\x75\xe0\xd3\x00\xca\x93\x33\xb3\xd1\x0a\x4f\x6f\xc4\xc5\x6c\xd3\x26\x7c\xdd\x5e\x0b\x30\xa9\x2b\x65\x4d\xf9\xc4\x1a\x52\x76\xe3\xcb\x31\x44\x30\xbb\x87\xc7\xbd\x90\x65\x10\x70\xae\x0e\xb8\x3c\xfa\xd8\x7b\x35\xe4\xc7\xbd\x16\x79\x8c\x33\xaf\x4a\x90\x40\x95\x12\x89\x29\xc7\xa4\x70\x49\x20\xee\x87\x0f\x2d\x81\x4e\xec\xd2\x9f\xb5\xb7\x61\x02\xa6\x53\x65\x76\xdf\x88\x5f\x11\x65\xc4\x8b\x1a\x22\x80\xb8\x6d\x05\x60\x6d\xf5\x65\xaa\xa3\xfb\x70\xcc\xc4\x3e\xf9\x6f\xeb\xbd\xaf\x4b\xa8\x82\x31\x52\x28\xf6\xfc\xb5\x4c\xf4\xaf\x08\xd3\x15\x16\xad\xb3\x17\x75\x47\xad\x6a\xab\xcb\x14\x06\xd8\xd1\xcd\x53\x34\xdc\x60\x86\x12\x44\x75\x8c\x79\x7a\x91\x56\x43\x64\xe1\x3b\xe0\x60\x49\x5c\x50\x88\x54\x12\x28\xf8\xa2\x1a\xeb\x0f\xf7\x23\xaf\x8e\xa6\x5c\xc6\x1e\x6a\xe5\x27\x81\x9d\xa7\x1c\x39\x3e\x39\x4a\x77\x16\x2a\x03\x50\x1b\xd0\x58\xc4\x03\xea\x9f\xf4\x0b\x4b\x62\x0a\xd1\xb1\xec\xfb\x9a\xd3\xda\x53\x82\xfa\x6e\x89\xc1\x63\xa6\x1d\xa6\xa5\x04\xfc\x3c\x2a\x89\xaf\xd7\x42\xec\x09\xf2\x39\x78\xc0\x96\x3f\xe9\xb3\x7d\xe1\x61\x67\xae\x93\x67\x8b\xf1\xee\x5c\xe8\xfc\x24\x2b\x17\xe9\xc7\x85\x7d\x80\x57\xdc\x1d\x15\x5b\xb4\x8b\x92\xdd\x49\x2d\x46\x9c\x86\x8a\x6b\x5f\x4b\x08\x41\x13\x32\xb6\x20\x01\x84\xeb\x1a\x10\xbd\x3e\x8b\x21\x10\x30\x0f\xb1\xf6\x4a\x29\xf8\x1c\x72\x29\xac\x20\x2e\x1c\x86\x5b\xa7\xc0\x12\x18\xf2\xe2\xaf\xc9\xe5\x54\xe6\x80\xd6\x59\xaa\x8a\x58\xf2\x09\x76\xa1\x90\x29\x5e\xee\x2e\x34\x8c\x5a\xe3\xd8\x86\xfc\x6b\x98\xe0\x43\x5f\xea\x75\x1a\x23\x9f\xcb\x5b\xdc\xde\x1f\x66\x37\xb5\xc7\x56\xda\x90\x3a\x25\x87\xb9\x21\x20\x81\x9c\xf3\x45\xeb\x5c\x50\xad\xb0\x1e\x1e\x3c\x6b\x2b\x82\x63\xe6\x4b\xec\xf3\xe0\xcc\x91\x1a\x33\xfe\xb4\x93\x6d\x39\xc4\xc7\xa0\x3b\xba\x19\x77\xd2\x51\xe3\xf8\xa8\x91\x58\xb1\x0a\xea\x5a\x4e\x89\xd1\xb6\x2d\xb0\xf1\x51\xc4\xed\x6d\xa1\x76\x50\x45\x1d\x1f\x98\x3f\xb8\xee\x9a\x38\xdb\x3e\xa2\xa7\x50\xaf\x4e\x76\x47\x29\x86\xbc\xfa\xc4\xef\x6d\x4c\x14\xff\x17\xba\x12\x07\x9e\x3f\x35\xfb\x65\x7a\x86\x17\x9c\x2f\xe4\xce\xc3\x2d\x07\x68\x8e\x63\x04\x8d\x48\x86\x44\x5b\x22\x94\x47\x80\x5c\x38\x5b\x53\x9b\x92\x0a\xe2\x9b\x3a\xbb\x48\x7f\xbe\x24\x98\x89\xc2\x0b\x0b\x06\x94\x97\x1d\x81\xbe\xaf\x49\x17\x46\xf0\x76\xfa\x7c\xb1\xff\xce\x13\x93\x26\x9e\x0c\x5d\xa8\xef\xc3\xa5\xd6\x8f\x37\x65\x82\xbd\xc1\x63\x30\xab\xcd\x44\x52\x26\xec\xf7\x24\x6f\x52\xc0\xff\xc1\x7e\xa5\xb5\x63\x27\xe8\xad\x17\x6b\xf9\xd8\x5f\x8a\x24\x79\xc3\xa5\x61\x0f\xd8\x7a\x45\x63\x4e\xcb\xe2\xd6\x98\x25\x7a\x28\x43\xe2\x4b\x39\x7e\x8b\x22\x86\x3c\x29\x72\x9b\x78\xce\xb3\xf3\xa1\x5f\x80\x60\xb5\xe5\x07\x9b\x41\x0b\xa8\xad\xe4\x39\x34\x75\x16\xae\x26\x0d\x23\x4f\x22\xbe\x7d\x85\xe6\x3f\xa0\xaa\xd3\x96\x72\x5d\x1b\x5a\x18\x28\x29\xb2\x1a\x66\x27\x3d\x52\xce\x87\xfc\x6b\x17\x76\x70\x75\xb3\x97\x51\x15\xb2\x09\xba\x0e\xe2\x15\xbb\x26\x97\x66\x56\xf2\x1b\x1c\x1d\x25\xb6\x5a\xd8\x30\xf1", 4096); syscall(SYS_mutate6, /*fd=*/r[0], /*data=*/0x200001c0ul, /*size=*/0x1000ul); break; case 6: memcpy((void*)0x200011c0, "./file0\000", 8); syscall(SYS_mutate_flags, /*filename=*/0x200011c0ul, /*i1=*/0x8001ul, /*b1=*/0, /*flags=*/0x10ul); break; case 7: memcpy((void*)0x20001200, ".\000", 2); syscall(SYS_mutate9, /*filename=*/0x20001200ul); break; case 8: *(uint8_t*)0x20001240 = 9; syscall(SYS_test, /*a0=*/0x20001240ul, /*a1=*/0x2a, 0, 0, 0, 0); break; case 9: memcpy((void*)0x20001280, "\x47\xc5\x24\xbd\xd3\xb2\x46\x0d\xcd\x33\xce\xba\xf3\xfc\xb6\xf6\x12\x39\xba\x80\xe3\x20\xba\x47\xf2\x29\xc2\x25\xbb\x6c\xf1\x98\x09\xb0\x4a\x84\x4b\x3e\xad\xf6\xf2\x92\x5e\x6a\xd6\x26\x1a\xea\xb7\xf4\xa7\x33\x8c\xa3\x3b\xb4\x57\xc0\xf8\xf9\xc0\x2e\x71\xf3\xc7\x15\x4d\x09\xc4\xd2\xfe\x33\x1b\xa9\x58\xc0\xb3\xc1\x74\x91\xd1\x29\x0b\x3f\xd6\x3f\xbb\xd1\xb9\x6d\x30\xea\x70\xcc\x92\xfb\x21\xab\x7c\x49\xae\x98\xc1\x92\xbf\x55\x61\x60\x6e\xad\xaa\xe3\x8b\xdc\x6b\x86\xe1\x72\x39\xc9\x9b\xca\x69\xa2\x4c\x4a\xf0\x0e\xee\x81\xec\xff\xa6\xc4\x39\x28\x57", 137); syscall(SYS_mutate6, /*fd=*/-1, /*data=*/0x20001280ul, /*size=*/0x89ul); break; case 10: memcpy((void*)0x20000000, "{^--\000", 5); sprintf((char*)0x20000040, "%020llu", (long long)0x1f); syz_compare(/*want=*/0x20000000, /*want_len=*/5, /*got=*/0x20000040, /*got_len=*/0x14); break; case 11: syz_compare_int(/*n=*/2, /*v0=*/4, /*v1=*/0x729, 0, 0); break; case 12: syz_errno(/*v=*/5); break; case 13: memcpy((void*)0x20000080, "\xca\x57\xf3\xc4\x8f\xe4\x76\x01\xd9\x3b\x41\xa5\xfc\x16\xf0\x22\xa6\xb4\x07\xd2\xc5\xc2\x01\xc8\x68\xbd\x0e\xf2\xa6\xdb\x68\xa9\x3c\x16\xa1\x16\x0a\x6f\xed\x52\x5e\xb4\xfc\x61\x85\xa1\xcf\xf2\x53\x90", 50); syz_execute_func(/*text=*/0x20000080); break; case 14: syz_exit(/*status=*/2); break; case 15: syz_mmap(/*addr=*/0x20ffc000, /*len=*/0x3000); break; case 16: syz_sleep_ms(/*ms=*/4); break; case 17: syz_test_fuzzer1(/*a=*/7, /*b=*/5, /*c=*/4); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); for (procid = 0; procid < 4; procid++) { if (fork() == 0) { use_temporary_dir(); do_sandbox_none(); } } sleep(1000000); return 0; } :319:3: error: call to undeclared function 'syscall'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x2a, 0, 0, 0, 0); ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor1937886364 -DGOOS_test=1 -DGOARCH_64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fno-exceptions] --- FAIL: TestGenerate/test/64/2 (1.19s) csource_test.go:150: opts: {Threaded:true Repeat:false RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: test$length28(&(0x7f0000000000)=@f1=0x2, 0x2a) (fail_nth: 1) test$r102_consumer_recur(&(0x7f0000000080)={&(0x7f0000000040)}) (async) test$output_res(&(0x7f00000000c0)) (rerun: 4) syz_compare(&(0x7f0000000100)='\xe2.+##\x00', 0x6, &(0x7f0000000140)=@bf8={0x7, {0x55, 0x5, 0x6}}, 0x8) r0 = mutate5(&(0x7f0000000180)='./file0\x00', 0xcdcdcdcd) mutate6(r0, &(0x7f00000001c0)="f6bd0e7f514ee57f35cc826099ddd7104ee9e1b2a58e9d4ea62c580c616ce50b9f54c84fa45c5f6c319dc42e82257ee64714e1b48656e7dc8e6ae9d8e2ec412a9e7bc176366251361d1f94f2fd07d1ed7e47f515bd8eae23f0daf969365bcc9c3a59ee99e8d766525ed676b39597a47e83c69c50f56dab45ab282b5bc202819b341fd68dfcf5936597bf2a902a3d4e4d0bfae375d0a668771eac256e1a689809c4de2088029d7130f4e5484b6f3b9b352fc98ce0fd9823daf74e12070f8bab901fb3122d1270993d9162668072867889c92228aa50ee00bdfa1a0ea01500d0a915ced48862a6b8f2855be4165ac9ee685471da4832c4d19ae29f8b4c38ecec4a232901885685de65846ed03358db05317ae3757bb4da46085d8773d0deb444a1566bcbe52654e0df704c9ce6a2783df78c3f6b16fc51cf3f94894c099d8b0575b3879d83911472beab1d2f6ccfc0640419bf2223dfc31fb1fa13571c60c5ab4189e0dcca05e5ee29faab57f5dd3d91a26e5f5f4f41cb89568f8a593d3e343c7f571a2fc2e3705902159c40655fb8479a88064740f22688fc5ff81e6276c4b7967baf9c50b1e049a10f37bc4226f670bbbe6d5f4533f0610c130243c6159deab6fd37364ab5dc135988eb3e604049674feca94a5e766179d1aba0de25d64ebf8263b7f8e3eb971b13d2561391777862cde0a879911b57eef2db92d7e44c3ac045c4b02d40f117f51132772d87c930122e30be249e84d14cb125c536678484be1dc8c984595ee2d79035e2a34769b70c8c1036fdc17f53e018c560aae68495cff2a47d066a850fac3590c04925ef084c152751f22abe115f19a00807bf8362425ac1273f7371c542557d7d73f1fa38d6f92b6a938258a234955552b7b962c24830f737af04aca037bbf353b9db62bc1a849339ceb619cb4de76cff742352a1e3e5154a7c7ea3435ca61bf4ea1c6a48b235dd70c459de5f033a7c09a0f29ef392ab14ac06471c9943c0e38ab5d85eb91b6d7c99882cb76021bf81b3460063c1e49c6ec237465409c71090d5300862249cca7c472dc98a530f3abff8c42dfa0f8227ac01317b2e8d88e3d823dd4620e76ff00e51912ad914f2ec60447e3c1275c132e142ec370f1e0fde138c46a9eefc0d8840f073d4485e9fd1aa4383b9473a60215be4be5f6737466573aa7705af72fe23637fc5382f57a98fd51b0d8112dc536f3e28da49b09d77e387713b5f9a8994bc3d36a2f44db8cd9fdcf04e51a53fd92c64f650b9d63981a5e1f2395a319fbad46f634dac567be0cc44405d57676832ce0b31bc60ca8b8af9049b6c44e4b6a5fca4376d5b42c3f457b973114be216893b16b93bca3fcd88fde5d4ff7e302f96010a74fc4813a6efd24b3cc7f30d9b387388ac5c6c9d1163365cc219a6b9aa5c6da2b603296cdc052608af38a6cd19ba177a1898dea9d4f51f717c3aeb236acb40940b47646c90999be61beaf2e30a9e6c28459b4606ed6d7ad89ea5bf867ac4addb2ba1629989efba7ef1b11cf8ae7f703f38d45e6c63717228bdd4fa31aa0841cad476d9b7562a21f74a8fc33f70b7c3d490bfb74f2469db0702a3d7b2240a832e63c75f1afd4e9ca9bed8c0e359a65c85c19000d6254803828038b809b2cce96262b7cf0db65147068cd8bdef00925f5275cdd3bb03b1718c8e664c5fb47d591ffe5b7a712aa52b010c5befa726106724e4abdf21841972d42c640b83b80fb4a5a93c946c7363de509d8d6241785f8d38b979a8e94a62e32604182ab0281fccac56627538eaf8cf36d0e56b479c8f72b71e35a76cc982201bf3cba3ee7f4f98883f72763dac0e7228126fd8deb615dfed9a5363feaf517d259bf449acff771b06b07253a628acee2e1e9f08806a1632701372f56c61997f90aefa14419478fcb86c015fb27b9e316aedebce0ab4d1b442fb50a4673f3a0245d491afabae61c61465ba98cb4211c920863fb64c7356ecc51b9bd67d29db6229f068c7bcf1e2e74df896d85f75f7f346053980f269d427ce21c21f07531bc5f17d918830ee23f5de18aefd2a6493868d9a0f7828b224bb82f9470c18e80e2c9c3d6bf6783ce24d9dc6d8f997ef23f663227e0a4b5de474aaf66212cdee1944d089f8be01fb4dcff08665cf24c916a724835b7f92e2f62bfe68b72d01c2e3fd6ba215c921ed9934aa247a776a61203b942c3eaeb978ba6552c409b144c6aaf44628909f0874b71f54e9e2660aee829cb9ed8f01e4e57200c7621c0f64095f08b147c458b2ddd8b9e9733cdfd27187a22fc955c72efcacf314504baa33a89a0fada5d80f39d5f466c08a60bd3501db201d30c775b9491b890bafabc18539bce967c645c63110213217677d345f6ce45954db0c60763b61211f2257023cd1e820b11a006b2afbaa9efb44fa7975317513108041d0f8e7b1f7869ecffe2193409a893071c19c3335531e4a5962096685b7eb75fd4f501f98680f2ec7ae1ee0f2a6769cdb87bc174747d662c670c81f351fd0a847e7bf935aa045be5920d2d53ba3358ad0ba340f3c152959e32857a6eee509c691bdf03254bd1855039bfb83d4f568f838c266c82d600e8e587525a7a5fb92d48ad1176702f0d9cd92ccb16cd1a9a0d1173f2904b11e572ad855f95cd995d997b20cf5424f8fd71e1aa9a85492a396fb6c43467d94353287c68957411bc3211c7db7c64eb5e20014ed5e6d867e01bc127973743165213a7e0252e93227ea0707cec631484391458a5cea95f9ec75084eef4df5ef371a8e21810a7dda02530d9de90b1ffcb0ed9a4ce962b9b033bbe8a130ec7f5aaec55d41369b40335c6121c9e7be35f31ffb6eb920d68be4c9afa7533dba403206e661a507272416d338acb01ccdf1903f16689981cdc3e4e4279d623077d6e28939b9f3bc8485655bc83e4402f96d58cabe0f7166fb1165d38a2275bd0af9d280f284f14f9b8a1f7a3818e70383204b3dd85771a026643eec76848a938ccd6537f3773f9db696c813f52dfb51a922202faf870e57d918dd594437ef61d4fa8e76f9b35196850bc89026cfd5a925bc01e3e6f93b380b50023661ebb2bb852c7d6e0acce37af84cef2238ee4b135e58e6312c84568d675c493ad932cc6081a309012d0582692e5b1d9c1b3e5d151d4aa2e24c6adaccb4b318eab0f8e6ac23e114627077fb091f6394d051ebaf16e9369be3b9750802bcd4fc1cc427678f18cf56253762ecee8042703e1d8ab4b4b3f6a2542508b9a744f80c368552ac1c47c99b2f3b5b6312f7fe39f8f4a7de33295f87da0fd789f2de17c600e4f9af069f2da2abe90968d36f62971dbeff1fc50d29923b8f204c9f6e7b7cc5f0d4f36fbf9b6792143a1de26945995ebc1ecc71522027057cb1d160708cd16c4880fdb685b95e3659096b37ae7f06c2630bc9ac51064e4c8f4eb7ec9109e0bef91f07970feee962f27551b15eb2f5fdc8367683d3ed2e6e48d75eaf2c641e98c30a068b3d620a0588565cac86c335de1470e5d955c3f298d84b202b1183edc03216aaa15c9bded714d4316323f6cedb0ccc769e727296f76285655976a6e2968c6365238a1b9bbd1d37785aeceefce724cbf52dc06113e76ac1bfd6847a2ee5466b7a02aaa22ebce2468ac3251ffb6044223cb83b437989ca8744c5cba732f4e095d7cab2840d4d37510e243211742721aee06e3b924c9e1aa3293f5f532b46c5123cda053f2f789c352873c4844fb472a1f0c16050da7dfbadbbeaa64e2ac1fc1f4f434835a961be706d55e5d5e799aa8d83f723de841d45ca6f6649145390e4d8c8d3a6248641d0809e5376b18318d6e0228bb75a2bc1b9631678159c9f6b8252c90250382521e588751545f47714c6bf5cb0ad5d92ba8d97ae35c4641d7a1503d1b9d3e43aeb4c2ae1a537da14149007bfd05d5e7fc5d04f0c3cb3262c30c7be88fbcaf0e1a0c346005da665c81a85d877c47c714dc84174c5dfb73529d519f12b77d0c96240eced2aee31a2174923a380984c4c847b27bd133f773d09ab582acf5f9950a5ea01c5906429607883e090acc1014e67c7c24054caf92f2e384e883df93d91b883000691aa81cf9149d179c6f0d0a893558155dd6c6bd1bad5071fbd388afc8015d85fc0b2e9df461e68da5279a2cf0fb93847624b6dacd6cc9259932224c6896d26ae9ddfc9e0311290049dd5fc385f15621d200ccff37774ecca50e2261fed40fbd6467fbdaffb5c8a4ec41b22783da2d3b6e8e5a11760c094c476e16a0c93ecc3f8ce5db5ca268085dfb022bf2230c93a041773af17980d33989fcebe46c0713a22006aefa923f4663d415be9f85f297822f62cc2c4fe8c258b63b5278677d61f9e204ca3ec143e45ffca813ac3623b8b0c193c711f634a60ce44dd342a24984f5820363545191578cec942d23047086f661e060a0bf705e746b437dd9c0b85fe3a9b40b9f517530444b6fd5a50792345c0dc1625b0b5d8b44b7b7192fe65769c0b19028b6731fff744d7f97b04864a9d1d258c5a1cd426b440a505fdaf1c470b466c955de1d3f87a73c8cfb57164a41150eefc32f527f624cddea3142cb0fc4b8a90e4911fa7e915dd8bb033019ce8edb7c1eccde770f77bda910c50ccd9fc12410bcebb89b00b4d18bb99bfee2ad9b6335f1771085b0b594eb256464663014ad8588e25322f6fee56235729ea077ad5519a15078e15a647303f92930f1944b1ee383c213ad9c54b813c1112b940046dcdd4e4b0c1662a4116b89e6575afae666db250168533f3511f9ea23bb3f0f4e85c95d45d6275e0d300ca9333b3d10a4f6fc4c56cd3267cdd5e0b30a92b654df9c41a5276e3cb314430bb87c7bd90651070ae0eb83cfad87b35e4c7bd16798c33af4a904095128929c7a4704920ee870f2d814eecd29fb5b76102a6536576df885f1165c48b1a2280b86d05606df565aaa3fb70ccc43ef96febbdaf4ba882315228f6fcb54cf4af08d31516adb3177547ad6aabcb1406d8d1cd5334dc60861244758c797a91564364e13be060495c5088541228f8a21aeb0ff723af8ea65cc61e6ae527819da71c393e394a77162a03501bd058c403ea9ff40b4b620ad1b1ecfb9ad3da5382fa6e89c163a61da6a504fc3c2a89afd742ec09f23978c0963fe9b37de16167ae93678bf1ee5ce8fc242b17e9c7857d8057dc1d155bb48b92dd492d469c868a6b5f4b08411332b6200184eb1a10bd3e8b2110300fb1f64a29f81c7229ac202e1c865ba7c01218f2e2afc9e554e680d659aa8a58f20976a190295eee2e348c5ae3d886fc6b98e0435fea751a239fcb5bdcde1f6637b5c756da903a2587b92120819cf345eb5c50adb01e1e3c6b2b8263e64becf3e0cc911a33feb4936d39c4c7a03bba1977d251e3f8a89158b10aea5a4e89d1b62db0f151c4ed6da17650451d1f983fb8ee9a38db3ea2a750af4e76472986bcfac4ef6d4c14ff17ba12079e3f35fb657a86179c2fe4cec32d07688e63048d4886445b229447805c385b539b920ae29b3abb487fbe249889c20b0b0694971d81beaf491746f076fa7cb1ffce1393269e0c5da8efc3a5d68f376582bdc16330abcd445226ecf7246f52c0ffc17ea5b56327e8ad176bf9d85f8a2479c3a5610fd87a45634ecbe2d698257a2843e24b397e8b22863c29729b78ceb3f3a15f8060b5e5079b410ba8ade439347516ae260d234f22be7d85e63fa0aad396725d1b5a182829b21a66273d52ce87fc6b17767075b3975115b209ba0ee215bb26976656f21b1c1d25b65ad830f1", 0x1000) mutate_flags(&(0x7f00000011c0)='./file0\x00', 0x8001, 0x0, 0x10) mutate9(&(0x7f0000001200)='.\x00') test$length28(&(0x7f0000001240)=@f1=0x9, 0x2a) mutate6(0xffffffffffffffff, &(0x7f0000001280)="47c524bdd3b2460dcd33cebaf3fcb6f61239ba80e320ba47f229c225bb6cf19809b04a844b3eadf6f2925e6ad6261aeab7f4a7338ca33bb457c0f8f9c02e71f3c7154d09c4d2fe331ba958c0b3c17491d1290b3fd63fbbd1b96d30ea70cc92fb21ab7c49ae98c192bf5561606eadaae38bdc6b86e17239c99bca69a24c4af00eee81ecffa6c4392857", 0x89) syz_compare(&(0x7f0000000000)='{^--\x00', 0x5, &(0x7f0000000040)=@fmt1=0x1f, 0x14) syz_compare_int$2(0x2, 0x4, 0x729) syz_errno(0x5) syz_execute_func(&(0x7f0000000080)="ca57f3c48fe47601d93b41a5fc16f022a6b407d2c5c201c868bd0ef2a6db68a93c16a1160a6fed525eb4fc6185a1cff25390") syz_exit(0x2) syz_mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000) syz_sleep_ms(0x4) syz_test_fuzzer1(0x7, 0x5, 0x4) csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #ifndef SYS_mutate5 #define SYS_mutate5 0 #endif #ifndef SYS_mutate6 #define SYS_mutate6 0 #endif #ifndef SYS_mutate9 #define SYS_mutate9 0 #endif #ifndef SYS_mutate_flags #define SYS_mutate_flags 0 #endif #ifndef SYS_test #define SYS_test 0 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static void fake_crash(const char* name) { exit(1); exit(1); } static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) { if (a == 1 && b == 1 && c == 1) fake_crash("first bug"); if (a == 1 && b == 2 && c == 3) fake_crash("second bug"); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void loop(void) { int i, call, thread; for (call = 0; call < 18; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } uint64_t r[1] = {0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint8_t*)0x20000000 = 2; inject_fault(1); syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x2a, 0, 0, 0, 0); break; case 1: *(uint64_t*)0x20000080 = 0x20000040; *(uint32_t*)0x20000040 = 0; syscall(SYS_test, /*a=*/0x20000080ul, 0, 0, 0, 0, 0); break; case 2: syscall(SYS_test, /*arg=*/0x200000c0ul, 0, 0, 0, 0, 0); { int i; for(i = 0; i < 4; i++) { syscall(SYS_test, /*arg=*/0x200000c0ul, 0, 0, 0, 0, 0); } } break; case 3: memcpy((void*)0x20000100, "\342.+##\000", 6); *(uint8_t*)0x20000140 = 7; *(uint8_t*)0x20000144 = 0x55; STORE_BY_BITMASK(uint32_t, , 0x20000144, 5, 8, 4); STORE_BY_BITMASK(uint16_t, , 0x20000144, 6, 12, 4); syz_compare(/*want=*/0x20000100, /*want_len=*/6, /*got=*/0x20000140, /*got_len=*/8); break; case 4: memcpy((void*)0x20000180, "./file0\000", 8); res = syscall(SYS_mutate5, /*filename=*/0x20000180ul, /*flags=*/0xcdcdcdcdul); if (res != -1) r[0] = res; break; case 5: memcpy((void*)0x200001c0, "\xf6\xbd\x0e\x7f\x51\x4e\xe5\x7f\x35\xcc\x82\x60\x99\xdd\xd7\x10\x4e\xe9\xe1\xb2\xa5\x8e\x9d\x4e\xa6\x2c\x58\x0c\x61\x6c\xe5\x0b\x9f\x54\xc8\x4f\xa4\x5c\x5f\x6c\x31\x9d\xc4\x2e\x82\x25\x7e\xe6\x47\x14\xe1\xb4\x86\x56\xe7\xdc\x8e\x6a\xe9\xd8\xe2\xec\x41\x2a\x9e\x7b\xc1\x76\x36\x62\x51\x36\x1d\x1f\x94\xf2\xfd\x07\xd1\xed\x7e\x47\xf5\x15\xbd\x8e\xae\x23\xf0\xda\xf9\x69\x36\x5b\xcc\x9c\x3a\x59\xee\x99\xe8\xd7\x66\x52\x5e\xd6\x76\xb3\x95\x97\xa4\x7e\x83\xc6\x9c\x50\xf5\x6d\xab\x45\xab\x28\x2b\x5b\xc2\x02\x81\x9b\x34\x1f\xd6\x8d\xfc\xf5\x93\x65\x97\xbf\x2a\x90\x2a\x3d\x4e\x4d\x0b\xfa\xe3\x75\xd0\xa6\x68\x77\x1e\xac\x25\x6e\x1a\x68\x98\x09\xc4\xde\x20\x88\x02\x9d\x71\x30\xf4\xe5\x48\x4b\x6f\x3b\x9b\x35\x2f\xc9\x8c\xe0\xfd\x98\x23\xda\xf7\x4e\x12\x07\x0f\x8b\xab\x90\x1f\xb3\x12\x2d\x12\x70\x99\x3d\x91\x62\x66\x80\x72\x86\x78\x89\xc9\x22\x28\xaa\x50\xee\x00\xbd\xfa\x1a\x0e\xa0\x15\x00\xd0\xa9\x15\xce\xd4\x88\x62\xa6\xb8\xf2\x85\x5b\xe4\x16\x5a\xc9\xee\x68\x54\x71\xda\x48\x32\xc4\xd1\x9a\xe2\x9f\x8b\x4c\x38\xec\xec\x4a\x23\x29\x01\x88\x56\x85\xde\x65\x84\x6e\xd0\x33\x58\xdb\x05\x31\x7a\xe3\x75\x7b\xb4\xda\x46\x08\x5d\x87\x73\xd0\xde\xb4\x44\xa1\x56\x6b\xcb\xe5\x26\x54\xe0\xdf\x70\x4c\x9c\xe6\xa2\x78\x3d\xf7\x8c\x3f\x6b\x16\xfc\x51\xcf\x3f\x94\x89\x4c\x09\x9d\x8b\x05\x75\xb3\x87\x9d\x83\x91\x14\x72\xbe\xab\x1d\x2f\x6c\xcf\xc0\x64\x04\x19\xbf\x22\x23\xdf\xc3\x1f\xb1\xfa\x13\x57\x1c\x60\xc5\xab\x41\x89\xe0\xdc\xca\x05\xe5\xee\x29\xfa\xab\x57\xf5\xdd\x3d\x91\xa2\x6e\x5f\x5f\x4f\x41\xcb\x89\x56\x8f\x8a\x59\x3d\x3e\x34\x3c\x7f\x57\x1a\x2f\xc2\xe3\x70\x59\x02\x15\x9c\x40\x65\x5f\xb8\x47\x9a\x88\x06\x47\x40\xf2\x26\x88\xfc\x5f\xf8\x1e\x62\x76\xc4\xb7\x96\x7b\xaf\x9c\x50\xb1\xe0\x49\xa1\x0f\x37\xbc\x42\x26\xf6\x70\xbb\xbe\x6d\x5f\x45\x33\xf0\x61\x0c\x13\x02\x43\xc6\x15\x9d\xea\xb6\xfd\x37\x36\x4a\xb5\xdc\x13\x59\x88\xeb\x3e\x60\x40\x49\x67\x4f\xec\xa9\x4a\x5e\x76\x61\x79\xd1\xab\xa0\xde\x25\xd6\x4e\xbf\x82\x63\xb7\xf8\xe3\xeb\x97\x1b\x13\xd2\x56\x13\x91\x77\x78\x62\xcd\xe0\xa8\x79\x91\x1b\x57\xee\xf2\xdb\x92\xd7\xe4\x4c\x3a\xc0\x45\xc4\xb0\x2d\x40\xf1\x17\xf5\x11\x32\x77\x2d\x87\xc9\x30\x12\x2e\x30\xbe\x24\x9e\x84\xd1\x4c\xb1\x25\xc5\x36\x67\x84\x84\xbe\x1d\xc8\xc9\x84\x59\x5e\xe2\xd7\x90\x35\xe2\xa3\x47\x69\xb7\x0c\x8c\x10\x36\xfd\xc1\x7f\x53\xe0\x18\xc5\x60\xaa\xe6\x84\x95\xcf\xf2\xa4\x7d\x06\x6a\x85\x0f\xac\x35\x90\xc0\x49\x25\xef\x08\x4c\x15\x27\x51\xf2\x2a\xbe\x11\x5f\x19\xa0\x08\x07\xbf\x83\x62\x42\x5a\xc1\x27\x3f\x73\x71\xc5\x42\x55\x7d\x7d\x73\xf1\xfa\x38\xd6\xf9\x2b\x6a\x93\x82\x58\xa2\x34\x95\x55\x52\xb7\xb9\x62\xc2\x48\x30\xf7\x37\xaf\x04\xac\xa0\x37\xbb\xf3\x53\xb9\xdb\x62\xbc\x1a\x84\x93\x39\xce\xb6\x19\xcb\x4d\xe7\x6c\xff\x74\x23\x52\xa1\xe3\xe5\x15\x4a\x7c\x7e\xa3\x43\x5c\xa6\x1b\xf4\xea\x1c\x6a\x48\xb2\x35\xdd\x70\xc4\x59\xde\x5f\x03\x3a\x7c\x09\xa0\xf2\x9e\xf3\x92\xab\x14\xac\x06\x47\x1c\x99\x43\xc0\xe3\x8a\xb5\xd8\x5e\xb9\x1b\x6d\x7c\x99\x88\x2c\xb7\x60\x21\xbf\x81\xb3\x46\x00\x63\xc1\xe4\x9c\x6e\xc2\x37\x46\x54\x09\xc7\x10\x90\xd5\x30\x08\x62\x24\x9c\xca\x7c\x47\x2d\xc9\x8a\x53\x0f\x3a\xbf\xf8\xc4\x2d\xfa\x0f\x82\x27\xac\x01\x31\x7b\x2e\x8d\x88\xe3\xd8\x23\xdd\x46\x20\xe7\x6f\xf0\x0e\x51\x91\x2a\xd9\x14\xf2\xec\x60\x44\x7e\x3c\x12\x75\xc1\x32\xe1\x42\xec\x37\x0f\x1e\x0f\xde\x13\x8c\x46\xa9\xee\xfc\x0d\x88\x40\xf0\x73\xd4\x48\x5e\x9f\xd1\xaa\x43\x83\xb9\x47\x3a\x60\x21\x5b\xe4\xbe\x5f\x67\x37\x46\x65\x73\xaa\x77\x05\xaf\x72\xfe\x23\x63\x7f\xc5\x38\x2f\x57\xa9\x8f\xd5\x1b\x0d\x81\x12\xdc\x53\x6f\x3e\x28\xda\x49\xb0\x9d\x77\xe3\x87\x71\x3b\x5f\x9a\x89\x94\xbc\x3d\x36\xa2\xf4\x4d\xb8\xcd\x9f\xdc\xf0\x4e\x51\xa5\x3f\xd9\x2c\x64\xf6\x50\xb9\xd6\x39\x81\xa5\xe1\xf2\x39\x5a\x31\x9f\xba\xd4\x6f\x63\x4d\xac\x56\x7b\xe0\xcc\x44\x40\x5d\x57\x67\x68\x32\xce\x0b\x31\xbc\x60\xca\x8b\x8a\xf9\x04\x9b\x6c\x44\xe4\xb6\xa5\xfc\xa4\x37\x6d\x5b\x42\xc3\xf4\x57\xb9\x73\x11\x4b\xe2\x16\x89\x3b\x16\xb9\x3b\xca\x3f\xcd\x88\xfd\xe5\xd4\xff\x7e\x30\x2f\x96\x01\x0a\x74\xfc\x48\x13\xa6\xef\xd2\x4b\x3c\xc7\xf3\x0d\x9b\x38\x73\x88\xac\x5c\x6c\x9d\x11\x63\x36\x5c\xc2\x19\xa6\xb9\xaa\x5c\x6d\xa2\xb6\x03\x29\x6c\xdc\x05\x26\x08\xaf\x38\xa6\xcd\x19\xba\x17\x7a\x18\x98\xde\xa9\xd4\xf5\x1f\x71\x7c\x3a\xeb\x23\x6a\xcb\x40\x94\x0b\x47\x64\x6c\x90\x99\x9b\xe6\x1b\xea\xf2\xe3\x0a\x9e\x6c\x28\x45\x9b\x46\x06\xed\x6d\x7a\xd8\x9e\xa5\xbf\x86\x7a\xc4\xad\xdb\x2b\xa1\x62\x99\x89\xef\xba\x7e\xf1\xb1\x1c\xf8\xae\x7f\x70\x3f\x38\xd4\x5e\x6c\x63\x71\x72\x28\xbd\xd4\xfa\x31\xaa\x08\x41\xca\xd4\x76\xd9\xb7\x56\x2a\x21\xf7\x4a\x8f\xc3\x3f\x70\xb7\xc3\xd4\x90\xbf\xb7\x4f\x24\x69\xdb\x07\x02\xa3\xd7\xb2\x24\x0a\x83\x2e\x63\xc7\x5f\x1a\xfd\x4e\x9c\xa9\xbe\xd8\xc0\xe3\x59\xa6\x5c\x85\xc1\x90\x00\xd6\x25\x48\x03\x82\x80\x38\xb8\x09\xb2\xcc\xe9\x62\x62\xb7\xcf\x0d\xb6\x51\x47\x06\x8c\xd8\xbd\xef\x00\x92\x5f\x52\x75\xcd\xd3\xbb\x03\xb1\x71\x8c\x8e\x66\x4c\x5f\xb4\x7d\x59\x1f\xfe\x5b\x7a\x71\x2a\xa5\x2b\x01\x0c\x5b\xef\xa7\x26\x10\x67\x24\xe4\xab\xdf\x21\x84\x19\x72\xd4\x2c\x64\x0b\x83\xb8\x0f\xb4\xa5\xa9\x3c\x94\x6c\x73\x63\xde\x50\x9d\x8d\x62\x41\x78\x5f\x8d\x38\xb9\x79\xa8\xe9\x4a\x62\xe3\x26\x04\x18\x2a\xb0\x28\x1f\xcc\xac\x56\x62\x75\x38\xea\xf8\xcf\x36\xd0\xe5\x6b\x47\x9c\x8f\x72\xb7\x1e\x35\xa7\x6c\xc9\x82\x20\x1b\xf3\xcb\xa3\xee\x7f\x4f\x98\x88\x3f\x72\x76\x3d\xac\x0e\x72\x28\x12\x6f\xd8\xde\xb6\x15\xdf\xed\x9a\x53\x63\xfe\xaf\x51\x7d\x25\x9b\xf4\x49\xac\xff\x77\x1b\x06\xb0\x72\x53\xa6\x28\xac\xee\x2e\x1e\x9f\x08\x80\x6a\x16\x32\x70\x13\x72\xf5\x6c\x61\x99\x7f\x90\xae\xfa\x14\x41\x94\x78\xfc\xb8\x6c\x01\x5f\xb2\x7b\x9e\x31\x6a\xed\xeb\xce\x0a\xb4\xd1\xb4\x42\xfb\x50\xa4\x67\x3f\x3a\x02\x45\xd4\x91\xaf\xab\xae\x61\xc6\x14\x65\xba\x98\xcb\x42\x11\xc9\x20\x86\x3f\xb6\x4c\x73\x56\xec\xc5\x1b\x9b\xd6\x7d\x29\xdb\x62\x29\xf0\x68\xc7\xbc\xf1\xe2\xe7\x4d\xf8\x96\xd8\x5f\x75\xf7\xf3\x46\x05\x39\x80\xf2\x69\xd4\x27\xce\x21\xc2\x1f\x07\x53\x1b\xc5\xf1\x7d\x91\x88\x30\xee\x23\xf5\xde\x18\xae\xfd\x2a\x64\x93\x86\x8d\x9a\x0f\x78\x28\xb2\x24\xbb\x82\xf9\x47\x0c\x18\xe8\x0e\x2c\x9c\x3d\x6b\xf6\x78\x3c\xe2\x4d\x9d\xc6\xd8\xf9\x97\xef\x23\xf6\x63\x22\x7e\x0a\x4b\x5d\xe4\x74\xaa\xf6\x62\x12\xcd\xee\x19\x44\xd0\x89\xf8\xbe\x01\xfb\x4d\xcf\xf0\x86\x65\xcf\x24\xc9\x16\xa7\x24\x83\x5b\x7f\x92\xe2\xf6\x2b\xfe\x68\xb7\x2d\x01\xc2\xe3\xfd\x6b\xa2\x15\xc9\x21\xed\x99\x34\xaa\x24\x7a\x77\x6a\x61\x20\x3b\x94\x2c\x3e\xae\xb9\x78\xba\x65\x52\xc4\x09\xb1\x44\xc6\xaa\xf4\x46\x28\x90\x9f\x08\x74\xb7\x1f\x54\xe9\xe2\x66\x0a\xee\x82\x9c\xb9\xed\x8f\x01\xe4\xe5\x72\x00\xc7\x62\x1c\x0f\x64\x09\x5f\x08\xb1\x47\xc4\x58\xb2\xdd\xd8\xb9\xe9\x73\x3c\xdf\xd2\x71\x87\xa2\x2f\xc9\x55\xc7\x2e\xfc\xac\xf3\x14\x50\x4b\xaa\x33\xa8\x9a\x0f\xad\xa5\xd8\x0f\x39\xd5\xf4\x66\xc0\x8a\x60\xbd\x35\x01\xdb\x20\x1d\x30\xc7\x75\xb9\x49\x1b\x89\x0b\xaf\xab\xc1\x85\x39\xbc\xe9\x67\xc6\x45\xc6\x31\x10\x21\x32\x17\x67\x7d\x34\x5f\x6c\xe4\x59\x54\xdb\x0c\x60\x76\x3b\x61\x21\x1f\x22\x57\x02\x3c\xd1\xe8\x20\xb1\x1a\x00\x6b\x2a\xfb\xaa\x9e\xfb\x44\xfa\x79\x75\x31\x75\x13\x10\x80\x41\xd0\xf8\xe7\xb1\xf7\x86\x9e\xcf\xfe\x21\x93\x40\x9a\x89\x30\x71\xc1\x9c\x33\x35\x53\x1e\x4a\x59\x62\x09\x66\x85\xb7\xeb\x75\xfd\x4f\x50\x1f\x98\x68\x0f\x2e\xc7\xae\x1e\xe0\xf2\xa6\x76\x9c\xdb\x87\xbc\x17\x47\x47\xd6\x62\xc6\x70\xc8\x1f\x35\x1f\xd0\xa8\x47\xe7\xbf\x93\x5a\xa0\x45\xbe\x59\x20\xd2\xd5\x3b\xa3\x35\x8a\xd0\xba\x34\x0f\x3c\x15\x29\x59\xe3\x28\x57\xa6\xee\xe5\x09\xc6\x91\xbd\xf0\x32\x54\xbd\x18\x55\x03\x9b\xfb\x83\xd4\xf5\x68\xf8\x38\xc2\x66\xc8\x2d\x60\x0e\x8e\x58\x75\x25\xa7\xa5\xfb\x92\xd4\x8a\xd1\x17\x67\x02\xf0\xd9\xcd\x92\xcc\xb1\x6c\xd1\xa9\xa0\xd1\x17\x3f\x29\x04\xb1\x1e\x57\x2a\xd8\x55\xf9\x5c\xd9\x95\xd9\x97\xb2\x0c\xf5\x42\x4f\x8f\xd7\x1e\x1a\xa9\xa8\x54\x92\xa3\x96\xfb\x6c\x43\x46\x7d\x94\x35\x32\x87\xc6\x89\x57\x41\x1b\xc3\x21\x1c\x7d\xb7\xc6\x4e\xb5\xe2\x00\x14\xed\x5e\x6d\x86\x7e\x01\xbc\x12\x79\x73\x74\x31\x65\x21\x3a\x7e\x02\x52\xe9\x32\x27\xea\x07\x07\xce\xc6\x31\x48\x43\x91\x45\x8a\x5c\xea\x95\xf9\xec\x75\x08\x4e\xef\x4d\xf5\xef\x37\x1a\x8e\x21\x81\x0a\x7d\xda\x02\x53\x0d\x9d\xe9\x0b\x1f\xfc\xb0\xed\x9a\x4c\xe9\x62\xb9\xb0\x33\xbb\xe8\xa1\x30\xec\x7f\x5a\xae\xc5\x5d\x41\x36\x9b\x40\x33\x5c\x61\x21\xc9\xe7\xbe\x35\xf3\x1f\xfb\x6e\xb9\x20\xd6\x8b\xe4\xc9\xaf\xa7\x53\x3d\xba\x40\x32\x06\xe6\x61\xa5\x07\x27\x24\x16\xd3\x38\xac\xb0\x1c\xcd\xf1\x90\x3f\x16\x68\x99\x81\xcd\xc3\xe4\xe4\x27\x9d\x62\x30\x77\xd6\xe2\x89\x39\xb9\xf3\xbc\x84\x85\x65\x5b\xc8\x3e\x44\x02\xf9\x6d\x58\xca\xbe\x0f\x71\x66\xfb\x11\x65\xd3\x8a\x22\x75\xbd\x0a\xf9\xd2\x80\xf2\x84\xf1\x4f\x9b\x8a\x1f\x7a\x38\x18\xe7\x03\x83\x20\x4b\x3d\xd8\x57\x71\xa0\x26\x64\x3e\xec\x76\x84\x8a\x93\x8c\xcd\x65\x37\xf3\x77\x3f\x9d\xb6\x96\xc8\x13\xf5\x2d\xfb\x51\xa9\x22\x20\x2f\xaf\x87\x0e\x57\xd9\x18\xdd\x59\x44\x37\xef\x61\xd4\xfa\x8e\x76\xf9\xb3\x51\x96\x85\x0b\xc8\x90\x26\xcf\xd5\xa9\x25\xbc\x01\xe3\xe6\xf9\x3b\x38\x0b\x50\x02\x36\x61\xeb\xb2\xbb\x85\x2c\x7d\x6e\x0a\xcc\xe3\x7a\xf8\x4c\xef\x22\x38\xee\x4b\x13\x5e\x58\xe6\x31\x2c\x84\x56\x8d\x67\x5c\x49\x3a\xd9\x32\xcc\x60\x81\xa3\x09\x01\x2d\x05\x82\x69\x2e\x5b\x1d\x9c\x1b\x3e\x5d\x15\x1d\x4a\xa2\xe2\x4c\x6a\xda\xcc\xb4\xb3\x18\xea\xb0\xf8\xe6\xac\x23\xe1\x14\x62\x70\x77\xfb\x09\x1f\x63\x94\xd0\x51\xeb\xaf\x16\xe9\x36\x9b\xe3\xb9\x75\x08\x02\xbc\xd4\xfc\x1c\xc4\x27\x67\x8f\x18\xcf\x56\x25\x37\x62\xec\xee\x80\x42\x70\x3e\x1d\x8a\xb4\xb4\xb3\xf6\xa2\x54\x25\x08\xb9\xa7\x44\xf8\x0c\x36\x85\x52\xac\x1c\x47\xc9\x9b\x2f\x3b\x5b\x63\x12\xf7\xfe\x39\xf8\xf4\xa7\xde\x33\x29\x5f\x87\xda\x0f\xd7\x89\xf2\xde\x17\xc6\x00\xe4\xf9\xaf\x06\x9f\x2d\xa2\xab\xe9\x09\x68\xd3\x6f\x62\x97\x1d\xbe\xff\x1f\xc5\x0d\x29\x92\x3b\x8f\x20\x4c\x9f\x6e\x7b\x7c\xc5\xf0\xd4\xf3\x6f\xbf\x9b\x67\x92\x14\x3a\x1d\xe2\x69\x45\x99\x5e\xbc\x1e\xcc\x71\x52\x20\x27\x05\x7c\xb1\xd1\x60\x70\x8c\xd1\x6c\x48\x80\xfd\xb6\x85\xb9\x5e\x36\x59\x09\x6b\x37\xae\x7f\x06\xc2\x63\x0b\xc9\xac\x51\x06\x4e\x4c\x8f\x4e\xb7\xec\x91\x09\xe0\xbe\xf9\x1f\x07\x97\x0f\xee\xe9\x62\xf2\x75\x51\xb1\x5e\xb2\xf5\xfd\xc8\x36\x76\x83\xd3\xed\x2e\x6e\x48\xd7\x5e\xaf\x2c\x64\x1e\x98\xc3\x0a\x06\x8b\x3d\x62\x0a\x05\x88\x56\x5c\xac\x86\xc3\x35\xde\x14\x70\xe5\xd9\x55\xc3\xf2\x98\xd8\x4b\x20\x2b\x11\x83\xed\xc0\x32\x16\xaa\xa1\x5c\x9b\xde\xd7\x14\xd4\x31\x63\x23\xf6\xce\xdb\x0c\xcc\x76\x9e\x72\x72\x96\xf7\x62\x85\x65\x59\x76\xa6\xe2\x96\x8c\x63\x65\x23\x8a\x1b\x9b\xbd\x1d\x37\x78\x5a\xec\xee\xfc\xe7\x24\xcb\xf5\x2d\xc0\x61\x13\xe7\x6a\xc1\xbf\xd6\x84\x7a\x2e\xe5\x46\x6b\x7a\x02\xaa\xa2\x2e\xbc\xe2\x46\x8a\xc3\x25\x1f\xfb\x60\x44\x22\x3c\xb8\x3b\x43\x79\x89\xca\x87\x44\xc5\xcb\xa7\x32\xf4\xe0\x95\xd7\xca\xb2\x84\x0d\x4d\x37\x51\x0e\x24\x32\x11\x74\x27\x21\xae\xe0\x6e\x3b\x92\x4c\x9e\x1a\xa3\x29\x3f\x5f\x53\x2b\x46\xc5\x12\x3c\xda\x05\x3f\x2f\x78\x9c\x35\x28\x73\xc4\x84\x4f\xb4\x72\xa1\xf0\xc1\x60\x50\xda\x7d\xfb\xad\xbb\xea\xa6\x4e\x2a\xc1\xfc\x1f\x4f\x43\x48\x35\xa9\x61\xbe\x70\x6d\x55\xe5\xd5\xe7\x99\xaa\x8d\x83\xf7\x23\xde\x84\x1d\x45\xca\x6f\x66\x49\x14\x53\x90\xe4\xd8\xc8\xd3\xa6\x24\x86\x41\xd0\x80\x9e\x53\x76\xb1\x83\x18\xd6\xe0\x22\x8b\xb7\x5a\x2b\xc1\xb9\x63\x16\x78\x15\x9c\x9f\x6b\x82\x52\xc9\x02\x50\x38\x25\x21\xe5\x88\x75\x15\x45\xf4\x77\x14\xc6\xbf\x5c\xb0\xad\x5d\x92\xba\x8d\x97\xae\x35\xc4\x64\x1d\x7a\x15\x03\xd1\xb9\xd3\xe4\x3a\xeb\x4c\x2a\xe1\xa5\x37\xda\x14\x14\x90\x07\xbf\xd0\x5d\x5e\x7f\xc5\xd0\x4f\x0c\x3c\xb3\x26\x2c\x30\xc7\xbe\x88\xfb\xca\xf0\xe1\xa0\xc3\x46\x00\x5d\xa6\x65\xc8\x1a\x85\xd8\x77\xc4\x7c\x71\x4d\xc8\x41\x74\xc5\xdf\xb7\x35\x29\xd5\x19\xf1\x2b\x77\xd0\xc9\x62\x40\xec\xed\x2a\xee\x31\xa2\x17\x49\x23\xa3\x80\x98\x4c\x4c\x84\x7b\x27\xbd\x13\x3f\x77\x3d\x09\xab\x58\x2a\xcf\x5f\x99\x50\xa5\xea\x01\xc5\x90\x64\x29\x60\x78\x83\xe0\x90\xac\xc1\x01\x4e\x67\xc7\xc2\x40\x54\xca\xf9\x2f\x2e\x38\x4e\x88\x3d\xf9\x3d\x91\xb8\x83\x00\x06\x91\xaa\x81\xcf\x91\x49\xd1\x79\xc6\xf0\xd0\xa8\x93\x55\x81\x55\xdd\x6c\x6b\xd1\xba\xd5\x07\x1f\xbd\x38\x8a\xfc\x80\x15\xd8\x5f\xc0\xb2\xe9\xdf\x46\x1e\x68\xda\x52\x79\xa2\xcf\x0f\xb9\x38\x47\x62\x4b\x6d\xac\xd6\xcc\x92\x59\x93\x22\x24\xc6\x89\x6d\x26\xae\x9d\xdf\xc9\xe0\x31\x12\x90\x04\x9d\xd5\xfc\x38\x5f\x15\x62\x1d\x20\x0c\xcf\xf3\x77\x74\xec\xca\x50\xe2\x26\x1f\xed\x40\xfb\xd6\x46\x7f\xbd\xaf\xfb\x5c\x8a\x4e\xc4\x1b\x22\x78\x3d\xa2\xd3\xb6\xe8\xe5\xa1\x17\x60\xc0\x94\xc4\x76\xe1\x6a\x0c\x93\xec\xc3\xf8\xce\x5d\xb5\xca\x26\x80\x85\xdf\xb0\x22\xbf\x22\x30\xc9\x3a\x04\x17\x73\xaf\x17\x98\x0d\x33\x98\x9f\xce\xbe\x46\xc0\x71\x3a\x22\x00\x6a\xef\xa9\x23\xf4\x66\x3d\x41\x5b\xe9\xf8\x5f\x29\x78\x22\xf6\x2c\xc2\xc4\xfe\x8c\x25\x8b\x63\xb5\x27\x86\x77\xd6\x1f\x9e\x20\x4c\xa3\xec\x14\x3e\x45\xff\xca\x81\x3a\xc3\x62\x3b\x8b\x0c\x19\x3c\x71\x1f\x63\x4a\x60\xce\x44\xdd\x34\x2a\x24\x98\x4f\x58\x20\x36\x35\x45\x19\x15\x78\xce\xc9\x42\xd2\x30\x47\x08\x6f\x66\x1e\x06\x0a\x0b\xf7\x05\xe7\x46\xb4\x37\xdd\x9c\x0b\x85\xfe\x3a\x9b\x40\xb9\xf5\x17\x53\x04\x44\xb6\xfd\x5a\x50\x79\x23\x45\xc0\xdc\x16\x25\xb0\xb5\xd8\xb4\x4b\x7b\x71\x92\xfe\x65\x76\x9c\x0b\x19\x02\x8b\x67\x31\xff\xf7\x44\xd7\xf9\x7b\x04\x86\x4a\x9d\x1d\x25\x8c\x5a\x1c\xd4\x26\xb4\x40\xa5\x05\xfd\xaf\x1c\x47\x0b\x46\x6c\x95\x5d\xe1\xd3\xf8\x7a\x73\xc8\xcf\xb5\x71\x64\xa4\x11\x50\xee\xfc\x32\xf5\x27\xf6\x24\xcd\xde\xa3\x14\x2c\xb0\xfc\x4b\x8a\x90\xe4\x91\x1f\xa7\xe9\x15\xdd\x8b\xb0\x33\x01\x9c\xe8\xed\xb7\xc1\xec\xcd\xe7\x70\xf7\x7b\xda\x91\x0c\x50\xcc\xd9\xfc\x12\x41\x0b\xce\xbb\x89\xb0\x0b\x4d\x18\xbb\x99\xbf\xee\x2a\xd9\xb6\x33\x5f\x17\x71\x08\x5b\x0b\x59\x4e\xb2\x56\x46\x46\x63\x01\x4a\xd8\x58\x8e\x25\x32\x2f\x6f\xee\x56\x23\x57\x29\xea\x07\x7a\xd5\x51\x9a\x15\x07\x8e\x15\xa6\x47\x30\x3f\x92\x93\x0f\x19\x44\xb1\xee\x38\x3c\x21\x3a\xd9\xc5\x4b\x81\x3c\x11\x12\xb9\x40\x04\x6d\xcd\xd4\xe4\xb0\xc1\x66\x2a\x41\x16\xb8\x9e\x65\x75\xaf\xae\x66\x6d\xb2\x50\x16\x85\x33\xf3\x51\x1f\x9e\xa2\x3b\xb3\xf0\xf4\xe8\x5c\x95\xd4\x5d\x62\x75\xe0\xd3\x00\xca\x93\x33\xb3\xd1\x0a\x4f\x6f\xc4\xc5\x6c\xd3\x26\x7c\xdd\x5e\x0b\x30\xa9\x2b\x65\x4d\xf9\xc4\x1a\x52\x76\xe3\xcb\x31\x44\x30\xbb\x87\xc7\xbd\x90\x65\x10\x70\xae\x0e\xb8\x3c\xfa\xd8\x7b\x35\xe4\xc7\xbd\x16\x79\x8c\x33\xaf\x4a\x90\x40\x95\x12\x89\x29\xc7\xa4\x70\x49\x20\xee\x87\x0f\x2d\x81\x4e\xec\xd2\x9f\xb5\xb7\x61\x02\xa6\x53\x65\x76\xdf\x88\x5f\x11\x65\xc4\x8b\x1a\x22\x80\xb8\x6d\x05\x60\x6d\xf5\x65\xaa\xa3\xfb\x70\xcc\xc4\x3e\xf9\x6f\xeb\xbd\xaf\x4b\xa8\x82\x31\x52\x28\xf6\xfc\xb5\x4c\xf4\xaf\x08\xd3\x15\x16\xad\xb3\x17\x75\x47\xad\x6a\xab\xcb\x14\x06\xd8\xd1\xcd\x53\x34\xdc\x60\x86\x12\x44\x75\x8c\x79\x7a\x91\x56\x43\x64\xe1\x3b\xe0\x60\x49\x5c\x50\x88\x54\x12\x28\xf8\xa2\x1a\xeb\x0f\xf7\x23\xaf\x8e\xa6\x5c\xc6\x1e\x6a\xe5\x27\x81\x9d\xa7\x1c\x39\x3e\x39\x4a\x77\x16\x2a\x03\x50\x1b\xd0\x58\xc4\x03\xea\x9f\xf4\x0b\x4b\x62\x0a\xd1\xb1\xec\xfb\x9a\xd3\xda\x53\x82\xfa\x6e\x89\xc1\x63\xa6\x1d\xa6\xa5\x04\xfc\x3c\x2a\x89\xaf\xd7\x42\xec\x09\xf2\x39\x78\xc0\x96\x3f\xe9\xb3\x7d\xe1\x61\x67\xae\x93\x67\x8b\xf1\xee\x5c\xe8\xfc\x24\x2b\x17\xe9\xc7\x85\x7d\x80\x57\xdc\x1d\x15\x5b\xb4\x8b\x92\xdd\x49\x2d\x46\x9c\x86\x8a\x6b\x5f\x4b\x08\x41\x13\x32\xb6\x20\x01\x84\xeb\x1a\x10\xbd\x3e\x8b\x21\x10\x30\x0f\xb1\xf6\x4a\x29\xf8\x1c\x72\x29\xac\x20\x2e\x1c\x86\x5b\xa7\xc0\x12\x18\xf2\xe2\xaf\xc9\xe5\x54\xe6\x80\xd6\x59\xaa\x8a\x58\xf2\x09\x76\xa1\x90\x29\x5e\xee\x2e\x34\x8c\x5a\xe3\xd8\x86\xfc\x6b\x98\xe0\x43\x5f\xea\x75\x1a\x23\x9f\xcb\x5b\xdc\xde\x1f\x66\x37\xb5\xc7\x56\xda\x90\x3a\x25\x87\xb9\x21\x20\x81\x9c\xf3\x45\xeb\x5c\x50\xad\xb0\x1e\x1e\x3c\x6b\x2b\x82\x63\xe6\x4b\xec\xf3\xe0\xcc\x91\x1a\x33\xfe\xb4\x93\x6d\x39\xc4\xc7\xa0\x3b\xba\x19\x77\xd2\x51\xe3\xf8\xa8\x91\x58\xb1\x0a\xea\x5a\x4e\x89\xd1\xb6\x2d\xb0\xf1\x51\xc4\xed\x6d\xa1\x76\x50\x45\x1d\x1f\x98\x3f\xb8\xee\x9a\x38\xdb\x3e\xa2\xa7\x50\xaf\x4e\x76\x47\x29\x86\xbc\xfa\xc4\xef\x6d\x4c\x14\xff\x17\xba\x12\x07\x9e\x3f\x35\xfb\x65\x7a\x86\x17\x9c\x2f\xe4\xce\xc3\x2d\x07\x68\x8e\x63\x04\x8d\x48\x86\x44\x5b\x22\x94\x47\x80\x5c\x38\x5b\x53\x9b\x92\x0a\xe2\x9b\x3a\xbb\x48\x7f\xbe\x24\x98\x89\xc2\x0b\x0b\x06\x94\x97\x1d\x81\xbe\xaf\x49\x17\x46\xf0\x76\xfa\x7c\xb1\xff\xce\x13\x93\x26\x9e\x0c\x5d\xa8\xef\xc3\xa5\xd6\x8f\x37\x65\x82\xbd\xc1\x63\x30\xab\xcd\x44\x52\x26\xec\xf7\x24\x6f\x52\xc0\xff\xc1\x7e\xa5\xb5\x63\x27\xe8\xad\x17\x6b\xf9\xd8\x5f\x8a\x24\x79\xc3\xa5\x61\x0f\xd8\x7a\x45\x63\x4e\xcb\xe2\xd6\x98\x25\x7a\x28\x43\xe2\x4b\x39\x7e\x8b\x22\x86\x3c\x29\x72\x9b\x78\xce\xb3\xf3\xa1\x5f\x80\x60\xb5\xe5\x07\x9b\x41\x0b\xa8\xad\xe4\x39\x34\x75\x16\xae\x26\x0d\x23\x4f\x22\xbe\x7d\x85\xe6\x3f\xa0\xaa\xd3\x96\x72\x5d\x1b\x5a\x18\x28\x29\xb2\x1a\x66\x27\x3d\x52\xce\x87\xfc\x6b\x17\x76\x70\x75\xb3\x97\x51\x15\xb2\x09\xba\x0e\xe2\x15\xbb\x26\x97\x66\x56\xf2\x1b\x1c\x1d\x25\xb6\x5a\xd8\x30\xf1", 4096); syscall(SYS_mutate6, /*fd=*/r[0], /*data=*/0x200001c0ul, /*size=*/0x1000ul); break; case 6: memcpy((void*)0x200011c0, "./file0\000", 8); syscall(SYS_mutate_flags, /*filename=*/0x200011c0ul, /*i1=*/0x8001ul, /*b1=*/0, /*flags=*/0x10ul); break; case 7: memcpy((void*)0x20001200, ".\000", 2); syscall(SYS_mutate9, /*filename=*/0x20001200ul); break; case 8: *(uint8_t*)0x20001240 = 9; syscall(SYS_test, /*a0=*/0x20001240ul, /*a1=*/0x2a, 0, 0, 0, 0); break; case 9: memcpy((void*)0x20001280, "\x47\xc5\x24\xbd\xd3\xb2\x46\x0d\xcd\x33\xce\xba\xf3\xfc\xb6\xf6\x12\x39\xba\x80\xe3\x20\xba\x47\xf2\x29\xc2\x25\xbb\x6c\xf1\x98\x09\xb0\x4a\x84\x4b\x3e\xad\xf6\xf2\x92\x5e\x6a\xd6\x26\x1a\xea\xb7\xf4\xa7\x33\x8c\xa3\x3b\xb4\x57\xc0\xf8\xf9\xc0\x2e\x71\xf3\xc7\x15\x4d\x09\xc4\xd2\xfe\x33\x1b\xa9\x58\xc0\xb3\xc1\x74\x91\xd1\x29\x0b\x3f\xd6\x3f\xbb\xd1\xb9\x6d\x30\xea\x70\xcc\x92\xfb\x21\xab\x7c\x49\xae\x98\xc1\x92\xbf\x55\x61\x60\x6e\xad\xaa\xe3\x8b\xdc\x6b\x86\xe1\x72\x39\xc9\x9b\xca\x69\xa2\x4c\x4a\xf0\x0e\xee\x81\xec\xff\xa6\xc4\x39\x28\x57", 137); syscall(SYS_mutate6, /*fd=*/-1, /*data=*/0x20001280ul, /*size=*/0x89ul); break; case 10: memcpy((void*)0x20000000, "{^--\000", 5); sprintf((char*)0x20000040, "%020llu", (long long)0x1f); syz_compare(/*want=*/0x20000000, /*want_len=*/5, /*got=*/0x20000040, /*got_len=*/0x14); break; case 11: syz_compare_int(/*n=*/2, /*v0=*/4, /*v1=*/0x729, 0, 0); break; case 12: syz_errno(/*v=*/5); break; case 13: memcpy((void*)0x20000080, "\xca\x57\xf3\xc4\x8f\xe4\x76\x01\xd9\x3b\x41\xa5\xfc\x16\xf0\x22\xa6\xb4\x07\xd2\xc5\xc2\x01\xc8\x68\xbd\x0e\xf2\xa6\xdb\x68\xa9\x3c\x16\xa1\x16\x0a\x6f\xed\x52\x5e\xb4\xfc\x61\x85\xa1\xcf\xf2\x53\x90", 50); syz_execute_func(/*text=*/0x20000080); break; case 14: syz_exit(/*status=*/2); break; case 15: syz_mmap(/*addr=*/0x20ffc000, /*len=*/0x3000); break; case 16: syz_sleep_ms(/*ms=*/4); break; case 17: syz_test_fuzzer1(/*a=*/7, /*b=*/5, /*c=*/4); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :311:3: error: call to undeclared function 'syscall'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x2a, 0, 0, 0, 0); ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor659714053 -DGOOS_test=1 -DGOARCH_64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fno-exceptions] --- FAIL: TestGenerate/test/64/9 (1.25s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:9223372036854775807 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: test$length28(&(0x7f0000000000)=@f1=0x2, 0x2a) (fail_nth: 1) test$r102_consumer_recur(&(0x7f0000000080)={&(0x7f0000000040)}) (async) test$output_res(&(0x7f00000000c0)) (rerun: 4) syz_compare(&(0x7f0000000100)='\xe2.+##\x00', 0x6, &(0x7f0000000140)=@bf8={0x7, {0x55, 0x5, 0x6}}, 0x8) r0 = mutate5(&(0x7f0000000180)='./file0\x00', 0xcdcdcdcd) mutate6(r0, &(0x7f00000001c0)="f6bd0e7f514ee57f35cc826099ddd7104ee9e1b2a58e9d4ea62c580c616ce50b9f54c84fa45c5f6c319dc42e82257ee64714e1b48656e7dc8e6ae9d8e2ec412a9e7bc176366251361d1f94f2fd07d1ed7e47f515bd8eae23f0daf969365bcc9c3a59ee99e8d766525ed676b39597a47e83c69c50f56dab45ab282b5bc202819b341fd68dfcf5936597bf2a902a3d4e4d0bfae375d0a668771eac256e1a689809c4de2088029d7130f4e5484b6f3b9b352fc98ce0fd9823daf74e12070f8bab901fb3122d1270993d9162668072867889c92228aa50ee00bdfa1a0ea01500d0a915ced48862a6b8f2855be4165ac9ee685471da4832c4d19ae29f8b4c38ecec4a232901885685de65846ed03358db05317ae3757bb4da46085d8773d0deb444a1566bcbe52654e0df704c9ce6a2783df78c3f6b16fc51cf3f94894c099d8b0575b3879d83911472beab1d2f6ccfc0640419bf2223dfc31fb1fa13571c60c5ab4189e0dcca05e5ee29faab57f5dd3d91a26e5f5f4f41cb89568f8a593d3e343c7f571a2fc2e3705902159c40655fb8479a88064740f22688fc5ff81e6276c4b7967baf9c50b1e049a10f37bc4226f670bbbe6d5f4533f0610c130243c6159deab6fd37364ab5dc135988eb3e604049674feca94a5e766179d1aba0de25d64ebf8263b7f8e3eb971b13d2561391777862cde0a879911b57eef2db92d7e44c3ac045c4b02d40f117f51132772d87c930122e30be249e84d14cb125c536678484be1dc8c984595ee2d79035e2a34769b70c8c1036fdc17f53e018c560aae68495cff2a47d066a850fac3590c04925ef084c152751f22abe115f19a00807bf8362425ac1273f7371c542557d7d73f1fa38d6f92b6a938258a234955552b7b962c24830f737af04aca037bbf353b9db62bc1a849339ceb619cb4de76cff742352a1e3e5154a7c7ea3435ca61bf4ea1c6a48b235dd70c459de5f033a7c09a0f29ef392ab14ac06471c9943c0e38ab5d85eb91b6d7c99882cb76021bf81b3460063c1e49c6ec237465409c71090d5300862249cca7c472dc98a530f3abff8c42dfa0f8227ac01317b2e8d88e3d823dd4620e76ff00e51912ad914f2ec60447e3c1275c132e142ec370f1e0fde138c46a9eefc0d8840f073d4485e9fd1aa4383b9473a60215be4be5f6737466573aa7705af72fe23637fc5382f57a98fd51b0d8112dc536f3e28da49b09d77e387713b5f9a8994bc3d36a2f44db8cd9fdcf04e51a53fd92c64f650b9d63981a5e1f2395a319fbad46f634dac567be0cc44405d57676832ce0b31bc60ca8b8af9049b6c44e4b6a5fca4376d5b42c3f457b973114be216893b16b93bca3fcd88fde5d4ff7e302f96010a74fc4813a6efd24b3cc7f30d9b387388ac5c6c9d1163365cc219a6b9aa5c6da2b603296cdc052608af38a6cd19ba177a1898dea9d4f51f717c3aeb236acb40940b47646c90999be61beaf2e30a9e6c28459b4606ed6d7ad89ea5bf867ac4addb2ba1629989efba7ef1b11cf8ae7f703f38d45e6c63717228bdd4fa31aa0841cad476d9b7562a21f74a8fc33f70b7c3d490bfb74f2469db0702a3d7b2240a832e63c75f1afd4e9ca9bed8c0e359a65c85c19000d6254803828038b809b2cce96262b7cf0db65147068cd8bdef00925f5275cdd3bb03b1718c8e664c5fb47d591ffe5b7a712aa52b010c5befa726106724e4abdf21841972d42c640b83b80fb4a5a93c946c7363de509d8d6241785f8d38b979a8e94a62e32604182ab0281fccac56627538eaf8cf36d0e56b479c8f72b71e35a76cc982201bf3cba3ee7f4f98883f72763dac0e7228126fd8deb615dfed9a5363feaf517d259bf449acff771b06b07253a628acee2e1e9f08806a1632701372f56c61997f90aefa14419478fcb86c015fb27b9e316aedebce0ab4d1b442fb50a4673f3a0245d491afabae61c61465ba98cb4211c920863fb64c7356ecc51b9bd67d29db6229f068c7bcf1e2e74df896d85f75f7f346053980f269d427ce21c21f07531bc5f17d918830ee23f5de18aefd2a6493868d9a0f7828b224bb82f9470c18e80e2c9c3d6bf6783ce24d9dc6d8f997ef23f663227e0a4b5de474aaf66212cdee1944d089f8be01fb4dcff08665cf24c916a724835b7f92e2f62bfe68b72d01c2e3fd6ba215c921ed9934aa247a776a61203b942c3eaeb978ba6552c409b144c6aaf44628909f0874b71f54e9e2660aee829cb9ed8f01e4e57200c7621c0f64095f08b147c458b2ddd8b9e9733cdfd27187a22fc955c72efcacf314504baa33a89a0fada5d80f39d5f466c08a60bd3501db201d30c775b9491b890bafabc18539bce967c645c63110213217677d345f6ce45954db0c60763b61211f2257023cd1e820b11a006b2afbaa9efb44fa7975317513108041d0f8e7b1f7869ecffe2193409a893071c19c3335531e4a5962096685b7eb75fd4f501f98680f2ec7ae1ee0f2a6769cdb87bc174747d662c670c81f351fd0a847e7bf935aa045be5920d2d53ba3358ad0ba340f3c152959e32857a6eee509c691bdf03254bd1855039bfb83d4f568f838c266c82d600e8e587525a7a5fb92d48ad1176702f0d9cd92ccb16cd1a9a0d1173f2904b11e572ad855f95cd995d997b20cf5424f8fd71e1aa9a85492a396fb6c43467d94353287c68957411bc3211c7db7c64eb5e20014ed5e6d867e01bc127973743165213a7e0252e93227ea0707cec631484391458a5cea95f9ec75084eef4df5ef371a8e21810a7dda02530d9de90b1ffcb0ed9a4ce962b9b033bbe8a130ec7f5aaec55d41369b40335c6121c9e7be35f31ffb6eb920d68be4c9afa7533dba403206e661a507272416d338acb01ccdf1903f16689981cdc3e4e4279d623077d6e28939b9f3bc8485655bc83e4402f96d58cabe0f7166fb1165d38a2275bd0af9d280f284f14f9b8a1f7a3818e70383204b3dd85771a026643eec76848a938ccd6537f3773f9db696c813f52dfb51a922202faf870e57d918dd594437ef61d4fa8e76f9b35196850bc89026cfd5a925bc01e3e6f93b380b50023661ebb2bb852c7d6e0acce37af84cef2238ee4b135e58e6312c84568d675c493ad932cc6081a309012d0582692e5b1d9c1b3e5d151d4aa2e24c6adaccb4b318eab0f8e6ac23e114627077fb091f6394d051ebaf16e9369be3b9750802bcd4fc1cc427678f18cf56253762ecee8042703e1d8ab4b4b3f6a2542508b9a744f80c368552ac1c47c99b2f3b5b6312f7fe39f8f4a7de33295f87da0fd789f2de17c600e4f9af069f2da2abe90968d36f62971dbeff1fc50d29923b8f204c9f6e7b7cc5f0d4f36fbf9b6792143a1de26945995ebc1ecc71522027057cb1d160708cd16c4880fdb685b95e3659096b37ae7f06c2630bc9ac51064e4c8f4eb7ec9109e0bef91f07970feee962f27551b15eb2f5fdc8367683d3ed2e6e48d75eaf2c641e98c30a068b3d620a0588565cac86c335de1470e5d955c3f298d84b202b1183edc03216aaa15c9bded714d4316323f6cedb0ccc769e727296f76285655976a6e2968c6365238a1b9bbd1d37785aeceefce724cbf52dc06113e76ac1bfd6847a2ee5466b7a02aaa22ebce2468ac3251ffb6044223cb83b437989ca8744c5cba732f4e095d7cab2840d4d37510e243211742721aee06e3b924c9e1aa3293f5f532b46c5123cda053f2f789c352873c4844fb472a1f0c16050da7dfbadbbeaa64e2ac1fc1f4f434835a961be706d55e5d5e799aa8d83f723de841d45ca6f6649145390e4d8c8d3a6248641d0809e5376b18318d6e0228bb75a2bc1b9631678159c9f6b8252c90250382521e588751545f47714c6bf5cb0ad5d92ba8d97ae35c4641d7a1503d1b9d3e43aeb4c2ae1a537da14149007bfd05d5e7fc5d04f0c3cb3262c30c7be88fbcaf0e1a0c346005da665c81a85d877c47c714dc84174c5dfb73529d519f12b77d0c96240eced2aee31a2174923a380984c4c847b27bd133f773d09ab582acf5f9950a5ea01c5906429607883e090acc1014e67c7c24054caf92f2e384e883df93d91b883000691aa81cf9149d179c6f0d0a893558155dd6c6bd1bad5071fbd388afc8015d85fc0b2e9df461e68da5279a2cf0fb93847624b6dacd6cc9259932224c6896d26ae9ddfc9e0311290049dd5fc385f15621d200ccff37774ecca50e2261fed40fbd6467fbdaffb5c8a4ec41b22783da2d3b6e8e5a11760c094c476e16a0c93ecc3f8ce5db5ca268085dfb022bf2230c93a041773af17980d33989fcebe46c0713a22006aefa923f4663d415be9f85f297822f62cc2c4fe8c258b63b5278677d61f9e204ca3ec143e45ffca813ac3623b8b0c193c711f634a60ce44dd342a24984f5820363545191578cec942d23047086f661e060a0bf705e746b437dd9c0b85fe3a9b40b9f517530444b6fd5a50792345c0dc1625b0b5d8b44b7b7192fe65769c0b19028b6731fff744d7f97b04864a9d1d258c5a1cd426b440a505fdaf1c470b466c955de1d3f87a73c8cfb57164a41150eefc32f527f624cddea3142cb0fc4b8a90e4911fa7e915dd8bb033019ce8edb7c1eccde770f77bda910c50ccd9fc12410bcebb89b00b4d18bb99bfee2ad9b6335f1771085b0b594eb256464663014ad8588e25322f6fee56235729ea077ad5519a15078e15a647303f92930f1944b1ee383c213ad9c54b813c1112b940046dcdd4e4b0c1662a4116b89e6575afae666db250168533f3511f9ea23bb3f0f4e85c95d45d6275e0d300ca9333b3d10a4f6fc4c56cd3267cdd5e0b30a92b654df9c41a5276e3cb314430bb87c7bd90651070ae0eb83cfad87b35e4c7bd16798c33af4a904095128929c7a4704920ee870f2d814eecd29fb5b76102a6536576df885f1165c48b1a2280b86d05606df565aaa3fb70ccc43ef96febbdaf4ba882315228f6fcb54cf4af08d31516adb3177547ad6aabcb1406d8d1cd5334dc60861244758c797a91564364e13be060495c5088541228f8a21aeb0ff723af8ea65cc61e6ae527819da71c393e394a77162a03501bd058c403ea9ff40b4b620ad1b1ecfb9ad3da5382fa6e89c163a61da6a504fc3c2a89afd742ec09f23978c0963fe9b37de16167ae93678bf1ee5ce8fc242b17e9c7857d8057dc1d155bb48b92dd492d469c868a6b5f4b08411332b6200184eb1a10bd3e8b2110300fb1f64a29f81c7229ac202e1c865ba7c01218f2e2afc9e554e680d659aa8a58f20976a190295eee2e348c5ae3d886fc6b98e0435fea751a239fcb5bdcde1f6637b5c756da903a2587b92120819cf345eb5c50adb01e1e3c6b2b8263e64becf3e0cc911a33feb4936d39c4c7a03bba1977d251e3f8a89158b10aea5a4e89d1b62db0f151c4ed6da17650451d1f983fb8ee9a38db3ea2a750af4e76472986bcfac4ef6d4c14ff17ba12079e3f35fb657a86179c2fe4cec32d07688e63048d4886445b229447805c385b539b920ae29b3abb487fbe249889c20b0b0694971d81beaf491746f076fa7cb1ffce1393269e0c5da8efc3a5d68f376582bdc16330abcd445226ecf7246f52c0ffc17ea5b56327e8ad176bf9d85f8a2479c3a5610fd87a45634ecbe2d698257a2843e24b397e8b22863c29729b78ceb3f3a15f8060b5e5079b410ba8ade439347516ae260d234f22be7d85e63fa0aad396725d1b5a182829b21a66273d52ce87fc6b17767075b3975115b209ba0ee215bb26976656f21b1c1d25b65ad830f1", 0x1000) mutate_flags(&(0x7f00000011c0)='./file0\x00', 0x8001, 0x0, 0x10) mutate9(&(0x7f0000001200)='.\x00') test$length28(&(0x7f0000001240)=@f1=0x9, 0x2a) mutate6(0xffffffffffffffff, &(0x7f0000001280)="47c524bdd3b2460dcd33cebaf3fcb6f61239ba80e320ba47f229c225bb6cf19809b04a844b3eadf6f2925e6ad6261aeab7f4a7338ca33bb457c0f8f9c02e71f3c7154d09c4d2fe331ba958c0b3c17491d1290b3fd63fbbd1b96d30ea70cc92fb21ab7c49ae98c192bf5561606eadaae38bdc6b86e17239c99bca69a24c4af00eee81ecffa6c4392857", 0x89) syz_compare(&(0x7f0000000000)='{^--\x00', 0x5, &(0x7f0000000040)=@fmt1=0x1f, 0x14) syz_compare_int$2(0x2, 0x4, 0x729) syz_errno(0x5) syz_execute_func(&(0x7f0000000080)="ca57f3c48fe47601d93b41a5fc16f022a6b407d2c5c201c868bd0ef2a6db68a93c16a1160a6fed525eb4fc6185a1cff25390") syz_exit(0x2) syz_mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000) syz_sleep_ms(0x4) syz_test_fuzzer1(0x7, 0x5, 0x4) csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #ifndef SYS_mutate5 #define SYS_mutate5 0 #endif #ifndef SYS_mutate6 #define SYS_mutate6 0 #endif #ifndef SYS_mutate9 #define SYS_mutate9 0 #endif #ifndef SYS_mutate_flags #define SYS_mutate_flags 0 #endif #ifndef SYS_test #define SYS_test 0 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static void fake_crash(const char* name) { exit(1); exit(1); } static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) { if (a == 1 && b == 1 && c == 1) fake_crash("first bug"); if (a == 1 && b == 2 && c == 3) fake_crash("second bug"); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 18; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[1] = {0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint8_t*)0x20000000 = 2; inject_fault(1); syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x2a, 0, 0, 0, 0); break; case 1: *(uint64_t*)0x20000080 = 0x20000040; *(uint32_t*)0x20000040 = 0; syscall(SYS_test, /*a=*/0x20000080ul, 0, 0, 0, 0, 0); break; case 2: syscall(SYS_test, /*arg=*/0x200000c0ul, 0, 0, 0, 0, 0); { int i; for(i = 0; i < 4; i++) { syscall(SYS_test, /*arg=*/0x200000c0ul, 0, 0, 0, 0, 0); } } break; case 3: memcpy((void*)0x20000100, "\342.+##\000", 6); *(uint8_t*)0x20000140 = 7; *(uint8_t*)0x20000144 = 0x55; STORE_BY_BITMASK(uint32_t, , 0x20000144, 5, 8, 4); STORE_BY_BITMASK(uint16_t, , 0x20000144, 6, 12, 4); syz_compare(/*want=*/0x20000100, /*want_len=*/6, /*got=*/0x20000140, /*got_len=*/8); break; case 4: memcpy((void*)0x20000180, "./file0\000", 8); res = syscall(SYS_mutate5, /*filename=*/0x20000180ul, /*flags=*/0xcdcdcdcdul); if (res != -1) r[0] = res; break; case 5: memcpy((void*)0x200001c0, "\xf6\xbd\x0e\x7f\x51\x4e\xe5\x7f\x35\xcc\x82\x60\x99\xdd\xd7\x10\x4e\xe9\xe1\xb2\xa5\x8e\x9d\x4e\xa6\x2c\x58\x0c\x61\x6c\xe5\x0b\x9f\x54\xc8\x4f\xa4\x5c\x5f\x6c\x31\x9d\xc4\x2e\x82\x25\x7e\xe6\x47\x14\xe1\xb4\x86\x56\xe7\xdc\x8e\x6a\xe9\xd8\xe2\xec\x41\x2a\x9e\x7b\xc1\x76\x36\x62\x51\x36\x1d\x1f\x94\xf2\xfd\x07\xd1\xed\x7e\x47\xf5\x15\xbd\x8e\xae\x23\xf0\xda\xf9\x69\x36\x5b\xcc\x9c\x3a\x59\xee\x99\xe8\xd7\x66\x52\x5e\xd6\x76\xb3\x95\x97\xa4\x7e\x83\xc6\x9c\x50\xf5\x6d\xab\x45\xab\x28\x2b\x5b\xc2\x02\x81\x9b\x34\x1f\xd6\x8d\xfc\xf5\x93\x65\x97\xbf\x2a\x90\x2a\x3d\x4e\x4d\x0b\xfa\xe3\x75\xd0\xa6\x68\x77\x1e\xac\x25\x6e\x1a\x68\x98\x09\xc4\xde\x20\x88\x02\x9d\x71\x30\xf4\xe5\x48\x4b\x6f\x3b\x9b\x35\x2f\xc9\x8c\xe0\xfd\x98\x23\xda\xf7\x4e\x12\x07\x0f\x8b\xab\x90\x1f\xb3\x12\x2d\x12\x70\x99\x3d\x91\x62\x66\x80\x72\x86\x78\x89\xc9\x22\x28\xaa\x50\xee\x00\xbd\xfa\x1a\x0e\xa0\x15\x00\xd0\xa9\x15\xce\xd4\x88\x62\xa6\xb8\xf2\x85\x5b\xe4\x16\x5a\xc9\xee\x68\x54\x71\xda\x48\x32\xc4\xd1\x9a\xe2\x9f\x8b\x4c\x38\xec\xec\x4a\x23\x29\x01\x88\x56\x85\xde\x65\x84\x6e\xd0\x33\x58\xdb\x05\x31\x7a\xe3\x75\x7b\xb4\xda\x46\x08\x5d\x87\x73\xd0\xde\xb4\x44\xa1\x56\x6b\xcb\xe5\x26\x54\xe0\xdf\x70\x4c\x9c\xe6\xa2\x78\x3d\xf7\x8c\x3f\x6b\x16\xfc\x51\xcf\x3f\x94\x89\x4c\x09\x9d\x8b\x05\x75\xb3\x87\x9d\x83\x91\x14\x72\xbe\xab\x1d\x2f\x6c\xcf\xc0\x64\x04\x19\xbf\x22\x23\xdf\xc3\x1f\xb1\xfa\x13\x57\x1c\x60\xc5\xab\x41\x89\xe0\xdc\xca\x05\xe5\xee\x29\xfa\xab\x57\xf5\xdd\x3d\x91\xa2\x6e\x5f\x5f\x4f\x41\xcb\x89\x56\x8f\x8a\x59\x3d\x3e\x34\x3c\x7f\x57\x1a\x2f\xc2\xe3\x70\x59\x02\x15\x9c\x40\x65\x5f\xb8\x47\x9a\x88\x06\x47\x40\xf2\x26\x88\xfc\x5f\xf8\x1e\x62\x76\xc4\xb7\x96\x7b\xaf\x9c\x50\xb1\xe0\x49\xa1\x0f\x37\xbc\x42\x26\xf6\x70\xbb\xbe\x6d\x5f\x45\x33\xf0\x61\x0c\x13\x02\x43\xc6\x15\x9d\xea\xb6\xfd\x37\x36\x4a\xb5\xdc\x13\x59\x88\xeb\x3e\x60\x40\x49\x67\x4f\xec\xa9\x4a\x5e\x76\x61\x79\xd1\xab\xa0\xde\x25\xd6\x4e\xbf\x82\x63\xb7\xf8\xe3\xeb\x97\x1b\x13\xd2\x56\x13\x91\x77\x78\x62\xcd\xe0\xa8\x79\x91\x1b\x57\xee\xf2\xdb\x92\xd7\xe4\x4c\x3a\xc0\x45\xc4\xb0\x2d\x40\xf1\x17\xf5\x11\x32\x77\x2d\x87\xc9\x30\x12\x2e\x30\xbe\x24\x9e\x84\xd1\x4c\xb1\x25\xc5\x36\x67\x84\x84\xbe\x1d\xc8\xc9\x84\x59\x5e\xe2\xd7\x90\x35\xe2\xa3\x47\x69\xb7\x0c\x8c\x10\x36\xfd\xc1\x7f\x53\xe0\x18\xc5\x60\xaa\xe6\x84\x95\xcf\xf2\xa4\x7d\x06\x6a\x85\x0f\xac\x35\x90\xc0\x49\x25\xef\x08\x4c\x15\x27\x51\xf2\x2a\xbe\x11\x5f\x19\xa0\x08\x07\xbf\x83\x62\x42\x5a\xc1\x27\x3f\x73\x71\xc5\x42\x55\x7d\x7d\x73\xf1\xfa\x38\xd6\xf9\x2b\x6a\x93\x82\x58\xa2\x34\x95\x55\x52\xb7\xb9\x62\xc2\x48\x30\xf7\x37\xaf\x04\xac\xa0\x37\xbb\xf3\x53\xb9\xdb\x62\xbc\x1a\x84\x93\x39\xce\xb6\x19\xcb\x4d\xe7\x6c\xff\x74\x23\x52\xa1\xe3\xe5\x15\x4a\x7c\x7e\xa3\x43\x5c\xa6\x1b\xf4\xea\x1c\x6a\x48\xb2\x35\xdd\x70\xc4\x59\xde\x5f\x03\x3a\x7c\x09\xa0\xf2\x9e\xf3\x92\xab\x14\xac\x06\x47\x1c\x99\x43\xc0\xe3\x8a\xb5\xd8\x5e\xb9\x1b\x6d\x7c\x99\x88\x2c\xb7\x60\x21\xbf\x81\xb3\x46\x00\x63\xc1\xe4\x9c\x6e\xc2\x37\x46\x54\x09\xc7\x10\x90\xd5\x30\x08\x62\x24\x9c\xca\x7c\x47\x2d\xc9\x8a\x53\x0f\x3a\xbf\xf8\xc4\x2d\xfa\x0f\x82\x27\xac\x01\x31\x7b\x2e\x8d\x88\xe3\xd8\x23\xdd\x46\x20\xe7\x6f\xf0\x0e\x51\x91\x2a\xd9\x14\xf2\xec\x60\x44\x7e\x3c\x12\x75\xc1\x32\xe1\x42\xec\x37\x0f\x1e\x0f\xde\x13\x8c\x46\xa9\xee\xfc\x0d\x88\x40\xf0\x73\xd4\x48\x5e\x9f\xd1\xaa\x43\x83\xb9\x47\x3a\x60\x21\x5b\xe4\xbe\x5f\x67\x37\x46\x65\x73\xaa\x77\x05\xaf\x72\xfe\x23\x63\x7f\xc5\x38\x2f\x57\xa9\x8f\xd5\x1b\x0d\x81\x12\xdc\x53\x6f\x3e\x28\xda\x49\xb0\x9d\x77\xe3\x87\x71\x3b\x5f\x9a\x89\x94\xbc\x3d\x36\xa2\xf4\x4d\xb8\xcd\x9f\xdc\xf0\x4e\x51\xa5\x3f\xd9\x2c\x64\xf6\x50\xb9\xd6\x39\x81\xa5\xe1\xf2\x39\x5a\x31\x9f\xba\xd4\x6f\x63\x4d\xac\x56\x7b\xe0\xcc\x44\x40\x5d\x57\x67\x68\x32\xce\x0b\x31\xbc\x60\xca\x8b\x8a\xf9\x04\x9b\x6c\x44\xe4\xb6\xa5\xfc\xa4\x37\x6d\x5b\x42\xc3\xf4\x57\xb9\x73\x11\x4b\xe2\x16\x89\x3b\x16\xb9\x3b\xca\x3f\xcd\x88\xfd\xe5\xd4\xff\x7e\x30\x2f\x96\x01\x0a\x74\xfc\x48\x13\xa6\xef\xd2\x4b\x3c\xc7\xf3\x0d\x9b\x38\x73\x88\xac\x5c\x6c\x9d\x11\x63\x36\x5c\xc2\x19\xa6\xb9\xaa\x5c\x6d\xa2\xb6\x03\x29\x6c\xdc\x05\x26\x08\xaf\x38\xa6\xcd\x19\xba\x17\x7a\x18\x98\xde\xa9\xd4\xf5\x1f\x71\x7c\x3a\xeb\x23\x6a\xcb\x40\x94\x0b\x47\x64\x6c\x90\x99\x9b\xe6\x1b\xea\xf2\xe3\x0a\x9e\x6c\x28\x45\x9b\x46\x06\xed\x6d\x7a\xd8\x9e\xa5\xbf\x86\x7a\xc4\xad\xdb\x2b\xa1\x62\x99\x89\xef\xba\x7e\xf1\xb1\x1c\xf8\xae\x7f\x70\x3f\x38\xd4\x5e\x6c\x63\x71\x72\x28\xbd\xd4\xfa\x31\xaa\x08\x41\xca\xd4\x76\xd9\xb7\x56\x2a\x21\xf7\x4a\x8f\xc3\x3f\x70\xb7\xc3\xd4\x90\xbf\xb7\x4f\x24\x69\xdb\x07\x02\xa3\xd7\xb2\x24\x0a\x83\x2e\x63\xc7\x5f\x1a\xfd\x4e\x9c\xa9\xbe\xd8\xc0\xe3\x59\xa6\x5c\x85\xc1\x90\x00\xd6\x25\x48\x03\x82\x80\x38\xb8\x09\xb2\xcc\xe9\x62\x62\xb7\xcf\x0d\xb6\x51\x47\x06\x8c\xd8\xbd\xef\x00\x92\x5f\x52\x75\xcd\xd3\xbb\x03\xb1\x71\x8c\x8e\x66\x4c\x5f\xb4\x7d\x59\x1f\xfe\x5b\x7a\x71\x2a\xa5\x2b\x01\x0c\x5b\xef\xa7\x26\x10\x67\x24\xe4\xab\xdf\x21\x84\x19\x72\xd4\x2c\x64\x0b\x83\xb8\x0f\xb4\xa5\xa9\x3c\x94\x6c\x73\x63\xde\x50\x9d\x8d\x62\x41\x78\x5f\x8d\x38\xb9\x79\xa8\xe9\x4a\x62\xe3\x26\x04\x18\x2a\xb0\x28\x1f\xcc\xac\x56\x62\x75\x38\xea\xf8\xcf\x36\xd0\xe5\x6b\x47\x9c\x8f\x72\xb7\x1e\x35\xa7\x6c\xc9\x82\x20\x1b\xf3\xcb\xa3\xee\x7f\x4f\x98\x88\x3f\x72\x76\x3d\xac\x0e\x72\x28\x12\x6f\xd8\xde\xb6\x15\xdf\xed\x9a\x53\x63\xfe\xaf\x51\x7d\x25\x9b\xf4\x49\xac\xff\x77\x1b\x06\xb0\x72\x53\xa6\x28\xac\xee\x2e\x1e\x9f\x08\x80\x6a\x16\x32\x70\x13\x72\xf5\x6c\x61\x99\x7f\x90\xae\xfa\x14\x41\x94\x78\xfc\xb8\x6c\x01\x5f\xb2\x7b\x9e\x31\x6a\xed\xeb\xce\x0a\xb4\xd1\xb4\x42\xfb\x50\xa4\x67\x3f\x3a\x02\x45\xd4\x91\xaf\xab\xae\x61\xc6\x14\x65\xba\x98\xcb\x42\x11\xc9\x20\x86\x3f\xb6\x4c\x73\x56\xec\xc5\x1b\x9b\xd6\x7d\x29\xdb\x62\x29\xf0\x68\xc7\xbc\xf1\xe2\xe7\x4d\xf8\x96\xd8\x5f\x75\xf7\xf3\x46\x05\x39\x80\xf2\x69\xd4\x27\xce\x21\xc2\x1f\x07\x53\x1b\xc5\xf1\x7d\x91\x88\x30\xee\x23\xf5\xde\x18\xae\xfd\x2a\x64\x93\x86\x8d\x9a\x0f\x78\x28\xb2\x24\xbb\x82\xf9\x47\x0c\x18\xe8\x0e\x2c\x9c\x3d\x6b\xf6\x78\x3c\xe2\x4d\x9d\xc6\xd8\xf9\x97\xef\x23\xf6\x63\x22\x7e\x0a\x4b\x5d\xe4\x74\xaa\xf6\x62\x12\xcd\xee\x19\x44\xd0\x89\xf8\xbe\x01\xfb\x4d\xcf\xf0\x86\x65\xcf\x24\xc9\x16\xa7\x24\x83\x5b\x7f\x92\xe2\xf6\x2b\xfe\x68\xb7\x2d\x01\xc2\xe3\xfd\x6b\xa2\x15\xc9\x21\xed\x99\x34\xaa\x24\x7a\x77\x6a\x61\x20\x3b\x94\x2c\x3e\xae\xb9\x78\xba\x65\x52\xc4\x09\xb1\x44\xc6\xaa\xf4\x46\x28\x90\x9f\x08\x74\xb7\x1f\x54\xe9\xe2\x66\x0a\xee\x82\x9c\xb9\xed\x8f\x01\xe4\xe5\x72\x00\xc7\x62\x1c\x0f\x64\x09\x5f\x08\xb1\x47\xc4\x58\xb2\xdd\xd8\xb9\xe9\x73\x3c\xdf\xd2\x71\x87\xa2\x2f\xc9\x55\xc7\x2e\xfc\xac\xf3\x14\x50\x4b\xaa\x33\xa8\x9a\x0f\xad\xa5\xd8\x0f\x39\xd5\xf4\x66\xc0\x8a\x60\xbd\x35\x01\xdb\x20\x1d\x30\xc7\x75\xb9\x49\x1b\x89\x0b\xaf\xab\xc1\x85\x39\xbc\xe9\x67\xc6\x45\xc6\x31\x10\x21\x32\x17\x67\x7d\x34\x5f\x6c\xe4\x59\x54\xdb\x0c\x60\x76\x3b\x61\x21\x1f\x22\x57\x02\x3c\xd1\xe8\x20\xb1\x1a\x00\x6b\x2a\xfb\xaa\x9e\xfb\x44\xfa\x79\x75\x31\x75\x13\x10\x80\x41\xd0\xf8\xe7\xb1\xf7\x86\x9e\xcf\xfe\x21\x93\x40\x9a\x89\x30\x71\xc1\x9c\x33\x35\x53\x1e\x4a\x59\x62\x09\x66\x85\xb7\xeb\x75\xfd\x4f\x50\x1f\x98\x68\x0f\x2e\xc7\xae\x1e\xe0\xf2\xa6\x76\x9c\xdb\x87\xbc\x17\x47\x47\xd6\x62\xc6\x70\xc8\x1f\x35\x1f\xd0\xa8\x47\xe7\xbf\x93\x5a\xa0\x45\xbe\x59\x20\xd2\xd5\x3b\xa3\x35\x8a\xd0\xba\x34\x0f\x3c\x15\x29\x59\xe3\x28\x57\xa6\xee\xe5\x09\xc6\x91\xbd\xf0\x32\x54\xbd\x18\x55\x03\x9b\xfb\x83\xd4\xf5\x68\xf8\x38\xc2\x66\xc8\x2d\x60\x0e\x8e\x58\x75\x25\xa7\xa5\xfb\x92\xd4\x8a\xd1\x17\x67\x02\xf0\xd9\xcd\x92\xcc\xb1\x6c\xd1\xa9\xa0\xd1\x17\x3f\x29\x04\xb1\x1e\x57\x2a\xd8\x55\xf9\x5c\xd9\x95\xd9\x97\xb2\x0c\xf5\x42\x4f\x8f\xd7\x1e\x1a\xa9\xa8\x54\x92\xa3\x96\xfb\x6c\x43\x46\x7d\x94\x35\x32\x87\xc6\x89\x57\x41\x1b\xc3\x21\x1c\x7d\xb7\xc6\x4e\xb5\xe2\x00\x14\xed\x5e\x6d\x86\x7e\x01\xbc\x12\x79\x73\x74\x31\x65\x21\x3a\x7e\x02\x52\xe9\x32\x27\xea\x07\x07\xce\xc6\x31\x48\x43\x91\x45\x8a\x5c\xea\x95\xf9\xec\x75\x08\x4e\xef\x4d\xf5\xef\x37\x1a\x8e\x21\x81\x0a\x7d\xda\x02\x53\x0d\x9d\xe9\x0b\x1f\xfc\xb0\xed\x9a\x4c\xe9\x62\xb9\xb0\x33\xbb\xe8\xa1\x30\xec\x7f\x5a\xae\xc5\x5d\x41\x36\x9b\x40\x33\x5c\x61\x21\xc9\xe7\xbe\x35\xf3\x1f\xfb\x6e\xb9\x20\xd6\x8b\xe4\xc9\xaf\xa7\x53\x3d\xba\x40\x32\x06\xe6\x61\xa5\x07\x27\x24\x16\xd3\x38\xac\xb0\x1c\xcd\xf1\x90\x3f\x16\x68\x99\x81\xcd\xc3\xe4\xe4\x27\x9d\x62\x30\x77\xd6\xe2\x89\x39\xb9\xf3\xbc\x84\x85\x65\x5b\xc8\x3e\x44\x02\xf9\x6d\x58\xca\xbe\x0f\x71\x66\xfb\x11\x65\xd3\x8a\x22\x75\xbd\x0a\xf9\xd2\x80\xf2\x84\xf1\x4f\x9b\x8a\x1f\x7a\x38\x18\xe7\x03\x83\x20\x4b\x3d\xd8\x57\x71\xa0\x26\x64\x3e\xec\x76\x84\x8a\x93\x8c\xcd\x65\x37\xf3\x77\x3f\x9d\xb6\x96\xc8\x13\xf5\x2d\xfb\x51\xa9\x22\x20\x2f\xaf\x87\x0e\x57\xd9\x18\xdd\x59\x44\x37\xef\x61\xd4\xfa\x8e\x76\xf9\xb3\x51\x96\x85\x0b\xc8\x90\x26\xcf\xd5\xa9\x25\xbc\x01\xe3\xe6\xf9\x3b\x38\x0b\x50\x02\x36\x61\xeb\xb2\xbb\x85\x2c\x7d\x6e\x0a\xcc\xe3\x7a\xf8\x4c\xef\x22\x38\xee\x4b\x13\x5e\x58\xe6\x31\x2c\x84\x56\x8d\x67\x5c\x49\x3a\xd9\x32\xcc\x60\x81\xa3\x09\x01\x2d\x05\x82\x69\x2e\x5b\x1d\x9c\x1b\x3e\x5d\x15\x1d\x4a\xa2\xe2\x4c\x6a\xda\xcc\xb4\xb3\x18\xea\xb0\xf8\xe6\xac\x23\xe1\x14\x62\x70\x77\xfb\x09\x1f\x63\x94\xd0\x51\xeb\xaf\x16\xe9\x36\x9b\xe3\xb9\x75\x08\x02\xbc\xd4\xfc\x1c\xc4\x27\x67\x8f\x18\xcf\x56\x25\x37\x62\xec\xee\x80\x42\x70\x3e\x1d\x8a\xb4\xb4\xb3\xf6\xa2\x54\x25\x08\xb9\xa7\x44\xf8\x0c\x36\x85\x52\xac\x1c\x47\xc9\x9b\x2f\x3b\x5b\x63\x12\xf7\xfe\x39\xf8\xf4\xa7\xde\x33\x29\x5f\x87\xda\x0f\xd7\x89\xf2\xde\x17\xc6\x00\xe4\xf9\xaf\x06\x9f\x2d\xa2\xab\xe9\x09\x68\xd3\x6f\x62\x97\x1d\xbe\xff\x1f\xc5\x0d\x29\x92\x3b\x8f\x20\x4c\x9f\x6e\x7b\x7c\xc5\xf0\xd4\xf3\x6f\xbf\x9b\x67\x92\x14\x3a\x1d\xe2\x69\x45\x99\x5e\xbc\x1e\xcc\x71\x52\x20\x27\x05\x7c\xb1\xd1\x60\x70\x8c\xd1\x6c\x48\x80\xfd\xb6\x85\xb9\x5e\x36\x59\x09\x6b\x37\xae\x7f\x06\xc2\x63\x0b\xc9\xac\x51\x06\x4e\x4c\x8f\x4e\xb7\xec\x91\x09\xe0\xbe\xf9\x1f\x07\x97\x0f\xee\xe9\x62\xf2\x75\x51\xb1\x5e\xb2\xf5\xfd\xc8\x36\x76\x83\xd3\xed\x2e\x6e\x48\xd7\x5e\xaf\x2c\x64\x1e\x98\xc3\x0a\x06\x8b\x3d\x62\x0a\x05\x88\x56\x5c\xac\x86\xc3\x35\xde\x14\x70\xe5\xd9\x55\xc3\xf2\x98\xd8\x4b\x20\x2b\x11\x83\xed\xc0\x32\x16\xaa\xa1\x5c\x9b\xde\xd7\x14\xd4\x31\x63\x23\xf6\xce\xdb\x0c\xcc\x76\x9e\x72\x72\x96\xf7\x62\x85\x65\x59\x76\xa6\xe2\x96\x8c\x63\x65\x23\x8a\x1b\x9b\xbd\x1d\x37\x78\x5a\xec\xee\xfc\xe7\x24\xcb\xf5\x2d\xc0\x61\x13\xe7\x6a\xc1\xbf\xd6\x84\x7a\x2e\xe5\x46\x6b\x7a\x02\xaa\xa2\x2e\xbc\xe2\x46\x8a\xc3\x25\x1f\xfb\x60\x44\x22\x3c\xb8\x3b\x43\x79\x89\xca\x87\x44\xc5\xcb\xa7\x32\xf4\xe0\x95\xd7\xca\xb2\x84\x0d\x4d\x37\x51\x0e\x24\x32\x11\x74\x27\x21\xae\xe0\x6e\x3b\x92\x4c\x9e\x1a\xa3\x29\x3f\x5f\x53\x2b\x46\xc5\x12\x3c\xda\x05\x3f\x2f\x78\x9c\x35\x28\x73\xc4\x84\x4f\xb4\x72\xa1\xf0\xc1\x60\x50\xda\x7d\xfb\xad\xbb\xea\xa6\x4e\x2a\xc1\xfc\x1f\x4f\x43\x48\x35\xa9\x61\xbe\x70\x6d\x55\xe5\xd5\xe7\x99\xaa\x8d\x83\xf7\x23\xde\x84\x1d\x45\xca\x6f\x66\x49\x14\x53\x90\xe4\xd8\xc8\xd3\xa6\x24\x86\x41\xd0\x80\x9e\x53\x76\xb1\x83\x18\xd6\xe0\x22\x8b\xb7\x5a\x2b\xc1\xb9\x63\x16\x78\x15\x9c\x9f\x6b\x82\x52\xc9\x02\x50\x38\x25\x21\xe5\x88\x75\x15\x45\xf4\x77\x14\xc6\xbf\x5c\xb0\xad\x5d\x92\xba\x8d\x97\xae\x35\xc4\x64\x1d\x7a\x15\x03\xd1\xb9\xd3\xe4\x3a\xeb\x4c\x2a\xe1\xa5\x37\xda\x14\x14\x90\x07\xbf\xd0\x5d\x5e\x7f\xc5\xd0\x4f\x0c\x3c\xb3\x26\x2c\x30\xc7\xbe\x88\xfb\xca\xf0\xe1\xa0\xc3\x46\x00\x5d\xa6\x65\xc8\x1a\x85\xd8\x77\xc4\x7c\x71\x4d\xc8\x41\x74\xc5\xdf\xb7\x35\x29\xd5\x19\xf1\x2b\x77\xd0\xc9\x62\x40\xec\xed\x2a\xee\x31\xa2\x17\x49\x23\xa3\x80\x98\x4c\x4c\x84\x7b\x27\xbd\x13\x3f\x77\x3d\x09\xab\x58\x2a\xcf\x5f\x99\x50\xa5\xea\x01\xc5\x90\x64\x29\x60\x78\x83\xe0\x90\xac\xc1\x01\x4e\x67\xc7\xc2\x40\x54\xca\xf9\x2f\x2e\x38\x4e\x88\x3d\xf9\x3d\x91\xb8\x83\x00\x06\x91\xaa\x81\xcf\x91\x49\xd1\x79\xc6\xf0\xd0\xa8\x93\x55\x81\x55\xdd\x6c\x6b\xd1\xba\xd5\x07\x1f\xbd\x38\x8a\xfc\x80\x15\xd8\x5f\xc0\xb2\xe9\xdf\x46\x1e\x68\xda\x52\x79\xa2\xcf\x0f\xb9\x38\x47\x62\x4b\x6d\xac\xd6\xcc\x92\x59\x93\x22\x24\xc6\x89\x6d\x26\xae\x9d\xdf\xc9\xe0\x31\x12\x90\x04\x9d\xd5\xfc\x38\x5f\x15\x62\x1d\x20\x0c\xcf\xf3\x77\x74\xec\xca\x50\xe2\x26\x1f\xed\x40\xfb\xd6\x46\x7f\xbd\xaf\xfb\x5c\x8a\x4e\xc4\x1b\x22\x78\x3d\xa2\xd3\xb6\xe8\xe5\xa1\x17\x60\xc0\x94\xc4\x76\xe1\x6a\x0c\x93\xec\xc3\xf8\xce\x5d\xb5\xca\x26\x80\x85\xdf\xb0\x22\xbf\x22\x30\xc9\x3a\x04\x17\x73\xaf\x17\x98\x0d\x33\x98\x9f\xce\xbe\x46\xc0\x71\x3a\x22\x00\x6a\xef\xa9\x23\xf4\x66\x3d\x41\x5b\xe9\xf8\x5f\x29\x78\x22\xf6\x2c\xc2\xc4\xfe\x8c\x25\x8b\x63\xb5\x27\x86\x77\xd6\x1f\x9e\x20\x4c\xa3\xec\x14\x3e\x45\xff\xca\x81\x3a\xc3\x62\x3b\x8b\x0c\x19\x3c\x71\x1f\x63\x4a\x60\xce\x44\xdd\x34\x2a\x24\x98\x4f\x58\x20\x36\x35\x45\x19\x15\x78\xce\xc9\x42\xd2\x30\x47\x08\x6f\x66\x1e\x06\x0a\x0b\xf7\x05\xe7\x46\xb4\x37\xdd\x9c\x0b\x85\xfe\x3a\x9b\x40\xb9\xf5\x17\x53\x04\x44\xb6\xfd\x5a\x50\x79\x23\x45\xc0\xdc\x16\x25\xb0\xb5\xd8\xb4\x4b\x7b\x71\x92\xfe\x65\x76\x9c\x0b\x19\x02\x8b\x67\x31\xff\xf7\x44\xd7\xf9\x7b\x04\x86\x4a\x9d\x1d\x25\x8c\x5a\x1c\xd4\x26\xb4\x40\xa5\x05\xfd\xaf\x1c\x47\x0b\x46\x6c\x95\x5d\xe1\xd3\xf8\x7a\x73\xc8\xcf\xb5\x71\x64\xa4\x11\x50\xee\xfc\x32\xf5\x27\xf6\x24\xcd\xde\xa3\x14\x2c\xb0\xfc\x4b\x8a\x90\xe4\x91\x1f\xa7\xe9\x15\xdd\x8b\xb0\x33\x01\x9c\xe8\xed\xb7\xc1\xec\xcd\xe7\x70\xf7\x7b\xda\x91\x0c\x50\xcc\xd9\xfc\x12\x41\x0b\xce\xbb\x89\xb0\x0b\x4d\x18\xbb\x99\xbf\xee\x2a\xd9\xb6\x33\x5f\x17\x71\x08\x5b\x0b\x59\x4e\xb2\x56\x46\x46\x63\x01\x4a\xd8\x58\x8e\x25\x32\x2f\x6f\xee\x56\x23\x57\x29\xea\x07\x7a\xd5\x51\x9a\x15\x07\x8e\x15\xa6\x47\x30\x3f\x92\x93\x0f\x19\x44\xb1\xee\x38\x3c\x21\x3a\xd9\xc5\x4b\x81\x3c\x11\x12\xb9\x40\x04\x6d\xcd\xd4\xe4\xb0\xc1\x66\x2a\x41\x16\xb8\x9e\x65\x75\xaf\xae\x66\x6d\xb2\x50\x16\x85\x33\xf3\x51\x1f\x9e\xa2\x3b\xb3\xf0\xf4\xe8\x5c\x95\xd4\x5d\x62\x75\xe0\xd3\x00\xca\x93\x33\xb3\xd1\x0a\x4f\x6f\xc4\xc5\x6c\xd3\x26\x7c\xdd\x5e\x0b\x30\xa9\x2b\x65\x4d\xf9\xc4\x1a\x52\x76\xe3\xcb\x31\x44\x30\xbb\x87\xc7\xbd\x90\x65\x10\x70\xae\x0e\xb8\x3c\xfa\xd8\x7b\x35\xe4\xc7\xbd\x16\x79\x8c\x33\xaf\x4a\x90\x40\x95\x12\x89\x29\xc7\xa4\x70\x49\x20\xee\x87\x0f\x2d\x81\x4e\xec\xd2\x9f\xb5\xb7\x61\x02\xa6\x53\x65\x76\xdf\x88\x5f\x11\x65\xc4\x8b\x1a\x22\x80\xb8\x6d\x05\x60\x6d\xf5\x65\xaa\xa3\xfb\x70\xcc\xc4\x3e\xf9\x6f\xeb\xbd\xaf\x4b\xa8\x82\x31\x52\x28\xf6\xfc\xb5\x4c\xf4\xaf\x08\xd3\x15\x16\xad\xb3\x17\x75\x47\xad\x6a\xab\xcb\x14\x06\xd8\xd1\xcd\x53\x34\xdc\x60\x86\x12\x44\x75\x8c\x79\x7a\x91\x56\x43\x64\xe1\x3b\xe0\x60\x49\x5c\x50\x88\x54\x12\x28\xf8\xa2\x1a\xeb\x0f\xf7\x23\xaf\x8e\xa6\x5c\xc6\x1e\x6a\xe5\x27\x81\x9d\xa7\x1c\x39\x3e\x39\x4a\x77\x16\x2a\x03\x50\x1b\xd0\x58\xc4\x03\xea\x9f\xf4\x0b\x4b\x62\x0a\xd1\xb1\xec\xfb\x9a\xd3\xda\x53\x82\xfa\x6e\x89\xc1\x63\xa6\x1d\xa6\xa5\x04\xfc\x3c\x2a\x89\xaf\xd7\x42\xec\x09\xf2\x39\x78\xc0\x96\x3f\xe9\xb3\x7d\xe1\x61\x67\xae\x93\x67\x8b\xf1\xee\x5c\xe8\xfc\x24\x2b\x17\xe9\xc7\x85\x7d\x80\x57\xdc\x1d\x15\x5b\xb4\x8b\x92\xdd\x49\x2d\x46\x9c\x86\x8a\x6b\x5f\x4b\x08\x41\x13\x32\xb6\x20\x01\x84\xeb\x1a\x10\xbd\x3e\x8b\x21\x10\x30\x0f\xb1\xf6\x4a\x29\xf8\x1c\x72\x29\xac\x20\x2e\x1c\x86\x5b\xa7\xc0\x12\x18\xf2\xe2\xaf\xc9\xe5\x54\xe6\x80\xd6\x59\xaa\x8a\x58\xf2\x09\x76\xa1\x90\x29\x5e\xee\x2e\x34\x8c\x5a\xe3\xd8\x86\xfc\x6b\x98\xe0\x43\x5f\xea\x75\x1a\x23\x9f\xcb\x5b\xdc\xde\x1f\x66\x37\xb5\xc7\x56\xda\x90\x3a\x25\x87\xb9\x21\x20\x81\x9c\xf3\x45\xeb\x5c\x50\xad\xb0\x1e\x1e\x3c\x6b\x2b\x82\x63\xe6\x4b\xec\xf3\xe0\xcc\x91\x1a\x33\xfe\xb4\x93\x6d\x39\xc4\xc7\xa0\x3b\xba\x19\x77\xd2\x51\xe3\xf8\xa8\x91\x58\xb1\x0a\xea\x5a\x4e\x89\xd1\xb6\x2d\xb0\xf1\x51\xc4\xed\x6d\xa1\x76\x50\x45\x1d\x1f\x98\x3f\xb8\xee\x9a\x38\xdb\x3e\xa2\xa7\x50\xaf\x4e\x76\x47\x29\x86\xbc\xfa\xc4\xef\x6d\x4c\x14\xff\x17\xba\x12\x07\x9e\x3f\x35\xfb\x65\x7a\x86\x17\x9c\x2f\xe4\xce\xc3\x2d\x07\x68\x8e\x63\x04\x8d\x48\x86\x44\x5b\x22\x94\x47\x80\x5c\x38\x5b\x53\x9b\x92\x0a\xe2\x9b\x3a\xbb\x48\x7f\xbe\x24\x98\x89\xc2\x0b\x0b\x06\x94\x97\x1d\x81\xbe\xaf\x49\x17\x46\xf0\x76\xfa\x7c\xb1\xff\xce\x13\x93\x26\x9e\x0c\x5d\xa8\xef\xc3\xa5\xd6\x8f\x37\x65\x82\xbd\xc1\x63\x30\xab\xcd\x44\x52\x26\xec\xf7\x24\x6f\x52\xc0\xff\xc1\x7e\xa5\xb5\x63\x27\xe8\xad\x17\x6b\xf9\xd8\x5f\x8a\x24\x79\xc3\xa5\x61\x0f\xd8\x7a\x45\x63\x4e\xcb\xe2\xd6\x98\x25\x7a\x28\x43\xe2\x4b\x39\x7e\x8b\x22\x86\x3c\x29\x72\x9b\x78\xce\xb3\xf3\xa1\x5f\x80\x60\xb5\xe5\x07\x9b\x41\x0b\xa8\xad\xe4\x39\x34\x75\x16\xae\x26\x0d\x23\x4f\x22\xbe\x7d\x85\xe6\x3f\xa0\xaa\xd3\x96\x72\x5d\x1b\x5a\x18\x28\x29\xb2\x1a\x66\x27\x3d\x52\xce\x87\xfc\x6b\x17\x76\x70\x75\xb3\x97\x51\x15\xb2\x09\xba\x0e\xe2\x15\xbb\x26\x97\x66\x56\xf2\x1b\x1c\x1d\x25\xb6\x5a\xd8\x30\xf1", 4096); syscall(SYS_mutate6, /*fd=*/r[0], /*data=*/0x200001c0ul, /*size=*/0x1000ul); break; case 6: memcpy((void*)0x200011c0, "./file0\000", 8); syscall(SYS_mutate_flags, /*filename=*/0x200011c0ul, /*i1=*/0x8001ul, /*b1=*/0, /*flags=*/0x10ul); break; case 7: memcpy((void*)0x20001200, ".\000", 2); syscall(SYS_mutate9, /*filename=*/0x20001200ul); break; case 8: *(uint8_t*)0x20001240 = 9; syscall(SYS_test, /*a0=*/0x20001240ul, /*a1=*/0x2a, 0, 0, 0, 0); break; case 9: memcpy((void*)0x20001280, "\x47\xc5\x24\xbd\xd3\xb2\x46\x0d\xcd\x33\xce\xba\xf3\xfc\xb6\xf6\x12\x39\xba\x80\xe3\x20\xba\x47\xf2\x29\xc2\x25\xbb\x6c\xf1\x98\x09\xb0\x4a\x84\x4b\x3e\xad\xf6\xf2\x92\x5e\x6a\xd6\x26\x1a\xea\xb7\xf4\xa7\x33\x8c\xa3\x3b\xb4\x57\xc0\xf8\xf9\xc0\x2e\x71\xf3\xc7\x15\x4d\x09\xc4\xd2\xfe\x33\x1b\xa9\x58\xc0\xb3\xc1\x74\x91\xd1\x29\x0b\x3f\xd6\x3f\xbb\xd1\xb9\x6d\x30\xea\x70\xcc\x92\xfb\x21\xab\x7c\x49\xae\x98\xc1\x92\xbf\x55\x61\x60\x6e\xad\xaa\xe3\x8b\xdc\x6b\x86\xe1\x72\x39\xc9\x9b\xca\x69\xa2\x4c\x4a\xf0\x0e\xee\x81\xec\xff\xa6\xc4\x39\x28\x57", 137); syscall(SYS_mutate6, /*fd=*/-1, /*data=*/0x20001280ul, /*size=*/0x89ul); break; case 10: memcpy((void*)0x20000000, "{^--\000", 5); sprintf((char*)0x20000040, "%020llu", (long long)0x1f); syz_compare(/*want=*/0x20000000, /*want_len=*/5, /*got=*/0x20000040, /*got_len=*/0x14); break; case 11: syz_compare_int(/*n=*/2, /*v0=*/4, /*v1=*/0x729, 0, 0); break; case 12: syz_errno(/*v=*/5); break; case 13: memcpy((void*)0x20000080, "\xca\x57\xf3\xc4\x8f\xe4\x76\x01\xd9\x3b\x41\xa5\xfc\x16\xf0\x22\xa6\xb4\x07\xd2\xc5\xc2\x01\xc8\x68\xbd\x0e\xf2\xa6\xdb\x68\xa9\x3c\x16\xa1\x16\x0a\x6f\xed\x52\x5e\xb4\xfc\x61\x85\xa1\xcf\xf2\x53\x90", 50); syz_execute_func(/*text=*/0x20000080); break; case 14: syz_exit(/*status=*/2); break; case 15: syz_mmap(/*addr=*/0x20ffc000, /*len=*/0x3000); break; case 16: syz_sleep_ms(/*ms=*/4); break; case 17: syz_test_fuzzer1(/*a=*/7, /*b=*/5, /*c=*/4); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :317:3: error: call to undeclared function 'syscall'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x2a, 0, 0, 0, 0); ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor3823879161 -DGOOS_test=1 -DGOARCH_64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fno-exceptions] --- FAIL: TestGenerate/test/64/12 (1.36s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: test$length28(&(0x7f0000000000)=@f1=0x2, 0x2a) (fail_nth: 1) test$r102_consumer_recur(&(0x7f0000000080)={&(0x7f0000000040)}) (async) test$output_res(&(0x7f00000000c0)) (rerun: 4) syz_compare(&(0x7f0000000100)='\xe2.+##\x00', 0x6, &(0x7f0000000140)=@bf8={0x7, {0x55, 0x5, 0x6}}, 0x8) r0 = mutate5(&(0x7f0000000180)='./file0\x00', 0xcdcdcdcd) mutate6(r0, &(0x7f00000001c0)="f6bd0e7f514ee57f35cc826099ddd7104ee9e1b2a58e9d4ea62c580c616ce50b9f54c84fa45c5f6c319dc42e82257ee64714e1b48656e7dc8e6ae9d8e2ec412a9e7bc176366251361d1f94f2fd07d1ed7e47f515bd8eae23f0daf969365bcc9c3a59ee99e8d766525ed676b39597a47e83c69c50f56dab45ab282b5bc202819b341fd68dfcf5936597bf2a902a3d4e4d0bfae375d0a668771eac256e1a689809c4de2088029d7130f4e5484b6f3b9b352fc98ce0fd9823daf74e12070f8bab901fb3122d1270993d9162668072867889c92228aa50ee00bdfa1a0ea01500d0a915ced48862a6b8f2855be4165ac9ee685471da4832c4d19ae29f8b4c38ecec4a232901885685de65846ed03358db05317ae3757bb4da46085d8773d0deb444a1566bcbe52654e0df704c9ce6a2783df78c3f6b16fc51cf3f94894c099d8b0575b3879d83911472beab1d2f6ccfc0640419bf2223dfc31fb1fa13571c60c5ab4189e0dcca05e5ee29faab57f5dd3d91a26e5f5f4f41cb89568f8a593d3e343c7f571a2fc2e3705902159c40655fb8479a88064740f22688fc5ff81e6276c4b7967baf9c50b1e049a10f37bc4226f670bbbe6d5f4533f0610c130243c6159deab6fd37364ab5dc135988eb3e604049674feca94a5e766179d1aba0de25d64ebf8263b7f8e3eb971b13d2561391777862cde0a879911b57eef2db92d7e44c3ac045c4b02d40f117f51132772d87c930122e30be249e84d14cb125c536678484be1dc8c984595ee2d79035e2a34769b70c8c1036fdc17f53e018c560aae68495cff2a47d066a850fac3590c04925ef084c152751f22abe115f19a00807bf8362425ac1273f7371c542557d7d73f1fa38d6f92b6a938258a234955552b7b962c24830f737af04aca037bbf353b9db62bc1a849339ceb619cb4de76cff742352a1e3e5154a7c7ea3435ca61bf4ea1c6a48b235dd70c459de5f033a7c09a0f29ef392ab14ac06471c9943c0e38ab5d85eb91b6d7c99882cb76021bf81b3460063c1e49c6ec237465409c71090d5300862249cca7c472dc98a530f3abff8c42dfa0f8227ac01317b2e8d88e3d823dd4620e76ff00e51912ad914f2ec60447e3c1275c132e142ec370f1e0fde138c46a9eefc0d8840f073d4485e9fd1aa4383b9473a60215be4be5f6737466573aa7705af72fe23637fc5382f57a98fd51b0d8112dc536f3e28da49b09d77e387713b5f9a8994bc3d36a2f44db8cd9fdcf04e51a53fd92c64f650b9d63981a5e1f2395a319fbad46f634dac567be0cc44405d57676832ce0b31bc60ca8b8af9049b6c44e4b6a5fca4376d5b42c3f457b973114be216893b16b93bca3fcd88fde5d4ff7e302f96010a74fc4813a6efd24b3cc7f30d9b387388ac5c6c9d1163365cc219a6b9aa5c6da2b603296cdc052608af38a6cd19ba177a1898dea9d4f51f717c3aeb236acb40940b47646c90999be61beaf2e30a9e6c28459b4606ed6d7ad89ea5bf867ac4addb2ba1629989efba7ef1b11cf8ae7f703f38d45e6c63717228bdd4fa31aa0841cad476d9b7562a21f74a8fc33f70b7c3d490bfb74f2469db0702a3d7b2240a832e63c75f1afd4e9ca9bed8c0e359a65c85c19000d6254803828038b809b2cce96262b7cf0db65147068cd8bdef00925f5275cdd3bb03b1718c8e664c5fb47d591ffe5b7a712aa52b010c5befa726106724e4abdf21841972d42c640b83b80fb4a5a93c946c7363de509d8d6241785f8d38b979a8e94a62e32604182ab0281fccac56627538eaf8cf36d0e56b479c8f72b71e35a76cc982201bf3cba3ee7f4f98883f72763dac0e7228126fd8deb615dfed9a5363feaf517d259bf449acff771b06b07253a628acee2e1e9f08806a1632701372f56c61997f90aefa14419478fcb86c015fb27b9e316aedebce0ab4d1b442fb50a4673f3a0245d491afabae61c61465ba98cb4211c920863fb64c7356ecc51b9bd67d29db6229f068c7bcf1e2e74df896d85f75f7f346053980f269d427ce21c21f07531bc5f17d918830ee23f5de18aefd2a6493868d9a0f7828b224bb82f9470c18e80e2c9c3d6bf6783ce24d9dc6d8f997ef23f663227e0a4b5de474aaf66212cdee1944d089f8be01fb4dcff08665cf24c916a724835b7f92e2f62bfe68b72d01c2e3fd6ba215c921ed9934aa247a776a61203b942c3eaeb978ba6552c409b144c6aaf44628909f0874b71f54e9e2660aee829cb9ed8f01e4e57200c7621c0f64095f08b147c458b2ddd8b9e9733cdfd27187a22fc955c72efcacf314504baa33a89a0fada5d80f39d5f466c08a60bd3501db201d30c775b9491b890bafabc18539bce967c645c63110213217677d345f6ce45954db0c60763b61211f2257023cd1e820b11a006b2afbaa9efb44fa7975317513108041d0f8e7b1f7869ecffe2193409a893071c19c3335531e4a5962096685b7eb75fd4f501f98680f2ec7ae1ee0f2a6769cdb87bc174747d662c670c81f351fd0a847e7bf935aa045be5920d2d53ba3358ad0ba340f3c152959e32857a6eee509c691bdf03254bd1855039bfb83d4f568f838c266c82d600e8e587525a7a5fb92d48ad1176702f0d9cd92ccb16cd1a9a0d1173f2904b11e572ad855f95cd995d997b20cf5424f8fd71e1aa9a85492a396fb6c43467d94353287c68957411bc3211c7db7c64eb5e20014ed5e6d867e01bc127973743165213a7e0252e93227ea0707cec631484391458a5cea95f9ec75084eef4df5ef371a8e21810a7dda02530d9de90b1ffcb0ed9a4ce962b9b033bbe8a130ec7f5aaec55d41369b40335c6121c9e7be35f31ffb6eb920d68be4c9afa7533dba403206e661a507272416d338acb01ccdf1903f16689981cdc3e4e4279d623077d6e28939b9f3bc8485655bc83e4402f96d58cabe0f7166fb1165d38a2275bd0af9d280f284f14f9b8a1f7a3818e70383204b3dd85771a026643eec76848a938ccd6537f3773f9db696c813f52dfb51a922202faf870e57d918dd594437ef61d4fa8e76f9b35196850bc89026cfd5a925bc01e3e6f93b380b50023661ebb2bb852c7d6e0acce37af84cef2238ee4b135e58e6312c84568d675c493ad932cc6081a309012d0582692e5b1d9c1b3e5d151d4aa2e24c6adaccb4b318eab0f8e6ac23e114627077fb091f6394d051ebaf16e9369be3b9750802bcd4fc1cc427678f18cf56253762ecee8042703e1d8ab4b4b3f6a2542508b9a744f80c368552ac1c47c99b2f3b5b6312f7fe39f8f4a7de33295f87da0fd789f2de17c600e4f9af069f2da2abe90968d36f62971dbeff1fc50d29923b8f204c9f6e7b7cc5f0d4f36fbf9b6792143a1de26945995ebc1ecc71522027057cb1d160708cd16c4880fdb685b95e3659096b37ae7f06c2630bc9ac51064e4c8f4eb7ec9109e0bef91f07970feee962f27551b15eb2f5fdc8367683d3ed2e6e48d75eaf2c641e98c30a068b3d620a0588565cac86c335de1470e5d955c3f298d84b202b1183edc03216aaa15c9bded714d4316323f6cedb0ccc769e727296f76285655976a6e2968c6365238a1b9bbd1d37785aeceefce724cbf52dc06113e76ac1bfd6847a2ee5466b7a02aaa22ebce2468ac3251ffb6044223cb83b437989ca8744c5cba732f4e095d7cab2840d4d37510e243211742721aee06e3b924c9e1aa3293f5f532b46c5123cda053f2f789c352873c4844fb472a1f0c16050da7dfbadbbeaa64e2ac1fc1f4f434835a961be706d55e5d5e799aa8d83f723de841d45ca6f6649145390e4d8c8d3a6248641d0809e5376b18318d6e0228bb75a2bc1b9631678159c9f6b8252c90250382521e588751545f47714c6bf5cb0ad5d92ba8d97ae35c4641d7a1503d1b9d3e43aeb4c2ae1a537da14149007bfd05d5e7fc5d04f0c3cb3262c30c7be88fbcaf0e1a0c346005da665c81a85d877c47c714dc84174c5dfb73529d519f12b77d0c96240eced2aee31a2174923a380984c4c847b27bd133f773d09ab582acf5f9950a5ea01c5906429607883e090acc1014e67c7c24054caf92f2e384e883df93d91b883000691aa81cf9149d179c6f0d0a893558155dd6c6bd1bad5071fbd388afc8015d85fc0b2e9df461e68da5279a2cf0fb93847624b6dacd6cc9259932224c6896d26ae9ddfc9e0311290049dd5fc385f15621d200ccff37774ecca50e2261fed40fbd6467fbdaffb5c8a4ec41b22783da2d3b6e8e5a11760c094c476e16a0c93ecc3f8ce5db5ca268085dfb022bf2230c93a041773af17980d33989fcebe46c0713a22006aefa923f4663d415be9f85f297822f62cc2c4fe8c258b63b5278677d61f9e204ca3ec143e45ffca813ac3623b8b0c193c711f634a60ce44dd342a24984f5820363545191578cec942d23047086f661e060a0bf705e746b437dd9c0b85fe3a9b40b9f517530444b6fd5a50792345c0dc1625b0b5d8b44b7b7192fe65769c0b19028b6731fff744d7f97b04864a9d1d258c5a1cd426b440a505fdaf1c470b466c955de1d3f87a73c8cfb57164a41150eefc32f527f624cddea3142cb0fc4b8a90e4911fa7e915dd8bb033019ce8edb7c1eccde770f77bda910c50ccd9fc12410bcebb89b00b4d18bb99bfee2ad9b6335f1771085b0b594eb256464663014ad8588e25322f6fee56235729ea077ad5519a15078e15a647303f92930f1944b1ee383c213ad9c54b813c1112b940046dcdd4e4b0c1662a4116b89e6575afae666db250168533f3511f9ea23bb3f0f4e85c95d45d6275e0d300ca9333b3d10a4f6fc4c56cd3267cdd5e0b30a92b654df9c41a5276e3cb314430bb87c7bd90651070ae0eb83cfad87b35e4c7bd16798c33af4a904095128929c7a4704920ee870f2d814eecd29fb5b76102a6536576df885f1165c48b1a2280b86d05606df565aaa3fb70ccc43ef96febbdaf4ba882315228f6fcb54cf4af08d31516adb3177547ad6aabcb1406d8d1cd5334dc60861244758c797a91564364e13be060495c5088541228f8a21aeb0ff723af8ea65cc61e6ae527819da71c393e394a77162a03501bd058c403ea9ff40b4b620ad1b1ecfb9ad3da5382fa6e89c163a61da6a504fc3c2a89afd742ec09f23978c0963fe9b37de16167ae93678bf1ee5ce8fc242b17e9c7857d8057dc1d155bb48b92dd492d469c868a6b5f4b08411332b6200184eb1a10bd3e8b2110300fb1f64a29f81c7229ac202e1c865ba7c01218f2e2afc9e554e680d659aa8a58f20976a190295eee2e348c5ae3d886fc6b98e0435fea751a239fcb5bdcde1f6637b5c756da903a2587b92120819cf345eb5c50adb01e1e3c6b2b8263e64becf3e0cc911a33feb4936d39c4c7a03bba1977d251e3f8a89158b10aea5a4e89d1b62db0f151c4ed6da17650451d1f983fb8ee9a38db3ea2a750af4e76472986bcfac4ef6d4c14ff17ba12079e3f35fb657a86179c2fe4cec32d07688e63048d4886445b229447805c385b539b920ae29b3abb487fbe249889c20b0b0694971d81beaf491746f076fa7cb1ffce1393269e0c5da8efc3a5d68f376582bdc16330abcd445226ecf7246f52c0ffc17ea5b56327e8ad176bf9d85f8a2479c3a5610fd87a45634ecbe2d698257a2843e24b397e8b22863c29729b78ceb3f3a15f8060b5e5079b410ba8ade439347516ae260d234f22be7d85e63fa0aad396725d1b5a182829b21a66273d52ce87fc6b17767075b3975115b209ba0ee215bb26976656f21b1c1d25b65ad830f1", 0x1000) mutate_flags(&(0x7f00000011c0)='./file0\x00', 0x8001, 0x0, 0x10) mutate9(&(0x7f0000001200)='.\x00') test$length28(&(0x7f0000001240)=@f1=0x9, 0x2a) mutate6(0xffffffffffffffff, &(0x7f0000001280)="47c524bdd3b2460dcd33cebaf3fcb6f61239ba80e320ba47f229c225bb6cf19809b04a844b3eadf6f2925e6ad6261aeab7f4a7338ca33bb457c0f8f9c02e71f3c7154d09c4d2fe331ba958c0b3c17491d1290b3fd63fbbd1b96d30ea70cc92fb21ab7c49ae98c192bf5561606eadaae38bdc6b86e17239c99bca69a24c4af00eee81ecffa6c4392857", 0x89) syz_compare(&(0x7f0000000000)='{^--\x00', 0x5, &(0x7f0000000040)=@fmt1=0x1f, 0x14) syz_compare_int$2(0x2, 0x4, 0x729) syz_errno(0x5) syz_execute_func(&(0x7f0000000080)="ca57f3c48fe47601d93b41a5fc16f022a6b407d2c5c201c868bd0ef2a6db68a93c16a1160a6fed525eb4fc6185a1cff25390") syz_exit(0x2) syz_mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000) syz_sleep_ms(0x4) syz_test_fuzzer1(0x7, 0x5, 0x4) csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #ifndef SYS_mutate5 #define SYS_mutate5 0 #endif #ifndef SYS_mutate6 #define SYS_mutate6 0 #endif #ifndef SYS_mutate9 #define SYS_mutate9 0 #endif #ifndef SYS_mutate_flags #define SYS_mutate_flags 0 #endif #ifndef SYS_test #define SYS_test 0 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static void fake_crash(const char* name) { exit(1); exit(1); } static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) { if (a == 1 && b == 1 && c == 1) fake_crash("first bug"); if (a == 1 && b == 2 && c == 3) fake_crash("second bug"); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } int i, call, thread; for (call = 0; call < 18; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[1] = {0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint8_t*)0x20000000 = 2; inject_fault(1); syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x2a, 0, 0, 0, 0); break; case 1: *(uint64_t*)0x20000080 = 0x20000040; *(uint32_t*)0x20000040 = 0; syscall(SYS_test, /*a=*/0x20000080ul, 0, 0, 0, 0, 0); break; case 2: syscall(SYS_test, /*arg=*/0x200000c0ul, 0, 0, 0, 0, 0); { int i; for(i = 0; i < 4; i++) { syscall(SYS_test, /*arg=*/0x200000c0ul, 0, 0, 0, 0, 0); } } break; case 3: memcpy((void*)0x20000100, "\342.+##\000", 6); *(uint8_t*)0x20000140 = 7; *(uint8_t*)0x20000144 = 0x55; STORE_BY_BITMASK(uint32_t, , 0x20000144, 5, 8, 4); STORE_BY_BITMASK(uint16_t, , 0x20000144, 6, 12, 4); syz_compare(/*want=*/0x20000100, /*want_len=*/6, /*got=*/0x20000140, /*got_len=*/8); break; case 4: memcpy((void*)0x20000180, "./file0\000", 8); res = syscall(SYS_mutate5, /*filename=*/0x20000180ul, /*flags=*/0xcdcdcdcdul); if (res != -1) r[0] = res; break; case 5: memcpy((void*)0x200001c0, "\xf6\xbd\x0e\x7f\x51\x4e\xe5\x7f\x35\xcc\x82\x60\x99\xdd\xd7\x10\x4e\xe9\xe1\xb2\xa5\x8e\x9d\x4e\xa6\x2c\x58\x0c\x61\x6c\xe5\x0b\x9f\x54\xc8\x4f\xa4\x5c\x5f\x6c\x31\x9d\xc4\x2e\x82\x25\x7e\xe6\x47\x14\xe1\xb4\x86\x56\xe7\xdc\x8e\x6a\xe9\xd8\xe2\xec\x41\x2a\x9e\x7b\xc1\x76\x36\x62\x51\x36\x1d\x1f\x94\xf2\xfd\x07\xd1\xed\x7e\x47\xf5\x15\xbd\x8e\xae\x23\xf0\xda\xf9\x69\x36\x5b\xcc\x9c\x3a\x59\xee\x99\xe8\xd7\x66\x52\x5e\xd6\x76\xb3\x95\x97\xa4\x7e\x83\xc6\x9c\x50\xf5\x6d\xab\x45\xab\x28\x2b\x5b\xc2\x02\x81\x9b\x34\x1f\xd6\x8d\xfc\xf5\x93\x65\x97\xbf\x2a\x90\x2a\x3d\x4e\x4d\x0b\xfa\xe3\x75\xd0\xa6\x68\x77\x1e\xac\x25\x6e\x1a\x68\x98\x09\xc4\xde\x20\x88\x02\x9d\x71\x30\xf4\xe5\x48\x4b\x6f\x3b\x9b\x35\x2f\xc9\x8c\xe0\xfd\x98\x23\xda\xf7\x4e\x12\x07\x0f\x8b\xab\x90\x1f\xb3\x12\x2d\x12\x70\x99\x3d\x91\x62\x66\x80\x72\x86\x78\x89\xc9\x22\x28\xaa\x50\xee\x00\xbd\xfa\x1a\x0e\xa0\x15\x00\xd0\xa9\x15\xce\xd4\x88\x62\xa6\xb8\xf2\x85\x5b\xe4\x16\x5a\xc9\xee\x68\x54\x71\xda\x48\x32\xc4\xd1\x9a\xe2\x9f\x8b\x4c\x38\xec\xec\x4a\x23\x29\x01\x88\x56\x85\xde\x65\x84\x6e\xd0\x33\x58\xdb\x05\x31\x7a\xe3\x75\x7b\xb4\xda\x46\x08\x5d\x87\x73\xd0\xde\xb4\x44\xa1\x56\x6b\xcb\xe5\x26\x54\xe0\xdf\x70\x4c\x9c\xe6\xa2\x78\x3d\xf7\x8c\x3f\x6b\x16\xfc\x51\xcf\x3f\x94\x89\x4c\x09\x9d\x8b\x05\x75\xb3\x87\x9d\x83\x91\x14\x72\xbe\xab\x1d\x2f\x6c\xcf\xc0\x64\x04\x19\xbf\x22\x23\xdf\xc3\x1f\xb1\xfa\x13\x57\x1c\x60\xc5\xab\x41\x89\xe0\xdc\xca\x05\xe5\xee\x29\xfa\xab\x57\xf5\xdd\x3d\x91\xa2\x6e\x5f\x5f\x4f\x41\xcb\x89\x56\x8f\x8a\x59\x3d\x3e\x34\x3c\x7f\x57\x1a\x2f\xc2\xe3\x70\x59\x02\x15\x9c\x40\x65\x5f\xb8\x47\x9a\x88\x06\x47\x40\xf2\x26\x88\xfc\x5f\xf8\x1e\x62\x76\xc4\xb7\x96\x7b\xaf\x9c\x50\xb1\xe0\x49\xa1\x0f\x37\xbc\x42\x26\xf6\x70\xbb\xbe\x6d\x5f\x45\x33\xf0\x61\x0c\x13\x02\x43\xc6\x15\x9d\xea\xb6\xfd\x37\x36\x4a\xb5\xdc\x13\x59\x88\xeb\x3e\x60\x40\x49\x67\x4f\xec\xa9\x4a\x5e\x76\x61\x79\xd1\xab\xa0\xde\x25\xd6\x4e\xbf\x82\x63\xb7\xf8\xe3\xeb\x97\x1b\x13\xd2\x56\x13\x91\x77\x78\x62\xcd\xe0\xa8\x79\x91\x1b\x57\xee\xf2\xdb\x92\xd7\xe4\x4c\x3a\xc0\x45\xc4\xb0\x2d\x40\xf1\x17\xf5\x11\x32\x77\x2d\x87\xc9\x30\x12\x2e\x30\xbe\x24\x9e\x84\xd1\x4c\xb1\x25\xc5\x36\x67\x84\x84\xbe\x1d\xc8\xc9\x84\x59\x5e\xe2\xd7\x90\x35\xe2\xa3\x47\x69\xb7\x0c\x8c\x10\x36\xfd\xc1\x7f\x53\xe0\x18\xc5\x60\xaa\xe6\x84\x95\xcf\xf2\xa4\x7d\x06\x6a\x85\x0f\xac\x35\x90\xc0\x49\x25\xef\x08\x4c\x15\x27\x51\xf2\x2a\xbe\x11\x5f\x19\xa0\x08\x07\xbf\x83\x62\x42\x5a\xc1\x27\x3f\x73\x71\xc5\x42\x55\x7d\x7d\x73\xf1\xfa\x38\xd6\xf9\x2b\x6a\x93\x82\x58\xa2\x34\x95\x55\x52\xb7\xb9\x62\xc2\x48\x30\xf7\x37\xaf\x04\xac\xa0\x37\xbb\xf3\x53\xb9\xdb\x62\xbc\x1a\x84\x93\x39\xce\xb6\x19\xcb\x4d\xe7\x6c\xff\x74\x23\x52\xa1\xe3\xe5\x15\x4a\x7c\x7e\xa3\x43\x5c\xa6\x1b\xf4\xea\x1c\x6a\x48\xb2\x35\xdd\x70\xc4\x59\xde\x5f\x03\x3a\x7c\x09\xa0\xf2\x9e\xf3\x92\xab\x14\xac\x06\x47\x1c\x99\x43\xc0\xe3\x8a\xb5\xd8\x5e\xb9\x1b\x6d\x7c\x99\x88\x2c\xb7\x60\x21\xbf\x81\xb3\x46\x00\x63\xc1\xe4\x9c\x6e\xc2\x37\x46\x54\x09\xc7\x10\x90\xd5\x30\x08\x62\x24\x9c\xca\x7c\x47\x2d\xc9\x8a\x53\x0f\x3a\xbf\xf8\xc4\x2d\xfa\x0f\x82\x27\xac\x01\x31\x7b\x2e\x8d\x88\xe3\xd8\x23\xdd\x46\x20\xe7\x6f\xf0\x0e\x51\x91\x2a\xd9\x14\xf2\xec\x60\x44\x7e\x3c\x12\x75\xc1\x32\xe1\x42\xec\x37\x0f\x1e\x0f\xde\x13\x8c\x46\xa9\xee\xfc\x0d\x88\x40\xf0\x73\xd4\x48\x5e\x9f\xd1\xaa\x43\x83\xb9\x47\x3a\x60\x21\x5b\xe4\xbe\x5f\x67\x37\x46\x65\x73\xaa\x77\x05\xaf\x72\xfe\x23\x63\x7f\xc5\x38\x2f\x57\xa9\x8f\xd5\x1b\x0d\x81\x12\xdc\x53\x6f\x3e\x28\xda\x49\xb0\x9d\x77\xe3\x87\x71\x3b\x5f\x9a\x89\x94\xbc\x3d\x36\xa2\xf4\x4d\xb8\xcd\x9f\xdc\xf0\x4e\x51\xa5\x3f\xd9\x2c\x64\xf6\x50\xb9\xd6\x39\x81\xa5\xe1\xf2\x39\x5a\x31\x9f\xba\xd4\x6f\x63\x4d\xac\x56\x7b\xe0\xcc\x44\x40\x5d\x57\x67\x68\x32\xce\x0b\x31\xbc\x60\xca\x8b\x8a\xf9\x04\x9b\x6c\x44\xe4\xb6\xa5\xfc\xa4\x37\x6d\x5b\x42\xc3\xf4\x57\xb9\x73\x11\x4b\xe2\x16\x89\x3b\x16\xb9\x3b\xca\x3f\xcd\x88\xfd\xe5\xd4\xff\x7e\x30\x2f\x96\x01\x0a\x74\xfc\x48\x13\xa6\xef\xd2\x4b\x3c\xc7\xf3\x0d\x9b\x38\x73\x88\xac\x5c\x6c\x9d\x11\x63\x36\x5c\xc2\x19\xa6\xb9\xaa\x5c\x6d\xa2\xb6\x03\x29\x6c\xdc\x05\x26\x08\xaf\x38\xa6\xcd\x19\xba\x17\x7a\x18\x98\xde\xa9\xd4\xf5\x1f\x71\x7c\x3a\xeb\x23\x6a\xcb\x40\x94\x0b\x47\x64\x6c\x90\x99\x9b\xe6\x1b\xea\xf2\xe3\x0a\x9e\x6c\x28\x45\x9b\x46\x06\xed\x6d\x7a\xd8\x9e\xa5\xbf\x86\x7a\xc4\xad\xdb\x2b\xa1\x62\x99\x89\xef\xba\x7e\xf1\xb1\x1c\xf8\xae\x7f\x70\x3f\x38\xd4\x5e\x6c\x63\x71\x72\x28\xbd\xd4\xfa\x31\xaa\x08\x41\xca\xd4\x76\xd9\xb7\x56\x2a\x21\xf7\x4a\x8f\xc3\x3f\x70\xb7\xc3\xd4\x90\xbf\xb7\x4f\x24\x69\xdb\x07\x02\xa3\xd7\xb2\x24\x0a\x83\x2e\x63\xc7\x5f\x1a\xfd\x4e\x9c\xa9\xbe\xd8\xc0\xe3\x59\xa6\x5c\x85\xc1\x90\x00\xd6\x25\x48\x03\x82\x80\x38\xb8\x09\xb2\xcc\xe9\x62\x62\xb7\xcf\x0d\xb6\x51\x47\x06\x8c\xd8\xbd\xef\x00\x92\x5f\x52\x75\xcd\xd3\xbb\x03\xb1\x71\x8c\x8e\x66\x4c\x5f\xb4\x7d\x59\x1f\xfe\x5b\x7a\x71\x2a\xa5\x2b\x01\x0c\x5b\xef\xa7\x26\x10\x67\x24\xe4\xab\xdf\x21\x84\x19\x72\xd4\x2c\x64\x0b\x83\xb8\x0f\xb4\xa5\xa9\x3c\x94\x6c\x73\x63\xde\x50\x9d\x8d\x62\x41\x78\x5f\x8d\x38\xb9\x79\xa8\xe9\x4a\x62\xe3\x26\x04\x18\x2a\xb0\x28\x1f\xcc\xac\x56\x62\x75\x38\xea\xf8\xcf\x36\xd0\xe5\x6b\x47\x9c\x8f\x72\xb7\x1e\x35\xa7\x6c\xc9\x82\x20\x1b\xf3\xcb\xa3\xee\x7f\x4f\x98\x88\x3f\x72\x76\x3d\xac\x0e\x72\x28\x12\x6f\xd8\xde\xb6\x15\xdf\xed\x9a\x53\x63\xfe\xaf\x51\x7d\x25\x9b\xf4\x49\xac\xff\x77\x1b\x06\xb0\x72\x53\xa6\x28\xac\xee\x2e\x1e\x9f\x08\x80\x6a\x16\x32\x70\x13\x72\xf5\x6c\x61\x99\x7f\x90\xae\xfa\x14\x41\x94\x78\xfc\xb8\x6c\x01\x5f\xb2\x7b\x9e\x31\x6a\xed\xeb\xce\x0a\xb4\xd1\xb4\x42\xfb\x50\xa4\x67\x3f\x3a\x02\x45\xd4\x91\xaf\xab\xae\x61\xc6\x14\x65\xba\x98\xcb\x42\x11\xc9\x20\x86\x3f\xb6\x4c\x73\x56\xec\xc5\x1b\x9b\xd6\x7d\x29\xdb\x62\x29\xf0\x68\xc7\xbc\xf1\xe2\xe7\x4d\xf8\x96\xd8\x5f\x75\xf7\xf3\x46\x05\x39\x80\xf2\x69\xd4\x27\xce\x21\xc2\x1f\x07\x53\x1b\xc5\xf1\x7d\x91\x88\x30\xee\x23\xf5\xde\x18\xae\xfd\x2a\x64\x93\x86\x8d\x9a\x0f\x78\x28\xb2\x24\xbb\x82\xf9\x47\x0c\x18\xe8\x0e\x2c\x9c\x3d\x6b\xf6\x78\x3c\xe2\x4d\x9d\xc6\xd8\xf9\x97\xef\x23\xf6\x63\x22\x7e\x0a\x4b\x5d\xe4\x74\xaa\xf6\x62\x12\xcd\xee\x19\x44\xd0\x89\xf8\xbe\x01\xfb\x4d\xcf\xf0\x86\x65\xcf\x24\xc9\x16\xa7\x24\x83\x5b\x7f\x92\xe2\xf6\x2b\xfe\x68\xb7\x2d\x01\xc2\xe3\xfd\x6b\xa2\x15\xc9\x21\xed\x99\x34\xaa\x24\x7a\x77\x6a\x61\x20\x3b\x94\x2c\x3e\xae\xb9\x78\xba\x65\x52\xc4\x09\xb1\x44\xc6\xaa\xf4\x46\x28\x90\x9f\x08\x74\xb7\x1f\x54\xe9\xe2\x66\x0a\xee\x82\x9c\xb9\xed\x8f\x01\xe4\xe5\x72\x00\xc7\x62\x1c\x0f\x64\x09\x5f\x08\xb1\x47\xc4\x58\xb2\xdd\xd8\xb9\xe9\x73\x3c\xdf\xd2\x71\x87\xa2\x2f\xc9\x55\xc7\x2e\xfc\xac\xf3\x14\x50\x4b\xaa\x33\xa8\x9a\x0f\xad\xa5\xd8\x0f\x39\xd5\xf4\x66\xc0\x8a\x60\xbd\x35\x01\xdb\x20\x1d\x30\xc7\x75\xb9\x49\x1b\x89\x0b\xaf\xab\xc1\x85\x39\xbc\xe9\x67\xc6\x45\xc6\x31\x10\x21\x32\x17\x67\x7d\x34\x5f\x6c\xe4\x59\x54\xdb\x0c\x60\x76\x3b\x61\x21\x1f\x22\x57\x02\x3c\xd1\xe8\x20\xb1\x1a\x00\x6b\x2a\xfb\xaa\x9e\xfb\x44\xfa\x79\x75\x31\x75\x13\x10\x80\x41\xd0\xf8\xe7\xb1\xf7\x86\x9e\xcf\xfe\x21\x93\x40\x9a\x89\x30\x71\xc1\x9c\x33\x35\x53\x1e\x4a\x59\x62\x09\x66\x85\xb7\xeb\x75\xfd\x4f\x50\x1f\x98\x68\x0f\x2e\xc7\xae\x1e\xe0\xf2\xa6\x76\x9c\xdb\x87\xbc\x17\x47\x47\xd6\x62\xc6\x70\xc8\x1f\x35\x1f\xd0\xa8\x47\xe7\xbf\x93\x5a\xa0\x45\xbe\x59\x20\xd2\xd5\x3b\xa3\x35\x8a\xd0\xba\x34\x0f\x3c\x15\x29\x59\xe3\x28\x57\xa6\xee\xe5\x09\xc6\x91\xbd\xf0\x32\x54\xbd\x18\x55\x03\x9b\xfb\x83\xd4\xf5\x68\xf8\x38\xc2\x66\xc8\x2d\x60\x0e\x8e\x58\x75\x25\xa7\xa5\xfb\x92\xd4\x8a\xd1\x17\x67\x02\xf0\xd9\xcd\x92\xcc\xb1\x6c\xd1\xa9\xa0\xd1\x17\x3f\x29\x04\xb1\x1e\x57\x2a\xd8\x55\xf9\x5c\xd9\x95\xd9\x97\xb2\x0c\xf5\x42\x4f\x8f\xd7\x1e\x1a\xa9\xa8\x54\x92\xa3\x96\xfb\x6c\x43\x46\x7d\x94\x35\x32\x87\xc6\x89\x57\x41\x1b\xc3\x21\x1c\x7d\xb7\xc6\x4e\xb5\xe2\x00\x14\xed\x5e\x6d\x86\x7e\x01\xbc\x12\x79\x73\x74\x31\x65\x21\x3a\x7e\x02\x52\xe9\x32\x27\xea\x07\x07\xce\xc6\x31\x48\x43\x91\x45\x8a\x5c\xea\x95\xf9\xec\x75\x08\x4e\xef\x4d\xf5\xef\x37\x1a\x8e\x21\x81\x0a\x7d\xda\x02\x53\x0d\x9d\xe9\x0b\x1f\xfc\xb0\xed\x9a\x4c\xe9\x62\xb9\xb0\x33\xbb\xe8\xa1\x30\xec\x7f\x5a\xae\xc5\x5d\x41\x36\x9b\x40\x33\x5c\x61\x21\xc9\xe7\xbe\x35\xf3\x1f\xfb\x6e\xb9\x20\xd6\x8b\xe4\xc9\xaf\xa7\x53\x3d\xba\x40\x32\x06\xe6\x61\xa5\x07\x27\x24\x16\xd3\x38\xac\xb0\x1c\xcd\xf1\x90\x3f\x16\x68\x99\x81\xcd\xc3\xe4\xe4\x27\x9d\x62\x30\x77\xd6\xe2\x89\x39\xb9\xf3\xbc\x84\x85\x65\x5b\xc8\x3e\x44\x02\xf9\x6d\x58\xca\xbe\x0f\x71\x66\xfb\x11\x65\xd3\x8a\x22\x75\xbd\x0a\xf9\xd2\x80\xf2\x84\xf1\x4f\x9b\x8a\x1f\x7a\x38\x18\xe7\x03\x83\x20\x4b\x3d\xd8\x57\x71\xa0\x26\x64\x3e\xec\x76\x84\x8a\x93\x8c\xcd\x65\x37\xf3\x77\x3f\x9d\xb6\x96\xc8\x13\xf5\x2d\xfb\x51\xa9\x22\x20\x2f\xaf\x87\x0e\x57\xd9\x18\xdd\x59\x44\x37\xef\x61\xd4\xfa\x8e\x76\xf9\xb3\x51\x96\x85\x0b\xc8\x90\x26\xcf\xd5\xa9\x25\xbc\x01\xe3\xe6\xf9\x3b\x38\x0b\x50\x02\x36\x61\xeb\xb2\xbb\x85\x2c\x7d\x6e\x0a\xcc\xe3\x7a\xf8\x4c\xef\x22\x38\xee\x4b\x13\x5e\x58\xe6\x31\x2c\x84\x56\x8d\x67\x5c\x49\x3a\xd9\x32\xcc\x60\x81\xa3\x09\x01\x2d\x05\x82\x69\x2e\x5b\x1d\x9c\x1b\x3e\x5d\x15\x1d\x4a\xa2\xe2\x4c\x6a\xda\xcc\xb4\xb3\x18\xea\xb0\xf8\xe6\xac\x23\xe1\x14\x62\x70\x77\xfb\x09\x1f\x63\x94\xd0\x51\xeb\xaf\x16\xe9\x36\x9b\xe3\xb9\x75\x08\x02\xbc\xd4\xfc\x1c\xc4\x27\x67\x8f\x18\xcf\x56\x25\x37\x62\xec\xee\x80\x42\x70\x3e\x1d\x8a\xb4\xb4\xb3\xf6\xa2\x54\x25\x08\xb9\xa7\x44\xf8\x0c\x36\x85\x52\xac\x1c\x47\xc9\x9b\x2f\x3b\x5b\x63\x12\xf7\xfe\x39\xf8\xf4\xa7\xde\x33\x29\x5f\x87\xda\x0f\xd7\x89\xf2\xde\x17\xc6\x00\xe4\xf9\xaf\x06\x9f\x2d\xa2\xab\xe9\x09\x68\xd3\x6f\x62\x97\x1d\xbe\xff\x1f\xc5\x0d\x29\x92\x3b\x8f\x20\x4c\x9f\x6e\x7b\x7c\xc5\xf0\xd4\xf3\x6f\xbf\x9b\x67\x92\x14\x3a\x1d\xe2\x69\x45\x99\x5e\xbc\x1e\xcc\x71\x52\x20\x27\x05\x7c\xb1\xd1\x60\x70\x8c\xd1\x6c\x48\x80\xfd\xb6\x85\xb9\x5e\x36\x59\x09\x6b\x37\xae\x7f\x06\xc2\x63\x0b\xc9\xac\x51\x06\x4e\x4c\x8f\x4e\xb7\xec\x91\x09\xe0\xbe\xf9\x1f\x07\x97\x0f\xee\xe9\x62\xf2\x75\x51\xb1\x5e\xb2\xf5\xfd\xc8\x36\x76\x83\xd3\xed\x2e\x6e\x48\xd7\x5e\xaf\x2c\x64\x1e\x98\xc3\x0a\x06\x8b\x3d\x62\x0a\x05\x88\x56\x5c\xac\x86\xc3\x35\xde\x14\x70\xe5\xd9\x55\xc3\xf2\x98\xd8\x4b\x20\x2b\x11\x83\xed\xc0\x32\x16\xaa\xa1\x5c\x9b\xde\xd7\x14\xd4\x31\x63\x23\xf6\xce\xdb\x0c\xcc\x76\x9e\x72\x72\x96\xf7\x62\x85\x65\x59\x76\xa6\xe2\x96\x8c\x63\x65\x23\x8a\x1b\x9b\xbd\x1d\x37\x78\x5a\xec\xee\xfc\xe7\x24\xcb\xf5\x2d\xc0\x61\x13\xe7\x6a\xc1\xbf\xd6\x84\x7a\x2e\xe5\x46\x6b\x7a\x02\xaa\xa2\x2e\xbc\xe2\x46\x8a\xc3\x25\x1f\xfb\x60\x44\x22\x3c\xb8\x3b\x43\x79\x89\xca\x87\x44\xc5\xcb\xa7\x32\xf4\xe0\x95\xd7\xca\xb2\x84\x0d\x4d\x37\x51\x0e\x24\x32\x11\x74\x27\x21\xae\xe0\x6e\x3b\x92\x4c\x9e\x1a\xa3\x29\x3f\x5f\x53\x2b\x46\xc5\x12\x3c\xda\x05\x3f\x2f\x78\x9c\x35\x28\x73\xc4\x84\x4f\xb4\x72\xa1\xf0\xc1\x60\x50\xda\x7d\xfb\xad\xbb\xea\xa6\x4e\x2a\xc1\xfc\x1f\x4f\x43\x48\x35\xa9\x61\xbe\x70\x6d\x55\xe5\xd5\xe7\x99\xaa\x8d\x83\xf7\x23\xde\x84\x1d\x45\xca\x6f\x66\x49\x14\x53\x90\xe4\xd8\xc8\xd3\xa6\x24\x86\x41\xd0\x80\x9e\x53\x76\xb1\x83\x18\xd6\xe0\x22\x8b\xb7\x5a\x2b\xc1\xb9\x63\x16\x78\x15\x9c\x9f\x6b\x82\x52\xc9\x02\x50\x38\x25\x21\xe5\x88\x75\x15\x45\xf4\x77\x14\xc6\xbf\x5c\xb0\xad\x5d\x92\xba\x8d\x97\xae\x35\xc4\x64\x1d\x7a\x15\x03\xd1\xb9\xd3\xe4\x3a\xeb\x4c\x2a\xe1\xa5\x37\xda\x14\x14\x90\x07\xbf\xd0\x5d\x5e\x7f\xc5\xd0\x4f\x0c\x3c\xb3\x26\x2c\x30\xc7\xbe\x88\xfb\xca\xf0\xe1\xa0\xc3\x46\x00\x5d\xa6\x65\xc8\x1a\x85\xd8\x77\xc4\x7c\x71\x4d\xc8\x41\x74\xc5\xdf\xb7\x35\x29\xd5\x19\xf1\x2b\x77\xd0\xc9\x62\x40\xec\xed\x2a\xee\x31\xa2\x17\x49\x23\xa3\x80\x98\x4c\x4c\x84\x7b\x27\xbd\x13\x3f\x77\x3d\x09\xab\x58\x2a\xcf\x5f\x99\x50\xa5\xea\x01\xc5\x90\x64\x29\x60\x78\x83\xe0\x90\xac\xc1\x01\x4e\x67\xc7\xc2\x40\x54\xca\xf9\x2f\x2e\x38\x4e\x88\x3d\xf9\x3d\x91\xb8\x83\x00\x06\x91\xaa\x81\xcf\x91\x49\xd1\x79\xc6\xf0\xd0\xa8\x93\x55\x81\x55\xdd\x6c\x6b\xd1\xba\xd5\x07\x1f\xbd\x38\x8a\xfc\x80\x15\xd8\x5f\xc0\xb2\xe9\xdf\x46\x1e\x68\xda\x52\x79\xa2\xcf\x0f\xb9\x38\x47\x62\x4b\x6d\xac\xd6\xcc\x92\x59\x93\x22\x24\xc6\x89\x6d\x26\xae\x9d\xdf\xc9\xe0\x31\x12\x90\x04\x9d\xd5\xfc\x38\x5f\x15\x62\x1d\x20\x0c\xcf\xf3\x77\x74\xec\xca\x50\xe2\x26\x1f\xed\x40\xfb\xd6\x46\x7f\xbd\xaf\xfb\x5c\x8a\x4e\xc4\x1b\x22\x78\x3d\xa2\xd3\xb6\xe8\xe5\xa1\x17\x60\xc0\x94\xc4\x76\xe1\x6a\x0c\x93\xec\xc3\xf8\xce\x5d\xb5\xca\x26\x80\x85\xdf\xb0\x22\xbf\x22\x30\xc9\x3a\x04\x17\x73\xaf\x17\x98\x0d\x33\x98\x9f\xce\xbe\x46\xc0\x71\x3a\x22\x00\x6a\xef\xa9\x23\xf4\x66\x3d\x41\x5b\xe9\xf8\x5f\x29\x78\x22\xf6\x2c\xc2\xc4\xfe\x8c\x25\x8b\x63\xb5\x27\x86\x77\xd6\x1f\x9e\x20\x4c\xa3\xec\x14\x3e\x45\xff\xca\x81\x3a\xc3\x62\x3b\x8b\x0c\x19\x3c\x71\x1f\x63\x4a\x60\xce\x44\xdd\x34\x2a\x24\x98\x4f\x58\x20\x36\x35\x45\x19\x15\x78\xce\xc9\x42\xd2\x30\x47\x08\x6f\x66\x1e\x06\x0a\x0b\xf7\x05\xe7\x46\xb4\x37\xdd\x9c\x0b\x85\xfe\x3a\x9b\x40\xb9\xf5\x17\x53\x04\x44\xb6\xfd\x5a\x50\x79\x23\x45\xc0\xdc\x16\x25\xb0\xb5\xd8\xb4\x4b\x7b\x71\x92\xfe\x65\x76\x9c\x0b\x19\x02\x8b\x67\x31\xff\xf7\x44\xd7\xf9\x7b\x04\x86\x4a\x9d\x1d\x25\x8c\x5a\x1c\xd4\x26\xb4\x40\xa5\x05\xfd\xaf\x1c\x47\x0b\x46\x6c\x95\x5d\xe1\xd3\xf8\x7a\x73\xc8\xcf\xb5\x71\x64\xa4\x11\x50\xee\xfc\x32\xf5\x27\xf6\x24\xcd\xde\xa3\x14\x2c\xb0\xfc\x4b\x8a\x90\xe4\x91\x1f\xa7\xe9\x15\xdd\x8b\xb0\x33\x01\x9c\xe8\xed\xb7\xc1\xec\xcd\xe7\x70\xf7\x7b\xda\x91\x0c\x50\xcc\xd9\xfc\x12\x41\x0b\xce\xbb\x89\xb0\x0b\x4d\x18\xbb\x99\xbf\xee\x2a\xd9\xb6\x33\x5f\x17\x71\x08\x5b\x0b\x59\x4e\xb2\x56\x46\x46\x63\x01\x4a\xd8\x58\x8e\x25\x32\x2f\x6f\xee\x56\x23\x57\x29\xea\x07\x7a\xd5\x51\x9a\x15\x07\x8e\x15\xa6\x47\x30\x3f\x92\x93\x0f\x19\x44\xb1\xee\x38\x3c\x21\x3a\xd9\xc5\x4b\x81\x3c\x11\x12\xb9\x40\x04\x6d\xcd\xd4\xe4\xb0\xc1\x66\x2a\x41\x16\xb8\x9e\x65\x75\xaf\xae\x66\x6d\xb2\x50\x16\x85\x33\xf3\x51\x1f\x9e\xa2\x3b\xb3\xf0\xf4\xe8\x5c\x95\xd4\x5d\x62\x75\xe0\xd3\x00\xca\x93\x33\xb3\xd1\x0a\x4f\x6f\xc4\xc5\x6c\xd3\x26\x7c\xdd\x5e\x0b\x30\xa9\x2b\x65\x4d\xf9\xc4\x1a\x52\x76\xe3\xcb\x31\x44\x30\xbb\x87\xc7\xbd\x90\x65\x10\x70\xae\x0e\xb8\x3c\xfa\xd8\x7b\x35\xe4\xc7\xbd\x16\x79\x8c\x33\xaf\x4a\x90\x40\x95\x12\x89\x29\xc7\xa4\x70\x49\x20\xee\x87\x0f\x2d\x81\x4e\xec\xd2\x9f\xb5\xb7\x61\x02\xa6\x53\x65\x76\xdf\x88\x5f\x11\x65\xc4\x8b\x1a\x22\x80\xb8\x6d\x05\x60\x6d\xf5\x65\xaa\xa3\xfb\x70\xcc\xc4\x3e\xf9\x6f\xeb\xbd\xaf\x4b\xa8\x82\x31\x52\x28\xf6\xfc\xb5\x4c\xf4\xaf\x08\xd3\x15\x16\xad\xb3\x17\x75\x47\xad\x6a\xab\xcb\x14\x06\xd8\xd1\xcd\x53\x34\xdc\x60\x86\x12\x44\x75\x8c\x79\x7a\x91\x56\x43\x64\xe1\x3b\xe0\x60\x49\x5c\x50\x88\x54\x12\x28\xf8\xa2\x1a\xeb\x0f\xf7\x23\xaf\x8e\xa6\x5c\xc6\x1e\x6a\xe5\x27\x81\x9d\xa7\x1c\x39\x3e\x39\x4a\x77\x16\x2a\x03\x50\x1b\xd0\x58\xc4\x03\xea\x9f\xf4\x0b\x4b\x62\x0a\xd1\xb1\xec\xfb\x9a\xd3\xda\x53\x82\xfa\x6e\x89\xc1\x63\xa6\x1d\xa6\xa5\x04\xfc\x3c\x2a\x89\xaf\xd7\x42\xec\x09\xf2\x39\x78\xc0\x96\x3f\xe9\xb3\x7d\xe1\x61\x67\xae\x93\x67\x8b\xf1\xee\x5c\xe8\xfc\x24\x2b\x17\xe9\xc7\x85\x7d\x80\x57\xdc\x1d\x15\x5b\xb4\x8b\x92\xdd\x49\x2d\x46\x9c\x86\x8a\x6b\x5f\x4b\x08\x41\x13\x32\xb6\x20\x01\x84\xeb\x1a\x10\xbd\x3e\x8b\x21\x10\x30\x0f\xb1\xf6\x4a\x29\xf8\x1c\x72\x29\xac\x20\x2e\x1c\x86\x5b\xa7\xc0\x12\x18\xf2\xe2\xaf\xc9\xe5\x54\xe6\x80\xd6\x59\xaa\x8a\x58\xf2\x09\x76\xa1\x90\x29\x5e\xee\x2e\x34\x8c\x5a\xe3\xd8\x86\xfc\x6b\x98\xe0\x43\x5f\xea\x75\x1a\x23\x9f\xcb\x5b\xdc\xde\x1f\x66\x37\xb5\xc7\x56\xda\x90\x3a\x25\x87\xb9\x21\x20\x81\x9c\xf3\x45\xeb\x5c\x50\xad\xb0\x1e\x1e\x3c\x6b\x2b\x82\x63\xe6\x4b\xec\xf3\xe0\xcc\x91\x1a\x33\xfe\xb4\x93\x6d\x39\xc4\xc7\xa0\x3b\xba\x19\x77\xd2\x51\xe3\xf8\xa8\x91\x58\xb1\x0a\xea\x5a\x4e\x89\xd1\xb6\x2d\xb0\xf1\x51\xc4\xed\x6d\xa1\x76\x50\x45\x1d\x1f\x98\x3f\xb8\xee\x9a\x38\xdb\x3e\xa2\xa7\x50\xaf\x4e\x76\x47\x29\x86\xbc\xfa\xc4\xef\x6d\x4c\x14\xff\x17\xba\x12\x07\x9e\x3f\x35\xfb\x65\x7a\x86\x17\x9c\x2f\xe4\xce\xc3\x2d\x07\x68\x8e\x63\x04\x8d\x48\x86\x44\x5b\x22\x94\x47\x80\x5c\x38\x5b\x53\x9b\x92\x0a\xe2\x9b\x3a\xbb\x48\x7f\xbe\x24\x98\x89\xc2\x0b\x0b\x06\x94\x97\x1d\x81\xbe\xaf\x49\x17\x46\xf0\x76\xfa\x7c\xb1\xff\xce\x13\x93\x26\x9e\x0c\x5d\xa8\xef\xc3\xa5\xd6\x8f\x37\x65\x82\xbd\xc1\x63\x30\xab\xcd\x44\x52\x26\xec\xf7\x24\x6f\x52\xc0\xff\xc1\x7e\xa5\xb5\x63\x27\xe8\xad\x17\x6b\xf9\xd8\x5f\x8a\x24\x79\xc3\xa5\x61\x0f\xd8\x7a\x45\x63\x4e\xcb\xe2\xd6\x98\x25\x7a\x28\x43\xe2\x4b\x39\x7e\x8b\x22\x86\x3c\x29\x72\x9b\x78\xce\xb3\xf3\xa1\x5f\x80\x60\xb5\xe5\x07\x9b\x41\x0b\xa8\xad\xe4\x39\x34\x75\x16\xae\x26\x0d\x23\x4f\x22\xbe\x7d\x85\xe6\x3f\xa0\xaa\xd3\x96\x72\x5d\x1b\x5a\x18\x28\x29\xb2\x1a\x66\x27\x3d\x52\xce\x87\xfc\x6b\x17\x76\x70\x75\xb3\x97\x51\x15\xb2\x09\xba\x0e\xe2\x15\xbb\x26\x97\x66\x56\xf2\x1b\x1c\x1d\x25\xb6\x5a\xd8\x30\xf1", 4096); syscall(SYS_mutate6, /*fd=*/r[0], /*data=*/0x200001c0ul, /*size=*/0x1000ul); break; case 6: memcpy((void*)0x200011c0, "./file0\000", 8); syscall(SYS_mutate_flags, /*filename=*/0x200011c0ul, /*i1=*/0x8001ul, /*b1=*/0, /*flags=*/0x10ul); break; case 7: memcpy((void*)0x20001200, ".\000", 2); syscall(SYS_mutate9, /*filename=*/0x20001200ul); break; case 8: *(uint8_t*)0x20001240 = 9; syscall(SYS_test, /*a0=*/0x20001240ul, /*a1=*/0x2a, 0, 0, 0, 0); break; case 9: memcpy((void*)0x20001280, "\x47\xc5\x24\xbd\xd3\xb2\x46\x0d\xcd\x33\xce\xba\xf3\xfc\xb6\xf6\x12\x39\xba\x80\xe3\x20\xba\x47\xf2\x29\xc2\x25\xbb\x6c\xf1\x98\x09\xb0\x4a\x84\x4b\x3e\xad\xf6\xf2\x92\x5e\x6a\xd6\x26\x1a\xea\xb7\xf4\xa7\x33\x8c\xa3\x3b\xb4\x57\xc0\xf8\xf9\xc0\x2e\x71\xf3\xc7\x15\x4d\x09\xc4\xd2\xfe\x33\x1b\xa9\x58\xc0\xb3\xc1\x74\x91\xd1\x29\x0b\x3f\xd6\x3f\xbb\xd1\xb9\x6d\x30\xea\x70\xcc\x92\xfb\x21\xab\x7c\x49\xae\x98\xc1\x92\xbf\x55\x61\x60\x6e\xad\xaa\xe3\x8b\xdc\x6b\x86\xe1\x72\x39\xc9\x9b\xca\x69\xa2\x4c\x4a\xf0\x0e\xee\x81\xec\xff\xa6\xc4\x39\x28\x57", 137); syscall(SYS_mutate6, /*fd=*/-1, /*data=*/0x20001280ul, /*size=*/0x89ul); break; case 10: memcpy((void*)0x20000000, "{^--\000", 5); sprintf((char*)0x20000040, "%020llu", (long long)0x1f); syz_compare(/*want=*/0x20000000, /*want_len=*/5, /*got=*/0x20000040, /*got_len=*/0x14); break; case 11: syz_compare_int(/*n=*/2, /*v0=*/4, /*v1=*/0x729, 0, 0); break; case 12: syz_errno(/*v=*/5); break; case 13: memcpy((void*)0x20000080, "\xca\x57\xf3\xc4\x8f\xe4\x76\x01\xd9\x3b\x41\xa5\xfc\x16\xf0\x22\xa6\xb4\x07\xd2\xc5\xc2\x01\xc8\x68\xbd\x0e\xf2\xa6\xdb\x68\xa9\x3c\x16\xa1\x16\x0a\x6f\xed\x52\x5e\xb4\xfc\x61\x85\xa1\xcf\xf2\x53\x90", 50); syz_execute_func(/*text=*/0x20000080); break; case 14: syz_exit(/*status=*/2); break; case 15: syz_mmap(/*addr=*/0x20ffc000, /*len=*/0x3000); break; case 16: syz_sleep_ms(/*ms=*/4); break; case 17: syz_test_fuzzer1(/*a=*/7, /*b=*/5, /*c=*/4); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :319:3: error: call to undeclared function 'syscall'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x2a, 0, 0, 0, 0); ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor1718426259 -DGOOS_test=1 -DGOARCH_64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fno-exceptions] --- FAIL: TestGenerate/test/64/3 (1.37s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:10 Procs:0 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: test$length28(&(0x7f0000000000)=@f1=0x2, 0x2a) (fail_nth: 1) test$r102_consumer_recur(&(0x7f0000000080)={&(0x7f0000000040)}) (async) test$output_res(&(0x7f00000000c0)) (rerun: 4) syz_compare(&(0x7f0000000100)='\xe2.+##\x00', 0x6, &(0x7f0000000140)=@bf8={0x7, {0x55, 0x5, 0x6}}, 0x8) r0 = mutate5(&(0x7f0000000180)='./file0\x00', 0xcdcdcdcd) mutate6(r0, &(0x7f00000001c0)="f6bd0e7f514ee57f35cc826099ddd7104ee9e1b2a58e9d4ea62c580c616ce50b9f54c84fa45c5f6c319dc42e82257ee64714e1b48656e7dc8e6ae9d8e2ec412a9e7bc176366251361d1f94f2fd07d1ed7e47f515bd8eae23f0daf969365bcc9c3a59ee99e8d766525ed676b39597a47e83c69c50f56dab45ab282b5bc202819b341fd68dfcf5936597bf2a902a3d4e4d0bfae375d0a668771eac256e1a689809c4de2088029d7130f4e5484b6f3b9b352fc98ce0fd9823daf74e12070f8bab901fb3122d1270993d9162668072867889c92228aa50ee00bdfa1a0ea01500d0a915ced48862a6b8f2855be4165ac9ee685471da4832c4d19ae29f8b4c38ecec4a232901885685de65846ed03358db05317ae3757bb4da46085d8773d0deb444a1566bcbe52654e0df704c9ce6a2783df78c3f6b16fc51cf3f94894c099d8b0575b3879d83911472beab1d2f6ccfc0640419bf2223dfc31fb1fa13571c60c5ab4189e0dcca05e5ee29faab57f5dd3d91a26e5f5f4f41cb89568f8a593d3e343c7f571a2fc2e3705902159c40655fb8479a88064740f22688fc5ff81e6276c4b7967baf9c50b1e049a10f37bc4226f670bbbe6d5f4533f0610c130243c6159deab6fd37364ab5dc135988eb3e604049674feca94a5e766179d1aba0de25d64ebf8263b7f8e3eb971b13d2561391777862cde0a879911b57eef2db92d7e44c3ac045c4b02d40f117f51132772d87c930122e30be249e84d14cb125c536678484be1dc8c984595ee2d79035e2a34769b70c8c1036fdc17f53e018c560aae68495cff2a47d066a850fac3590c04925ef084c152751f22abe115f19a00807bf8362425ac1273f7371c542557d7d73f1fa38d6f92b6a938258a234955552b7b962c24830f737af04aca037bbf353b9db62bc1a849339ceb619cb4de76cff742352a1e3e5154a7c7ea3435ca61bf4ea1c6a48b235dd70c459de5f033a7c09a0f29ef392ab14ac06471c9943c0e38ab5d85eb91b6d7c99882cb76021bf81b3460063c1e49c6ec237465409c71090d5300862249cca7c472dc98a530f3abff8c42dfa0f8227ac01317b2e8d88e3d823dd4620e76ff00e51912ad914f2ec60447e3c1275c132e142ec370f1e0fde138c46a9eefc0d8840f073d4485e9fd1aa4383b9473a60215be4be5f6737466573aa7705af72fe23637fc5382f57a98fd51b0d8112dc536f3e28da49b09d77e387713b5f9a8994bc3d36a2f44db8cd9fdcf04e51a53fd92c64f650b9d63981a5e1f2395a319fbad46f634dac567be0cc44405d57676832ce0b31bc60ca8b8af9049b6c44e4b6a5fca4376d5b42c3f457b973114be216893b16b93bca3fcd88fde5d4ff7e302f96010a74fc4813a6efd24b3cc7f30d9b387388ac5c6c9d1163365cc219a6b9aa5c6da2b603296cdc052608af38a6cd19ba177a1898dea9d4f51f717c3aeb236acb40940b47646c90999be61beaf2e30a9e6c28459b4606ed6d7ad89ea5bf867ac4addb2ba1629989efba7ef1b11cf8ae7f703f38d45e6c63717228bdd4fa31aa0841cad476d9b7562a21f74a8fc33f70b7c3d490bfb74f2469db0702a3d7b2240a832e63c75f1afd4e9ca9bed8c0e359a65c85c19000d6254803828038b809b2cce96262b7cf0db65147068cd8bdef00925f5275cdd3bb03b1718c8e664c5fb47d591ffe5b7a712aa52b010c5befa726106724e4abdf21841972d42c640b83b80fb4a5a93c946c7363de509d8d6241785f8d38b979a8e94a62e32604182ab0281fccac56627538eaf8cf36d0e56b479c8f72b71e35a76cc982201bf3cba3ee7f4f98883f72763dac0e7228126fd8deb615dfed9a5363feaf517d259bf449acff771b06b07253a628acee2e1e9f08806a1632701372f56c61997f90aefa14419478fcb86c015fb27b9e316aedebce0ab4d1b442fb50a4673f3a0245d491afabae61c61465ba98cb4211c920863fb64c7356ecc51b9bd67d29db6229f068c7bcf1e2e74df896d85f75f7f346053980f269d427ce21c21f07531bc5f17d918830ee23f5de18aefd2a6493868d9a0f7828b224bb82f9470c18e80e2c9c3d6bf6783ce24d9dc6d8f997ef23f663227e0a4b5de474aaf66212cdee1944d089f8be01fb4dcff08665cf24c916a724835b7f92e2f62bfe68b72d01c2e3fd6ba215c921ed9934aa247a776a61203b942c3eaeb978ba6552c409b144c6aaf44628909f0874b71f54e9e2660aee829cb9ed8f01e4e57200c7621c0f64095f08b147c458b2ddd8b9e9733cdfd27187a22fc955c72efcacf314504baa33a89a0fada5d80f39d5f466c08a60bd3501db201d30c775b9491b890bafabc18539bce967c645c63110213217677d345f6ce45954db0c60763b61211f2257023cd1e820b11a006b2afbaa9efb44fa7975317513108041d0f8e7b1f7869ecffe2193409a893071c19c3335531e4a5962096685b7eb75fd4f501f98680f2ec7ae1ee0f2a6769cdb87bc174747d662c670c81f351fd0a847e7bf935aa045be5920d2d53ba3358ad0ba340f3c152959e32857a6eee509c691bdf03254bd1855039bfb83d4f568f838c266c82d600e8e587525a7a5fb92d48ad1176702f0d9cd92ccb16cd1a9a0d1173f2904b11e572ad855f95cd995d997b20cf5424f8fd71e1aa9a85492a396fb6c43467d94353287c68957411bc3211c7db7c64eb5e20014ed5e6d867e01bc127973743165213a7e0252e93227ea0707cec631484391458a5cea95f9ec75084eef4df5ef371a8e21810a7dda02530d9de90b1ffcb0ed9a4ce962b9b033bbe8a130ec7f5aaec55d41369b40335c6121c9e7be35f31ffb6eb920d68be4c9afa7533dba403206e661a507272416d338acb01ccdf1903f16689981cdc3e4e4279d623077d6e28939b9f3bc8485655bc83e4402f96d58cabe0f7166fb1165d38a2275bd0af9d280f284f14f9b8a1f7a3818e70383204b3dd85771a026643eec76848a938ccd6537f3773f9db696c813f52dfb51a922202faf870e57d918dd594437ef61d4fa8e76f9b35196850bc89026cfd5a925bc01e3e6f93b380b50023661ebb2bb852c7d6e0acce37af84cef2238ee4b135e58e6312c84568d675c493ad932cc6081a309012d0582692e5b1d9c1b3e5d151d4aa2e24c6adaccb4b318eab0f8e6ac23e114627077fb091f6394d051ebaf16e9369be3b9750802bcd4fc1cc427678f18cf56253762ecee8042703e1d8ab4b4b3f6a2542508b9a744f80c368552ac1c47c99b2f3b5b6312f7fe39f8f4a7de33295f87da0fd789f2de17c600e4f9af069f2da2abe90968d36f62971dbeff1fc50d29923b8f204c9f6e7b7cc5f0d4f36fbf9b6792143a1de26945995ebc1ecc71522027057cb1d160708cd16c4880fdb685b95e3659096b37ae7f06c2630bc9ac51064e4c8f4eb7ec9109e0bef91f07970feee962f27551b15eb2f5fdc8367683d3ed2e6e48d75eaf2c641e98c30a068b3d620a0588565cac86c335de1470e5d955c3f298d84b202b1183edc03216aaa15c9bded714d4316323f6cedb0ccc769e727296f76285655976a6e2968c6365238a1b9bbd1d37785aeceefce724cbf52dc06113e76ac1bfd6847a2ee5466b7a02aaa22ebce2468ac3251ffb6044223cb83b437989ca8744c5cba732f4e095d7cab2840d4d37510e243211742721aee06e3b924c9e1aa3293f5f532b46c5123cda053f2f789c352873c4844fb472a1f0c16050da7dfbadbbeaa64e2ac1fc1f4f434835a961be706d55e5d5e799aa8d83f723de841d45ca6f6649145390e4d8c8d3a6248641d0809e5376b18318d6e0228bb75a2bc1b9631678159c9f6b8252c90250382521e588751545f47714c6bf5cb0ad5d92ba8d97ae35c4641d7a1503d1b9d3e43aeb4c2ae1a537da14149007bfd05d5e7fc5d04f0c3cb3262c30c7be88fbcaf0e1a0c346005da665c81a85d877c47c714dc84174c5dfb73529d519f12b77d0c96240eced2aee31a2174923a380984c4c847b27bd133f773d09ab582acf5f9950a5ea01c5906429607883e090acc1014e67c7c24054caf92f2e384e883df93d91b883000691aa81cf9149d179c6f0d0a893558155dd6c6bd1bad5071fbd388afc8015d85fc0b2e9df461e68da5279a2cf0fb93847624b6dacd6cc9259932224c6896d26ae9ddfc9e0311290049dd5fc385f15621d200ccff37774ecca50e2261fed40fbd6467fbdaffb5c8a4ec41b22783da2d3b6e8e5a11760c094c476e16a0c93ecc3f8ce5db5ca268085dfb022bf2230c93a041773af17980d33989fcebe46c0713a22006aefa923f4663d415be9f85f297822f62cc2c4fe8c258b63b5278677d61f9e204ca3ec143e45ffca813ac3623b8b0c193c711f634a60ce44dd342a24984f5820363545191578cec942d23047086f661e060a0bf705e746b437dd9c0b85fe3a9b40b9f517530444b6fd5a50792345c0dc1625b0b5d8b44b7b7192fe65769c0b19028b6731fff744d7f97b04864a9d1d258c5a1cd426b440a505fdaf1c470b466c955de1d3f87a73c8cfb57164a41150eefc32f527f624cddea3142cb0fc4b8a90e4911fa7e915dd8bb033019ce8edb7c1eccde770f77bda910c50ccd9fc12410bcebb89b00b4d18bb99bfee2ad9b6335f1771085b0b594eb256464663014ad8588e25322f6fee56235729ea077ad5519a15078e15a647303f92930f1944b1ee383c213ad9c54b813c1112b940046dcdd4e4b0c1662a4116b89e6575afae666db250168533f3511f9ea23bb3f0f4e85c95d45d6275e0d300ca9333b3d10a4f6fc4c56cd3267cdd5e0b30a92b654df9c41a5276e3cb314430bb87c7bd90651070ae0eb83cfad87b35e4c7bd16798c33af4a904095128929c7a4704920ee870f2d814eecd29fb5b76102a6536576df885f1165c48b1a2280b86d05606df565aaa3fb70ccc43ef96febbdaf4ba882315228f6fcb54cf4af08d31516adb3177547ad6aabcb1406d8d1cd5334dc60861244758c797a91564364e13be060495c5088541228f8a21aeb0ff723af8ea65cc61e6ae527819da71c393e394a77162a03501bd058c403ea9ff40b4b620ad1b1ecfb9ad3da5382fa6e89c163a61da6a504fc3c2a89afd742ec09f23978c0963fe9b37de16167ae93678bf1ee5ce8fc242b17e9c7857d8057dc1d155bb48b92dd492d469c868a6b5f4b08411332b6200184eb1a10bd3e8b2110300fb1f64a29f81c7229ac202e1c865ba7c01218f2e2afc9e554e680d659aa8a58f20976a190295eee2e348c5ae3d886fc6b98e0435fea751a239fcb5bdcde1f6637b5c756da903a2587b92120819cf345eb5c50adb01e1e3c6b2b8263e64becf3e0cc911a33feb4936d39c4c7a03bba1977d251e3f8a89158b10aea5a4e89d1b62db0f151c4ed6da17650451d1f983fb8ee9a38db3ea2a750af4e76472986bcfac4ef6d4c14ff17ba12079e3f35fb657a86179c2fe4cec32d07688e63048d4886445b229447805c385b539b920ae29b3abb487fbe249889c20b0b0694971d81beaf491746f076fa7cb1ffce1393269e0c5da8efc3a5d68f376582bdc16330abcd445226ecf7246f52c0ffc17ea5b56327e8ad176bf9d85f8a2479c3a5610fd87a45634ecbe2d698257a2843e24b397e8b22863c29729b78ceb3f3a15f8060b5e5079b410ba8ade439347516ae260d234f22be7d85e63fa0aad396725d1b5a182829b21a66273d52ce87fc6b17767075b3975115b209ba0ee215bb26976656f21b1c1d25b65ad830f1", 0x1000) mutate_flags(&(0x7f00000011c0)='./file0\x00', 0x8001, 0x0, 0x10) mutate9(&(0x7f0000001200)='.\x00') test$length28(&(0x7f0000001240)=@f1=0x9, 0x2a) mutate6(0xffffffffffffffff, &(0x7f0000001280)="47c524bdd3b2460dcd33cebaf3fcb6f61239ba80e320ba47f229c225bb6cf19809b04a844b3eadf6f2925e6ad6261aeab7f4a7338ca33bb457c0f8f9c02e71f3c7154d09c4d2fe331ba958c0b3c17491d1290b3fd63fbbd1b96d30ea70cc92fb21ab7c49ae98c192bf5561606eadaae38bdc6b86e17239c99bca69a24c4af00eee81ecffa6c4392857", 0x89) syz_compare(&(0x7f0000000000)='{^--\x00', 0x5, &(0x7f0000000040)=@fmt1=0x1f, 0x14) syz_compare_int$2(0x2, 0x4, 0x729) syz_errno(0x5) syz_execute_func(&(0x7f0000000080)="ca57f3c48fe47601d93b41a5fc16f022a6b407d2c5c201c868bd0ef2a6db68a93c16a1160a6fed525eb4fc6185a1cff25390") syz_exit(0x2) syz_mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000) syz_sleep_ms(0x4) syz_test_fuzzer1(0x7, 0x5, 0x4) csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #ifndef SYS_mutate5 #define SYS_mutate5 0 #endif #ifndef SYS_mutate6 #define SYS_mutate6 0 #endif #ifndef SYS_mutate9 #define SYS_mutate9 0 #endif #ifndef SYS_mutate_flags #define SYS_mutate_flags 0 #endif #ifndef SYS_test #define SYS_test 0 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static void fake_crash(const char* name) { exit(1); exit(1); } static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) { if (a == 1 && b == 1 && c == 1) fake_crash("first bug"); if (a == 1 && b == 2 && c == 3) fake_crash("second bug"); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 18; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[1] = {0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint8_t*)0x20000000 = 2; inject_fault(1); syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x2a, 0, 0, 0, 0); break; case 1: *(uint64_t*)0x20000080 = 0x20000040; *(uint32_t*)0x20000040 = 0; syscall(SYS_test, /*a=*/0x20000080ul, 0, 0, 0, 0, 0); break; case 2: syscall(SYS_test, /*arg=*/0x200000c0ul, 0, 0, 0, 0, 0); { int i; for(i = 0; i < 4; i++) { syscall(SYS_test, /*arg=*/0x200000c0ul, 0, 0, 0, 0, 0); } } break; case 3: memcpy((void*)0x20000100, "\342.+##\000", 6); *(uint8_t*)0x20000140 = 7; *(uint8_t*)0x20000144 = 0x55; STORE_BY_BITMASK(uint32_t, , 0x20000144, 5, 8, 4); STORE_BY_BITMASK(uint16_t, , 0x20000144, 6, 12, 4); syz_compare(/*want=*/0x20000100, /*want_len=*/6, /*got=*/0x20000140, /*got_len=*/8); break; case 4: memcpy((void*)0x20000180, "./file0\000", 8); res = syscall(SYS_mutate5, /*filename=*/0x20000180ul, /*flags=*/0xcdcdcdcdul); if (res != -1) r[0] = res; break; case 5: memcpy((void*)0x200001c0, "\xf6\xbd\x0e\x7f\x51\x4e\xe5\x7f\x35\xcc\x82\x60\x99\xdd\xd7\x10\x4e\xe9\xe1\xb2\xa5\x8e\x9d\x4e\xa6\x2c\x58\x0c\x61\x6c\xe5\x0b\x9f\x54\xc8\x4f\xa4\x5c\x5f\x6c\x31\x9d\xc4\x2e\x82\x25\x7e\xe6\x47\x14\xe1\xb4\x86\x56\xe7\xdc\x8e\x6a\xe9\xd8\xe2\xec\x41\x2a\x9e\x7b\xc1\x76\x36\x62\x51\x36\x1d\x1f\x94\xf2\xfd\x07\xd1\xed\x7e\x47\xf5\x15\xbd\x8e\xae\x23\xf0\xda\xf9\x69\x36\x5b\xcc\x9c\x3a\x59\xee\x99\xe8\xd7\x66\x52\x5e\xd6\x76\xb3\x95\x97\xa4\x7e\x83\xc6\x9c\x50\xf5\x6d\xab\x45\xab\x28\x2b\x5b\xc2\x02\x81\x9b\x34\x1f\xd6\x8d\xfc\xf5\x93\x65\x97\xbf\x2a\x90\x2a\x3d\x4e\x4d\x0b\xfa\xe3\x75\xd0\xa6\x68\x77\x1e\xac\x25\x6e\x1a\x68\x98\x09\xc4\xde\x20\x88\x02\x9d\x71\x30\xf4\xe5\x48\x4b\x6f\x3b\x9b\x35\x2f\xc9\x8c\xe0\xfd\x98\x23\xda\xf7\x4e\x12\x07\x0f\x8b\xab\x90\x1f\xb3\x12\x2d\x12\x70\x99\x3d\x91\x62\x66\x80\x72\x86\x78\x89\xc9\x22\x28\xaa\x50\xee\x00\xbd\xfa\x1a\x0e\xa0\x15\x00\xd0\xa9\x15\xce\xd4\x88\x62\xa6\xb8\xf2\x85\x5b\xe4\x16\x5a\xc9\xee\x68\x54\x71\xda\x48\x32\xc4\xd1\x9a\xe2\x9f\x8b\x4c\x38\xec\xec\x4a\x23\x29\x01\x88\x56\x85\xde\x65\x84\x6e\xd0\x33\x58\xdb\x05\x31\x7a\xe3\x75\x7b\xb4\xda\x46\x08\x5d\x87\x73\xd0\xde\xb4\x44\xa1\x56\x6b\xcb\xe5\x26\x54\xe0\xdf\x70\x4c\x9c\xe6\xa2\x78\x3d\xf7\x8c\x3f\x6b\x16\xfc\x51\xcf\x3f\x94\x89\x4c\x09\x9d\x8b\x05\x75\xb3\x87\x9d\x83\x91\x14\x72\xbe\xab\x1d\x2f\x6c\xcf\xc0\x64\x04\x19\xbf\x22\x23\xdf\xc3\x1f\xb1\xfa\x13\x57\x1c\x60\xc5\xab\x41\x89\xe0\xdc\xca\x05\xe5\xee\x29\xfa\xab\x57\xf5\xdd\x3d\x91\xa2\x6e\x5f\x5f\x4f\x41\xcb\x89\x56\x8f\x8a\x59\x3d\x3e\x34\x3c\x7f\x57\x1a\x2f\xc2\xe3\x70\x59\x02\x15\x9c\x40\x65\x5f\xb8\x47\x9a\x88\x06\x47\x40\xf2\x26\x88\xfc\x5f\xf8\x1e\x62\x76\xc4\xb7\x96\x7b\xaf\x9c\x50\xb1\xe0\x49\xa1\x0f\x37\xbc\x42\x26\xf6\x70\xbb\xbe\x6d\x5f\x45\x33\xf0\x61\x0c\x13\x02\x43\xc6\x15\x9d\xea\xb6\xfd\x37\x36\x4a\xb5\xdc\x13\x59\x88\xeb\x3e\x60\x40\x49\x67\x4f\xec\xa9\x4a\x5e\x76\x61\x79\xd1\xab\xa0\xde\x25\xd6\x4e\xbf\x82\x63\xb7\xf8\xe3\xeb\x97\x1b\x13\xd2\x56\x13\x91\x77\x78\x62\xcd\xe0\xa8\x79\x91\x1b\x57\xee\xf2\xdb\x92\xd7\xe4\x4c\x3a\xc0\x45\xc4\xb0\x2d\x40\xf1\x17\xf5\x11\x32\x77\x2d\x87\xc9\x30\x12\x2e\x30\xbe\x24\x9e\x84\xd1\x4c\xb1\x25\xc5\x36\x67\x84\x84\xbe\x1d\xc8\xc9\x84\x59\x5e\xe2\xd7\x90\x35\xe2\xa3\x47\x69\xb7\x0c\x8c\x10\x36\xfd\xc1\x7f\x53\xe0\x18\xc5\x60\xaa\xe6\x84\x95\xcf\xf2\xa4\x7d\x06\x6a\x85\x0f\xac\x35\x90\xc0\x49\x25\xef\x08\x4c\x15\x27\x51\xf2\x2a\xbe\x11\x5f\x19\xa0\x08\x07\xbf\x83\x62\x42\x5a\xc1\x27\x3f\x73\x71\xc5\x42\x55\x7d\x7d\x73\xf1\xfa\x38\xd6\xf9\x2b\x6a\x93\x82\x58\xa2\x34\x95\x55\x52\xb7\xb9\x62\xc2\x48\x30\xf7\x37\xaf\x04\xac\xa0\x37\xbb\xf3\x53\xb9\xdb\x62\xbc\x1a\x84\x93\x39\xce\xb6\x19\xcb\x4d\xe7\x6c\xff\x74\x23\x52\xa1\xe3\xe5\x15\x4a\x7c\x7e\xa3\x43\x5c\xa6\x1b\xf4\xea\x1c\x6a\x48\xb2\x35\xdd\x70\xc4\x59\xde\x5f\x03\x3a\x7c\x09\xa0\xf2\x9e\xf3\x92\xab\x14\xac\x06\x47\x1c\x99\x43\xc0\xe3\x8a\xb5\xd8\x5e\xb9\x1b\x6d\x7c\x99\x88\x2c\xb7\x60\x21\xbf\x81\xb3\x46\x00\x63\xc1\xe4\x9c\x6e\xc2\x37\x46\x54\x09\xc7\x10\x90\xd5\x30\x08\x62\x24\x9c\xca\x7c\x47\x2d\xc9\x8a\x53\x0f\x3a\xbf\xf8\xc4\x2d\xfa\x0f\x82\x27\xac\x01\x31\x7b\x2e\x8d\x88\xe3\xd8\x23\xdd\x46\x20\xe7\x6f\xf0\x0e\x51\x91\x2a\xd9\x14\xf2\xec\x60\x44\x7e\x3c\x12\x75\xc1\x32\xe1\x42\xec\x37\x0f\x1e\x0f\xde\x13\x8c\x46\xa9\xee\xfc\x0d\x88\x40\xf0\x73\xd4\x48\x5e\x9f\xd1\xaa\x43\x83\xb9\x47\x3a\x60\x21\x5b\xe4\xbe\x5f\x67\x37\x46\x65\x73\xaa\x77\x05\xaf\x72\xfe\x23\x63\x7f\xc5\x38\x2f\x57\xa9\x8f\xd5\x1b\x0d\x81\x12\xdc\x53\x6f\x3e\x28\xda\x49\xb0\x9d\x77\xe3\x87\x71\x3b\x5f\x9a\x89\x94\xbc\x3d\x36\xa2\xf4\x4d\xb8\xcd\x9f\xdc\xf0\x4e\x51\xa5\x3f\xd9\x2c\x64\xf6\x50\xb9\xd6\x39\x81\xa5\xe1\xf2\x39\x5a\x31\x9f\xba\xd4\x6f\x63\x4d\xac\x56\x7b\xe0\xcc\x44\x40\x5d\x57\x67\x68\x32\xce\x0b\x31\xbc\x60\xca\x8b\x8a\xf9\x04\x9b\x6c\x44\xe4\xb6\xa5\xfc\xa4\x37\x6d\x5b\x42\xc3\xf4\x57\xb9\x73\x11\x4b\xe2\x16\x89\x3b\x16\xb9\x3b\xca\x3f\xcd\x88\xfd\xe5\xd4\xff\x7e\x30\x2f\x96\x01\x0a\x74\xfc\x48\x13\xa6\xef\xd2\x4b\x3c\xc7\xf3\x0d\x9b\x38\x73\x88\xac\x5c\x6c\x9d\x11\x63\x36\x5c\xc2\x19\xa6\xb9\xaa\x5c\x6d\xa2\xb6\x03\x29\x6c\xdc\x05\x26\x08\xaf\x38\xa6\xcd\x19\xba\x17\x7a\x18\x98\xde\xa9\xd4\xf5\x1f\x71\x7c\x3a\xeb\x23\x6a\xcb\x40\x94\x0b\x47\x64\x6c\x90\x99\x9b\xe6\x1b\xea\xf2\xe3\x0a\x9e\x6c\x28\x45\x9b\x46\x06\xed\x6d\x7a\xd8\x9e\xa5\xbf\x86\x7a\xc4\xad\xdb\x2b\xa1\x62\x99\x89\xef\xba\x7e\xf1\xb1\x1c\xf8\xae\x7f\x70\x3f\x38\xd4\x5e\x6c\x63\x71\x72\x28\xbd\xd4\xfa\x31\xaa\x08\x41\xca\xd4\x76\xd9\xb7\x56\x2a\x21\xf7\x4a\x8f\xc3\x3f\x70\xb7\xc3\xd4\x90\xbf\xb7\x4f\x24\x69\xdb\x07\x02\xa3\xd7\xb2\x24\x0a\x83\x2e\x63\xc7\x5f\x1a\xfd\x4e\x9c\xa9\xbe\xd8\xc0\xe3\x59\xa6\x5c\x85\xc1\x90\x00\xd6\x25\x48\x03\x82\x80\x38\xb8\x09\xb2\xcc\xe9\x62\x62\xb7\xcf\x0d\xb6\x51\x47\x06\x8c\xd8\xbd\xef\x00\x92\x5f\x52\x75\xcd\xd3\xbb\x03\xb1\x71\x8c\x8e\x66\x4c\x5f\xb4\x7d\x59\x1f\xfe\x5b\x7a\x71\x2a\xa5\x2b\x01\x0c\x5b\xef\xa7\x26\x10\x67\x24\xe4\xab\xdf\x21\x84\x19\x72\xd4\x2c\x64\x0b\x83\xb8\x0f\xb4\xa5\xa9\x3c\x94\x6c\x73\x63\xde\x50\x9d\x8d\x62\x41\x78\x5f\x8d\x38\xb9\x79\xa8\xe9\x4a\x62\xe3\x26\x04\x18\x2a\xb0\x28\x1f\xcc\xac\x56\x62\x75\x38\xea\xf8\xcf\x36\xd0\xe5\x6b\x47\x9c\x8f\x72\xb7\x1e\x35\xa7\x6c\xc9\x82\x20\x1b\xf3\xcb\xa3\xee\x7f\x4f\x98\x88\x3f\x72\x76\x3d\xac\x0e\x72\x28\x12\x6f\xd8\xde\xb6\x15\xdf\xed\x9a\x53\x63\xfe\xaf\x51\x7d\x25\x9b\xf4\x49\xac\xff\x77\x1b\x06\xb0\x72\x53\xa6\x28\xac\xee\x2e\x1e\x9f\x08\x80\x6a\x16\x32\x70\x13\x72\xf5\x6c\x61\x99\x7f\x90\xae\xfa\x14\x41\x94\x78\xfc\xb8\x6c\x01\x5f\xb2\x7b\x9e\x31\x6a\xed\xeb\xce\x0a\xb4\xd1\xb4\x42\xfb\x50\xa4\x67\x3f\x3a\x02\x45\xd4\x91\xaf\xab\xae\x61\xc6\x14\x65\xba\x98\xcb\x42\x11\xc9\x20\x86\x3f\xb6\x4c\x73\x56\xec\xc5\x1b\x9b\xd6\x7d\x29\xdb\x62\x29\xf0\x68\xc7\xbc\xf1\xe2\xe7\x4d\xf8\x96\xd8\x5f\x75\xf7\xf3\x46\x05\x39\x80\xf2\x69\xd4\x27\xce\x21\xc2\x1f\x07\x53\x1b\xc5\xf1\x7d\x91\x88\x30\xee\x23\xf5\xde\x18\xae\xfd\x2a\x64\x93\x86\x8d\x9a\x0f\x78\x28\xb2\x24\xbb\x82\xf9\x47\x0c\x18\xe8\x0e\x2c\x9c\x3d\x6b\xf6\x78\x3c\xe2\x4d\x9d\xc6\xd8\xf9\x97\xef\x23\xf6\x63\x22\x7e\x0a\x4b\x5d\xe4\x74\xaa\xf6\x62\x12\xcd\xee\x19\x44\xd0\x89\xf8\xbe\x01\xfb\x4d\xcf\xf0\x86\x65\xcf\x24\xc9\x16\xa7\x24\x83\x5b\x7f\x92\xe2\xf6\x2b\xfe\x68\xb7\x2d\x01\xc2\xe3\xfd\x6b\xa2\x15\xc9\x21\xed\x99\x34\xaa\x24\x7a\x77\x6a\x61\x20\x3b\x94\x2c\x3e\xae\xb9\x78\xba\x65\x52\xc4\x09\xb1\x44\xc6\xaa\xf4\x46\x28\x90\x9f\x08\x74\xb7\x1f\x54\xe9\xe2\x66\x0a\xee\x82\x9c\xb9\xed\x8f\x01\xe4\xe5\x72\x00\xc7\x62\x1c\x0f\x64\x09\x5f\x08\xb1\x47\xc4\x58\xb2\xdd\xd8\xb9\xe9\x73\x3c\xdf\xd2\x71\x87\xa2\x2f\xc9\x55\xc7\x2e\xfc\xac\xf3\x14\x50\x4b\xaa\x33\xa8\x9a\x0f\xad\xa5\xd8\x0f\x39\xd5\xf4\x66\xc0\x8a\x60\xbd\x35\x01\xdb\x20\x1d\x30\xc7\x75\xb9\x49\x1b\x89\x0b\xaf\xab\xc1\x85\x39\xbc\xe9\x67\xc6\x45\xc6\x31\x10\x21\x32\x17\x67\x7d\x34\x5f\x6c\xe4\x59\x54\xdb\x0c\x60\x76\x3b\x61\x21\x1f\x22\x57\x02\x3c\xd1\xe8\x20\xb1\x1a\x00\x6b\x2a\xfb\xaa\x9e\xfb\x44\xfa\x79\x75\x31\x75\x13\x10\x80\x41\xd0\xf8\xe7\xb1\xf7\x86\x9e\xcf\xfe\x21\x93\x40\x9a\x89\x30\x71\xc1\x9c\x33\x35\x53\x1e\x4a\x59\x62\x09\x66\x85\xb7\xeb\x75\xfd\x4f\x50\x1f\x98\x68\x0f\x2e\xc7\xae\x1e\xe0\xf2\xa6\x76\x9c\xdb\x87\xbc\x17\x47\x47\xd6\x62\xc6\x70\xc8\x1f\x35\x1f\xd0\xa8\x47\xe7\xbf\x93\x5a\xa0\x45\xbe\x59\x20\xd2\xd5\x3b\xa3\x35\x8a\xd0\xba\x34\x0f\x3c\x15\x29\x59\xe3\x28\x57\xa6\xee\xe5\x09\xc6\x91\xbd\xf0\x32\x54\xbd\x18\x55\x03\x9b\xfb\x83\xd4\xf5\x68\xf8\x38\xc2\x66\xc8\x2d\x60\x0e\x8e\x58\x75\x25\xa7\xa5\xfb\x92\xd4\x8a\xd1\x17\x67\x02\xf0\xd9\xcd\x92\xcc\xb1\x6c\xd1\xa9\xa0\xd1\x17\x3f\x29\x04\xb1\x1e\x57\x2a\xd8\x55\xf9\x5c\xd9\x95\xd9\x97\xb2\x0c\xf5\x42\x4f\x8f\xd7\x1e\x1a\xa9\xa8\x54\x92\xa3\x96\xfb\x6c\x43\x46\x7d\x94\x35\x32\x87\xc6\x89\x57\x41\x1b\xc3\x21\x1c\x7d\xb7\xc6\x4e\xb5\xe2\x00\x14\xed\x5e\x6d\x86\x7e\x01\xbc\x12\x79\x73\x74\x31\x65\x21\x3a\x7e\x02\x52\xe9\x32\x27\xea\x07\x07\xce\xc6\x31\x48\x43\x91\x45\x8a\x5c\xea\x95\xf9\xec\x75\x08\x4e\xef\x4d\xf5\xef\x37\x1a\x8e\x21\x81\x0a\x7d\xda\x02\x53\x0d\x9d\xe9\x0b\x1f\xfc\xb0\xed\x9a\x4c\xe9\x62\xb9\xb0\x33\xbb\xe8\xa1\x30\xec\x7f\x5a\xae\xc5\x5d\x41\x36\x9b\x40\x33\x5c\x61\x21\xc9\xe7\xbe\x35\xf3\x1f\xfb\x6e\xb9\x20\xd6\x8b\xe4\xc9\xaf\xa7\x53\x3d\xba\x40\x32\x06\xe6\x61\xa5\x07\x27\x24\x16\xd3\x38\xac\xb0\x1c\xcd\xf1\x90\x3f\x16\x68\x99\x81\xcd\xc3\xe4\xe4\x27\x9d\x62\x30\x77\xd6\xe2\x89\x39\xb9\xf3\xbc\x84\x85\x65\x5b\xc8\x3e\x44\x02\xf9\x6d\x58\xca\xbe\x0f\x71\x66\xfb\x11\x65\xd3\x8a\x22\x75\xbd\x0a\xf9\xd2\x80\xf2\x84\xf1\x4f\x9b\x8a\x1f\x7a\x38\x18\xe7\x03\x83\x20\x4b\x3d\xd8\x57\x71\xa0\x26\x64\x3e\xec\x76\x84\x8a\x93\x8c\xcd\x65\x37\xf3\x77\x3f\x9d\xb6\x96\xc8\x13\xf5\x2d\xfb\x51\xa9\x22\x20\x2f\xaf\x87\x0e\x57\xd9\x18\xdd\x59\x44\x37\xef\x61\xd4\xfa\x8e\x76\xf9\xb3\x51\x96\x85\x0b\xc8\x90\x26\xcf\xd5\xa9\x25\xbc\x01\xe3\xe6\xf9\x3b\x38\x0b\x50\x02\x36\x61\xeb\xb2\xbb\x85\x2c\x7d\x6e\x0a\xcc\xe3\x7a\xf8\x4c\xef\x22\x38\xee\x4b\x13\x5e\x58\xe6\x31\x2c\x84\x56\x8d\x67\x5c\x49\x3a\xd9\x32\xcc\x60\x81\xa3\x09\x01\x2d\x05\x82\x69\x2e\x5b\x1d\x9c\x1b\x3e\x5d\x15\x1d\x4a\xa2\xe2\x4c\x6a\xda\xcc\xb4\xb3\x18\xea\xb0\xf8\xe6\xac\x23\xe1\x14\x62\x70\x77\xfb\x09\x1f\x63\x94\xd0\x51\xeb\xaf\x16\xe9\x36\x9b\xe3\xb9\x75\x08\x02\xbc\xd4\xfc\x1c\xc4\x27\x67\x8f\x18\xcf\x56\x25\x37\x62\xec\xee\x80\x42\x70\x3e\x1d\x8a\xb4\xb4\xb3\xf6\xa2\x54\x25\x08\xb9\xa7\x44\xf8\x0c\x36\x85\x52\xac\x1c\x47\xc9\x9b\x2f\x3b\x5b\x63\x12\xf7\xfe\x39\xf8\xf4\xa7\xde\x33\x29\x5f\x87\xda\x0f\xd7\x89\xf2\xde\x17\xc6\x00\xe4\xf9\xaf\x06\x9f\x2d\xa2\xab\xe9\x09\x68\xd3\x6f\x62\x97\x1d\xbe\xff\x1f\xc5\x0d\x29\x92\x3b\x8f\x20\x4c\x9f\x6e\x7b\x7c\xc5\xf0\xd4\xf3\x6f\xbf\x9b\x67\x92\x14\x3a\x1d\xe2\x69\x45\x99\x5e\xbc\x1e\xcc\x71\x52\x20\x27\x05\x7c\xb1\xd1\x60\x70\x8c\xd1\x6c\x48\x80\xfd\xb6\x85\xb9\x5e\x36\x59\x09\x6b\x37\xae\x7f\x06\xc2\x63\x0b\xc9\xac\x51\x06\x4e\x4c\x8f\x4e\xb7\xec\x91\x09\xe0\xbe\xf9\x1f\x07\x97\x0f\xee\xe9\x62\xf2\x75\x51\xb1\x5e\xb2\xf5\xfd\xc8\x36\x76\x83\xd3\xed\x2e\x6e\x48\xd7\x5e\xaf\x2c\x64\x1e\x98\xc3\x0a\x06\x8b\x3d\x62\x0a\x05\x88\x56\x5c\xac\x86\xc3\x35\xde\x14\x70\xe5\xd9\x55\xc3\xf2\x98\xd8\x4b\x20\x2b\x11\x83\xed\xc0\x32\x16\xaa\xa1\x5c\x9b\xde\xd7\x14\xd4\x31\x63\x23\xf6\xce\xdb\x0c\xcc\x76\x9e\x72\x72\x96\xf7\x62\x85\x65\x59\x76\xa6\xe2\x96\x8c\x63\x65\x23\x8a\x1b\x9b\xbd\x1d\x37\x78\x5a\xec\xee\xfc\xe7\x24\xcb\xf5\x2d\xc0\x61\x13\xe7\x6a\xc1\xbf\xd6\x84\x7a\x2e\xe5\x46\x6b\x7a\x02\xaa\xa2\x2e\xbc\xe2\x46\x8a\xc3\x25\x1f\xfb\x60\x44\x22\x3c\xb8\x3b\x43\x79\x89\xca\x87\x44\xc5\xcb\xa7\x32\xf4\xe0\x95\xd7\xca\xb2\x84\x0d\x4d\x37\x51\x0e\x24\x32\x11\x74\x27\x21\xae\xe0\x6e\x3b\x92\x4c\x9e\x1a\xa3\x29\x3f\x5f\x53\x2b\x46\xc5\x12\x3c\xda\x05\x3f\x2f\x78\x9c\x35\x28\x73\xc4\x84\x4f\xb4\x72\xa1\xf0\xc1\x60\x50\xda\x7d\xfb\xad\xbb\xea\xa6\x4e\x2a\xc1\xfc\x1f\x4f\x43\x48\x35\xa9\x61\xbe\x70\x6d\x55\xe5\xd5\xe7\x99\xaa\x8d\x83\xf7\x23\xde\x84\x1d\x45\xca\x6f\x66\x49\x14\x53\x90\xe4\xd8\xc8\xd3\xa6\x24\x86\x41\xd0\x80\x9e\x53\x76\xb1\x83\x18\xd6\xe0\x22\x8b\xb7\x5a\x2b\xc1\xb9\x63\x16\x78\x15\x9c\x9f\x6b\x82\x52\xc9\x02\x50\x38\x25\x21\xe5\x88\x75\x15\x45\xf4\x77\x14\xc6\xbf\x5c\xb0\xad\x5d\x92\xba\x8d\x97\xae\x35\xc4\x64\x1d\x7a\x15\x03\xd1\xb9\xd3\xe4\x3a\xeb\x4c\x2a\xe1\xa5\x37\xda\x14\x14\x90\x07\xbf\xd0\x5d\x5e\x7f\xc5\xd0\x4f\x0c\x3c\xb3\x26\x2c\x30\xc7\xbe\x88\xfb\xca\xf0\xe1\xa0\xc3\x46\x00\x5d\xa6\x65\xc8\x1a\x85\xd8\x77\xc4\x7c\x71\x4d\xc8\x41\x74\xc5\xdf\xb7\x35\x29\xd5\x19\xf1\x2b\x77\xd0\xc9\x62\x40\xec\xed\x2a\xee\x31\xa2\x17\x49\x23\xa3\x80\x98\x4c\x4c\x84\x7b\x27\xbd\x13\x3f\x77\x3d\x09\xab\x58\x2a\xcf\x5f\x99\x50\xa5\xea\x01\xc5\x90\x64\x29\x60\x78\x83\xe0\x90\xac\xc1\x01\x4e\x67\xc7\xc2\x40\x54\xca\xf9\x2f\x2e\x38\x4e\x88\x3d\xf9\x3d\x91\xb8\x83\x00\x06\x91\xaa\x81\xcf\x91\x49\xd1\x79\xc6\xf0\xd0\xa8\x93\x55\x81\x55\xdd\x6c\x6b\xd1\xba\xd5\x07\x1f\xbd\x38\x8a\xfc\x80\x15\xd8\x5f\xc0\xb2\xe9\xdf\x46\x1e\x68\xda\x52\x79\xa2\xcf\x0f\xb9\x38\x47\x62\x4b\x6d\xac\xd6\xcc\x92\x59\x93\x22\x24\xc6\x89\x6d\x26\xae\x9d\xdf\xc9\xe0\x31\x12\x90\x04\x9d\xd5\xfc\x38\x5f\x15\x62\x1d\x20\x0c\xcf\xf3\x77\x74\xec\xca\x50\xe2\x26\x1f\xed\x40\xfb\xd6\x46\x7f\xbd\xaf\xfb\x5c\x8a\x4e\xc4\x1b\x22\x78\x3d\xa2\xd3\xb6\xe8\xe5\xa1\x17\x60\xc0\x94\xc4\x76\xe1\x6a\x0c\x93\xec\xc3\xf8\xce\x5d\xb5\xca\x26\x80\x85\xdf\xb0\x22\xbf\x22\x30\xc9\x3a\x04\x17\x73\xaf\x17\x98\x0d\x33\x98\x9f\xce\xbe\x46\xc0\x71\x3a\x22\x00\x6a\xef\xa9\x23\xf4\x66\x3d\x41\x5b\xe9\xf8\x5f\x29\x78\x22\xf6\x2c\xc2\xc4\xfe\x8c\x25\x8b\x63\xb5\x27\x86\x77\xd6\x1f\x9e\x20\x4c\xa3\xec\x14\x3e\x45\xff\xca\x81\x3a\xc3\x62\x3b\x8b\x0c\x19\x3c\x71\x1f\x63\x4a\x60\xce\x44\xdd\x34\x2a\x24\x98\x4f\x58\x20\x36\x35\x45\x19\x15\x78\xce\xc9\x42\xd2\x30\x47\x08\x6f\x66\x1e\x06\x0a\x0b\xf7\x05\xe7\x46\xb4\x37\xdd\x9c\x0b\x85\xfe\x3a\x9b\x40\xb9\xf5\x17\x53\x04\x44\xb6\xfd\x5a\x50\x79\x23\x45\xc0\xdc\x16\x25\xb0\xb5\xd8\xb4\x4b\x7b\x71\x92\xfe\x65\x76\x9c\x0b\x19\x02\x8b\x67\x31\xff\xf7\x44\xd7\xf9\x7b\x04\x86\x4a\x9d\x1d\x25\x8c\x5a\x1c\xd4\x26\xb4\x40\xa5\x05\xfd\xaf\x1c\x47\x0b\x46\x6c\x95\x5d\xe1\xd3\xf8\x7a\x73\xc8\xcf\xb5\x71\x64\xa4\x11\x50\xee\xfc\x32\xf5\x27\xf6\x24\xcd\xde\xa3\x14\x2c\xb0\xfc\x4b\x8a\x90\xe4\x91\x1f\xa7\xe9\x15\xdd\x8b\xb0\x33\x01\x9c\xe8\xed\xb7\xc1\xec\xcd\xe7\x70\xf7\x7b\xda\x91\x0c\x50\xcc\xd9\xfc\x12\x41\x0b\xce\xbb\x89\xb0\x0b\x4d\x18\xbb\x99\xbf\xee\x2a\xd9\xb6\x33\x5f\x17\x71\x08\x5b\x0b\x59\x4e\xb2\x56\x46\x46\x63\x01\x4a\xd8\x58\x8e\x25\x32\x2f\x6f\xee\x56\x23\x57\x29\xea\x07\x7a\xd5\x51\x9a\x15\x07\x8e\x15\xa6\x47\x30\x3f\x92\x93\x0f\x19\x44\xb1\xee\x38\x3c\x21\x3a\xd9\xc5\x4b\x81\x3c\x11\x12\xb9\x40\x04\x6d\xcd\xd4\xe4\xb0\xc1\x66\x2a\x41\x16\xb8\x9e\x65\x75\xaf\xae\x66\x6d\xb2\x50\x16\x85\x33\xf3\x51\x1f\x9e\xa2\x3b\xb3\xf0\xf4\xe8\x5c\x95\xd4\x5d\x62\x75\xe0\xd3\x00\xca\x93\x33\xb3\xd1\x0a\x4f\x6f\xc4\xc5\x6c\xd3\x26\x7c\xdd\x5e\x0b\x30\xa9\x2b\x65\x4d\xf9\xc4\x1a\x52\x76\xe3\xcb\x31\x44\x30\xbb\x87\xc7\xbd\x90\x65\x10\x70\xae\x0e\xb8\x3c\xfa\xd8\x7b\x35\xe4\xc7\xbd\x16\x79\x8c\x33\xaf\x4a\x90\x40\x95\x12\x89\x29\xc7\xa4\x70\x49\x20\xee\x87\x0f\x2d\x81\x4e\xec\xd2\x9f\xb5\xb7\x61\x02\xa6\x53\x65\x76\xdf\x88\x5f\x11\x65\xc4\x8b\x1a\x22\x80\xb8\x6d\x05\x60\x6d\xf5\x65\xaa\xa3\xfb\x70\xcc\xc4\x3e\xf9\x6f\xeb\xbd\xaf\x4b\xa8\x82\x31\x52\x28\xf6\xfc\xb5\x4c\xf4\xaf\x08\xd3\x15\x16\xad\xb3\x17\x75\x47\xad\x6a\xab\xcb\x14\x06\xd8\xd1\xcd\x53\x34\xdc\x60\x86\x12\x44\x75\x8c\x79\x7a\x91\x56\x43\x64\xe1\x3b\xe0\x60\x49\x5c\x50\x88\x54\x12\x28\xf8\xa2\x1a\xeb\x0f\xf7\x23\xaf\x8e\xa6\x5c\xc6\x1e\x6a\xe5\x27\x81\x9d\xa7\x1c\x39\x3e\x39\x4a\x77\x16\x2a\x03\x50\x1b\xd0\x58\xc4\x03\xea\x9f\xf4\x0b\x4b\x62\x0a\xd1\xb1\xec\xfb\x9a\xd3\xda\x53\x82\xfa\x6e\x89\xc1\x63\xa6\x1d\xa6\xa5\x04\xfc\x3c\x2a\x89\xaf\xd7\x42\xec\x09\xf2\x39\x78\xc0\x96\x3f\xe9\xb3\x7d\xe1\x61\x67\xae\x93\x67\x8b\xf1\xee\x5c\xe8\xfc\x24\x2b\x17\xe9\xc7\x85\x7d\x80\x57\xdc\x1d\x15\x5b\xb4\x8b\x92\xdd\x49\x2d\x46\x9c\x86\x8a\x6b\x5f\x4b\x08\x41\x13\x32\xb6\x20\x01\x84\xeb\x1a\x10\xbd\x3e\x8b\x21\x10\x30\x0f\xb1\xf6\x4a\x29\xf8\x1c\x72\x29\xac\x20\x2e\x1c\x86\x5b\xa7\xc0\x12\x18\xf2\xe2\xaf\xc9\xe5\x54\xe6\x80\xd6\x59\xaa\x8a\x58\xf2\x09\x76\xa1\x90\x29\x5e\xee\x2e\x34\x8c\x5a\xe3\xd8\x86\xfc\x6b\x98\xe0\x43\x5f\xea\x75\x1a\x23\x9f\xcb\x5b\xdc\xde\x1f\x66\x37\xb5\xc7\x56\xda\x90\x3a\x25\x87\xb9\x21\x20\x81\x9c\xf3\x45\xeb\x5c\x50\xad\xb0\x1e\x1e\x3c\x6b\x2b\x82\x63\xe6\x4b\xec\xf3\xe0\xcc\x91\x1a\x33\xfe\xb4\x93\x6d\x39\xc4\xc7\xa0\x3b\xba\x19\x77\xd2\x51\xe3\xf8\xa8\x91\x58\xb1\x0a\xea\x5a\x4e\x89\xd1\xb6\x2d\xb0\xf1\x51\xc4\xed\x6d\xa1\x76\x50\x45\x1d\x1f\x98\x3f\xb8\xee\x9a\x38\xdb\x3e\xa2\xa7\x50\xaf\x4e\x76\x47\x29\x86\xbc\xfa\xc4\xef\x6d\x4c\x14\xff\x17\xba\x12\x07\x9e\x3f\x35\xfb\x65\x7a\x86\x17\x9c\x2f\xe4\xce\xc3\x2d\x07\x68\x8e\x63\x04\x8d\x48\x86\x44\x5b\x22\x94\x47\x80\x5c\x38\x5b\x53\x9b\x92\x0a\xe2\x9b\x3a\xbb\x48\x7f\xbe\x24\x98\x89\xc2\x0b\x0b\x06\x94\x97\x1d\x81\xbe\xaf\x49\x17\x46\xf0\x76\xfa\x7c\xb1\xff\xce\x13\x93\x26\x9e\x0c\x5d\xa8\xef\xc3\xa5\xd6\x8f\x37\x65\x82\xbd\xc1\x63\x30\xab\xcd\x44\x52\x26\xec\xf7\x24\x6f\x52\xc0\xff\xc1\x7e\xa5\xb5\x63\x27\xe8\xad\x17\x6b\xf9\xd8\x5f\x8a\x24\x79\xc3\xa5\x61\x0f\xd8\x7a\x45\x63\x4e\xcb\xe2\xd6\x98\x25\x7a\x28\x43\xe2\x4b\x39\x7e\x8b\x22\x86\x3c\x29\x72\x9b\x78\xce\xb3\xf3\xa1\x5f\x80\x60\xb5\xe5\x07\x9b\x41\x0b\xa8\xad\xe4\x39\x34\x75\x16\xae\x26\x0d\x23\x4f\x22\xbe\x7d\x85\xe6\x3f\xa0\xaa\xd3\x96\x72\x5d\x1b\x5a\x18\x28\x29\xb2\x1a\x66\x27\x3d\x52\xce\x87\xfc\x6b\x17\x76\x70\x75\xb3\x97\x51\x15\xb2\x09\xba\x0e\xe2\x15\xbb\x26\x97\x66\x56\xf2\x1b\x1c\x1d\x25\xb6\x5a\xd8\x30\xf1", 4096); syscall(SYS_mutate6, /*fd=*/r[0], /*data=*/0x200001c0ul, /*size=*/0x1000ul); break; case 6: memcpy((void*)0x200011c0, "./file0\000", 8); syscall(SYS_mutate_flags, /*filename=*/0x200011c0ul, /*i1=*/0x8001ul, /*b1=*/0, /*flags=*/0x10ul); break; case 7: memcpy((void*)0x20001200, ".\000", 2); syscall(SYS_mutate9, /*filename=*/0x20001200ul); break; case 8: *(uint8_t*)0x20001240 = 9; syscall(SYS_test, /*a0=*/0x20001240ul, /*a1=*/0x2a, 0, 0, 0, 0); break; case 9: memcpy((void*)0x20001280, "\x47\xc5\x24\xbd\xd3\xb2\x46\x0d\xcd\x33\xce\xba\xf3\xfc\xb6\xf6\x12\x39\xba\x80\xe3\x20\xba\x47\xf2\x29\xc2\x25\xbb\x6c\xf1\x98\x09\xb0\x4a\x84\x4b\x3e\xad\xf6\xf2\x92\x5e\x6a\xd6\x26\x1a\xea\xb7\xf4\xa7\x33\x8c\xa3\x3b\xb4\x57\xc0\xf8\xf9\xc0\x2e\x71\xf3\xc7\x15\x4d\x09\xc4\xd2\xfe\x33\x1b\xa9\x58\xc0\xb3\xc1\x74\x91\xd1\x29\x0b\x3f\xd6\x3f\xbb\xd1\xb9\x6d\x30\xea\x70\xcc\x92\xfb\x21\xab\x7c\x49\xae\x98\xc1\x92\xbf\x55\x61\x60\x6e\xad\xaa\xe3\x8b\xdc\x6b\x86\xe1\x72\x39\xc9\x9b\xca\x69\xa2\x4c\x4a\xf0\x0e\xee\x81\xec\xff\xa6\xc4\x39\x28\x57", 137); syscall(SYS_mutate6, /*fd=*/-1, /*data=*/0x20001280ul, /*size=*/0x89ul); break; case 10: memcpy((void*)0x20000000, "{^--\000", 5); sprintf((char*)0x20000040, "%020llu", (long long)0x1f); syz_compare(/*want=*/0x20000000, /*want_len=*/5, /*got=*/0x20000040, /*got_len=*/0x14); break; case 11: syz_compare_int(/*n=*/2, /*v0=*/4, /*v1=*/0x729, 0, 0); break; case 12: syz_errno(/*v=*/5); break; case 13: memcpy((void*)0x20000080, "\xca\x57\xf3\xc4\x8f\xe4\x76\x01\xd9\x3b\x41\xa5\xfc\x16\xf0\x22\xa6\xb4\x07\xd2\xc5\xc2\x01\xc8\x68\xbd\x0e\xf2\xa6\xdb\x68\xa9\x3c\x16\xa1\x16\x0a\x6f\xed\x52\x5e\xb4\xfc\x61\x85\xa1\xcf\xf2\x53\x90", 50); syz_execute_func(/*text=*/0x20000080); break; case 14: syz_exit(/*status=*/2); break; case 15: syz_mmap(/*addr=*/0x20ffc000, /*len=*/0x3000); break; case 16: syz_sleep_ms(/*ms=*/4); break; case 17: syz_test_fuzzer1(/*a=*/7, /*b=*/5, /*c=*/4); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :317:3: error: call to undeclared function 'syscall'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x2a, 0, 0, 0, 0); ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor3651800902 -DGOOS_test=1 -DGOARCH_64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fno-exceptions] --- FAIL: TestGenerate/test/64/4 (1.42s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: test$length28(&(0x7f0000000000)=@f1=0x2, 0x2a) (fail_nth: 1) test$r102_consumer_recur(&(0x7f0000000080)={&(0x7f0000000040)}) (async) test$output_res(&(0x7f00000000c0)) (rerun: 4) syz_compare(&(0x7f0000000100)='\xe2.+##\x00', 0x6, &(0x7f0000000140)=@bf8={0x7, {0x55, 0x5, 0x6}}, 0x8) r0 = mutate5(&(0x7f0000000180)='./file0\x00', 0xcdcdcdcd) mutate6(r0, &(0x7f00000001c0)="f6bd0e7f514ee57f35cc826099ddd7104ee9e1b2a58e9d4ea62c580c616ce50b9f54c84fa45c5f6c319dc42e82257ee64714e1b48656e7dc8e6ae9d8e2ec412a9e7bc176366251361d1f94f2fd07d1ed7e47f515bd8eae23f0daf969365bcc9c3a59ee99e8d766525ed676b39597a47e83c69c50f56dab45ab282b5bc202819b341fd68dfcf5936597bf2a902a3d4e4d0bfae375d0a668771eac256e1a689809c4de2088029d7130f4e5484b6f3b9b352fc98ce0fd9823daf74e12070f8bab901fb3122d1270993d9162668072867889c92228aa50ee00bdfa1a0ea01500d0a915ced48862a6b8f2855be4165ac9ee685471da4832c4d19ae29f8b4c38ecec4a232901885685de65846ed03358db05317ae3757bb4da46085d8773d0deb444a1566bcbe52654e0df704c9ce6a2783df78c3f6b16fc51cf3f94894c099d8b0575b3879d83911472beab1d2f6ccfc0640419bf2223dfc31fb1fa13571c60c5ab4189e0dcca05e5ee29faab57f5dd3d91a26e5f5f4f41cb89568f8a593d3e343c7f571a2fc2e3705902159c40655fb8479a88064740f22688fc5ff81e6276c4b7967baf9c50b1e049a10f37bc4226f670bbbe6d5f4533f0610c130243c6159deab6fd37364ab5dc135988eb3e604049674feca94a5e766179d1aba0de25d64ebf8263b7f8e3eb971b13d2561391777862cde0a879911b57eef2db92d7e44c3ac045c4b02d40f117f51132772d87c930122e30be249e84d14cb125c536678484be1dc8c984595ee2d79035e2a34769b70c8c1036fdc17f53e018c560aae68495cff2a47d066a850fac3590c04925ef084c152751f22abe115f19a00807bf8362425ac1273f7371c542557d7d73f1fa38d6f92b6a938258a234955552b7b962c24830f737af04aca037bbf353b9db62bc1a849339ceb619cb4de76cff742352a1e3e5154a7c7ea3435ca61bf4ea1c6a48b235dd70c459de5f033a7c09a0f29ef392ab14ac06471c9943c0e38ab5d85eb91b6d7c99882cb76021bf81b3460063c1e49c6ec237465409c71090d5300862249cca7c472dc98a530f3abff8c42dfa0f8227ac01317b2e8d88e3d823dd4620e76ff00e51912ad914f2ec60447e3c1275c132e142ec370f1e0fde138c46a9eefc0d8840f073d4485e9fd1aa4383b9473a60215be4be5f6737466573aa7705af72fe23637fc5382f57a98fd51b0d8112dc536f3e28da49b09d77e387713b5f9a8994bc3d36a2f44db8cd9fdcf04e51a53fd92c64f650b9d63981a5e1f2395a319fbad46f634dac567be0cc44405d57676832ce0b31bc60ca8b8af9049b6c44e4b6a5fca4376d5b42c3f457b973114be216893b16b93bca3fcd88fde5d4ff7e302f96010a74fc4813a6efd24b3cc7f30d9b387388ac5c6c9d1163365cc219a6b9aa5c6da2b603296cdc052608af38a6cd19ba177a1898dea9d4f51f717c3aeb236acb40940b47646c90999be61beaf2e30a9e6c28459b4606ed6d7ad89ea5bf867ac4addb2ba1629989efba7ef1b11cf8ae7f703f38d45e6c63717228bdd4fa31aa0841cad476d9b7562a21f74a8fc33f70b7c3d490bfb74f2469db0702a3d7b2240a832e63c75f1afd4e9ca9bed8c0e359a65c85c19000d6254803828038b809b2cce96262b7cf0db65147068cd8bdef00925f5275cdd3bb03b1718c8e664c5fb47d591ffe5b7a712aa52b010c5befa726106724e4abdf21841972d42c640b83b80fb4a5a93c946c7363de509d8d6241785f8d38b979a8e94a62e32604182ab0281fccac56627538eaf8cf36d0e56b479c8f72b71e35a76cc982201bf3cba3ee7f4f98883f72763dac0e7228126fd8deb615dfed9a5363feaf517d259bf449acff771b06b07253a628acee2e1e9f08806a1632701372f56c61997f90aefa14419478fcb86c015fb27b9e316aedebce0ab4d1b442fb50a4673f3a0245d491afabae61c61465ba98cb4211c920863fb64c7356ecc51b9bd67d29db6229f068c7bcf1e2e74df896d85f75f7f346053980f269d427ce21c21f07531bc5f17d918830ee23f5de18aefd2a6493868d9a0f7828b224bb82f9470c18e80e2c9c3d6bf6783ce24d9dc6d8f997ef23f663227e0a4b5de474aaf66212cdee1944d089f8be01fb4dcff08665cf24c916a724835b7f92e2f62bfe68b72d01c2e3fd6ba215c921ed9934aa247a776a61203b942c3eaeb978ba6552c409b144c6aaf44628909f0874b71f54e9e2660aee829cb9ed8f01e4e57200c7621c0f64095f08b147c458b2ddd8b9e9733cdfd27187a22fc955c72efcacf314504baa33a89a0fada5d80f39d5f466c08a60bd3501db201d30c775b9491b890bafabc18539bce967c645c63110213217677d345f6ce45954db0c60763b61211f2257023cd1e820b11a006b2afbaa9efb44fa7975317513108041d0f8e7b1f7869ecffe2193409a893071c19c3335531e4a5962096685b7eb75fd4f501f98680f2ec7ae1ee0f2a6769cdb87bc174747d662c670c81f351fd0a847e7bf935aa045be5920d2d53ba3358ad0ba340f3c152959e32857a6eee509c691bdf03254bd1855039bfb83d4f568f838c266c82d600e8e587525a7a5fb92d48ad1176702f0d9cd92ccb16cd1a9a0d1173f2904b11e572ad855f95cd995d997b20cf5424f8fd71e1aa9a85492a396fb6c43467d94353287c68957411bc3211c7db7c64eb5e20014ed5e6d867e01bc127973743165213a7e0252e93227ea0707cec631484391458a5cea95f9ec75084eef4df5ef371a8e21810a7dda02530d9de90b1ffcb0ed9a4ce962b9b033bbe8a130ec7f5aaec55d41369b40335c6121c9e7be35f31ffb6eb920d68be4c9afa7533dba403206e661a507272416d338acb01ccdf1903f16689981cdc3e4e4279d623077d6e28939b9f3bc8485655bc83e4402f96d58cabe0f7166fb1165d38a2275bd0af9d280f284f14f9b8a1f7a3818e70383204b3dd85771a026643eec76848a938ccd6537f3773f9db696c813f52dfb51a922202faf870e57d918dd594437ef61d4fa8e76f9b35196850bc89026cfd5a925bc01e3e6f93b380b50023661ebb2bb852c7d6e0acce37af84cef2238ee4b135e58e6312c84568d675c493ad932cc6081a309012d0582692e5b1d9c1b3e5d151d4aa2e24c6adaccb4b318eab0f8e6ac23e114627077fb091f6394d051ebaf16e9369be3b9750802bcd4fc1cc427678f18cf56253762ecee8042703e1d8ab4b4b3f6a2542508b9a744f80c368552ac1c47c99b2f3b5b6312f7fe39f8f4a7de33295f87da0fd789f2de17c600e4f9af069f2da2abe90968d36f62971dbeff1fc50d29923b8f204c9f6e7b7cc5f0d4f36fbf9b6792143a1de26945995ebc1ecc71522027057cb1d160708cd16c4880fdb685b95e3659096b37ae7f06c2630bc9ac51064e4c8f4eb7ec9109e0bef91f07970feee962f27551b15eb2f5fdc8367683d3ed2e6e48d75eaf2c641e98c30a068b3d620a0588565cac86c335de1470e5d955c3f298d84b202b1183edc03216aaa15c9bded714d4316323f6cedb0ccc769e727296f76285655976a6e2968c6365238a1b9bbd1d37785aeceefce724cbf52dc06113e76ac1bfd6847a2ee5466b7a02aaa22ebce2468ac3251ffb6044223cb83b437989ca8744c5cba732f4e095d7cab2840d4d37510e243211742721aee06e3b924c9e1aa3293f5f532b46c5123cda053f2f789c352873c4844fb472a1f0c16050da7dfbadbbeaa64e2ac1fc1f4f434835a961be706d55e5d5e799aa8d83f723de841d45ca6f6649145390e4d8c8d3a6248641d0809e5376b18318d6e0228bb75a2bc1b9631678159c9f6b8252c90250382521e588751545f47714c6bf5cb0ad5d92ba8d97ae35c4641d7a1503d1b9d3e43aeb4c2ae1a537da14149007bfd05d5e7fc5d04f0c3cb3262c30c7be88fbcaf0e1a0c346005da665c81a85d877c47c714dc84174c5dfb73529d519f12b77d0c96240eced2aee31a2174923a380984c4c847b27bd133f773d09ab582acf5f9950a5ea01c5906429607883e090acc1014e67c7c24054caf92f2e384e883df93d91b883000691aa81cf9149d179c6f0d0a893558155dd6c6bd1bad5071fbd388afc8015d85fc0b2e9df461e68da5279a2cf0fb93847624b6dacd6cc9259932224c6896d26ae9ddfc9e0311290049dd5fc385f15621d200ccff37774ecca50e2261fed40fbd6467fbdaffb5c8a4ec41b22783da2d3b6e8e5a11760c094c476e16a0c93ecc3f8ce5db5ca268085dfb022bf2230c93a041773af17980d33989fcebe46c0713a22006aefa923f4663d415be9f85f297822f62cc2c4fe8c258b63b5278677d61f9e204ca3ec143e45ffca813ac3623b8b0c193c711f634a60ce44dd342a24984f5820363545191578cec942d23047086f661e060a0bf705e746b437dd9c0b85fe3a9b40b9f517530444b6fd5a50792345c0dc1625b0b5d8b44b7b7192fe65769c0b19028b6731fff744d7f97b04864a9d1d258c5a1cd426b440a505fdaf1c470b466c955de1d3f87a73c8cfb57164a41150eefc32f527f624cddea3142cb0fc4b8a90e4911fa7e915dd8bb033019ce8edb7c1eccde770f77bda910c50ccd9fc12410bcebb89b00b4d18bb99bfee2ad9b6335f1771085b0b594eb256464663014ad8588e25322f6fee56235729ea077ad5519a15078e15a647303f92930f1944b1ee383c213ad9c54b813c1112b940046dcdd4e4b0c1662a4116b89e6575afae666db250168533f3511f9ea23bb3f0f4e85c95d45d6275e0d300ca9333b3d10a4f6fc4c56cd3267cdd5e0b30a92b654df9c41a5276e3cb314430bb87c7bd90651070ae0eb83cfad87b35e4c7bd16798c33af4a904095128929c7a4704920ee870f2d814eecd29fb5b76102a6536576df885f1165c48b1a2280b86d05606df565aaa3fb70ccc43ef96febbdaf4ba882315228f6fcb54cf4af08d31516adb3177547ad6aabcb1406d8d1cd5334dc60861244758c797a91564364e13be060495c5088541228f8a21aeb0ff723af8ea65cc61e6ae527819da71c393e394a77162a03501bd058c403ea9ff40b4b620ad1b1ecfb9ad3da5382fa6e89c163a61da6a504fc3c2a89afd742ec09f23978c0963fe9b37de16167ae93678bf1ee5ce8fc242b17e9c7857d8057dc1d155bb48b92dd492d469c868a6b5f4b08411332b6200184eb1a10bd3e8b2110300fb1f64a29f81c7229ac202e1c865ba7c01218f2e2afc9e554e680d659aa8a58f20976a190295eee2e348c5ae3d886fc6b98e0435fea751a239fcb5bdcde1f6637b5c756da903a2587b92120819cf345eb5c50adb01e1e3c6b2b8263e64becf3e0cc911a33feb4936d39c4c7a03bba1977d251e3f8a89158b10aea5a4e89d1b62db0f151c4ed6da17650451d1f983fb8ee9a38db3ea2a750af4e76472986bcfac4ef6d4c14ff17ba12079e3f35fb657a86179c2fe4cec32d07688e63048d4886445b229447805c385b539b920ae29b3abb487fbe249889c20b0b0694971d81beaf491746f076fa7cb1ffce1393269e0c5da8efc3a5d68f376582bdc16330abcd445226ecf7246f52c0ffc17ea5b56327e8ad176bf9d85f8a2479c3a5610fd87a45634ecbe2d698257a2843e24b397e8b22863c29729b78ceb3f3a15f8060b5e5079b410ba8ade439347516ae260d234f22be7d85e63fa0aad396725d1b5a182829b21a66273d52ce87fc6b17767075b3975115b209ba0ee215bb26976656f21b1c1d25b65ad830f1", 0x1000) mutate_flags(&(0x7f00000011c0)='./file0\x00', 0x8001, 0x0, 0x10) mutate9(&(0x7f0000001200)='.\x00') test$length28(&(0x7f0000001240)=@f1=0x9, 0x2a) mutate6(0xffffffffffffffff, &(0x7f0000001280)="47c524bdd3b2460dcd33cebaf3fcb6f61239ba80e320ba47f229c225bb6cf19809b04a844b3eadf6f2925e6ad6261aeab7f4a7338ca33bb457c0f8f9c02e71f3c7154d09c4d2fe331ba958c0b3c17491d1290b3fd63fbbd1b96d30ea70cc92fb21ab7c49ae98c192bf5561606eadaae38bdc6b86e17239c99bca69a24c4af00eee81ecffa6c4392857", 0x89) syz_compare(&(0x7f0000000000)='{^--\x00', 0x5, &(0x7f0000000040)=@fmt1=0x1f, 0x14) syz_compare_int$2(0x2, 0x4, 0x729) syz_errno(0x5) syz_execute_func(&(0x7f0000000080)="ca57f3c48fe47601d93b41a5fc16f022a6b407d2c5c201c868bd0ef2a6db68a93c16a1160a6fed525eb4fc6185a1cff25390") syz_exit(0x2) syz_mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000) syz_sleep_ms(0x4) syz_test_fuzzer1(0x7, 0x5, 0x4) csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #ifndef SYS_mutate5 #define SYS_mutate5 0 #endif #ifndef SYS_mutate6 #define SYS_mutate6 0 #endif #ifndef SYS_mutate9 #define SYS_mutate9 0 #endif #ifndef SYS_mutate_flags #define SYS_mutate_flags 0 #endif #ifndef SYS_test #define SYS_test 0 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static void fake_crash(const char* name) { exit(1); exit(1); } static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) { if (a == 1 && b == 1 && c == 1) fake_crash("first bug"); if (a == 1 && b == 2 && c == 3) fake_crash("second bug"); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 18; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[1] = {0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint8_t*)0x20000000 = 2; inject_fault(1); syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x2a, 0, 0, 0, 0); break; case 1: *(uint64_t*)0x20000080 = 0x20000040; *(uint32_t*)0x20000040 = 0; syscall(SYS_test, /*a=*/0x20000080ul, 0, 0, 0, 0, 0); break; case 2: syscall(SYS_test, /*arg=*/0x200000c0ul, 0, 0, 0, 0, 0); { int i; for(i = 0; i < 4; i++) { syscall(SYS_test, /*arg=*/0x200000c0ul, 0, 0, 0, 0, 0); } } break; case 3: memcpy((void*)0x20000100, "\342.+##\000", 6); *(uint8_t*)0x20000140 = 7; *(uint8_t*)0x20000144 = 0x55; STORE_BY_BITMASK(uint32_t, , 0x20000144, 5, 8, 4); STORE_BY_BITMASK(uint16_t, , 0x20000144, 6, 12, 4); syz_compare(/*want=*/0x20000100, /*want_len=*/6, /*got=*/0x20000140, /*got_len=*/8); break; case 4: memcpy((void*)0x20000180, "./file0\000", 8); res = syscall(SYS_mutate5, /*filename=*/0x20000180ul, /*flags=*/0xcdcdcdcdul); if (res != -1) r[0] = res; break; case 5: memcpy((void*)0x200001c0, "\xf6\xbd\x0e\x7f\x51\x4e\xe5\x7f\x35\xcc\x82\x60\x99\xdd\xd7\x10\x4e\xe9\xe1\xb2\xa5\x8e\x9d\x4e\xa6\x2c\x58\x0c\x61\x6c\xe5\x0b\x9f\x54\xc8\x4f\xa4\x5c\x5f\x6c\x31\x9d\xc4\x2e\x82\x25\x7e\xe6\x47\x14\xe1\xb4\x86\x56\xe7\xdc\x8e\x6a\xe9\xd8\xe2\xec\x41\x2a\x9e\x7b\xc1\x76\x36\x62\x51\x36\x1d\x1f\x94\xf2\xfd\x07\xd1\xed\x7e\x47\xf5\x15\xbd\x8e\xae\x23\xf0\xda\xf9\x69\x36\x5b\xcc\x9c\x3a\x59\xee\x99\xe8\xd7\x66\x52\x5e\xd6\x76\xb3\x95\x97\xa4\x7e\x83\xc6\x9c\x50\xf5\x6d\xab\x45\xab\x28\x2b\x5b\xc2\x02\x81\x9b\x34\x1f\xd6\x8d\xfc\xf5\x93\x65\x97\xbf\x2a\x90\x2a\x3d\x4e\x4d\x0b\xfa\xe3\x75\xd0\xa6\x68\x77\x1e\xac\x25\x6e\x1a\x68\x98\x09\xc4\xde\x20\x88\x02\x9d\x71\x30\xf4\xe5\x48\x4b\x6f\x3b\x9b\x35\x2f\xc9\x8c\xe0\xfd\x98\x23\xda\xf7\x4e\x12\x07\x0f\x8b\xab\x90\x1f\xb3\x12\x2d\x12\x70\x99\x3d\x91\x62\x66\x80\x72\x86\x78\x89\xc9\x22\x28\xaa\x50\xee\x00\xbd\xfa\x1a\x0e\xa0\x15\x00\xd0\xa9\x15\xce\xd4\x88\x62\xa6\xb8\xf2\x85\x5b\xe4\x16\x5a\xc9\xee\x68\x54\x71\xda\x48\x32\xc4\xd1\x9a\xe2\x9f\x8b\x4c\x38\xec\xec\x4a\x23\x29\x01\x88\x56\x85\xde\x65\x84\x6e\xd0\x33\x58\xdb\x05\x31\x7a\xe3\x75\x7b\xb4\xda\x46\x08\x5d\x87\x73\xd0\xde\xb4\x44\xa1\x56\x6b\xcb\xe5\x26\x54\xe0\xdf\x70\x4c\x9c\xe6\xa2\x78\x3d\xf7\x8c\x3f\x6b\x16\xfc\x51\xcf\x3f\x94\x89\x4c\x09\x9d\x8b\x05\x75\xb3\x87\x9d\x83\x91\x14\x72\xbe\xab\x1d\x2f\x6c\xcf\xc0\x64\x04\x19\xbf\x22\x23\xdf\xc3\x1f\xb1\xfa\x13\x57\x1c\x60\xc5\xab\x41\x89\xe0\xdc\xca\x05\xe5\xee\x29\xfa\xab\x57\xf5\xdd\x3d\x91\xa2\x6e\x5f\x5f\x4f\x41\xcb\x89\x56\x8f\x8a\x59\x3d\x3e\x34\x3c\x7f\x57\x1a\x2f\xc2\xe3\x70\x59\x02\x15\x9c\x40\x65\x5f\xb8\x47\x9a\x88\x06\x47\x40\xf2\x26\x88\xfc\x5f\xf8\x1e\x62\x76\xc4\xb7\x96\x7b\xaf\x9c\x50\xb1\xe0\x49\xa1\x0f\x37\xbc\x42\x26\xf6\x70\xbb\xbe\x6d\x5f\x45\x33\xf0\x61\x0c\x13\x02\x43\xc6\x15\x9d\xea\xb6\xfd\x37\x36\x4a\xb5\xdc\x13\x59\x88\xeb\x3e\x60\x40\x49\x67\x4f\xec\xa9\x4a\x5e\x76\x61\x79\xd1\xab\xa0\xde\x25\xd6\x4e\xbf\x82\x63\xb7\xf8\xe3\xeb\x97\x1b\x13\xd2\x56\x13\x91\x77\x78\x62\xcd\xe0\xa8\x79\x91\x1b\x57\xee\xf2\xdb\x92\xd7\xe4\x4c\x3a\xc0\x45\xc4\xb0\x2d\x40\xf1\x17\xf5\x11\x32\x77\x2d\x87\xc9\x30\x12\x2e\x30\xbe\x24\x9e\x84\xd1\x4c\xb1\x25\xc5\x36\x67\x84\x84\xbe\x1d\xc8\xc9\x84\x59\x5e\xe2\xd7\x90\x35\xe2\xa3\x47\x69\xb7\x0c\x8c\x10\x36\xfd\xc1\x7f\x53\xe0\x18\xc5\x60\xaa\xe6\x84\x95\xcf\xf2\xa4\x7d\x06\x6a\x85\x0f\xac\x35\x90\xc0\x49\x25\xef\x08\x4c\x15\x27\x51\xf2\x2a\xbe\x11\x5f\x19\xa0\x08\x07\xbf\x83\x62\x42\x5a\xc1\x27\x3f\x73\x71\xc5\x42\x55\x7d\x7d\x73\xf1\xfa\x38\xd6\xf9\x2b\x6a\x93\x82\x58\xa2\x34\x95\x55\x52\xb7\xb9\x62\xc2\x48\x30\xf7\x37\xaf\x04\xac\xa0\x37\xbb\xf3\x53\xb9\xdb\x62\xbc\x1a\x84\x93\x39\xce\xb6\x19\xcb\x4d\xe7\x6c\xff\x74\x23\x52\xa1\xe3\xe5\x15\x4a\x7c\x7e\xa3\x43\x5c\xa6\x1b\xf4\xea\x1c\x6a\x48\xb2\x35\xdd\x70\xc4\x59\xde\x5f\x03\x3a\x7c\x09\xa0\xf2\x9e\xf3\x92\xab\x14\xac\x06\x47\x1c\x99\x43\xc0\xe3\x8a\xb5\xd8\x5e\xb9\x1b\x6d\x7c\x99\x88\x2c\xb7\x60\x21\xbf\x81\xb3\x46\x00\x63\xc1\xe4\x9c\x6e\xc2\x37\x46\x54\x09\xc7\x10\x90\xd5\x30\x08\x62\x24\x9c\xca\x7c\x47\x2d\xc9\x8a\x53\x0f\x3a\xbf\xf8\xc4\x2d\xfa\x0f\x82\x27\xac\x01\x31\x7b\x2e\x8d\x88\xe3\xd8\x23\xdd\x46\x20\xe7\x6f\xf0\x0e\x51\x91\x2a\xd9\x14\xf2\xec\x60\x44\x7e\x3c\x12\x75\xc1\x32\xe1\x42\xec\x37\x0f\x1e\x0f\xde\x13\x8c\x46\xa9\xee\xfc\x0d\x88\x40\xf0\x73\xd4\x48\x5e\x9f\xd1\xaa\x43\x83\xb9\x47\x3a\x60\x21\x5b\xe4\xbe\x5f\x67\x37\x46\x65\x73\xaa\x77\x05\xaf\x72\xfe\x23\x63\x7f\xc5\x38\x2f\x57\xa9\x8f\xd5\x1b\x0d\x81\x12\xdc\x53\x6f\x3e\x28\xda\x49\xb0\x9d\x77\xe3\x87\x71\x3b\x5f\x9a\x89\x94\xbc\x3d\x36\xa2\xf4\x4d\xb8\xcd\x9f\xdc\xf0\x4e\x51\xa5\x3f\xd9\x2c\x64\xf6\x50\xb9\xd6\x39\x81\xa5\xe1\xf2\x39\x5a\x31\x9f\xba\xd4\x6f\x63\x4d\xac\x56\x7b\xe0\xcc\x44\x40\x5d\x57\x67\x68\x32\xce\x0b\x31\xbc\x60\xca\x8b\x8a\xf9\x04\x9b\x6c\x44\xe4\xb6\xa5\xfc\xa4\x37\x6d\x5b\x42\xc3\xf4\x57\xb9\x73\x11\x4b\xe2\x16\x89\x3b\x16\xb9\x3b\xca\x3f\xcd\x88\xfd\xe5\xd4\xff\x7e\x30\x2f\x96\x01\x0a\x74\xfc\x48\x13\xa6\xef\xd2\x4b\x3c\xc7\xf3\x0d\x9b\x38\x73\x88\xac\x5c\x6c\x9d\x11\x63\x36\x5c\xc2\x19\xa6\xb9\xaa\x5c\x6d\xa2\xb6\x03\x29\x6c\xdc\x05\x26\x08\xaf\x38\xa6\xcd\x19\xba\x17\x7a\x18\x98\xde\xa9\xd4\xf5\x1f\x71\x7c\x3a\xeb\x23\x6a\xcb\x40\x94\x0b\x47\x64\x6c\x90\x99\x9b\xe6\x1b\xea\xf2\xe3\x0a\x9e\x6c\x28\x45\x9b\x46\x06\xed\x6d\x7a\xd8\x9e\xa5\xbf\x86\x7a\xc4\xad\xdb\x2b\xa1\x62\x99\x89\xef\xba\x7e\xf1\xb1\x1c\xf8\xae\x7f\x70\x3f\x38\xd4\x5e\x6c\x63\x71\x72\x28\xbd\xd4\xfa\x31\xaa\x08\x41\xca\xd4\x76\xd9\xb7\x56\x2a\x21\xf7\x4a\x8f\xc3\x3f\x70\xb7\xc3\xd4\x90\xbf\xb7\x4f\x24\x69\xdb\x07\x02\xa3\xd7\xb2\x24\x0a\x83\x2e\x63\xc7\x5f\x1a\xfd\x4e\x9c\xa9\xbe\xd8\xc0\xe3\x59\xa6\x5c\x85\xc1\x90\x00\xd6\x25\x48\x03\x82\x80\x38\xb8\x09\xb2\xcc\xe9\x62\x62\xb7\xcf\x0d\xb6\x51\x47\x06\x8c\xd8\xbd\xef\x00\x92\x5f\x52\x75\xcd\xd3\xbb\x03\xb1\x71\x8c\x8e\x66\x4c\x5f\xb4\x7d\x59\x1f\xfe\x5b\x7a\x71\x2a\xa5\x2b\x01\x0c\x5b\xef\xa7\x26\x10\x67\x24\xe4\xab\xdf\x21\x84\x19\x72\xd4\x2c\x64\x0b\x83\xb8\x0f\xb4\xa5\xa9\x3c\x94\x6c\x73\x63\xde\x50\x9d\x8d\x62\x41\x78\x5f\x8d\x38\xb9\x79\xa8\xe9\x4a\x62\xe3\x26\x04\x18\x2a\xb0\x28\x1f\xcc\xac\x56\x62\x75\x38\xea\xf8\xcf\x36\xd0\xe5\x6b\x47\x9c\x8f\x72\xb7\x1e\x35\xa7\x6c\xc9\x82\x20\x1b\xf3\xcb\xa3\xee\x7f\x4f\x98\x88\x3f\x72\x76\x3d\xac\x0e\x72\x28\x12\x6f\xd8\xde\xb6\x15\xdf\xed\x9a\x53\x63\xfe\xaf\x51\x7d\x25\x9b\xf4\x49\xac\xff\x77\x1b\x06\xb0\x72\x53\xa6\x28\xac\xee\x2e\x1e\x9f\x08\x80\x6a\x16\x32\x70\x13\x72\xf5\x6c\x61\x99\x7f\x90\xae\xfa\x14\x41\x94\x78\xfc\xb8\x6c\x01\x5f\xb2\x7b\x9e\x31\x6a\xed\xeb\xce\x0a\xb4\xd1\xb4\x42\xfb\x50\xa4\x67\x3f\x3a\x02\x45\xd4\x91\xaf\xab\xae\x61\xc6\x14\x65\xba\x98\xcb\x42\x11\xc9\x20\x86\x3f\xb6\x4c\x73\x56\xec\xc5\x1b\x9b\xd6\x7d\x29\xdb\x62\x29\xf0\x68\xc7\xbc\xf1\xe2\xe7\x4d\xf8\x96\xd8\x5f\x75\xf7\xf3\x46\x05\x39\x80\xf2\x69\xd4\x27\xce\x21\xc2\x1f\x07\x53\x1b\xc5\xf1\x7d\x91\x88\x30\xee\x23\xf5\xde\x18\xae\xfd\x2a\x64\x93\x86\x8d\x9a\x0f\x78\x28\xb2\x24\xbb\x82\xf9\x47\x0c\x18\xe8\x0e\x2c\x9c\x3d\x6b\xf6\x78\x3c\xe2\x4d\x9d\xc6\xd8\xf9\x97\xef\x23\xf6\x63\x22\x7e\x0a\x4b\x5d\xe4\x74\xaa\xf6\x62\x12\xcd\xee\x19\x44\xd0\x89\xf8\xbe\x01\xfb\x4d\xcf\xf0\x86\x65\xcf\x24\xc9\x16\xa7\x24\x83\x5b\x7f\x92\xe2\xf6\x2b\xfe\x68\xb7\x2d\x01\xc2\xe3\xfd\x6b\xa2\x15\xc9\x21\xed\x99\x34\xaa\x24\x7a\x77\x6a\x61\x20\x3b\x94\x2c\x3e\xae\xb9\x78\xba\x65\x52\xc4\x09\xb1\x44\xc6\xaa\xf4\x46\x28\x90\x9f\x08\x74\xb7\x1f\x54\xe9\xe2\x66\x0a\xee\x82\x9c\xb9\xed\x8f\x01\xe4\xe5\x72\x00\xc7\x62\x1c\x0f\x64\x09\x5f\x08\xb1\x47\xc4\x58\xb2\xdd\xd8\xb9\xe9\x73\x3c\xdf\xd2\x71\x87\xa2\x2f\xc9\x55\xc7\x2e\xfc\xac\xf3\x14\x50\x4b\xaa\x33\xa8\x9a\x0f\xad\xa5\xd8\x0f\x39\xd5\xf4\x66\xc0\x8a\x60\xbd\x35\x01\xdb\x20\x1d\x30\xc7\x75\xb9\x49\x1b\x89\x0b\xaf\xab\xc1\x85\x39\xbc\xe9\x67\xc6\x45\xc6\x31\x10\x21\x32\x17\x67\x7d\x34\x5f\x6c\xe4\x59\x54\xdb\x0c\x60\x76\x3b\x61\x21\x1f\x22\x57\x02\x3c\xd1\xe8\x20\xb1\x1a\x00\x6b\x2a\xfb\xaa\x9e\xfb\x44\xfa\x79\x75\x31\x75\x13\x10\x80\x41\xd0\xf8\xe7\xb1\xf7\x86\x9e\xcf\xfe\x21\x93\x40\x9a\x89\x30\x71\xc1\x9c\x33\x35\x53\x1e\x4a\x59\x62\x09\x66\x85\xb7\xeb\x75\xfd\x4f\x50\x1f\x98\x68\x0f\x2e\xc7\xae\x1e\xe0\xf2\xa6\x76\x9c\xdb\x87\xbc\x17\x47\x47\xd6\x62\xc6\x70\xc8\x1f\x35\x1f\xd0\xa8\x47\xe7\xbf\x93\x5a\xa0\x45\xbe\x59\x20\xd2\xd5\x3b\xa3\x35\x8a\xd0\xba\x34\x0f\x3c\x15\x29\x59\xe3\x28\x57\xa6\xee\xe5\x09\xc6\x91\xbd\xf0\x32\x54\xbd\x18\x55\x03\x9b\xfb\x83\xd4\xf5\x68\xf8\x38\xc2\x66\xc8\x2d\x60\x0e\x8e\x58\x75\x25\xa7\xa5\xfb\x92\xd4\x8a\xd1\x17\x67\x02\xf0\xd9\xcd\x92\xcc\xb1\x6c\xd1\xa9\xa0\xd1\x17\x3f\x29\x04\xb1\x1e\x57\x2a\xd8\x55\xf9\x5c\xd9\x95\xd9\x97\xb2\x0c\xf5\x42\x4f\x8f\xd7\x1e\x1a\xa9\xa8\x54\x92\xa3\x96\xfb\x6c\x43\x46\x7d\x94\x35\x32\x87\xc6\x89\x57\x41\x1b\xc3\x21\x1c\x7d\xb7\xc6\x4e\xb5\xe2\x00\x14\xed\x5e\x6d\x86\x7e\x01\xbc\x12\x79\x73\x74\x31\x65\x21\x3a\x7e\x02\x52\xe9\x32\x27\xea\x07\x07\xce\xc6\x31\x48\x43\x91\x45\x8a\x5c\xea\x95\xf9\xec\x75\x08\x4e\xef\x4d\xf5\xef\x37\x1a\x8e\x21\x81\x0a\x7d\xda\x02\x53\x0d\x9d\xe9\x0b\x1f\xfc\xb0\xed\x9a\x4c\xe9\x62\xb9\xb0\x33\xbb\xe8\xa1\x30\xec\x7f\x5a\xae\xc5\x5d\x41\x36\x9b\x40\x33\x5c\x61\x21\xc9\xe7\xbe\x35\xf3\x1f\xfb\x6e\xb9\x20\xd6\x8b\xe4\xc9\xaf\xa7\x53\x3d\xba\x40\x32\x06\xe6\x61\xa5\x07\x27\x24\x16\xd3\x38\xac\xb0\x1c\xcd\xf1\x90\x3f\x16\x68\x99\x81\xcd\xc3\xe4\xe4\x27\x9d\x62\x30\x77\xd6\xe2\x89\x39\xb9\xf3\xbc\x84\x85\x65\x5b\xc8\x3e\x44\x02\xf9\x6d\x58\xca\xbe\x0f\x71\x66\xfb\x11\x65\xd3\x8a\x22\x75\xbd\x0a\xf9\xd2\x80\xf2\x84\xf1\x4f\x9b\x8a\x1f\x7a\x38\x18\xe7\x03\x83\x20\x4b\x3d\xd8\x57\x71\xa0\x26\x64\x3e\xec\x76\x84\x8a\x93\x8c\xcd\x65\x37\xf3\x77\x3f\x9d\xb6\x96\xc8\x13\xf5\x2d\xfb\x51\xa9\x22\x20\x2f\xaf\x87\x0e\x57\xd9\x18\xdd\x59\x44\x37\xef\x61\xd4\xfa\x8e\x76\xf9\xb3\x51\x96\x85\x0b\xc8\x90\x26\xcf\xd5\xa9\x25\xbc\x01\xe3\xe6\xf9\x3b\x38\x0b\x50\x02\x36\x61\xeb\xb2\xbb\x85\x2c\x7d\x6e\x0a\xcc\xe3\x7a\xf8\x4c\xef\x22\x38\xee\x4b\x13\x5e\x58\xe6\x31\x2c\x84\x56\x8d\x67\x5c\x49\x3a\xd9\x32\xcc\x60\x81\xa3\x09\x01\x2d\x05\x82\x69\x2e\x5b\x1d\x9c\x1b\x3e\x5d\x15\x1d\x4a\xa2\xe2\x4c\x6a\xda\xcc\xb4\xb3\x18\xea\xb0\xf8\xe6\xac\x23\xe1\x14\x62\x70\x77\xfb\x09\x1f\x63\x94\xd0\x51\xeb\xaf\x16\xe9\x36\x9b\xe3\xb9\x75\x08\x02\xbc\xd4\xfc\x1c\xc4\x27\x67\x8f\x18\xcf\x56\x25\x37\x62\xec\xee\x80\x42\x70\x3e\x1d\x8a\xb4\xb4\xb3\xf6\xa2\x54\x25\x08\xb9\xa7\x44\xf8\x0c\x36\x85\x52\xac\x1c\x47\xc9\x9b\x2f\x3b\x5b\x63\x12\xf7\xfe\x39\xf8\xf4\xa7\xde\x33\x29\x5f\x87\xda\x0f\xd7\x89\xf2\xde\x17\xc6\x00\xe4\xf9\xaf\x06\x9f\x2d\xa2\xab\xe9\x09\x68\xd3\x6f\x62\x97\x1d\xbe\xff\x1f\xc5\x0d\x29\x92\x3b\x8f\x20\x4c\x9f\x6e\x7b\x7c\xc5\xf0\xd4\xf3\x6f\xbf\x9b\x67\x92\x14\x3a\x1d\xe2\x69\x45\x99\x5e\xbc\x1e\xcc\x71\x52\x20\x27\x05\x7c\xb1\xd1\x60\x70\x8c\xd1\x6c\x48\x80\xfd\xb6\x85\xb9\x5e\x36\x59\x09\x6b\x37\xae\x7f\x06\xc2\x63\x0b\xc9\xac\x51\x06\x4e\x4c\x8f\x4e\xb7\xec\x91\x09\xe0\xbe\xf9\x1f\x07\x97\x0f\xee\xe9\x62\xf2\x75\x51\xb1\x5e\xb2\xf5\xfd\xc8\x36\x76\x83\xd3\xed\x2e\x6e\x48\xd7\x5e\xaf\x2c\x64\x1e\x98\xc3\x0a\x06\x8b\x3d\x62\x0a\x05\x88\x56\x5c\xac\x86\xc3\x35\xde\x14\x70\xe5\xd9\x55\xc3\xf2\x98\xd8\x4b\x20\x2b\x11\x83\xed\xc0\x32\x16\xaa\xa1\x5c\x9b\xde\xd7\x14\xd4\x31\x63\x23\xf6\xce\xdb\x0c\xcc\x76\x9e\x72\x72\x96\xf7\x62\x85\x65\x59\x76\xa6\xe2\x96\x8c\x63\x65\x23\x8a\x1b\x9b\xbd\x1d\x37\x78\x5a\xec\xee\xfc\xe7\x24\xcb\xf5\x2d\xc0\x61\x13\xe7\x6a\xc1\xbf\xd6\x84\x7a\x2e\xe5\x46\x6b\x7a\x02\xaa\xa2\x2e\xbc\xe2\x46\x8a\xc3\x25\x1f\xfb\x60\x44\x22\x3c\xb8\x3b\x43\x79\x89\xca\x87\x44\xc5\xcb\xa7\x32\xf4\xe0\x95\xd7\xca\xb2\x84\x0d\x4d\x37\x51\x0e\x24\x32\x11\x74\x27\x21\xae\xe0\x6e\x3b\x92\x4c\x9e\x1a\xa3\x29\x3f\x5f\x53\x2b\x46\xc5\x12\x3c\xda\x05\x3f\x2f\x78\x9c\x35\x28\x73\xc4\x84\x4f\xb4\x72\xa1\xf0\xc1\x60\x50\xda\x7d\xfb\xad\xbb\xea\xa6\x4e\x2a\xc1\xfc\x1f\x4f\x43\x48\x35\xa9\x61\xbe\x70\x6d\x55\xe5\xd5\xe7\x99\xaa\x8d\x83\xf7\x23\xde\x84\x1d\x45\xca\x6f\x66\x49\x14\x53\x90\xe4\xd8\xc8\xd3\xa6\x24\x86\x41\xd0\x80\x9e\x53\x76\xb1\x83\x18\xd6\xe0\x22\x8b\xb7\x5a\x2b\xc1\xb9\x63\x16\x78\x15\x9c\x9f\x6b\x82\x52\xc9\x02\x50\x38\x25\x21\xe5\x88\x75\x15\x45\xf4\x77\x14\xc6\xbf\x5c\xb0\xad\x5d\x92\xba\x8d\x97\xae\x35\xc4\x64\x1d\x7a\x15\x03\xd1\xb9\xd3\xe4\x3a\xeb\x4c\x2a\xe1\xa5\x37\xda\x14\x14\x90\x07\xbf\xd0\x5d\x5e\x7f\xc5\xd0\x4f\x0c\x3c\xb3\x26\x2c\x30\xc7\xbe\x88\xfb\xca\xf0\xe1\xa0\xc3\x46\x00\x5d\xa6\x65\xc8\x1a\x85\xd8\x77\xc4\x7c\x71\x4d\xc8\x41\x74\xc5\xdf\xb7\x35\x29\xd5\x19\xf1\x2b\x77\xd0\xc9\x62\x40\xec\xed\x2a\xee\x31\xa2\x17\x49\x23\xa3\x80\x98\x4c\x4c\x84\x7b\x27\xbd\x13\x3f\x77\x3d\x09\xab\x58\x2a\xcf\x5f\x99\x50\xa5\xea\x01\xc5\x90\x64\x29\x60\x78\x83\xe0\x90\xac\xc1\x01\x4e\x67\xc7\xc2\x40\x54\xca\xf9\x2f\x2e\x38\x4e\x88\x3d\xf9\x3d\x91\xb8\x83\x00\x06\x91\xaa\x81\xcf\x91\x49\xd1\x79\xc6\xf0\xd0\xa8\x93\x55\x81\x55\xdd\x6c\x6b\xd1\xba\xd5\x07\x1f\xbd\x38\x8a\xfc\x80\x15\xd8\x5f\xc0\xb2\xe9\xdf\x46\x1e\x68\xda\x52\x79\xa2\xcf\x0f\xb9\x38\x47\x62\x4b\x6d\xac\xd6\xcc\x92\x59\x93\x22\x24\xc6\x89\x6d\x26\xae\x9d\xdf\xc9\xe0\x31\x12\x90\x04\x9d\xd5\xfc\x38\x5f\x15\x62\x1d\x20\x0c\xcf\xf3\x77\x74\xec\xca\x50\xe2\x26\x1f\xed\x40\xfb\xd6\x46\x7f\xbd\xaf\xfb\x5c\x8a\x4e\xc4\x1b\x22\x78\x3d\xa2\xd3\xb6\xe8\xe5\xa1\x17\x60\xc0\x94\xc4\x76\xe1\x6a\x0c\x93\xec\xc3\xf8\xce\x5d\xb5\xca\x26\x80\x85\xdf\xb0\x22\xbf\x22\x30\xc9\x3a\x04\x17\x73\xaf\x17\x98\x0d\x33\x98\x9f\xce\xbe\x46\xc0\x71\x3a\x22\x00\x6a\xef\xa9\x23\xf4\x66\x3d\x41\x5b\xe9\xf8\x5f\x29\x78\x22\xf6\x2c\xc2\xc4\xfe\x8c\x25\x8b\x63\xb5\x27\x86\x77\xd6\x1f\x9e\x20\x4c\xa3\xec\x14\x3e\x45\xff\xca\x81\x3a\xc3\x62\x3b\x8b\x0c\x19\x3c\x71\x1f\x63\x4a\x60\xce\x44\xdd\x34\x2a\x24\x98\x4f\x58\x20\x36\x35\x45\x19\x15\x78\xce\xc9\x42\xd2\x30\x47\x08\x6f\x66\x1e\x06\x0a\x0b\xf7\x05\xe7\x46\xb4\x37\xdd\x9c\x0b\x85\xfe\x3a\x9b\x40\xb9\xf5\x17\x53\x04\x44\xb6\xfd\x5a\x50\x79\x23\x45\xc0\xdc\x16\x25\xb0\xb5\xd8\xb4\x4b\x7b\x71\x92\xfe\x65\x76\x9c\x0b\x19\x02\x8b\x67\x31\xff\xf7\x44\xd7\xf9\x7b\x04\x86\x4a\x9d\x1d\x25\x8c\x5a\x1c\xd4\x26\xb4\x40\xa5\x05\xfd\xaf\x1c\x47\x0b\x46\x6c\x95\x5d\xe1\xd3\xf8\x7a\x73\xc8\xcf\xb5\x71\x64\xa4\x11\x50\xee\xfc\x32\xf5\x27\xf6\x24\xcd\xde\xa3\x14\x2c\xb0\xfc\x4b\x8a\x90\xe4\x91\x1f\xa7\xe9\x15\xdd\x8b\xb0\x33\x01\x9c\xe8\xed\xb7\xc1\xec\xcd\xe7\x70\xf7\x7b\xda\x91\x0c\x50\xcc\xd9\xfc\x12\x41\x0b\xce\xbb\x89\xb0\x0b\x4d\x18\xbb\x99\xbf\xee\x2a\xd9\xb6\x33\x5f\x17\x71\x08\x5b\x0b\x59\x4e\xb2\x56\x46\x46\x63\x01\x4a\xd8\x58\x8e\x25\x32\x2f\x6f\xee\x56\x23\x57\x29\xea\x07\x7a\xd5\x51\x9a\x15\x07\x8e\x15\xa6\x47\x30\x3f\x92\x93\x0f\x19\x44\xb1\xee\x38\x3c\x21\x3a\xd9\xc5\x4b\x81\x3c\x11\x12\xb9\x40\x04\x6d\xcd\xd4\xe4\xb0\xc1\x66\x2a\x41\x16\xb8\x9e\x65\x75\xaf\xae\x66\x6d\xb2\x50\x16\x85\x33\xf3\x51\x1f\x9e\xa2\x3b\xb3\xf0\xf4\xe8\x5c\x95\xd4\x5d\x62\x75\xe0\xd3\x00\xca\x93\x33\xb3\xd1\x0a\x4f\x6f\xc4\xc5\x6c\xd3\x26\x7c\xdd\x5e\x0b\x30\xa9\x2b\x65\x4d\xf9\xc4\x1a\x52\x76\xe3\xcb\x31\x44\x30\xbb\x87\xc7\xbd\x90\x65\x10\x70\xae\x0e\xb8\x3c\xfa\xd8\x7b\x35\xe4\xc7\xbd\x16\x79\x8c\x33\xaf\x4a\x90\x40\x95\x12\x89\x29\xc7\xa4\x70\x49\x20\xee\x87\x0f\x2d\x81\x4e\xec\xd2\x9f\xb5\xb7\x61\x02\xa6\x53\x65\x76\xdf\x88\x5f\x11\x65\xc4\x8b\x1a\x22\x80\xb8\x6d\x05\x60\x6d\xf5\x65\xaa\xa3\xfb\x70\xcc\xc4\x3e\xf9\x6f\xeb\xbd\xaf\x4b\xa8\x82\x31\x52\x28\xf6\xfc\xb5\x4c\xf4\xaf\x08\xd3\x15\x16\xad\xb3\x17\x75\x47\xad\x6a\xab\xcb\x14\x06\xd8\xd1\xcd\x53\x34\xdc\x60\x86\x12\x44\x75\x8c\x79\x7a\x91\x56\x43\x64\xe1\x3b\xe0\x60\x49\x5c\x50\x88\x54\x12\x28\xf8\xa2\x1a\xeb\x0f\xf7\x23\xaf\x8e\xa6\x5c\xc6\x1e\x6a\xe5\x27\x81\x9d\xa7\x1c\x39\x3e\x39\x4a\x77\x16\x2a\x03\x50\x1b\xd0\x58\xc4\x03\xea\x9f\xf4\x0b\x4b\x62\x0a\xd1\xb1\xec\xfb\x9a\xd3\xda\x53\x82\xfa\x6e\x89\xc1\x63\xa6\x1d\xa6\xa5\x04\xfc\x3c\x2a\x89\xaf\xd7\x42\xec\x09\xf2\x39\x78\xc0\x96\x3f\xe9\xb3\x7d\xe1\x61\x67\xae\x93\x67\x8b\xf1\xee\x5c\xe8\xfc\x24\x2b\x17\xe9\xc7\x85\x7d\x80\x57\xdc\x1d\x15\x5b\xb4\x8b\x92\xdd\x49\x2d\x46\x9c\x86\x8a\x6b\x5f\x4b\x08\x41\x13\x32\xb6\x20\x01\x84\xeb\x1a\x10\xbd\x3e\x8b\x21\x10\x30\x0f\xb1\xf6\x4a\x29\xf8\x1c\x72\x29\xac\x20\x2e\x1c\x86\x5b\xa7\xc0\x12\x18\xf2\xe2\xaf\xc9\xe5\x54\xe6\x80\xd6\x59\xaa\x8a\x58\xf2\x09\x76\xa1\x90\x29\x5e\xee\x2e\x34\x8c\x5a\xe3\xd8\x86\xfc\x6b\x98\xe0\x43\x5f\xea\x75\x1a\x23\x9f\xcb\x5b\xdc\xde\x1f\x66\x37\xb5\xc7\x56\xda\x90\x3a\x25\x87\xb9\x21\x20\x81\x9c\xf3\x45\xeb\x5c\x50\xad\xb0\x1e\x1e\x3c\x6b\x2b\x82\x63\xe6\x4b\xec\xf3\xe0\xcc\x91\x1a\x33\xfe\xb4\x93\x6d\x39\xc4\xc7\xa0\x3b\xba\x19\x77\xd2\x51\xe3\xf8\xa8\x91\x58\xb1\x0a\xea\x5a\x4e\x89\xd1\xb6\x2d\xb0\xf1\x51\xc4\xed\x6d\xa1\x76\x50\x45\x1d\x1f\x98\x3f\xb8\xee\x9a\x38\xdb\x3e\xa2\xa7\x50\xaf\x4e\x76\x47\x29\x86\xbc\xfa\xc4\xef\x6d\x4c\x14\xff\x17\xba\x12\x07\x9e\x3f\x35\xfb\x65\x7a\x86\x17\x9c\x2f\xe4\xce\xc3\x2d\x07\x68\x8e\x63\x04\x8d\x48\x86\x44\x5b\x22\x94\x47\x80\x5c\x38\x5b\x53\x9b\x92\x0a\xe2\x9b\x3a\xbb\x48\x7f\xbe\x24\x98\x89\xc2\x0b\x0b\x06\x94\x97\x1d\x81\xbe\xaf\x49\x17\x46\xf0\x76\xfa\x7c\xb1\xff\xce\x13\x93\x26\x9e\x0c\x5d\xa8\xef\xc3\xa5\xd6\x8f\x37\x65\x82\xbd\xc1\x63\x30\xab\xcd\x44\x52\x26\xec\xf7\x24\x6f\x52\xc0\xff\xc1\x7e\xa5\xb5\x63\x27\xe8\xad\x17\x6b\xf9\xd8\x5f\x8a\x24\x79\xc3\xa5\x61\x0f\xd8\x7a\x45\x63\x4e\xcb\xe2\xd6\x98\x25\x7a\x28\x43\xe2\x4b\x39\x7e\x8b\x22\x86\x3c\x29\x72\x9b\x78\xce\xb3\xf3\xa1\x5f\x80\x60\xb5\xe5\x07\x9b\x41\x0b\xa8\xad\xe4\x39\x34\x75\x16\xae\x26\x0d\x23\x4f\x22\xbe\x7d\x85\xe6\x3f\xa0\xaa\xd3\x96\x72\x5d\x1b\x5a\x18\x28\x29\xb2\x1a\x66\x27\x3d\x52\xce\x87\xfc\x6b\x17\x76\x70\x75\xb3\x97\x51\x15\xb2\x09\xba\x0e\xe2\x15\xbb\x26\x97\x66\x56\xf2\x1b\x1c\x1d\x25\xb6\x5a\xd8\x30\xf1", 4096); syscall(SYS_mutate6, /*fd=*/r[0], /*data=*/0x200001c0ul, /*size=*/0x1000ul); break; case 6: memcpy((void*)0x200011c0, "./file0\000", 8); syscall(SYS_mutate_flags, /*filename=*/0x200011c0ul, /*i1=*/0x8001ul, /*b1=*/0, /*flags=*/0x10ul); break; case 7: memcpy((void*)0x20001200, ".\000", 2); syscall(SYS_mutate9, /*filename=*/0x20001200ul); break; case 8: *(uint8_t*)0x20001240 = 9; syscall(SYS_test, /*a0=*/0x20001240ul, /*a1=*/0x2a, 0, 0, 0, 0); break; case 9: memcpy((void*)0x20001280, "\x47\xc5\x24\xbd\xd3\xb2\x46\x0d\xcd\x33\xce\xba\xf3\xfc\xb6\xf6\x12\x39\xba\x80\xe3\x20\xba\x47\xf2\x29\xc2\x25\xbb\x6c\xf1\x98\x09\xb0\x4a\x84\x4b\x3e\xad\xf6\xf2\x92\x5e\x6a\xd6\x26\x1a\xea\xb7\xf4\xa7\x33\x8c\xa3\x3b\xb4\x57\xc0\xf8\xf9\xc0\x2e\x71\xf3\xc7\x15\x4d\x09\xc4\xd2\xfe\x33\x1b\xa9\x58\xc0\xb3\xc1\x74\x91\xd1\x29\x0b\x3f\xd6\x3f\xbb\xd1\xb9\x6d\x30\xea\x70\xcc\x92\xfb\x21\xab\x7c\x49\xae\x98\xc1\x92\xbf\x55\x61\x60\x6e\xad\xaa\xe3\x8b\xdc\x6b\x86\xe1\x72\x39\xc9\x9b\xca\x69\xa2\x4c\x4a\xf0\x0e\xee\x81\xec\xff\xa6\xc4\x39\x28\x57", 137); syscall(SYS_mutate6, /*fd=*/-1, /*data=*/0x20001280ul, /*size=*/0x89ul); break; case 10: memcpy((void*)0x20000000, "{^--\000", 5); sprintf((char*)0x20000040, "%020llu", (long long)0x1f); syz_compare(/*want=*/0x20000000, /*want_len=*/5, /*got=*/0x20000040, /*got_len=*/0x14); break; case 11: syz_compare_int(/*n=*/2, /*v0=*/4, /*v1=*/0x729, 0, 0); break; case 12: syz_errno(/*v=*/5); break; case 13: memcpy((void*)0x20000080, "\xca\x57\xf3\xc4\x8f\xe4\x76\x01\xd9\x3b\x41\xa5\xfc\x16\xf0\x22\xa6\xb4\x07\xd2\xc5\xc2\x01\xc8\x68\xbd\x0e\xf2\xa6\xdb\x68\xa9\x3c\x16\xa1\x16\x0a\x6f\xed\x52\x5e\xb4\xfc\x61\x85\xa1\xcf\xf2\x53\x90", 50); syz_execute_func(/*text=*/0x20000080); break; case 14: syz_exit(/*status=*/2); break; case 15: syz_mmap(/*addr=*/0x20ffc000, /*len=*/0x3000); break; case 16: syz_sleep_ms(/*ms=*/4); break; case 17: syz_test_fuzzer1(/*a=*/7, /*b=*/5, /*c=*/4); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :317:3: error: call to undeclared function 'syscall'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] syscall(SYS_test, /*a0=*/0x20000000ul, /*a1=*/0x2a, 0, 0, 0, 0); ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor3405040796 -DGOOS_test=1 -DGOARCH_64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fno-exceptions] --- FAIL: TestGenerate/test/64/8 (0.95s) csource_test.go:148: --- FAIL: TestGenerate/test/64/14 (0.82s) csource_test.go:148: --- FAIL: TestGenerate/test/64/13 (0.82s) csource_test.go:148: --- FAIL: TestGenerate/test/64/7 (1.15s) csource_test.go:148: FAIL FAIL github.com/google/syzkaller/pkg/csource 22.645s ok github.com/google/syzkaller/pkg/db (cached) ok github.com/google/syzkaller/pkg/email (cached) ok github.com/google/syzkaller/pkg/email/lore (cached) ok github.com/google/syzkaller/pkg/fuzzer (cached) ok github.com/google/syzkaller/pkg/gce (cached) ok github.com/google/syzkaller/pkg/host (cached) ok github.com/google/syzkaller/pkg/html (cached) ok github.com/google/syzkaller/pkg/ifuzz (cached) ok github.com/google/syzkaller/pkg/image (cached) ok github.com/google/syzkaller/pkg/instance (cached) ok github.com/google/syzkaller/pkg/ipc (cached) ok github.com/google/syzkaller/pkg/kconfig (cached) ok github.com/google/syzkaller/pkg/kd (cached) ok github.com/google/syzkaller/pkg/log (cached) ok github.com/google/syzkaller/pkg/mgrconfig (cached) ok github.com/google/syzkaller/pkg/osutil (cached) ok github.com/google/syzkaller/pkg/report (cached) ok github.com/google/syzkaller/pkg/repro (cached) ok github.com/google/syzkaller/pkg/runtest (cached) ok github.com/google/syzkaller/pkg/serializer (cached) ok github.com/google/syzkaller/pkg/signal (cached) ok github.com/google/syzkaller/pkg/stats (cached) ok github.com/google/syzkaller/pkg/subsystem (cached) ok github.com/google/syzkaller/pkg/subsystem/linux (cached) ok github.com/google/syzkaller/pkg/subsystem/lists (cached) ok github.com/google/syzkaller/pkg/symbolizer (cached) ok github.com/google/syzkaller/pkg/tool (cached) ok github.com/google/syzkaller/pkg/vcs (cached) ok github.com/google/syzkaller/prog (cached) ok github.com/google/syzkaller/prog/test (cached) ok github.com/google/syzkaller/sys/linux (cached) ok github.com/google/syzkaller/sys/netbsd (cached) ok github.com/google/syzkaller/sys/openbsd (cached) ok github.com/google/syzkaller/syz-ci (cached) ok github.com/google/syzkaller/syz-fuzzer (cached) ok github.com/google/syzkaller/syz-hub (cached) ok github.com/google/syzkaller/syz-hub/state (cached) ok github.com/google/syzkaller/syz-manager (cached) ok github.com/google/syzkaller/syz-verifier (cached) ok github.com/google/syzkaller/tools/syz-kconf (cached) ok github.com/google/syzkaller/tools/syz-linter (cached) ok github.com/google/syzkaller/tools/syz-testbed (cached) ok github.com/google/syzkaller/tools/syz-trace2syz/parser (cached) ok github.com/google/syzkaller/tools/syz-trace2syz/proggen (cached) ok github.com/google/syzkaller/vm (cached) ok github.com/google/syzkaller/vm/isolated (cached) ok github.com/google/syzkaller/vm/proxyapp (cached) ok github.com/google/syzkaller/vm/vmimpl (cached) FAIL